- <?php
- session_start();
- mysql_connect('localhost', 'root', 'root');
- mysql_select_db('roseon');
- if ( ($_SERVER['REQUEST_METHOD'] == 'POST') ) {
- $sql = "SELECT id FROM accounts WHERE username = '%s' AND password = '%s';";
- $sql = sprintf($sql, mysql_real_escape_string($_POST['user_name']), md5($_POST['password']));
- $res = @mysql_query($sql);
- if ( $res === false ) {
- echo '<p class="error_block">Problem with loggin in</p>';
- } elseif ( mysql_num_rows($res) == 0 ) {
- echo '<p class="error_block">Invalid combination username/password</p>';
- } else {
- echo '<p class="ok_block">Valid login</p>';
- $_SESSION['user_account_id'] = mysql_result($res, 0);
- }
- }
- if ( isset($_SESSION['user_account_id']) ) {
- echo 'Welcome: ' . $_SESSION['user_account_id'] . '<br />';
- } else {
- echo '
- <form action="" method="post">
- <div align="center"><br /></div>
- <table width="400" border="0" align="center">
- <tr>
- <td style="text-align: left;">User name: <input type="text" name="user_name" id="user_name"></td>
- </tr>
- <tr>
- <td style="text-align: left;">Password: <input type="password" name="password" id="password"></td>
- </tr>
- </table>
- <p style="text-align: center;"> <input type="submit" name="login" id="login" value="login">
- </p> </form>
- ';
- }
- $sql = "SELECT donation FROM accounts WHERE username = '%s';";
- $sql = sprintf($sql, $_SESSION['user_account_id']);
- $res = mysql_query($sql);
- if ( $res === false ) {
- echo 'We could not get your donation points from the database, something went wrong!';
- }
- ?>
i want to make a script after we log in we can see our donation points, but after i try this script the result like this :
*this is before i log in
*this is after i log in, and it's show account id, not username, and the donation point still blank.