Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Registered User
    Join Date
    Oct 2008
    Posts
    42
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Private Message system

    Hey.

    I just figured I'd submit this tutorial.
    It's not the most secure way but hey, it works, it's good, and it's fun

    I guess I can explain it while I go xD

    Anyways,

    First we need to create our table.

    I named mine privatemsg.
    Here is the SQL:
    Code:
    CREATE TABLE IF NOT EXISTS `privatemsg` (
      `id` int(11) NOT NULL auto_increment,
      `uidto` varchar(90) NOT NULL,
      `uidsent` varchar(90) NOT NULL,
      `prefix` varchar(300) NOT NULL default '<b>',
      `subject` varchar(90) NOT NULL,
      `suffix` varchar(300) NOT NULL default '</b>',
      `message` longtext NOT NULL,
      `date` date NOT NULL,
      PRIMARY KEY  (`id`)
    ) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=8 ;
    Alright. Here is private.php:


    PHP Code:
    <?php //Include our config 
    include("includes/menu.php"); ?>
    <table width="959" border="0" cellpadding="0" cellspacing="0">
      <tr>
        <td width="195" rowspan="3" valign="top">&nbsp;</td>
        <td width="557" height="56" valign="top">&nbsp;</td>
        <td width="207" rowspan="2" valign="top">&nbsp;</td>
      </tr>
      <tr>
        <td height="281" valign="top"><table width="100%" border="1" cellpadding="0" cellspacing="0">

         <tr>
    <td height="38" colspan="3" valign="top"><?php //Echoing the session username
    echo $_SESSION['username']; ?>'s Private Messages&nbsp;<br>        
    <a href="compose.php"><img src="images/compose.png" width="65" height="25" border="0"></a><?php echo"<a href=\"sentbox.php\">
    <img src=\"images/sent.png\" width=\"65\" border=\"0\" height=\"25\" /></a>"
    ?><br></td>
    </tr>
    <tr>
    <td width="86" height="30" valign="top"><?php 
    //This is the private message query.
    $pmsgs=mysql_query("SELECT * FROM privatemsg WHERE uidto='{$_SESSION['username']}'");
    //This is the members query. We need the members query to select from members WHERE member id equals the private message uidto.
    $members=mysql_query("SELECT * FROM members WHERE username='{$pmsgs['uidto']}'");
    //Since it's only geeting one member, we do not need a while loop. Plus if you have a while loop with this the whole script goes funky :P
    $member=mysql_fetch_array($members);
    //We need to have the while loop on the privatemsg query because, it is getting more then one private message.
    while($privatemsg=mysql_fetch_array($pmsgs)){
            
    //Echoing the values
            
    echo " <tr>
            <td width=\"271\" height=\"21\" valign=\"top\"><a href=\"viewmsg.php?id={$privatemsg['id']}\">{$privatemsg['prefix']}{$privatemsg['subject']}{$privatemsg['suffix']}</td>

            <td width=\"280\" valign=\"top\">From: {$grou['gprefix']}{$privatemsg['uidsent']}{$grou['gsuffix']}</td>

          </tr>"
    ; } 
          
    //You probably notice how I have the prefix part. Well, this lets you know if youve read the PM yet. When you send a PM it inserts the PM into the databse and the prefix is <b> and the suffix is </b>. and when you view the Private Message it updates the prefix and suffix to NULL.
          
    ?>
          
          &nbsp;</td>
        </table></td>
      </tr>
      <tr>
        <td height="126" colspan="2" valign="top">&nbsp;</td>
      </tr>
    </table>
    Here is viewmsg.php

    PHP Code:
    <?php //Including our config again
    include("includes/menu.php"); ?>
    <table width="959"  border="0" cellpadding="0" cellspacing="0">

    <?php 
    //Update the Private Message so it isn't bold anymore.
    $id=$_GET['id'];
    $result mysql_query("UPDATE privatemsg SET prefix='' WHERE id='$id'"
    or die(
    mysql_error());  
    $result mysql_query("SELECT * FROM privatemsg WHERE id='$id'");
    ?>
    <tr>
    <td width="195" rowspan="3" valign="top">&nbsp;</td>
    <td width="557" height="56" valign="top">&nbsp;</td>
    <td width="207" rowspan="2" valign="top">&nbsp;</td>
    </tr>
    <tr>
    <td height="281" valign="top"><table width="100%" border="1" cellpadding="0" cellspacing="0">
    <tr>
    <td height="38" colspan="3" valign="top"><?php echo $_SESSION['username']; ?>'s Private Messages&nbsp;<br>       
    <?php $id=$_GET['id'];
    echo 
    "<a href=\"replymsg.php?id={$id}\"><img src=\"images/reply.png\" border=\"0\" width=\"65\" height=\"25\"></a>"
    echo
    "<a href=\"sentbox.php\"><img src=\"images/sent.png\" width=\"65\" height=\"25\" /></a>"?>
    <br></td>
    </tr>
    <tr>
    <td width="86" height="30" valign="top"><?php 
    $pmsgs
    =mysql_query("SELECT * FROM privatemsg WHERE id='$id'");
    $members=mysql_query("SELECT * FROM members WHERE username='{$privatemsg['uidto']}'");
    $member=mysql_fetch_array($members);
    while(
    $privatemsg=mysql_fetch_array($pmsgs)){
    echo 
    "Private Message by {$privatemsg['uidsent']}";
    echo 
    "- Private Message to {$privatemsg['uidto']}";
    echo 
    " <tr>
    <td width=\"271\" height=\"190\" bgcolor=\"#FFFFFF\" valign=\"top\"><span style=\"color: #000000;\">"
    ;
    if(
    $_SESSION['username'] =="{$privatemsg['uidto']}" )    include("includes/bbcodepms.php");
    else echo 
    "Private Message not found.";echo"</td>
    </tr>"
    ; } ?>&nbsp;</td>

      </table></td>
      </tr>
      <tr>
        <td height="126" colspan="2" valign="top">&nbsp;</td>
      </tr>
    </table>
    compose.php

    PHP Code:
    <?php include("includes/menu.php"); ?><table width="959" border="0" cellpadding="0" cellspacing="0">
      <tr>
        <td width="195" height="56">&nbsp;</td>
        <td width="557">&nbsp;</td>
        <td width="207">&nbsp;</td>
      </tr>
      <tr>
        <td height="281">&nbsp;</td>
        <td valign="top"><table width="100%" border="1" cellpadding="0" cellspacing="0">
          <tr>
            <td height="38" colspan="2" valign="top"><label>
              <form name="form1" method="post" action="sendmsg.php"><input name="uidto" type="text" id="uidto" value="Please type one username per message." size="90">
            </label></td>
            </tr>
          <tr>
            <td height="27" colspan="2" valign="top">
              <label>
                <input name="subject" type="text" id="subject" size="90">
                </label>       </td>
          <tr>
            <td height="184" colspan="2" valign="top"><label>
              <textarea name="message" id="message" cols="89" rows="10"></textarea>
            </label></td>
          <tr>
            <td width="261" height="48" valign="top"><label>
              <input name="uidsent" type="hidden" value="<?php echo $_SESSION['username']; ?>" id="uidsent" size="1">
              <input type="submit" name="button" id="button" value="Submit"></form> 
            </label></td>
            <td width="290">&nbsp;</td>
        </table></td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td height="126">&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
    </table>
    sendmsg.php

    PHP Code:
    <?php include("includes/menu.php"); 
    //Posting all the fields that are appropriate
    $uidto   $_POST['uidto'];
    $uidsent $_POST['uidsent'];
    $subject $_POST['subject'];
    $message $_POST['message'];
    //Inserting the fields into the DB.
    mysql_query("INSERT INTO privatemsg(uidto,uidsent,subject,message)VALUES('$uidto','$uidsent','$subject','$message')");
    mysql_query("INSERT INTO sent(uidto,uidsent,subject,message)VALUES('$uidto','$uidsent','$subject','$message')");
    //Update the Private Message so it is bold when reached to the member.
    $result mysql_query("UPDATE privatemsg SET prefix='<b>' WHERE id='$id'");
    $result mysql_query("UPDATE privatemsg SET suffix='</b>' WHERE id='$id'");
    $result mysql_query("SELECT * FROM privatemsg WHERE id='$id'");
    ?>
    Now, I am darn sure that I had something in there that made it where when you typed the username in the compose.php, Then in sendmsg.php, it would change that username to an id. Weird..

    Anyways, If any of you notice how my code isn't really lined up and it's ugly, I still am trying to make it cleaner.

    Anyways,
    I hope this tutorial helps soome people.

    Thanks.

  • #2
    New to the CF scene
    Join Date
    Apr 2009
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    page

    Hi i think you forgot to add the page sentbox.php

  • #3
    Regular Coder sea4me's Avatar
    Join Date
    Jan 2009
    Location
    Damn, I don't know...
    Posts
    390
    Thanks
    11
    Thanked 28 Times in 27 Posts
    I think you should make a .zip and host it somewhere so people that are lazy can get it easily....
    (no offense)

  • #4
    New Coder
    Join Date
    Apr 2009
    Location
    UK
    Posts
    56
    Thanks
    5
    Thanked 1 Time in 1 Post
    I agree with the .zip file thing. Is it for a Forum or just a website?

    Also, what is: includes/menu.php

    Is that included? I'm confused :-\.

    Sorry, i'm new to all this :P

  • #5
    New to the CF scene
    Join Date
    Aug 2009
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Dane, thanks for the code. I have a few questions about getting it to work.

    PHP Code:
    $members=mysql_query("SELECT * FROM members WHERE username='{$pmsgs['uidto']}'"); 
    The members table. did you leave this out or is this our current members database?

    I think thats the only Q i have on private.php code.......

    more Q's to follow?

  • #6
    Regular Coder Zangeel's Avatar
    Join Date
    Oct 2007
    Location
    public_html/
    Posts
    638
    Thanks
    17
    Thanked 79 Times in 79 Posts
    PHP Code:
    $id=$_GET['id']; 
    $result mysql_query("UPDATE privatemsg SET prefix='' WHERE id='$id'"
    Suppose someone alters the URL like ...id?=' AND DROP TABLE `users`");# or whatever.

    You can use

    PHP Code:
    $id = (int) $_GET['id']; //if it's numerical or if it's not mysql_real_escape_string 
    PHP Code:
    $aString is_string((string)array()) ? true false// true :D 
    [/CENTER]

  • #7
    New to the CF scene
    Join Date
    Aug 2009
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the code.

  • #8
    New to the CF scene
    Join Date
    Sep 2009
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ! MISSING !

    include("include/bbcodepms.php");

  • #9
    New to the CF scene
    Join Date
    Sep 2009
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Exclamation Help!

    Ok brother can you please help me out, i need this to work. Your are missing:

    • Sentbox.php
    • reply.php
    • the pictures for those
    • include("include/bbcodepms.php");


    I really need these asap. Please eMail me or anybody that has the code.

    codymbecker@gmail.com

  • #10
    New to the CF scene
    Join Date
    May 2009
    Posts
    5
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Just a question, what are the prefix and suffix columns for in the db? and why are they 300 characters large?

  • #11
    New to the CF scene
    Join Date
    Jan 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Lightbulb help plss =)

    i need an example for the session checker, i have already made a login, but i dont have any idea on how to check the session to proceed with the other pages...
    Last edited by deadlyalive22; 01-10-2010 at 02:42 PM.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •