[PHP]Simple PM System Part 2
Hey guys this is part two of the Simple Private Messaging System tutorial, if you have yet to do part 1 it can
be found
hereI advise doing part 1 first not only because its logical but... Well this part won't make sense if you don't.
Done? good, lets begin...
In part one i spoke of sending pm's and replying to them also making an outbox. Well that is what we will
cover in this section.
Sending A PMMost the processing of a pm must be done before it hits the database so this is where we will do it. As
standard you must always secure this part of the script otherwise your gonna have trouble.
send.htmlthis will be the form to collect the information.
<form action="send.php" method="post" name="sendpm">
<table>
<tr>
<td>
To Username
</td>
<td>
<input type="text" name="touser" id="touser" />
</td>
</tr>
<tr>
<td>
Subject
</td>
<td>
<input type="text" name="subject" id="subject" />
</td>
</tr>
<tr>
<td>
Message
</td>
<td>
<textarea name="message" cols="60" rows="10" id="message"></textarea>
</td>
</tr>
<tr>
<td colspan="2">
<input type="submit" value="Send PM" />
</td>
</tr>
</table>
</form>
The above form in send.html is sent to send.php as set in the action of the form. So this is where the
processing will take place.
we will start by again ensuring that the user is logged in and thus has the permissions to send this pm
however i have covered this in the last part so I won't go over it again.
We then will check each post var and "clean" it if you will and to do this i usually write a simple function
that i use on all my post vars.
function cleanPost($str) {
$str = addslashes($str);
$str = htmlspecialchars($str);
}
just save's time when processing forms (you can add to this your most used post processing functions).
so we need to get each post var and process it.
$touser = cleanPost($_POST['touser']);
$subject = cleanPost($_POST['subject']);
$msg = cleanPost($_POST['message']);
// preprocessed vars
$fromuser = $_SESSION['username'];
$time = time();
// check to see if the form is valid
# form security would go here
// insert query
$sql = mysql_query("INSERT INTO `pms`
(`id`,`touser`,`fromuser`,`subject`,`message`,`read`,`deleted`,`datesent`) VALUES (NULL, '$touser',
'$fromuser', '$subject', '$msg', '0', '0','$time')");
// redirect away from post page.
header('location: thanks.html');
The above basically checks the vars are clean where the form security is i recommend that you add it here.
basically all you need is a conditional statement to check if the data inputted is not empty and/or conforms
to what data you want, i'm not going to cover that in this tutorial however.
so thats basically the send/reply feature pretty much covered.
Read Featurenow you may add in a little more funtionality into the inbox by adding the read feature. Notice we had the
read column in the first part of the tutorial, well we are going to make a slight modification to the
inbox.php and view.php files.
inbox.phpwhere we had this piece of code in the inbox file
<table width='95%'>
<tr><th>From</th><th>Subject</th><th>Date</th></tr>
<?php
while($r = mysql_fetch_object($sql)) {
$r-subject = stripslashes($r->subject);
$r->datesent = gmdate('d/\m/\y g:ia');
echo "<tr><td>$r->fromuser</td><td><a href='view.php?id=$r->id'>$r->subject</a></td><td>$r-
>datesent</td></tr>";
}
?>
</table>
we are adding in a function to show a different type of envelope when the pm is read.
so change it to this.
<table width='95%'>
<tr><th> </th><th>From</th><th>Subject</th><th>Date</th></tr>
<?php
while($r = mysql_fetch_object($sql)) {
$r-subject = stripslashes($r->subject);
$r->datesent = gmdate('d/\m/\y g:ia');
if($r->read = "0") {
$read = "path/to/notread.gif";
}
else {
$read = "path/to/read.gif";
}
echo "<tr><td><img src='".$read."' /></td><td>$r->fromuser</td><td><a href='view.php?id=$r->id'>$r-
>subject</a></td><td>$r->datesent</td></tr>";
}
?>
</table>
now your gonna need to know when the pm is read SO what we will do is check it when we read the pm. This is
done with a little modification of the view.php file
view.phpafter this
while($r= mysql_fetch_object($grab_pm)) {
add this
if($r->read == "0") { $update = mysql_query("UPDATE `pms` SET `read` = '1' WHERE `id` = '$r->id' LIMIT 1"); }
that basically updates the read flag if the pm is read and the flag is set to 0.
OutboxOk the outbox is probably the most difficult to do although its not that hard it requires some modification of
the original database as we need to add an outbox delete function
to the database add a row outdel with an enum('0','1') with default of 0.
basically the outbox is the reverse of the inbox so we need to check for any pms sent where the fromuser
matches the user that is logged in.
so as before
outbox.php
if(session_is_registered('SESSION_NAME')) {
$fromuser = $_SESSION['username'];
$sql = mysql_query("SELECT * FROM `pms` WHERE `fromuser` = '$fromuser' AND `outdel` = '0' ORDER BY
`datesent` DESC");
?>
<table width='95%'>
<tr><th>From</th><th>Subject</th><th>Date</th></tr>
<?php
while($r = mysql_fetch_object($sql)) {
$r-subject = stripslashes($r->subject);
$r->datesent = gmdate('d/\m/\y g:ia');
echo "<tr><td>$r->touser</td><td><a href='view.php?id=$r->id'>$r->subject</a></td><td>$r-
>datesent</td></tr>";
}
?>
</table>
<?php
// end if
}
the outbox view will be a slight variation of the view.php
if(session_is_registered('SESSION_NAME')) {
$id = @$_GET['id'];
$fromuser = $_SESSION['username'];
if(!isset($id)) {
header('location: inbox.php');
}
elseif(isset($id)) {
$grab_pm = mysql_query("SELECT * FROM `pms` WHERE `fromuser` = '$fromuser' AND `id` = '$id'");
while($r= mysql_fetch_object($grab_pm)) {
$r->subject = stripslashes($r->subject);
$r->message = stripslashes($r->message);
$r->message = nl2br($r->message);
echo "<h2>$r->subject</h2>";
echo "<p>$r->message</p>";
echo "<p>From: $r->fromuser On: $r->datesent</p>";
}
}
}
and thats basically it....
oh and to add delete functions you just need to call the id of the pm in the database and update the delete or outdel flag and put it to 1.
hope this tutorial has helped and again i'd love to see any finished results on this.
Last Edit: Feb 25, 2009 21:45:46 GMT by Llanilek
