Basic Private Messaging

[MDCode]

ok so im making a basic private message system.  I have been experimenting with using user group types to limit the amount of messages they can have.  My issue is that when the form is submitted it is not sent or error reporting for Administrators but will report error for users and will not send.  here is the sending code:

 <?php
if (isset($_POST['Submit'])) {
include ('check/group_check.php');
}
$user = $_SESSION['user_name'];
    
    include 'db.php';
    
    if(!$user)
        {
        echo "<br><p>Error: Not logged in</p><br>";
        }
        
    else
        {
	$sql = mysql_query ("SELECT pm_count FROM authorize WHERE username='$user'");
	$row = mysql_fetch_array ($sql);
	$pm_count = $row['pm_count'];

	$percent = $pm_count/'50';
	$percent = $percent * '100';
        ?>
        <br>
        <center>
        <b><p><a href="index.php">Inbox</a> | <a href="compose.php">Compose</a> | <a href="sent.php">Sentbox</a></b>
        <b><p><?php echo "$pm_count"." of 50 Total  |  "."$percent"."% full"; ?></p></b>
        </center>
        <br>
        <?php
        $reciever = $_POST['username'];
        $subject = $_POST['subject'];
        $message = $_POST['message'];
        $error = '0';
        
        if(!$reciever AND !$subject AND !$message)
            {
            ?>
            <p><b>Please compose a message.</b></p>
            <br>
            <?php
            }
        
        else
            {
            if (!$reciever)
                {
                $error = 'You must enter a reciever to your message';
                }
            
            if (!$subject)
                {
                $error = 'You must enter a subject';
                }
            
            if (!$message)
                {
                $error = 'You must enter a message';
                
            if($error != '0')
                {
                echo "<p>$error</p><br>";
                }
            else
                {
                
                $user_check = mysql_query("SELECT username FROM authorize WHERE username='$reciever'");
                $user_check = mysql_num_rows($user_check);
                
                
                if($user_check > '0')
                    {
                    $time = $_SESSION['time'];
                    
                    
                    if($time > '0')
                        {
                        $old_time = $time;
                        }
                    
                    $time = date('is');
                    $difference = $time - $old_time;
                    
                    $_SESSION['time'] = $time;
                    
                    
                    if($difference >= '15')
                        {
                        
                        $sql = mysql_query ("SELECT pm_count FROM authorize WHERE username='$reciever'");
                        $row = mysql_fetch_array ($sql);
                        $pm_count = $row['pm_count'];
                        
                        
if ($group_check == "Administrators") {
                        if($pm_count >= '50000')
                            {
                            $error = 'The user you are trying to send a message to has 50,000 private messages, sorry but we cant send your message until that user deletes some of their messages.';
                            }
}
                            
                   if($group_check == "Users") {
if($pm_count >= '50') { 
$error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message until that user deletes some of their messages.';
}
}
else
                            {    
                            
                            mysql_query("INSERT INTO messages (reciever, sender, subject, message) VALUES('$reciever', '$user', '$subject', '$message')") or die (mysql_error());
						$pm_count++;
						mysql_query("UPDATE authorize SET pm_count='$pm_count' WHERE username='$reciever'");
                            }
                            
                        
                        echo "<p><b>You have successfully sent a private message!</b></p><br>";
                        }
                    
                    
                    else
                        {
                        $error = 'You must wait 15 seconds before sending another private message';
                        }
                    }
                
                
                else
                    {
                    $error = 'That username does not exist, please try again. Remember to check your spelling, and don\'t make stuff up at random.';
                    }
                }
            }
            
        
        if($error != '0')
            {
            echo "<p>$error</p><br>";
            }
          
        else
            {
            
            ?>
            <form name="send" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
            <table width="80%">
              <tr>
                <td width="150px" align="left" valign="top"><p>Username</p></td>
                <td width="" align="left" valign="top"><input name="username" type="text" id="username" value="<?php echo "$reciever"; ?>"></td>
              </tr>
              
              <tr>
                <td width="150px" align="left" valign="top"><p>Subject</p></td>
                <td width="" align="left" valign="top"><input name="subject" type="text" id="subject" value="<?php echo "$subject"; ?>"></td>
              </tr>
              
              <tr>
                <td width="150px" align="left" valign="top"><p>Message Body</p></td>
                <td width="" align="left" valign="top"><textarea name="message" type="text" id="message" value="" cols="50" rows="10"></textarea></td>
              </tr>
                  
              <tr>  
                <td></td>
                <td><input type="submit" name="Submit" value="Send Message"></td>
              </tr>
            </table>
            </center>
            </form>
            <?php
            }
        }    
    ?>

$group_check is working properly so i have no idea what the problem could be

[peipst9lker]

Use mysql_error() to output SQL-errors and see what's wrong with the query.

[Adam]

FYI .. I wouldn't restrict messages from being sent to people that already have too many, you're blocking communication. Just prevent the recipient from replying until they clear some of their backlog out. That way no information is lost, and the sender isn't likely to email them directly and cut out your service altogether.

[MDCode]

No mysql errors displayed

[Barand]

FYI .. I wouldn't restrict messages from being sent to people that already have too many, you're blocking communication. Just prevent the recipient from replying until they clear some of their backlog out. That way no information is lost, and the sender isn't likely to email them directly and cut out your service altogether.

 

So now the recipient replies by email instead?

[Adam]

FYI .. I wouldn't restrict messages from being sent to people that already have too many, you're blocking communication. Just prevent the recipient from replying until they clear some of their backlog out. That way no information is lost, and the sender isn't likely to email them directly and cut out your service altogether.

 

So now the recipient replies by email instead?

 

Possibly. Then again, it could be easier for them to delete a few messages and hit reply if the process is made simple enough. You can forgive a site for making you do that. Someone's email address may not be public though, which would cut off all possible communication in the first place. Not to mention you're punishing (for lack of a better word) someone who hasn't overloaded their inbox, by making them go to extra effort to get in contact with someone. It's a blatant usability no-no.

[MDCode]

Basicly my site has a ranking system.  If a user ranks up certain extras will be added to their account.  Right now I am just testing this feature.  And there is an option to delete

[Adam]

Basicly my site has a ranking system.  If a user ranks up certain extras will be added to their account.  Right now I am just testing this feature.  And there is an option to delete

 

It was only meant to be an "FYI" on usability.

 

In regards to your error, the code is really hard to follow, the indentation is all over the place. Looking specifically at the admin/user checks after fixing the indentation:

 

if ($group_check == "Administrators") {
if($pm_count >= '50000') {
	$error = 'The user you are trying to send a message to has 50,000 private messages, sorry but we cant send your message until that user deletes some of their messages.';
}
}
                            
if($group_check == "Users") {
if($pm_count >= '50') { 
	$error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message until that user deletes some of their messages.';
}
} else {                                
mysql_query("INSERT INTO messages (reciever, sender, subject, message) VALUES('$reciever', '$user', '$subject', '$message')") or die (mysql_error());
$pm_count++;
mysql_query("UPDATE authorize SET pm_count='$pm_count' WHERE username='$reciever'");
}

 

Notice a problem? You're only executing the query when $group_check does not equal "Users". So it will execute it for admins, but the admin PM check won't have any impact on anything, escape perhaps the error shown later.

 

Indentation makes a huge impact, I would certainly try to re-indent the code and you'll probably spot more logic errors.

[MDCode]

Notice a problem? You're only executing the query when $group_check does not equal "Users". So it will execute it for admins, but the admin PM check won't have any impact on anything, escape perhaps the error shown later.

 

Indentation makes a huge impact, I would certainly try to re-indent the code and you'll probably spot more logic errors.

I have added an else if to the Users group check now nothing works. 

[Adam]

Can you post that?

[MDCode]

if($group_check == "Administrators") { 
if($pm_count >= '50000') { 
$error = 'The admin you are trying to send a message to has 50,000 private messages, sorry but we cant send your message until that user deletes some of their messages.';
      }
   } else if($group_check == "Users") { 
if($pm_count >= '50') { 
$error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message until that user deletes some of their messages.';
      }
} else {

[Adam]

That's because you're now effectively saying:

 

If the group is equal to admins, do this...

Else if the group is equal to users, do this...

Else if the group is not equal to admins or users, do this...

[MDCode]

Ty for that explanation...sorry I'm fairly new to php heres the update.  It seems I can now send to Admins and have admin error displayed but neither for Users

 if($group_check == "Administrators") { 
if($pm_count >= '50000') { 
$error = 'The admin you are trying to send a message to has 50,000 private messages, sorry but we cant send your message until that user deletes some of their messages.';
      }
   } else if($group_check == "Users") { 
if($pm_count >= '50') { 
$error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message until that user deletes some of their messages.';
      }
}
// changed
if (!error) {
                            //And now we stick the message in the database with all the correct information
                            mysql_query("INSERT INTO messages (reciever, sender, subject, message) VALUES('$reciever', '$user', '$subject', '$message')") or die (mysql_error());
						//Add 1 to the pm count, update the reciever with the new pm count
						$pm_count++;
						mysql_query("UPDATE authorize SET pm_count='$pm_count' WHERE username='$reciever'");
                            }

[MDCode]

Oops i put

if (!error)

instead of

if (!$error)

works perfectly now thank you all so much