...

View Full Version : Private Message system



Dane
11-22-2008, 09:51 AM
Hey.

I just figured I'd submit this tutorial.
It's not the most secure way but hey, it works, it's good, and it's fun :D

I guess I can explain it while I go xD

Anyways,

First we need to create our table.

I named mine privatemsg.
Here is the SQL:

CREATE TABLE IF NOT EXISTS `privatemsg` (
`id` int(11) NOT NULL auto_increment,
`uidto` varchar(90) NOT NULL,
`uidsent` varchar(90) NOT NULL,
`prefix` varchar(300) NOT NULL default '<b>',
`subject` varchar(90) NOT NULL,
`suffix` varchar(300) NOT NULL default '</b>',
`message` longtext NOT NULL,
`date` date NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=8 ;

Alright. Here is private.php:



<?php //Include our config
include("includes/menu.php"); ?>
<table width="959" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="195" rowspan="3" valign="top">&nbsp;</td>
<td width="557" height="56" valign="top">&nbsp;</td>
<td width="207" rowspan="2" valign="top">&nbsp;</td>
</tr>
<tr>
<td height="281" valign="top"><table width="100%" border="1" cellpadding="0" cellspacing="0">

<tr>
<td height="38" colspan="3" valign="top"><?php //Echoing the session username
echo $_SESSION['username']; ?>'s Private Messages&nbsp;<br>
<a href="compose.php"><img src="images/compose.png" width="65" height="25" border="0"></a><?php echo"<a href=\"sentbox.php\">
<img src=\"images/sent.png\" width=\"65\" border=\"0\" height=\"25\" /></a>"; ?><br></td>
</tr>
<tr>
<td width="86" height="30" valign="top"><?php
//This is the private message query.
$pmsgs=mysql_query("SELECT * FROM privatemsg WHERE uidto='{$_SESSION['username']}'");
//This is the members query. We need the members query to select from members WHERE member id equals the private message uidto.
$members=mysql_query("SELECT * FROM members WHERE username='{$pmsgs['uidto']}'");
//Since it's only geeting one member, we do not need a while loop. Plus if you have a while loop with this the whole script goes funky :P
$member=mysql_fetch_array($members);
//We need to have the while loop on the privatemsg query because, it is getting more then one private message.
while($privatemsg=mysql_fetch_array($pmsgs)){
//Echoing the values
echo " <tr>
<td width=\"271\" height=\"21\" valign=\"top\"><a href=\"viewmsg.php?id={$privatemsg['id']}\">{$privatemsg['prefix']}{$privatemsg['subject']}{$privatemsg['suffix']}</td>

<td width=\"280\" valign=\"top\">From: {$grou['gprefix']}{$privatemsg['uidsent']}{$grou['gsuffix']}</td>

</tr>"; }
//You probably notice how I have the prefix part. Well, this lets you know if youve read the PM yet. When you send a PM it inserts the PM into the databse and the prefix is <b> and the suffix is </b>. and when you view the Private Message it updates the prefix and suffix to NULL.
?>

&nbsp;</td>
</table></td>
</tr>
<tr>
<td height="126" colspan="2" valign="top">&nbsp;</td>
</tr>
</table>

Here is viewmsg.php


<?php //Including our config again
include("includes/menu.php"); ?>
<table width="959" border="0" cellpadding="0" cellspacing="0">

<?php
//Update the Private Message so it isn't bold anymore.
$id=$_GET['id'];
$result = mysql_query("UPDATE privatemsg SET prefix='' WHERE id='$id'")
or die(mysql_error());
$result = mysql_query("SELECT * FROM privatemsg WHERE id='$id'");
?>
<tr>
<td width="195" rowspan="3" valign="top">&nbsp;</td>
<td width="557" height="56" valign="top">&nbsp;</td>
<td width="207" rowspan="2" valign="top">&nbsp;</td>
</tr>
<tr>
<td height="281" valign="top"><table width="100%" border="1" cellpadding="0" cellspacing="0">
<tr>
<td height="38" colspan="3" valign="top"><?php echo $_SESSION['username']; ?>'s Private Messages&nbsp;<br>
<?php $id=$_GET['id'];
echo "<a href=\"replymsg.php?id={$id}\"><img src=\"images/reply.png\" border=\"0\" width=\"65\" height=\"25\"></a>";
echo"<a href=\"sentbox.php\"><img src=\"images/sent.png\" width=\"65\" height=\"25\" /></a>"; ?>
<br></td>
</tr>
<tr>
<td width="86" height="30" valign="top"><?php
$pmsgs=mysql_query("SELECT * FROM privatemsg WHERE id='$id'");
$members=mysql_query("SELECT * FROM members WHERE username='{$privatemsg['uidto']}'");
$member=mysql_fetch_array($members);
while($privatemsg=mysql_fetch_array($pmsgs)){
echo "Private Message by {$privatemsg['uidsent']}";
echo "- Private Message to {$privatemsg['uidto']}";
echo " <tr>
<td width=\"271\" height=\"190\" bgcolor=\"#FFFFFF\" valign=\"top\"><span style=\"color: #000000;\">";
if($_SESSION['username'] =="{$privatemsg['uidto']}" ) include("includes/bbcodepms.php");
else echo "Private Message not found.";echo"</td>
</tr>"; } ?>&nbsp;</td>

</table></td>
</tr>
<tr>
<td height="126" colspan="2" valign="top">&nbsp;</td>
</tr>
</table>

compose.php


<?php include("includes/menu.php"); ?><table width="959" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="195" height="56">&nbsp;</td>
<td width="557">&nbsp;</td>
<td width="207">&nbsp;</td>
</tr>
<tr>
<td height="281">&nbsp;</td>
<td valign="top"><table width="100%" border="1" cellpadding="0" cellspacing="0">
<tr>
<td height="38" colspan="2" valign="top"><label>
<form name="form1" method="post" action="sendmsg.php"><input name="uidto" type="text" id="uidto" value="Please type one username per message." size="90">
</label></td>
</tr>
<tr>
<td height="27" colspan="2" valign="top">
<label>
<input name="subject" type="text" id="subject" size="90">
</label> </td>
<tr>
<td height="184" colspan="2" valign="top"><label>
<textarea name="message" id="message" cols="89" rows="10"></textarea>
</label></td>
<tr>
<td width="261" height="48" valign="top"><label>
<input name="uidsent" type="hidden" value="<?php echo $_SESSION['username']; ?>" id="uidsent" size="1">
<input type="submit" name="button" id="button" value="Submit"></form>
</label></td>
<td width="290">&nbsp;</td>
</table></td>
<td>&nbsp;</td>
</tr>
<tr>
<td height="126">&nbsp;</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
</table>

sendmsg.php


<?php include("includes/menu.php");
//Posting all the fields that are appropriate
$uidto = $_POST['uidto'];
$uidsent = $_POST['uidsent'];
$subject = $_POST['subject'];
$message = $_POST['message'];
//Inserting the fields into the DB.
mysql_query("INSERT INTO privatemsg(uidto,uidsent,subject,message)VALUES('$uidto','$uidsent','$subject','$message')");
mysql_query("INSERT INTO sent(uidto,uidsent,subject,message)VALUES('$uidto','$uidsent','$subject','$message')");
//Update the Private Message so it is bold when reached to the member.
$result = mysql_query("UPDATE privatemsg SET prefix='<b>' WHERE id='$id'");
$result = mysql_query("UPDATE privatemsg SET suffix='</b>' WHERE id='$id'");
$result = mysql_query("SELECT * FROM privatemsg WHERE id='$id'");
?>

Now, I am darn sure that I had something in there that made it where when you typed the username in the compose.php, Then in sendmsg.php, it would change that username to an id. Weird..

Anyways, If any of you notice how my code isn't really lined up and it's ugly, I still am trying to make it cleaner.

Anyways,
I hope this tutorial helps soome people. :)

Thanks.

jack22
04-09-2009, 10:09 AM
Hi i think you forgot to add the page sentbox.php

sea4me
04-18-2009, 05:10 AM
I think you should make a .zip and host it somewhere so people that are lazy :p can get it easily....
(no offense) :D

jamesk
05-30-2009, 10:16 PM
I agree with the .zip file thing. Is it for a Forum or just a website?

Also, what is: includes/menu.php

Is that included? I'm confused :-\.

Sorry, i'm new to all this :P

azpilot2211
08-01-2009, 07:44 PM
Hi Dane, thanks for the code. I have a few questions about getting it to work.


$members=mysql_query("SELECT * FROM members WHERE username='{$pmsgs['uidto']}'");

The members table. did you leave this out or is this our current members database?

I think thats the only Q i have on private.php code.......

more Q's to follow?

Zangeel
08-01-2009, 10:09 PM
$id=$_GET['id'];
$result = mysql_query("UPDATE privatemsg SET prefix='' WHERE id='$id'")


Suppose someone alters the URL like ...id?=' AND DROP TABLE `users`");# or whatever.

You can use


$id = (int) $_GET['id']; //if it's numerical or if it's not mysql_real_escape_string

larry1
08-17-2009, 05:13 PM
Thanks for the code.

codymbecker
09-14-2009, 08:10 AM
! MISSING !

include("include/bbcodepms.php");

codymbecker
09-14-2009, 08:15 AM
Ok brother can you please help me out, i need this to work. Your are missing:


Sentbox.php
reply.php
the pictures for those
include("include/bbcodepms.php");


I really need these asap. Please eMail me or anybody that has the code.

codymbecker@gmail.com

pavsid
10-14-2009, 08:05 PM
Just a question, what are the prefix and suffix columns for in the db? and why are they 300 characters large?

deadlyalive22
01-10-2010, 12:22 PM
i need an example for the session checker, i have already made a login, but i dont have any idea on how to check the session to proceed with the other pages...



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum