messaging system

[grlayouts]

ok on my game script i have a messaging system but it doesnt seem to be sending the messages to the players or updating them on the data base.. any idea's?

[code]<?php $title = "Mailbox"; include("header.php")?>

<br><br>
<?php
if (!$_GET[view] && !$_GET[step] && !$_GET[read]) {
print "<table width=500 border=0 cellspacing=1 cellpadding=2 bgcolor=#676767> <tr bgcolor=#676767>";
print "<td width=120 height=25><b>From:</b></td>";
print "<td width=100><b><center>ID:</b></td>";
print "<td width=300><b>Subject:</b></td>";
print "<td width=60><b><center>Options</center></b></td></tr>  ";
$msel = mysql_query("select * from mail where owner=$stat[id] order by id desc");
while ($mail = mysql_fetch_array($msel)) {
print " <tr onMouseOver=\"style.backgroundColor='#333333';\" onMouseOut=\"style.backgroundColor='white';\" bgcolor=white>";
print "<td width=120><a href=view.php?view=$mail[senderid]>$mail[sender]</a></td>";
print "<td width=100><center>$mail[senderid]</a></td>";
print "<td width=300><a href=mail.php?read=$mail[id]>$mail[subject]</a></td>";
print "<td align=center width=60><a href=mail.php?step=selectclear&id=$mail[id]>Trash</a></td></tr>";

}
print "</table><br><table width=500 bgcolor=#676767 cellpadding=1 cellspacing=2><tr height=20 bgcolor=white><td align=center width=50%><a href=mail.php?step=clear>Trash All</a> </tD><td width=50%> <a href=mail.php?view=write><center>Compose</a></td></tr>";
print "</table></center>";
}
if ($_GET[step] == clear) {
print "<br>Mail cleared. (<a href=mail.php>refresh</a>)";
mysql_query("delete from mail where owner=$stat[id]");
}
if ($_GET[step] == selectclear) {
print "<br>Mail cleared. (<a href=mail.php>refresh</a>)";
mysql_query("delete from mail where owner=$stat[id] and id=$_GET[id]");
}



if ($_GET[view] == write) {
print "[<a href=mail.php>Inbox</a>]<br><br>";
print "<table>";
print "<form method=post action=mail.php?view=write&re=$_GET[re]&to=$_GET[to]&step=send>";
print "<tr><td>To (ID Number):</td><td><input type=text name=to maxsize=10 size=25 value=$_GET[to]></td></tr>";
print "<tr><td>Subject:</td><td><input type=text name=subject size=25 value=$_GET[re]></td></tr>";
print "<tr><td valign=top>Body:</td><td><textarea name=body rows=10 cols=50>$_POST[body]</textarea></td></tr>";
print "<tr><td colspan=2 align=center><input type=submit value=Send></td></tr>";
print "</form></table>";

if ($_GET[step] == send) {
$_POST[to] = strip_tags($_POST[to]);
$_POST[subject] = strip_tags($_POST[subject]);
$_POST[body] = str_replace($remove,"", $_POST[body]);
$_POST[subject] = str_replace($remove,"", $_POST[subject]);
$_POST[body] = nl2br(strip_tags($_POST[body]));
if (empty ($_POST[to]) || empty ($_POST[body]) || empty ($_POST[subject])) {
print "Please fill out all fields.";
include("footer.php");
exit;
}

$values=explode(" ", $_POST[body]);$longest=0;foreach($values as $value)
{if (strlen($value)>$longest) {$longest = strlen($value);}}
if ($longest > 100) { print "Your largest word is too long, it's $longest characters, it can't be more than 100 characters."; include("footer.php"); exit; }

$size=strlen($_POST[body]);
if ($size > 2000) { print "Your message is too long, it can't be larger than 2000 characters, yours is $size characters"; include("footer.php"); exit; }

$size=strlen($_POST[subject]);
if ($size > 100) { print "Your subject is too long, it can't be larger than 100 characters, yours is $size"; include("footer.php"); exit; }
$rec = mysql_fetch_array(mysql_query("select * from players where id=$_POST[to]"));
if (empty ($rec[id])) {
print "No such player.";
include("footer.php");
exit;
}
print "You sent mail to $rec[name].";
}
}

if ($_GET[read]) {
$mail = mysql_fetch_array(mysql_query("select * from mail where id=$_GET[read]"));
if (empty ($mail[id])) {
print "No such mail.";
include("footer.php");
exit;
}
if ($mail[owner] != $stat[id]) {
print "That's not your mail.";
include("footer.php");
exit;
}
mysql_query("update mail set unread='F' where id=$mail[id]");
print "<table width=99% bgcolor=#676767 cellpadding=2 cellspacing=1><tr height=30><td bgcolor=white><b>$mail[sender]</b> says... $mail[subject]</td></tr>
<tR bgcolor=white height=100 valign=top><td>
$mail[body]<br><br></tD></tR></table><bR><table bgcolor=#676767 cellpadding=2 cellspacing=1 width=99%><tr bgcolor=white align=center><td width=33%><center><a href=mail.php>Inbox</a></td><td width=34%><Center><a href=mail.php?view=write>Compose</a></tD><td height=25 width=33%><a href=mail.php?view=write&to=$mail[senderid]&re=RE:$mail[subject]>Reply</a></td></tR>";
}


?>




<?php include("footer.php"); ?>


[/code]

[mewhocorrupts]

You're form's method is "POST", but your using the $_GET global to retrieve values and drop them into statements.  I only skimmed the code, as I am at work, but what's the reasoning behind this?

Honestly, though it's not considered as safe as being specific with your form data, I use $_REQUEST[] whenever I can.

[grlayouts]

the code should add what has been entered into the feilds then put this into the database. But no one is getting the messages or being able to send them.

[Ninjakreborn]

The way I built my message system, is you have your user information.  You probably have a user id, have another table called messages.  Have it record the user id of the sender, the userid of the reciever, then have the message as long text, and whatever else you want, date it was sent, time, ip it was sent from whatever.  You can have it also send an email to the reciever everytime it's sent, then when you want to create an area for them to check there messages, just check for the occurence of there userid, where the reciever column is, everything that is coming to them will come up on the page, and they can see there messages.  Then they can respond, and on responses you can switch the to and from to make it accurate again.

[grlayouts]

yes but how would i add that into the script cos i have no idea?

[Jenk]

all of your array references are syntactically incorrect.

[code]<?php

$array['var']; // correct

$array[var]; // incorrect

?>[/code]