Jump to content

Designing a Private Messaging System


MortimerJazz

Recommended Posts

Hi there,

I'd be grateful for a bit of help as I'm trying to put together a private messaging system for a website for the first time.

I'm planning on setting up a database table that will have fields for:

- The sender
- The recipient
- The message itself
- Date Sent
- Date Read
- Confirmation Read

That way, when a user logs in,  I can search the table for any messages that have his username in the "Recipient" field and which doesn't have a "1" in the Confirmation Read field. A message could be displayed telling the user they have mail and then all of the information above can be displayed on the mail screen.

Is this the best way to go about this? Are there any security issues that I should be aware of and can you think of any other things that I should be inserting here?

Thanks very much,
Link to comment
Share on other sites

  • 2 weeks later...
ha ha! easy!

database structure:

table name: pm
pm_id
to
from
message
date
checked

PHP Pages:

inbox.php

grab all messages where username = to in the database

message.php

grab the message from the database where the message id = pm_id
also update that row so that checked is set to yes so that it will show up as an old message and not new

delete.php

delete row from database where message id = pm_id


Plain and simple
Link to comment
Share on other sites

Or you could just download a content management system and see how they have it set up. That help me alot when i look how other built it, and I have mambo on my home server and it has a built in personal messenger as well as an emailer. Hope this help a little.
Link to comment
Share on other sites

  • 8 months later...
[quote author=High_-_Tek link=topic=111640.msg455860#msg455860 date=1161537248]
[b]marky167[/b], no one is going to spend their time to do it for you without pay.  Either look at Nuke or phpBB for ideas and create your own or start researching.
[/quote]
Here i'm not the one that wanted it in the first place i was just saying that if you were making it for free then i would be greatful it i could get a copy of it. Its ok now anyway i have made a website with help of nice people unlike HIGH_-_Tek and we are making loads of $$$$$
Link to comment
Share on other sites

  • 2 weeks later...
Just some advice.. Careful when writing the script for deleting messages.. Add an extra if statement to ensure that the user trying to delete the message.. is the same as the user in the recipient field.. So many sites i have come across that dont have this.. Leaving the site open let anyone delete any messages simply by changing the ?mid=123.. or someone smart enough to use curl to login and loop through all messages and delete everything..

Andy
Link to comment
Share on other sites

people honestly make a huge deal out of such a basic system.  I'll just give you my classes, and solve this topic:

messagesClass.php
[code]
<?php
/************************************************************
* Name: messagesClass.inc *
* Written By: Ronald Steelman *
************************************************************/

class messages extends member
{
function sendpm($to, $from, $title, $message)
{
$title = htmlentities(mysql_real_escape_string($title));
$message = mysql_real_escape_string($message);
$message = htmlspecialchars($message);
$date = date('F d, Y');

if (!isset($title)){
$title = "No Subject";
}

$sql = "INSERT INTO `messages` (`from`, `to`, `title`, `message`, `time`) VALUES ('$from', '$to', '$title', '$message', '$date')";
$query = mysql_query($sql);

if ($query)
{
return true;
}
else
{
return false;
}
}

function count_unread($user_id)
{
$sql = "SELECT COUNT(*) FROM `messages` WHERE `to`='$user_id' AND `read`='0'";
$query = mysql_query($sql);
$r = mysql_fetch_row($query);
return $r[0];
}

function mark_read($pm_id, $user_id)
{
$sql = "UPDATE `messages` SET `read`='1' WHERE `pm_id`='$pm_id' AND `to`='$user_id'";
$query = mysql_query($sql);
}

function delete_pm($pm_id, $user_id)
{
$sql = "DELETE FROM `messages` WHERE `pm_id`='$pm_id' AND `to`='$user_id'";
$query = mysql_query($sql);

if ($query)
{
return true;
}
else
{
return false;
}
}

function read_pm($pm_id, $user_id)
{
$sql = "SELECT * FROM `messages` WHERE `pm_id`='$pm_id' AND `to`='$user_id'";
$query = mysql_query($sql);
$pm = mysql_fetch_assoc($query);

return $pm;
}

function inbox($user_id)
{
$pms = array();
$sql = "SELECT * FROM `messages` WHERE `to`='$user_id' ORDER BY `pm_id` DESC";
$query = mysql_query($sql);
$count = count($query);

while ($r = mysql_fetch_assoc($query))
{
$pms[$r['pm_id']] = array ('pm_id'=>$r['pm_id'], 'from'=>$r['from'], 'to'=>$r['to'], 'message'=>$r['message'], 'title'=>$r['title'], 'time'=>$r['time'], 'read'=>$r['read']);
}
return $pms;
}
}
[/code]

memberClass.php
[code]
<?php
/************************************************************
* Name: memberClass.inc *
* Written By: Ronald Steelman *
************************************************************/

class member
{
function register($username, $password, $name, $email, $admin=0)
{
$query = mysql_query("SELECT * FROM `users` WHERE `username`='$username' OR `email`='$email'");
$unique = mysql_num_rows($query);
if (empty($username) || empty($password) || empty($name) || empty($email) || strlen($password) < 6)
{
$return = "All fields must be filled out and your password must be at least 6 characters in length. Please ensure everything is correct and try again.";
}
elseif ($unique > 0)
{
$return = "The username or email address you supplied is already in use by another member. Please try again";
}
else
{
$sql = "INSERT INTO `users` (`username`, `password`, `name`, `email`, `ip`, `admin`) VALUES ('$username', '". md5($password) ."', '$name', '$email', '". $_SERVER['REMOTE_ADDR'] ."', '-1')";
$query = mysql_query($sql);
if ($query)
{
// Get the user_id
$id = mysql_insert_id();

// Generate their md5 hash key
$key = $this->generate_key(6);

// Build the key string
$key_string = "key=$key&id=$id";

// Insert key into the database
$sql = "INSERT INTO `keys` (`user_id`, `key`) VALUES ('$id', '$key')";
$query = mysql_query($sql);

// Send the account activation email
$subject = "Account Activation At" . SITE_NAME;
$message = 'Your account has successfully been created!  Please click the link below to activate your account and
verify your email address is correct:' . SITE_URL . '/users/activate.php?key=' . $key_string;
$from = "From: noreply@". EMAIL_URL;
mail ($email, $subject, $message, $from);

$return = 'Thank you for registering with ' . SITE_NAME . '! In order to activate your account, you must verify
the email that you supplied during the registration process. We have sent the email to ' . $email . ' with a link
to activate your account. Once clicked, your account will become active.';
}
else
{
$return = "An error occured during the registration process. Please try again in a few minutes as the server could
be busy at this moment. If this problem continues, please contact support.";
}
}
return $return;
}

function login($username, $password, $cookie=true)
{
if ($this->check_login($username, $password))
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

if ($cookie)
{
// Set the cookies
setcookie('username', $username, time()+15000);
setcookie('password', $password, time()+15000);
}
return true;
}
else
{
return false;
}
}

function check_login($username, $password)
{
$sql = "SELECT `user_id` FROM `users` WHERE `username`='$username' AND `password`='$password'";
$query = mysql_query($sql);

if (mysql_num_rows($query) > 0)
{
return true;
}
else
{
return false;
}
}

function userdata($id, $pass)
{
if(!$this->check_login($id, $pass))
{
// If no user is logged in, we make them appear as Guest
$user = array('user_id'=>'0', 'username'=>'Guest', 'password'=>'', 'name'=>'Guest', 'email'=>'', 'ip'=>$_SERVER['REMOTE_ADDR'], 'admin'=>'0');
}
else
{
// If logged in we get their data from the database and fill the array with it
$sql = "SELECT `username`, `password`, `name`, `email`, `ip`, `admin`, `user_id` FROM `users` WHERE `username`='$id'";
$query = mysql_query($sql);
$r = mysql_fetch_row($query);
$user = array('user_id'=>$r[6], 'username'=>$r[0], 'password'=>$r[1], 'name'=>$r[2], 'email'=>$r[3], 'ip'=>$r[4], 'admin'=>$r[5]);
}
return $user;
}

function generate_key($length)
{
return(md5(substr(str_shuffle('qwertyuiopasdfghjklmnbvcxz0987612345'), 0, $length)));
}

function logout()
{
session_destroy();
setcookie('username', $username, time()-15000);
setcookie('password', $password, time()-15000);
return true;
}

function activate($key)
{
$sql = "SELECT * FROM `keys` WHERE `key`='$key'";
$query = mysql_query($sql);
$r = mysql_fetch_row($query);
$user_id = $r[0];
$sql = "UPDATE `users` SET `admin`='1'";
$query = mysql_query($sql);

if ($query)
{
$return = "Your account has been activated. You may now log in. Thank you for registering";
}
else
{
$return = "There was a problem activating your account.  Please ensure the url is the same as the link in your email.
If this problem continues, please contact support.";
}

return $return;
}

function viewProfile($user_id, $name)
{
$sql = "SELECT * FROM `profiles` WHERE `user_id`='$user_id'";
$query = mysql_query($sql);
$check = count($query);

if ($check < 1)
{
$createSql = "INSERT INTO `profile` (user_id) VALUES ('$user_id')";
$createQuery = mysql_query($createSql);

header("Location: profile.php");
}
else
{
while ($r = mysql_fetch_row($query))
{

}
}
}
}
[/code]

database structure
[code]
--
-- Table structure for table `keys`
--

CREATE TABLE `keys` (
  `user_id` int(11) NOT NULL,
  `key` varchar(255) NOT NULL,
  PRIMARY KEY  (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

-- --------------------------------------------------------

--
-- Table structure for table `messages`
--

CREATE TABLE `messages` (
  `pm_id` int(11) NOT NULL auto_increment,
  `from` int(11) NOT NULL,
  `to` int(11) NOT NULL,
  `message` longtext NOT NULL,
  `title` varchar(255) NOT NULL,
  `time` varchar(255) NOT NULL,
  `read` int(1) NOT NULL default '0',
  PRIMARY KEY  (`pm_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=12 ;

-- --------------------------------------------------------

--
-- Table structure for table `users`
--

CREATE TABLE `users` (
  `user_id` int(11) NOT NULL auto_increment,
  `username` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  `name` varchar(255) NOT NULL,
  `email` varchar(255) NOT NULL,
  `ip` varchar(255) NOT NULL,
  `admin` enum('-1','0','1','2','3') NOT NULL,
  PRIMARY KEY  (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

[/code]

There! Problem solved!  Those are just the classes. It is up to you to put them into a working script. They work, they just need to be called on your site.  Learn from it.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.