sya udah ngantuk gk bisa bedain id ama name

1. <?php
2. session_start();
3.  
4. mysql_connect('localhost', 'root', 'root');
5. mysql_select_db('roseon');
6.  
7. if ( ($_SERVER['REQUEST_METHOD'] == 'POST') ) {
8. $sql = "SELECT id FROM accounts WHERE username = '%s' AND password = '%s';";
9. $sql = sprintf($sql, mysql_real_escape_string($_POST['user_name']), md5($_POST['password']));
10. $res = @mysql_query($sql);
11. if ( $res === false ) {
12. echo '<p class="error_block">Problem with loggin in</p>';
13. } elseif ( mysql_num_rows($res) == 0 ) {
14. echo '<p class="error_block">Invalid combination username/password</p>';
15. } else {
16. echo '<p class="ok_block">Valid login</p>';
17. $_SESSION['user_account_id'] = mysql_result($res, 0);
18. }
19. }
20. if ( isset($_SESSION['user_account_id']) ) {
21. echo 'Welcome: ' . $_SESSION['user_account_id'] . '<br />';
22. }
23. else {
24. echo '
25. <form action="" method="post">
26. <div align="center"><br /></div>
27. <table width="400" border="0" align="center">
28. <tr>
29. <td style="text-align: left;">User name: <input type="text" name="user_name" id="user_name"></td>
30. </tr>
31. <tr>
32. <td style="text-align: left;">Password: <input type="password" name="password" id="password"></td>
33. </tr>
34. </table>
35. <p style="text-align: center;"> <input type="submit" name="login" id="login" value="login">
36.  
37. </p> </form>
38. ';
39. }
40.  
41. /*
42. misterius saudara-saudara
43. $_SESSION['user_account_id']  = 2;
44. yg dicari username =  bejo misalnya
45. */
46. //===========check ada ato tidak
47. $sql = "SELECT count(donation) c FROM accounts WHERE username = '%s';";
48. $sql = sprintf($sql, $_SESSION['user_account_id']);
49. $res = mysql_query($sql) or die("sql:$sql error:".mysql_error());
50. $total = $dpts = mysql_result($res, 0);
51. echo "total $total (sql:$sql)";
52.  
53. $sql = "SELECT count(donation) c FROM accounts WHERE id= '%s';";
54. $sql = sprintf($sql, $_SESSION['user_account_id']);
55. $res = mysql_query($sql) or die("sql:$sql error:".mysql_error());
56. $total = $dpts = mysql_result($res, 0);
57. echo "total $total (sql:$sql)";
58.  
59.  
60. /*
61. $sql = "SELECT donation FROM accounts WHERE username = '%s';";
62. $sql = sprintf($sql, $_SESSION['user_account_id']);
63. */
64. //siapa tau bener
65. $sql = "SELECT donation FROM accounts WHERE id = '%s';";
66. $sql = sprintf($sql, $_SESSION['user_account_id']);
67.  
68. $res = mysql_query($sql)or die("sql:$sql| error:".mysql_error());
69. if ( $res === false ) {
70.     echo 'We could not get your donation points from the database, something went wrong!';
71. } else {
72.     $dpts = mysql_result($res, 0);
73.     echo 'Donation points: ' . $dpts;
74. }
75. ?>