liamloveslearning Posted May 26, 2008 Share Posted May 26, 2008 Hi, im not sure if this is in the correct board but I couldnt find it in the tutorials. I have a few questions and thought this to be the best place; first off im wondering if anybody knows links to tutorials in where I can create an advanced messaging system? im having trouble with creating a reply to message function and found myself giving up, also can anyone give me advice on outsourcing projects? is it reliable or would i be prone to hackers and people stealing my idea? thanks Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 26, 2008 Share Posted May 26, 2008 if you're going to outsource, i'd go to guru.com and look for someone with good ratings and in your budget. you can post a project and get proposals, but you aren't required to select one. Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 26, 2008 Author Share Posted May 26, 2008 Ahh thanks BlueSky, Can I ask your views on purchasing scripts? are they fairly easy to implement or? I have a huge task ahead in building the website I want and initially i thought this would be the perfect opportunity to learn php, however I seem to have dived in at the deep end :-\ Quote Link to comment Share on other sites More sharing options...
Gighalen Posted May 26, 2008 Share Posted May 26, 2008 Ahh thanks BlueSky, Can I ask your views on purchasing scripts? are they fairly easy to implement or? I have a huge task ahead in building the website I want and initially i thought this would be the perfect opportunity to learn php, however I seem to have dived in at the deep end :-\ You should never never never buy a script. If you can't code it yourself, you can always find it via Google. As far as your Reply feature goes, you need to have your script retrieve the first message body from the database and then insert it into the body after the new reply. Ex: $id is the ID of the message you are replying to. $body is the contents of the message you are replying to The textarea is the data for the body of the new message. Users will type the reply before the $message. $q=mysql_query("SELECT * FROM messages WHERE id='$id'"); $data = mysql_fetch_array($q); $message_suffix = $data['body']; echo " <textarea name=body>$message</textarea> "; Very crude example, but I believe that should give you a pretty good idea as to what you asked. Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 26, 2008 Author Share Posted May 26, 2008 ahh thats brilliant gighalen thanks a lot , so basically a reply function is just an update record function? and in which only needs to update the body and subject i suppose? thanks again Quote Link to comment Share on other sites More sharing options...
Gighalen Posted May 26, 2008 Share Posted May 26, 2008 No no no. If you did an update query, all it would do is update the original message, which is not what we want because in order to have a proper Inbox/Outbox, you need to be able to view all messages that were sent in their original state. What you want to do is do a query to return the 'body' of the first message and then insert it after the body of the new message, so that the contents of the new message and first message will sent to the database together when sending the new(reply) message. Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 26, 2008 Author Share Posted May 26, 2008 ahh brilliant, thanks Quote Link to comment Share on other sites More sharing options...
Gighalen Posted May 26, 2008 Share Posted May 26, 2008 Just let me know if you need anything else. Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 26, 2008 Author Share Posted May 26, 2008 ahh thanks, sorry to be a pain but ill have to take you up on that im quite new to this and having trouble echo'ing data from my "viewmsg" page; this is the code from both of my pages and im sure im doing everything right, unless my recordsets are wrong? below is my "view message page" <?php session_start(); $user = $_SESSION['kt_login_id']; //Are they logged in or not? if(!$user) { echo "<br><p>Blah blah you arent logged in and stuff, you should do that or something</p><br>"; } else { //We need to grab the msg_id variable from the URL. $msg_id = $_REQUEST['msg_id']; //Get all of the information about the message with and id number of the one sent through the URL $view_msg = mysql_query("SELECT * FROM messages_test WHERE id = '$msg_id'"); $msg = mysql_fetch_array($view_msg); $reciever = $msg['reciever']; $sender = $msg['sender']; $subject = $msg['subject']; $message = $msg['message']; $datetime = $msg['datetime']; //If the person who is supposed to recieve the message is the currently logged in user everything is good if($reciever == $user) { //The message was recieved, so lets update the message in the database so it wont show up in the sent page any more mysql_query("UPDATE messages_test SET recieved='1' WHERE id = '$msg_id'"); //Lets get the private message count, to display for the user $sql = mysql_query ("SELECT pm_count FROM members WHERE member_id='$user'"); $row = mysql_fetch_array ($sql); $pm_count = $row['pm_count']; //Calculate the percentage full $percent = $pm_count/'50'; $percent = $percent * '100'; //Now we will display the little navigation thing, the fullness of the inbox, then display message information stuff, like who its from, the subject, and the body ?> <center> <b> <table width="100%"> <tr> <td width="94" valign="middle" class="message_header">From</td> <td colspan="3" valign="middle" class="message_rows"><a href = "<?php echo "../member_profile.php?member_id=$sender"; ?>" class="message_rows_subject"><?php echo $sender; ?></a></td> </tr> <tr> <td width="94" valign="middle" class="message_header">Date</td> <td colspan="3" valign="middle" class="message_rows_subject"><?php echo $datetime; ?></td> </tr> <tr> <td width="94" valign="middle" class="message_header">Subject</td> <td colspan="3" valign="middle" class="message_rows_subject"><?php echo $subject; ?></td> </tr> <tr> <td width="94" valign="top" class="message_header">Body</td> <td height="300" colspan="3" valign="top" class="message_rows"><?php echo $message; ?></td> </tr> <tr> <td width="75" valign="top"><form id="form1" name="form1" method="post" action="mail_reply.php"> <label> <input type="submit" name="reply_msg" id="reply_msg" value="Reply" /> </label> <input name="id" type="hidden" id="id" value="<?php echo $row_reply_msg['id']; ?>" /> <input name="sender" type="hidden" id="sender" value="<?php echo $row_reply_msg['sender']; ?>" /> <input name="subject" type="hidden" id="subject" value="<?php echo $row_reply_msg['subject']; ?>" /> <input name="message" type="hidden" id="message" value="<?php echo $row_reply_msg['message']; ?>" /> </form> </td> <td width="75" valign="top"><form id="form2" name="form2" method="post" action=""> <label> <input type="submit" name="Save" id="Save" value="Save" /> </label> </form> </td> <td width="75" valign="top"><form id="form3" name="form3" method="post" action=""> <label> <input type="submit" name="Delete" id="Delete" value="Delete" /> </label> </form> </td> <td width="300" valign="top"> </td> </tr> </table> </center> <br>and then my reply page<Br> <form method="post" id="form1" action="<?php echo KT_escapeAttribute(KT_getFullUri()); ?>"> <table cellpadding="2" cellspacing="0" class="KT_tngtable"> <tr> <td class="KT_th"><label for="sender">To (sender)</label></td> <td><input type="text" name="sender" id="sender" value="<?php echo $_POST['sender']; ?>" size="32" /> <?php echo $tNGs->displayFieldHint("sender");?> <?php echo $tNGs->displayFieldError("messages_test", "sender"); ?> </td> </tr> <tr> <td class="KT_th"><label for="subject">Subject:</label></td> <td><input type="text" name="subject" id="subject" value="<?php echo KT_escapeAttribute($row_rsmessages_test['subject']); ?>" size="32" /> <?php echo $tNGs->displayFieldHint("subject");?> <?php echo $tNGs->displayFieldError("messages_test", "subject"); ?> </td> </tr> <tr> <td class="KT_th"><label for="message">Message:</label></td> <td><input type="text" name="message" id="message" value="<?php echo KT_escapeAttribute($row_rsmessages_test['message']); ?>" size="32" /> <?php echo $tNGs->displayFieldHint("message");?> <?php echo $tNGs->displayFieldError("messages_test", "message"); ?> </td> </tr> <tr class="KT_buttons"> <td colspan="2"><input type="submit" name="KT_Insert1" id="KT_Insert1" value="Insert record" /> </td> </tr> </table> <input type="hidden" name="datetime" id="datetime" value="<?php echo KT_formatDate($row_rsmessages_test['datetime']); ?>" /> <input type="hidden" name="trash" id="trash" value="<?php echo KT_escapeAttribute($row_rsmessages_test['trash']); ?>" /> <input type="hidden" name="sender_has" id="sender_has" value="<?php echo KT_escapeAttribute($row_rsmessages_test['sender_has']); ?>" /> <input type="hidden" name="reciever_has" id="reciever_has" value="<?php echo KT_escapeAttribute($row_rsmessages_test['reciever_has']); ?>" /> <input type="hidden" name="recieved" id="recieved" value="<?php echo KT_escapeAttribute($row_rsmessages_test['recieved']); ?>" /> <input type="hidden" name="reciever" id="reciever" value="<?php echo KT_escapeAttribute($row_rsmessages_test['reciever']); ?>" /> </form> Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 26, 2008 Author Share Posted May 26, 2008 if anyone reads this, to echo my data would i be required to do it as so, im not too good at explaining, but have the data from my "view msg page" submitted with my form, then use a GET function on my reply page? as so.. <form id="form1" name="form1" method="post" action="mail_reply.php"> <label> <input type="submit" name="reply_msg" id="reply_msg" value="Reply" /> </label> <input name="id" type="hidden" id="id" value="<?php echo $row_reply_msg['id']; ?>" /> <input name="sender" type="hidden" id="sender" value="<?php echo $row_reply_msg['sender']; ?>" /> <input name="subject" type="hidden" id="subject" value="<?php echo $row_reply_msg['subject']; ?>" /> <input name="message" type="hidden" id="message" value="<?php echo $row_reply_msg['message']; ?>" /> </form> reply page <form action="<?php echo KT_escapeAttribute(KT_getFullUri()); ?>" method="post" name="form1" id="form1"> <table cellpadding="2" cellspacing="0" class="KT_tngtable"> <tr> <td class="KT_th"><label for="sender">To (sender)</label></td> <td><input type="text" name="sender" id="sender" value="<?php echo $_GET['sender']; ?>" size="32" /> <?php echo $tNGs->displayFieldHint("sender");?> <?php echo $tNGs->displayFieldError("messages_test", "sender"); ?> </td> </tr> <tr> <td class="KT_th"><label for="subject">Subject:</label></td> <td><input type="text" name="subject" id="subject" value="<?php echo KT_escapeAttribute($row_rsmessages_test['subject']); ?>" size="32" /> <?php echo $tNGs->displayFieldHint("subject");?> <?php echo $tNGs->displayFieldError("messages_test", "subject"); ?> </td> </tr> <tr> <td class="KT_th"><label for="message">Message:</label></td> <td><input type="text" name="message" id="message" value="<?php echo KT_escapeAttribute($row_rsmessages_test['message']); ?>" size="32" /> <?php echo $tNGs->displayFieldHint("message");?> <?php echo $tNGs->displayFieldError("messages_test", "message"); ?> </td> </tr> <tr class="KT_buttons"> <td colspan="2"><input type="submit" name="KT_Insert1" id="KT_Insert1" value="Insert record" /> </td> </tr> </table> <input type="hidden" name="datetime" id="datetime" value="<?php echo KT_formatDate($row_rsmessages_test['datetime']); ?>" /> <input type="hidden" name="trash" id="trash" value="<?php echo KT_escapeAttribute($row_rsmessages_test['trash']); ?>" /> <input type="hidden" name="sender_has" id="sender_has" value="<?php echo KT_escapeAttribute($row_rsmessages_test['sender_has']); ?>" /> <input type="hidden" name="reciever_has" id="reciever_has" value="<?php echo KT_escapeAttribute($row_rsmessages_test['reciever_has']); ?>" /> <input type="hidden" name="recieved" id="recieved" value="<?php echo KT_escapeAttribute($row_rsmessages_test['recieved']); ?>" /> <input type="hidden" name="reciever" id="reciever" value="<?php echo KT_escapeAttribute($row_rsmessages_test['reciever']); ?>" /> <input name="id" type="hidden" id="id" value="<?php echo $_GET['id']; ?>" /> </form> both of my forms have a post method however? should one not be post and the other get? can GET functions sit inside POST forms? ??? Quote Link to comment Share on other sites More sharing options...
Gighalen Posted May 27, 2008 Share Posted May 27, 2008 Never use $_GET unless you have to. The more variables you have in the URL, the bigger chance you have of security explotion. I would have a hidden field inside a form to hold the value of the message ID, and then when a user pressed 'Reply', the form will submit the id of the message that you are replying to onto the reply.php page. <?php $q = mysql_query("QUERY TO SELECT ALL DATA FOR THE MESSAGE"); $data = mysql_fetch_array($q); $id = $data['id']; ?> <form action="reply.php" method="post"> <input type="hidden" name="id" value="<?php $id ?>" <input type="submit" value="reply"> </form> From there, you can access the body of the original message and insert it into the body of the new message, as such: <?php $id = $_POST['id']; $q = mysql_query("SELECT * FROM messages WHERE id = '$id'"); $data = mysql_fetch_array($q); $message = $data['message']; ?> <textarea name="body"><?php echo $message; ?></textarea> Or something like that. Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 27, 2008 Author Share Posted May 27, 2008 ahh thanks for the help, hasnt worked though, not sure if its because im passing the msg id through the url as well as trying to grab it from the form? havent got a clue :-X Quote Link to comment Share on other sites More sharing options...
Gighalen Posted May 27, 2008 Share Posted May 27, 2008 E-mail me at Admin@2five6.com... I have some source codes you can have. Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 27, 2008 Author Share Posted May 27, 2008 ahh thanks alot gighalen it means alot Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 27, 2008 Author Share Posted May 27, 2008 Ive sent an email to your account Gighalen, thanks again Quote Link to comment Share on other sites More sharing options...
moon 111 Posted May 27, 2008 Share Posted May 27, 2008 Gighalen, $_GET and $_POST are just as vulnerable. With the correct tools someone could change the POST data quite easily. Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 27, 2008 Author Share Posted May 27, 2008 Ive been trying to post the data through the form in order for a user to reply to a message only my data isnt echo'ing correctly so i assume my querys are wrong somewhere along the lines? (Im new to this so can I just ask, GET and POST send data through the url? or does POST grab data from the form before? ???) Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 27, 2008 Author Share Posted May 27, 2008 this is getting ridiculous now , ive tried everything I can think of yet I cant echo the correct data in fact any data in my form to reply a message :@:@ Ive tried renaming all the recordsets, ive tried changing my filter options one each query, and other stupid things, can anyone spot where im going wrong? <table width="100%"> <tr> <td width="94" valign="middle" class="message_header">From</td> <td colspan="3" valign="middle" class="message_rows"><a href = "<?php echo "../member_profile.php?member_id=$sender"; ?>" class="message_rows_subject"><?php echo $sender; ?> <label></label> </a></td> </tr> <tr> <td width="94" valign="middle" class="message_header">Date</td> <td colspan="3" valign="middle" class="message_rows_subject"><?php echo $datetime; ?></td> </tr> <tr> <td width="94" valign="middle" class="message_header">Subject</td> <td colspan="3" valign="middle" class="message_rows_subject"><?php echo $subject; ?></td> </tr> <tr> <td width="94" valign="top" class="message_header">Body</td> <td height="300" colspan="3" valign="top" class="message_rows"><?php echo $message; ?></td> </tr> <tr> <td width="75" valign="top"><form id="form1" name="form1" action="mail_reply.php"> <label> <input type="submit" name="reply_msg" id="reply_msg" value="Reply" /> </label> <input name="id" type="hidden" id="id" value="<?php echo $row_reply_msg['id']; ?>" /> </form> </td> <td width="75" valign="top"><form id="form2" name="form2" method="post" action=""> <label> <input type="submit" name="Save" id="Save" value="Save" /> </label> </form> </td> <td width="75" valign="top"><form id="form3" name="form3" method="post" action=""> <label> <input type="submit" name="Delete" id="Delete" value="Delete" /> </label> </form> </td> <td width="300" valign="top"> </td> </tr> </table> and my reply page <form action="<?php echo KT_escapeAttribute(KT_getFullUri()); ?>" method="post" name="form1" id="form1"> <table cellpadding="2" cellspacing="0" class="KT_tngtable"> <tr> <td class="KT_th"><label for="sender">To (sender)</label></td> <td><input type="text" name="sender" id="sender" value="<?php echo $row_reply_msg['id']; ?>" size="32" /> <?php echo $tNGs->displayFieldHint("sender");?> <?php echo $tNGs->displayFieldError("messages_test", "sender"); ?> </td> </tr> <tr> <td class="KT_th"><label for="subject">Subject:</label></td> <td><input type="text" name="subject" id="subject" value="<?php echo KT_escapeAttribute($row_rsmessages_test['subject']); ?>" size="32" /> <?php echo $tNGs->displayFieldHint("subject");?> <?php echo $tNGs->displayFieldError("messages_test", "subject"); ?> </td> </tr> <tr> <td class="KT_th"><label for="message">Message:</label></td> <td><input type="text" name="message" id="message" value="<?php echo KT_escapeAttribute($row_rsmessages_test['message']); ?>" size="32" /> <?php echo $tNGs->displayFieldHint("message");?> <?php echo $tNGs->displayFieldError("messages_test", "message"); ?> </td> </tr> <tr class="KT_buttons"> <td colspan="2"><input type="submit" name="KT_Insert1" id="KT_Insert1" value="Insert record" /> </td> </tr> </table> <input type="hidden" name="datetime" id="datetime" value="<?php echo KT_formatDate($row_rsmessages_test['datetime']); ?>" /> <input type="hidden" name="trash" id="trash" value="<?php echo KT_escapeAttribute($row_rsmessages_test['trash']); ?>" /> <input type="hidden" name="sender_has" id="sender_has" value="<?php echo KT_escapeAttribute($row_rsmessages_test['sender_has']); ?>" /> <input type="hidden" name="reciever_has" id="reciever_has" value="<?php echo KT_escapeAttribute($row_rsmessages_test['reciever_has']); ?>" /> <input type="hidden" name="recieved" id="recieved" value="<?php echo KT_escapeAttribute($row_rsmessages_test['recieved']); ?>" /> <input type="hidden" name="reciever" id="reciever" value="<?php echo KT_escapeAttribute($row_rsmessages_test['reciever']); ?>" /> <input name="id" type="hidden" id="id" value="<?php echo $_POST['msg_id']; ?>" /> </form> Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 27, 2008 Author Share Posted May 27, 2008 heres my query for my reply page $colname_reply_msg = "-1"; if (isset($_GET['msg_id'])) { $colname_reply_msg = $_GET['msg_id']; } mysql_select_db($***, $***); $query_reply_msg = sprintf("SELECT * FROM messages_test WHERE id = %s", GetSQLValueString($colname_reply_msg, "int")); $reply_msg = mysql_query($query_reply_msg, $***) or die(mysql_error()); $row_reply_msg = mysql_fetch_assoc($reply_msg); $totalRows_reply_msg = mysql_num_rows($reply_msg); Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 27, 2008 Share Posted May 27, 2008 here try this one http://www.egmods.com/Main/Tutorials/php/intermediate/pms/page3.php works great just chnage it to add ur user system to it Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 27, 2008 Author Share Posted May 27, 2008 thanks jp, i think thats the one i learnt from infact, only it doesnt give the option of reply to a message so im currently trying to add it in to no avail; thanks tho Quote Link to comment Share on other sites More sharing options...
runnerjp Posted May 27, 2008 Share Posted May 27, 2008 ok wait there... ill show you one i made from it... u will have to change a few things like CREATE TABLE `privates` ( `pid` INT( 11 ) NOT NULL auto_increment, `to` VARCHAR( 255 ) NOT NULL, `from` VARCHAR( 255 ) NOT NULL, `date` VARCHAR( 255 ) NOT NULL, `status` CHAR( 6 ) NOT NULL default 'Unread', `subject` VARCHAR( 255 ) NOT NULL default 'Untitled Message', `content` TEXT NOT NULL, PRIMARY KEY(`pid`) ); then baiscly everything is in here pms.php <?php session_start(); //Start session include("config.php"); //Include config file if(!$logged[id]){ //Check if user is logged in echo "<b>Error</b>: You Are Not Logged In!"; //Not logged in }else{ //Their loggedin switch($_GET ){ //make some links ?page=case default: //set up the default page upon going to pms.php $msgs = mysql_query("SELECT * FROM `privates` WHERE `to` = '" . $logged[username] . "' ORDER BY `pid` ASC") or die(mysql_error()); //get all the messages to the loged in user echo "<a href=\"pms.php?page=compose\">Compose Message</a> <a href=\"pms.php?page=delall\">Delete All Messages</a> <table width=\"350\" cellpadding=\"0\" cellspacing=\"3\"> <tr> <td align=\"center\" valign=\"middle\" width=\"100\"> <b>Subject</b> </td> <td align=\"center\" valign=\"middle\" width=\"50\"> <b>From</b> </td> <td align=\"center\" valign=\"middle\" width=\"50\"> <b>Date Sent</b> </td> <td align=\"center\" valign=\"middle\" width=\"50\"> <b>Status</b> </td> <td align=\"center\" valign=\"middle\" width=\"100\"> <b>Delete Message</b> </td> </tr>"; //echo the start5 table and create msg link/delete all links! if(mysql_num_rows($msgs) == 0){ //check if there are messages or not echo "<tr><td width=\"300\" colspan=\"3\" align=\"center\" valign=\"middle\">You Have No New Messages!</td></tr>"; //no new messages }else{ //or if there are messages while($r = mysql_fetch_array($msgs)){ //repeat for all the messages echo "<tr><td align=\"center\" valign=\"middle\" width=\"100\"> <a href=\"pms.php?page=view&id=$r[pid]\">$r[subject]</a></td> <td align=\"center\" valign=\"middle\" width=\"50\"> <a href=\"members.php?user=$r[from]\">$r[from]</a> </td> <td align=\"center\" valign=\"middle\" width=\"50\"> $r[date] </td> <td align=\"center\" valign=\"middle\" width=\"50\"> $r[status] </td> <td align=\"center\" valign=\"middle\" width=\"100\"> <a href=\"pms.php?page=delete&id=$r[pid]\">Delete</a> </td> </tr>"; //echo the messages } //end while } //end message amount check echo "</table>"; //end table break; //end the default page case 'view': //define the view page $id = (int)htmlspecialchars(strip_tags($_GET[id])); //make the ID safe if(!$id){ //if there is no ID to select echo "<a href=\"pms.php\">Go Back</a>No ID Selected!"; //echo the error }else{ //or if there is.... $select = mysql_query("SELECT * FROM `privates` WHERE `pid` = '" . $id . "';"); //get the message's info $msg = mysql_fetch_array($select); //select all data if($msg[to] != $logged[username]){ //check if the user logged in is the owner of the message echo "<a href=\"pms.php\">Go Back</a>This Message Was Not Sent To You"; //if not }else{ //maybe... if(!$_POST[reply]) { //if the reply was not submitted $mark = mysql_query("UPDATE `privates` SET `status` = 'Read' WHERE `pid` = '" . $id . "'") or die(mysql_error()); //mark it as Read $message = nl2br(stripslashes($msg[content])); //make new lines to and strip the slashes $subject = stripslashes($msg[subject]); //strip the slashes echo "<a href=\"pms.php\">Go Back</a> <form method=\"post\"> <dl style=\"margin: 0px;\"> <dt><b>Subject</b>: $subject</dt> <dt><b>From</b>: $msg[from]</dt> <dt>$message</dt> <dt><textarea rows=\"6\" cols=\"45\" name=\"msg\"></textarea> <input type=\"submit\" name=\"reply\" value=\"Reply\"></dt> </dl> </form>"; //echo the message and reply box. }else{ //if the form was submitted $to = $msg[from]; //get who it is to $from = $logged[username]; //who its from $subject = "RE: " . $msg[subject]; //new subject $msg = addslashes($_POST[msg]); //the content $date = date("F j, Y, g:i a"); //the date sent $do = mysql_query("INSERT INTO `privates` (`to`,`from`,`date`,`subject`,`content`) VALUES ('" . $to . "','" . $from . "','" . $date . "','" . $subject . "','" . $msg . "')") or die(mysql_error()); //insert into the table! echo "Message Sent!"; //the message was sent } //end reply check } //end check posession } //end id check break; case 'compose': //create a new message if(!$_POST[send]){ //if the form was not submitted echo "<a href=\"pms.php\">Go Back</a> <form method=\"post\" action=\"\"> <b>To User</b>:<Br />"; //echo some of the form and whatnot if(isset($_GET[user])){ //check if there is a user in the address bar echo "<input type=\"text\" name=\"to\" value=\"$_GET[user]\" size=\"15\">"; //if there is }else{ //or not.. echo "<input type=\"text\" name=\"to\" size=\"15\">"; //echo the input box without the value of the user! } //end user check in address bar echo "<b>Subject</b>: <input type=\"text\" name=\"title\" value=\"Unitiled Message\" size=\"15\"> <b>Content</b>: <textarea name=\"message\" rows=\"6\" cols=\"45\"></textarea> <input type=\"submit\" name=\"send\" value=\"Send Message\"> </form>"; //echo the rest of the form }else{ //or if it was.... $to = stripslashes(htmlspecialchars(strip_tags($_POST[to]))); //who its to $from = $logged[username]; //who its from $date = date("F j, Y, g:i a"); //the date sent $msg = addslashes($_POST[message]); //the message variable $subject = addslashes($_POST[title]); //the subject $do = mysql_query("INSERT INTO `privates` (`to`,`from`,`date`,`subject`,`content`) VALUES ('" . $to . "','" . $from . "','" . $date . "','" . $subject . "','" . $msg . "')") or die(mysql_error()); //insert into the table! echo "Message Sent!"; } //end sent check break; //end make new msg case 'delall': //delete all page $get = mysql_query("SELECT * FROM `privates` WHERE `to` = '" . $logged[username] . "'"); //get the private messages if(mysql_num_rows($get) == "0"){ echo "You Have No Messages To Delete!"; }else{ $delete = mysql_query("DELETE FROM `privates` WHERE `to` = '" . $logged[username] . "'"); //delete tehm if($delete) { //check if theres a mySQL error echo "Messages Deleted"; //success }else{ //or not echo "mySQL Error Encountered!"; } //end error check } //end msg check break; //end page case 'delete': //start the delete page! $id = (int)htmlspecialchars(strip_tags($_GET[id])); //make the ID safe if(!$id){ //if there is no ID to select echo "<a href=\"pms.php\">Go Back</a>No ID Selected!"; //echo the error }else{ //or if there is.... $select = mysql_query("SELECT * FROM `privates` WHERE `pid` = '" . $id . "'"); //get the message's info $msg = mysql_fetch_array($select); //select all data if($msg[to] != $logged[username]){ //check if the user logged in is the owner of the message echo "<a href=\"pms.php\">Go Back</a>This Message Was Not Sent To You"; //if not }else{ //maybe... $do = mysql_query("DELETE FROM `privates` WHERE `pid` = '" . $id . "'") or die(mysql_error()); echo "<a href=\"pms.php\">Go Back</a><Br />Messages Deleted!"; } //end check possession } //end id check break; //end the delete page! } //end switch/get } //end login check ?> Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 27, 2008 Author Share Posted May 27, 2008 ahh thats brilliant thanks alot ! i really appreciate it Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 27, 2008 Author Share Posted May 27, 2008 I just sent you a message runnerjp but im not sure if it was successful or not, Im just wondering with the php coding now, do i break it up and distribute it to each different page? im really new to this so sorry for the "daft" questions thanks again Quote Link to comment Share on other sites More sharing options...
liamloveslearning Posted May 27, 2008 Author Share Posted May 27, 2008 nevermind ive worked it out, im thick haha, thanks again Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.