Please login or register. Welcome to the Studio, guest!


Quick Links:


newBookmarkLockedFalling

Llanilek

Llanilek Avatar
Former Elite Mod

****
Dedicated Studio Member

931


October 2005
[PHP]Simple PM System Part 2

Hey guys this is part two of the Simple Private Messaging System tutorial, if you have yet to do part 1 it can

be found here

I advise doing part 1 first not only because its logical but... Well this part won't make sense if you don't.

Done? good, lets begin...

In part one i spoke of sending pm's and replying to them also making an outbox. Well that is what we will

cover in this section.

Sending A PM

Most the processing of a pm must be done before it hits the database so this is where we will do it. As

standard you must always secure this part of the script otherwise your gonna have trouble.

send.html

this will be the form to collect the information.


<form action="send.php" method="post" name="sendpm">
<table>
<tr>
<td>
To Username
</td>
<td>
<input type="text" name="touser" id="touser" />
</td>
</tr>
<tr>
<td>
Subject
</td>
<td>
<input type="text" name="subject" id="subject" />
</td>
</tr>
<tr>
<td>
Message
</td>
<td>
<textarea name="message" cols="60" rows="10" id="message"></textarea>
</td>
</tr>
<tr>
<td colspan="2">
<input type="submit" value="Send PM" />
</td>
</tr>
</table>
</form>


send.php

The above form in send.html is sent to send.php as set in the action of the form. So this is where the

processing will take place.

we will start by again ensuring that the user is logged in and thus has the permissions to send this pm

however i have covered this in the last part so I won't go over it again.

We then will check each post var and "clean" it if you will and to do this i usually write a simple function

that i use on all my post vars.


function cleanPost($str) {

$str = addslashes($str);
$str = htmlspecialchars($str);

}


just save's time when processing forms (you can add to this your most used post processing functions).

so we need to get each post var and process it.


$touser = cleanPost($_POST['touser']);
$subject = cleanPost($_POST['subject']);
$msg = cleanPost($_POST['message']);

// preprocessed vars
$fromuser = $_SESSION['username'];
$time = time();

// check to see if the form is valid
# form security would go here

// insert query
$sql = mysql_query("INSERT INTO `pms`

(`id`,`touser`,`fromuser`,`subject`,`message`,`read`,`deleted`,`datesent`) VALUES (NULL, '$touser',

'$fromuser', '$subject', '$msg', '0', '0','$time')");

// redirect away from post page.
header('location: thanks.html');


The above basically checks the vars are clean where the form security is i recommend that you add it here.

basically all you need is a conditional statement to check if the data inputted is not empty and/or conforms

to what data you want, i'm not going to cover that in this tutorial however.

so thats basically the send/reply feature pretty much covered.

Read Feature

now you may add in a little more funtionality into the inbox by adding the read feature. Notice we had the

read column in the first part of the tutorial, well we are going to make a slight modification to the

inbox.php and view.php files.

inbox.php

where we had this piece of code in the inbox file


<table width='95%'>

<tr><th>From</th><th>Subject</th><th>Date</th></tr>

<?php

while($r = mysql_fetch_object($sql)) {

$r-subject = stripslashes($r->subject);
$r->datesent = gmdate('d/\m/\y g:ia');

echo "<tr><td>$r->fromuser</td><td><a href='view.php?id=$r->id'>$r->subject</a></td><td>$r-

>datesent</td></tr>";


}

?>

</table>


we are adding in a function to show a different type of envelope when the pm is read.

so change it to this.


<table width='95%'>

<tr><th> </th><th>From</th><th>Subject</th><th>Date</th></tr>

<?php

while($r = mysql_fetch_object($sql)) {

$r-subject = stripslashes($r->subject);
$r->datesent = gmdate('d/\m/\y g:ia');

if($r->read = "0") {
$read = "path/to/notread.gif";
}
else {
$read = "path/to/read.gif";
}

echo "<tr><td><img src='".$read."' /></td><td>$r->fromuser</td><td><a href='view.php?id=$r->id'>$r-

>subject</a></td><td>$r->datesent</td></tr>";


}

?>

</table>


now your gonna need to know when the pm is read SO what we will do is check it when we read the pm. This is

done with a little modification of the view.php file

view.php

after this


while($r= mysql_fetch_object($grab_pm)) {


add this


if($r->read == "0") { $update = mysql_query("UPDATE `pms` SET `read` = '1' WHERE `id` = '$r->id' LIMIT 1"); }



that basically updates the read flag if the pm is read and the flag is set to 0.


Outbox


Ok the outbox is probably the most difficult to do although its not that hard it requires some modification of

the original database as we need to add an outbox delete function


to the database add a row outdel with an enum('0','1') with default of 0.


basically the outbox is the reverse of the inbox so we need to check for any pms sent where the fromuser

matches the user that is logged in.




so as before

outbox.php

if(session_is_registered('SESSION_NAME')) {

$fromuser = $_SESSION['username'];

$sql = mysql_query("SELECT * FROM `pms` WHERE `fromuser` = '$fromuser' AND `outdel` = '0' ORDER BY

`datesent` DESC");


?>

<table width='95%'>

<tr><th>From</th><th>Subject</th><th>Date</th></tr>

<?php

while($r = mysql_fetch_object($sql)) {

$r-subject = stripslashes($r->subject);
$r->datesent = gmdate('d/\m/\y g:ia');

echo "<tr><td>$r->touser</td><td><a href='view.php?id=$r->id'>$r->subject</a></td><td>$r-

>datesent</td></tr>";


}

?>

</table>

<?php
// end if
}



outview.php

the outbox view will be a slight variation of the view.php


if(session_is_registered('SESSION_NAME')) {
$id = @$_GET['id'];
$fromuser = $_SESSION['username'];

if(!isset($id)) {
header('location: inbox.php');
}
elseif(isset($id)) {

$grab_pm = mysql_query("SELECT * FROM `pms` WHERE `fromuser` = '$fromuser' AND `id` = '$id'");

while($r= mysql_fetch_object($grab_pm)) {

$r->subject = stripslashes($r->subject);
$r->message = stripslashes($r->message);
$r->message = nl2br($r->message);



echo "<h2>$r->subject</h2>";
echo "<p>$r->message</p>";
echo "<p>From: $r->fromuser On: $r->datesent</p>";


}

}

}



and thats basically it....

oh and to add delete functions you just need to call the id of the pm in the database and update the delete or outdel flag and put it to 1.

hope this tutorial has helped and again i'd love to see any finished results on this.


Last Edit: Feb 25, 2009 21:45:46 GMT by Llanilek

josh

josh Avatar

*
New Member

1


May 2009
Just want to say thanks, this is exactly what I was looking for.

Also, I prefer Notepad2 for editing PHP code :)

coryclark

coryclark Avatar

*
New Member

1


January 2010
I don't see how this tutorial was so hard to find! Thank you for sharing this Llanilek, it helped a lot.

pages

pages Avatar

*
New Member

1


March 2010
Hi first off i know this was last updated a year ago but thank you for putting the time and effort into making such a good tutorial for the basics of a PM system.

However when i try to implement i get a few problems .

My first one is sending messages seems to work fine but viewing the messages is another story entirely , when i click on the message subject the view.php or outview.php screen is completely blank .
If i do the SQL query into phpmyadmin it returns the correct rows so im not sure whats going wrong there. Even the echo statements are not appearing and i'm not being directed back to inbox.php by the
if(!isset($id)) {
header('location: inbox.php');
}

My second problem is all the dates are going slightly crazy , it seems as if its getting the current timestamp instead of the actual time it was sent .
for example 25/m/y 5:20pm is whats displaying for all my sent messages and all the messages in my inbox and it updates to the new time as i refresh it .


Heres the code of my view.php maybe you might find an error with it.

<?php
ob_start();
require_once('auth.php');
require_once('config.php');
require_once('opendb.php');
// view.php

session_start();

if(session_is_registered('SESS_USERNAME')) {
$id = @$_GET['id'];

if(!isset($id)) {
header('location: inbox.php');
}
elseif(isset($id)) {

$grab_pm = mysql_query("SELECT * FROM `pms` WHERE `touser` = '$touser' AND `id` = '$id'");

while($r= mysql_fetch_object($grab_pm)) {
if($r->read == "0") { $update = mysql_query("UPDATE `pms` SET `read` = '1' WHERE `id` = '$r->id' LIMIT 1"); }

$r->subject = stripslashes($r->subject);
$r->message = stripslashes($r->message);
$r->message = nl2br($r->message);



echo "<h2>$r->subject</h2>";
echo "<p>$r->message</p>";
echo "<p>From: $r->fromuser On: $r->datesent</p>";


}

}

}
ob_end_flush();
?>



Last Edit: Mar 25, 2010 17:24:52 GMT by pages

newBookmarkLockedFalling