Private Message system

Dane · 11-22-2008, 08:51 AM

Hey.

I just figured I'd submit this tutorial.
It's not the most secure way but hey, it works, it's good, and it's fun

I guess I can explain it while I go xD

Anyways,

First we need to create our table.

I named mine privatemsg.
Here is the SQL:

Code:

CREATE TABLE IF NOT EXISTS `privatemsg` (
  `id` int(11) NOT NULL auto_increment,
  `uidto` varchar(90) NOT NULL,
  `uidsent` varchar(90) NOT NULL,
  `prefix` varchar(300) NOT NULL default '<b>',
  `subject` varchar(90) NOT NULL,
  `suffix` varchar(300) NOT NULL default '</b>',
  `message` longtext NOT NULL,
  `date` date NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=8 ;

Alright. Here is private.php:

PHP Code:


			
<?php //Include our config 

include("includes/menu.php"); ?>

<table width="959" border="0" cellpadding="0" cellspacing="0">

  <tr>

    <td width="195" rowspan="3" valign="top">&nbsp;</td>

    <td width="557" height="56" valign="top">&nbsp;</td>

    <td width="207" rowspan="2" valign="top">&nbsp;</td>

  </tr>

  <tr>

    <td height="281" valign="top"><table width="100%" border="1" cellpadding="0" cellspacing="0">



     <tr>

<td height="38" colspan="3" valign="top"><?php //Echoing the session username

echo $_SESSION['username']; ?>'s Private Messages&nbsp;<br>        

<a href="compose.php"><img src="images/compose.png" width="65" height="25" border="0"></a><?php echo"<a href=\"sentbox.php\">

<img src=\"images/sent.png\" width=\"65\" border=\"0\" height=\"25\" /></a>"; ?><br></td>

</tr>

<tr>

<td width="86" height="30" valign="top"><?php 

//This is the private message query.

$pmsgs=mysql_query("SELECT * FROM privatemsg WHERE uidto='{$_SESSION['username']}'");

//This is the members query. We need the members query to select from members WHERE member id equals the private message uidto.

$members=mysql_query("SELECT * FROM members WHERE username='{$pmsgs['uidto']}'");

//Since it's only geeting one member, we do not need a while loop. Plus if you have a while loop with this the whole script goes funky :P

$member=mysql_fetch_array($members);

//We need to have the while loop on the privatemsg query because, it is getting more then one private message.

while($privatemsg=mysql_fetch_array($pmsgs)){

        //Echoing the values

        echo " <tr>

        <td width=\"271\" height=\"21\" valign=\"top\"><a href=\"viewmsg.php?id={$privatemsg['id']}\">{$privatemsg['prefix']}{$privatemsg['subject']}{$privatemsg['suffix']}</td>



        <td width=\"280\" valign=\"top\">From: {$grou['gprefix']}{$privatemsg['uidsent']}{$grou['gsuffix']}</td>



      </tr>"; } 

      //You probably notice how I have the prefix part. Well, this lets you know if youve read the PM yet. When you send a PM it inserts the PM into the databse and the prefix is <b> and the suffix is </b>. and when you view the Private Message it updates the prefix and suffix to NULL.

      ?>

      

      &nbsp;</td>

    </table></td>

  </tr>

  <tr>

    <td height="126" colspan="2" valign="top">&nbsp;</td>

  </tr>

</table>

Here is viewmsg.php

PHP Code:


			
<?php //Including our config again

include("includes/menu.php"); ?>

<table width="959"  border="0" cellpadding="0" cellspacing="0">



<?php 

//Update the Private Message so it isn't bold anymore.

$id=$_GET['id'];

$result = mysql_query("UPDATE privatemsg SET prefix='' WHERE id='$id'") 

or die(mysql_error());  

$result = mysql_query("SELECT * FROM privatemsg WHERE id='$id'");

?>

<tr>

<td width="195" rowspan="3" valign="top">&nbsp;</td>

<td width="557" height="56" valign="top">&nbsp;</td>

<td width="207" rowspan="2" valign="top">&nbsp;</td>

</tr>

<tr>

<td height="281" valign="top"><table width="100%" border="1" cellpadding="0" cellspacing="0">

<tr>

<td height="38" colspan="3" valign="top"><?php echo $_SESSION['username']; ?>'s Private Messages&nbsp;<br>       

<?php $id=$_GET['id'];

echo "<a href=\"replymsg.php?id={$id}\"><img src=\"images/reply.png\" border=\"0\" width=\"65\" height=\"25\"></a>"; 

echo"<a href=\"sentbox.php\"><img src=\"images/sent.png\" width=\"65\" height=\"25\" /></a>"; ?>

<br></td>

</tr>

<tr>

<td width="86" height="30" valign="top"><?php 

$pmsgs=mysql_query("SELECT * FROM privatemsg WHERE id='$id'");

$members=mysql_query("SELECT * FROM members WHERE username='{$privatemsg['uidto']}'");

$member=mysql_fetch_array($members);

while($privatemsg=mysql_fetch_array($pmsgs)){

echo "Private Message by {$privatemsg['uidsent']}";

echo "- Private Message to {$privatemsg['uidto']}";

echo " <tr>

<td width=\"271\" height=\"190\" bgcolor=\"#FFFFFF\" valign=\"top\"><span style=\"color: #000000;\">";

if($_SESSION['username'] =="{$privatemsg['uidto']}" )    include("includes/bbcodepms.php");

else echo "Private Message not found.";echo"</td>

</tr>"; } ?>&nbsp;</td>



  </table></td>

  </tr>

  <tr>

    <td height="126" colspan="2" valign="top">&nbsp;</td>

  </tr>

</table>

compose.php

PHP Code:


			
<?php include("includes/menu.php"); ?><table width="959" border="0" cellpadding="0" cellspacing="0">

  <tr>

    <td width="195" height="56">&nbsp;</td>

    <td width="557">&nbsp;</td>

    <td width="207">&nbsp;</td>

  </tr>

  <tr>

    <td height="281">&nbsp;</td>

    <td valign="top"><table width="100%" border="1" cellpadding="0" cellspacing="0">

      <tr>

        <td height="38" colspan="2" valign="top"><label>

          <form name="form1" method="post" action="sendmsg.php"><input name="uidto" type="text" id="uidto" value="Please type one username per message." size="90">

        </label></td>

        </tr>

      <tr>

        <td height="27" colspan="2" valign="top">

          <label>

            <input name="subject" type="text" id="subject" size="90">

            </label>       </td>

      <tr>

        <td height="184" colspan="2" valign="top"><label>

          <textarea name="message" id="message" cols="89" rows="10"></textarea>

        </label></td>

      <tr>

        <td width="261" height="48" valign="top"><label>

          <input name="uidsent" type="hidden" value="<?php echo $_SESSION['username']; ?>" id="uidsent" size="1">

          <input type="submit" name="button" id="button" value="Submit"></form> 

        </label></td>

        <td width="290">&nbsp;</td>

    </table></td>

    <td>&nbsp;</td>

  </tr>

  <tr>

    <td height="126">&nbsp;</td>

    <td>&nbsp;</td>

    <td>&nbsp;</td>

  </tr>

</table>

sendmsg.php

PHP Code:


			
<?php include("includes/menu.php"); 

//Posting all the fields that are appropriate

$uidto   = $_POST['uidto'];

$uidsent = $_POST['uidsent'];

$subject = $_POST['subject'];

$message = $_POST['message'];

//Inserting the fields into the DB.

mysql_query("INSERT INTO privatemsg(uidto,uidsent,subject,message)VALUES('$uidto','$uidsent','$subject','$message')");

mysql_query("INSERT INTO sent(uidto,uidsent,subject,message)VALUES('$uidto','$uidsent','$subject','$message')");

//Update the Private Message so it is bold when reached to the member.

$result = mysql_query("UPDATE privatemsg SET prefix='<b>' WHERE id='$id'");

$result = mysql_query("UPDATE privatemsg SET suffix='</b>' WHERE id='$id'");

$result = mysql_query("SELECT * FROM privatemsg WHERE id='$id'");

?>

Now, I am darn sure that I had something in there that made it where when you typed the username in the compose.php, Then in sendmsg.php, it would change that username to an id. Weird..

Anyways, If any of you notice how my code isn't really lined up and it's ugly, I still am trying to make it cleaner.

Anyways,
I hope this tutorial helps soome people.

Thanks.

jack22 · 04-09-2009, 09:09 AM

Hi i think you forgot to add the page sentbox.php

sea4me · 04-18-2009, 04:10 AM

I think you should make a .zip and host it somewhere so people that are lazy

can get it easily....
(no offense)

jamesk · 05-30-2009, 09:16 PM

I agree with the .zip file thing. Is it for a Forum or just a website?

Also, what is: includes/menu.php

Is that included? I'm confused :-\.

Sorry, i'm new to all this :P

azpilot2211 · 08-01-2009, 06:44 PM

Hi Dane, thanks for the code. I have a few questions about getting it to work.

PHP Code:


			
$members=mysql_query("SELECT * FROM members WHERE username='{$pmsgs['uidto']}'");

The members table. did you leave this out or is this our current members database?

I think thats the only Q i have on private.php code.......

more Q's to follow?

Zangeel · 08-01-2009, 09:09 PM

PHP Code:


			
$id=$_GET['id']; 
$result = mysql_query("UPDATE privatemsg SET prefix='' WHERE id='$id'")

Suppose someone alters the URL like ...id?=' AND DROP TABLE `users`");# or whatever.

You can use

PHP Code:


			
$id = (int) $_GET['id']; //if it's numerical or if it's not mysql_real_escape_string

larry1 · 08-17-2009, 04:13 PM

Thanks for the code.

codymbecker · 09-14-2009, 07:10 AM

! MISSING !

include("include/bbcodepms.php");

codymbecker · 09-14-2009, 07:15 AM

Ok brother can you please help me out, i need this to work. Your are missing:

Sentbox.php
reply.php
the pictures for those
include("include/bbcodepms.php");

I really need these asap. Please eMail me or anybody that has the code.

codymbecker@gmail.com

pavsid · 10-14-2009, 07:05 PM

Just a question, what are the prefix and suffix columns for in the db? and why are they 300 characters large?

deadlyalive22 · 01-10-2010, 11:22 AM

i need an example for the session checker, i have already made a login, but i dont have any idea on how to check the session to proceed with the other pages...