Jump to content


Photo

Designing a Private Messaging System


  • Please log in to reply
8 replies to this topic

#1 MortimerJazz

MortimerJazz
  • Members
  • PipPipPip
  • Advanced Member
  • 60 posts
  • LocationBedfordshire

Posted 16 October 2006 - 11:59 AM

Hi there,

I'd be grateful for a bit of help as I'm trying to put together a private messaging system for a website for the first time.

I'm planning on setting up a database table that will have fields for:

- The sender
- The recipient
- The message itself
- Date Sent
- Date Read
- Confirmation Read

That way, when a user logs in,  I can search the table for any messages that have his username in the "Recipient" field and which doesn't have a "1" in the Confirmation Read field. A message could be displayed telling the user they have mail and then all of the information above can be displayed on the mail screen.

Is this the best way to go about this? Are there any security issues that I should be aware of and can you think of any other things that I should be inserting here?

Thanks very much,

#2 roopurt18

roopurt18
  • Staff Alumni
  • Advanced Member
  • 3,749 posts
  • LocationCalifornia, southern

Posted 16 October 2006 - 10:54 PM

I would check out this thread, further down this page:
http://www.phpfreaks...c,109187.0.html

You may also find this useful:
http://www.phpfreaks...c,110890.0.html

PHP Forms : Part I | Part II

JavaScript: Singleton

http://www.rbredlau.com

#3 marky167

marky167
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 22 October 2006 - 11:53 AM

I am doing the same and I need some codes so please help send me a zip or leave some codes send them to spikymark@hotmail.com

#4 High_-_Tek

High_-_Tek
  • Members
  • PipPipPip
  • Advanced Member
  • 72 posts

Posted 22 October 2006 - 05:14 PM

marky167, no one is going to spend their time to do it for you without pay.  Either look at Nuke or phpBB for ideas and create your own or start researching.

#5 steelmanronald06

steelmanronald06
  • Staff Alumni
  • Advanced Member
  • 2,004 posts
  • LocationOk

Posted 30 October 2006 - 10:43 PM

ha ha! easy!

database structure:

table name: pm
pm_id
to
from
message
date
checked

PHP Pages:

inbox.php

grab all messages where username = to in the database

message.php

grab the message from the database where the message id = pm_id
also update that row so that checked is set to yes so that it will show up as an old message and not new

delete.php

delete row from database where message id = pm_id


Plain and simple

#6 jwilh

jwilh
  • Members
  • PipPipPip
  • Advanced Member
  • 42 posts

Posted 02 November 2006 - 04:09 PM

Or you could just download a content management system and see how they have it set up. That help me alot when i look how other built it, and I have mambo on my home server and it has a built in personal messenger as well as an emailer. Hope this help a little.

#7 marky167

marky167
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 09 July 2007 - 05:39 PM

marky167, no one is going to spend their time to do it for you without pay.  Either look at Nuke or phpBB for ideas and create your own or start researching.

Here i'm not the one that wanted it in the first place i was just saying that if you were making it for free then i would be greatful it i could get a copy of it. Its ok now anyway i have made a website with help of nice people unlike HIGH_-_Tek and we are making loads of $$$$$

#8 AbydosGater

AbydosGater
  • Members
  • PipPipPip
  • Advanced Member
  • 435 posts
  • LocationAlways at computer!

Posted 18 July 2007 - 08:24 PM

Just some advice.. Careful when writing the script for deleting messages.. Add an extra if statement to ensure that the user trying to delete the message.. is the same as the user in the recipient field.. So many sites i have come across that dont have this.. Leaving the site open let anyone delete any messages simply by changing the ?mid=123.. or someone smart enough to use curl to login and loop through all messages and delete everything..

Andy
www.abydosgaters.com

Current Project: Blog Application.. Undecided name.. Status: Coming along great.

#9 steelmanronald06

steelmanronald06
  • Staff Alumni
  • Advanced Member
  • 2,004 posts
  • LocationOk

Posted 18 July 2007 - 10:11 PM

people honestly make a huge deal out of such a basic system.  I'll just give you my classes, and solve this topic:

messagesClass.php
<?php
/************************************************************
*	Name: messagesClass.inc									*
*	Written By: Ronald Steelman								*
************************************************************/

class messages extends member
{
	function sendpm($to, $from, $title, $message)
	{
		$title = htmlentities(mysql_real_escape_string($title));
		$message = mysql_real_escape_string($message);
		$message = htmlspecialchars($message);
		$date = date('F d, Y');
		
		if (!isset($title)){
			$title = "No Subject";
		}
		
		$sql = "INSERT INTO `messages` (`from`, `to`, `title`, `message`, `time`) VALUES ('$from', '$to', '$title', '$message', '$date')";
		$query = mysql_query($sql);
		
		if ($query)
		{
			return true;
		}
		else 
		{
			return false;
		}
	}
	
	function count_unread($user_id)
	{
		$sql = "SELECT COUNT(*) FROM `messages` WHERE `to`='$user_id' AND `read`='0'";
		$query = mysql_query($sql);
		$r = mysql_fetch_row($query);
		return $r[0];
	}
	
	function mark_read($pm_id, $user_id)
	{
		$sql = "UPDATE `messages` SET `read`='1' WHERE `pm_id`='$pm_id' AND `to`='$user_id'";
		$query = mysql_query($sql);
	}
	
	function delete_pm($pm_id, $user_id)
	{
		$sql = "DELETE FROM `messages` WHERE `pm_id`='$pm_id' AND `to`='$user_id'";
		$query = mysql_query($sql);
		
		if ($query)
		{
			return true;
		}
		else 
		{
			return false;
		}
	}
	
	function read_pm($pm_id, $user_id)
	{
		$sql = "SELECT * FROM `messages` WHERE `pm_id`='$pm_id' AND `to`='$user_id'";
		$query = mysql_query($sql);
		$pm = mysql_fetch_assoc($query);
		
		return $pm;
	}
	
	function inbox($user_id)
	{
		$pms = array();
		$sql = "SELECT * FROM `messages` WHERE `to`='$user_id' ORDER BY `pm_id` DESC";
		$query = mysql_query($sql);
		$count = count($query);
		
		while ($r = mysql_fetch_assoc($query))
		{
			$pms[$r['pm_id']] = array ('pm_id'=>$r['pm_id'], 'from'=>$r['from'], 'to'=>$r['to'], 'message'=>$r['message'], 'title'=>$r['title'], 'time'=>$r['time'], 'read'=>$r['read']);
		}
		return $pms;
	}
}

memberClass.php
<?php
/************************************************************
*	Name: memberClass.inc									*
*	Written By: Ronald Steelman								*
************************************************************/

class member
{
	function register($username, $password, $name, $email, $admin=0)
	{
		$query = mysql_query("SELECT * FROM `users` WHERE `username`='$username' OR `email`='$email'");
		$unique = mysql_num_rows($query);
		if (empty($username) || empty($password) || empty($name) || empty($email) || strlen($password) < 6)
		{
			$return = "All fields must be filled out and your password must be at least 6 characters in length. Please ensure everything is correct and try again.";
		}
		elseif ($unique > 0)
		{
			$return = "The username or email address you supplied is already in use by another member. Please try again";
		}
		else
		{
			$sql = "INSERT INTO `users` (`username`, `password`, `name`, `email`, `ip`, `admin`) VALUES ('$username', '". md5($password) ."', '$name', '$email', '". $_SERVER['REMOTE_ADDR'] ."', '-1')";
			$query = mysql_query($sql);
			if ($query)
			{
				// Get the user_id
				$id = mysql_insert_id();
				
				// Generate their md5 hash key
				$key = $this->generate_key(6);
				
				// Build the key string
				$key_string = "key=$key&id=$id";
				
				// Insert key into the database
				$sql = "INSERT INTO `keys` (`user_id`, `key`) VALUES ('$id', '$key')";
				$query = mysql_query($sql);
				
				// Send the account activation email
				$subject = "Account Activation At" . SITE_NAME;
				$message = 'Your account has successfully been created!  Please click the link below to activate your account and
				verify your email address is correct:' . SITE_URL . '/users/activate.php?key=' . $key_string;
				$from = "From: noreply@". EMAIL_URL;
				mail ($email, $subject, $message, $from);
				
				$return = 'Thank you for registering with ' . SITE_NAME . '! In order to activate your account, you must verify
				the email that you supplied during the registration process. We have sent the email to ' . $email . ' with a link
				to activate your account. Once clicked, your account will become active.';
			}
			else
			{
				$return = "An error occured during the registration process. Please try again in a few minutes as the server could
				be busy at this moment. If this problem continues, please contact support.";
			}
		}
		return $return;
	}
	
	function login($username, $password, $cookie=true)
	{
		if ($this->check_login($username, $password))
		{
			$_SESSION['username'] = $username;
			$_SESSION['password'] = $password;
			
			if ($cookie)
			{
				// Set the cookies
				setcookie('username', $username, time()+15000);
				setcookie('password', $password, time()+15000);
			}
			return true;
		}
		else
		{
			return false;
		}
	}
	
	function check_login($username, $password)
	{
		$sql = "SELECT `user_id` FROM `users` WHERE `username`='$username' AND `password`='$password'";
		$query = mysql_query($sql);
		
		if (mysql_num_rows($query) > 0)
		{
			return true;
		}
		else 
		{
			return false;
		}
	}
	
	function userdata($id, $pass)
	{		
		if(!$this->check_login($id, $pass))
		{
			// If no user is logged in, we make them appear as Guest
			$user = array('user_id'=>'0', 'username'=>'Guest', 'password'=>'', 'name'=>'Guest', 'email'=>'', 'ip'=>$_SERVER['REMOTE_ADDR'], 'admin'=>'0');
		}
		else
		{
			// If logged in we get their data from the database and fill the array with it
			$sql = "SELECT `username`, `password`, `name`, `email`, `ip`, `admin`, `user_id` FROM `users` WHERE `username`='$id'";
			$query = mysql_query($sql);
			$r = mysql_fetch_row($query);
			$user = array('user_id'=>$r[6], 'username'=>$r[0], 'password'=>$r[1], 'name'=>$r[2], 'email'=>$r[3], 'ip'=>$r[4], 'admin'=>$r[5]);			
		}
		return $user;
	}
	
	function generate_key($length)
	{
		return(md5(substr(str_shuffle('qwertyuiopasdfghjklmnbvcxz0987612345'), 0, $length)));
	}
	
	function logout()
	{
		session_destroy();
		setcookie('username', $username, time()-15000);
		setcookie('password', $password, time()-15000);
		return true;
	}
	
	function activate($key)
	{
		$sql = "SELECT * FROM `keys` WHERE `key`='$key'";
		$query = mysql_query($sql);
		$r = mysql_fetch_row($query);
		$user_id = $r[0];
		$sql = "UPDATE `users` SET `admin`='1'";
		$query = mysql_query($sql);
		
		if ($query)
		{
			$return = "Your account has been activated. You may now log in. Thank you for registering";
		}
		else 
		{
			$return = "There was a problem activating your account.  Please ensure the url is the same as the link in your email.
			If this problem continues, please contact support.";
		}
		
		return $return;
	}
	
	function viewProfile($user_id, $name)
	{
		$sql = "SELECT * FROM `profiles` WHERE `user_id`='$user_id'";
		$query = mysql_query($sql);
		$check = count($query);
		
		if ($check < 1)
		{
			$createSql = "INSERT INTO `profile` (user_id) VALUES ('$user_id')";
			$createQuery = mysql_query($createSql);
			
			header("Location: profile.php");
		}
		else 
		{
			while ($r = mysql_fetch_row($query))
			{
				
			}
		}
	}
}

database structure
-- 
-- Table structure for table `keys`
-- 

CREATE TABLE `keys` (
  `user_id` int(11) NOT NULL,
  `key` varchar(255) NOT NULL,
  PRIMARY KEY  (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

-- --------------------------------------------------------

-- 
-- Table structure for table `messages`
-- 

CREATE TABLE `messages` (
  `pm_id` int(11) NOT NULL auto_increment,
  `from` int(11) NOT NULL,
  `to` int(11) NOT NULL,
  `message` longtext NOT NULL,
  `title` varchar(255) NOT NULL,
  `time` varchar(255) NOT NULL,
  `read` int(1) NOT NULL default '0',
  PRIMARY KEY  (`pm_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=12 ;

-- --------------------------------------------------------

-- 
-- Table structure for table `users`
-- 

CREATE TABLE `users` (
  `user_id` int(11) NOT NULL auto_increment,
  `username` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  `name` varchar(255) NOT NULL,
  `email` varchar(255) NOT NULL,
  `ip` varchar(255) NOT NULL,
  `admin` enum('-1','0','1','2','3') NOT NULL,
  PRIMARY KEY  (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;


There! Problem solved!  Those are just the classes. It is up to you to put them into a working script. They work, they just need to be called on your site.  Learn from it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users