PHP MYSQL Messaging System

[dannyp100]

Hi guys

I am creating a php mysql private messaging system.

I am having great difficulty on probably the simplest of matters.

When sending a message to another user, I have inserted a drop down list of all the users

on the database under the 'to users name'. This works, but however, when I send the message, the 'messageTo' field in the database doesn't populate with the userID i sent the message to.

Any solutions possible? Thankyou!

 

<?php
include 'gradnetconn.php';
require_once ('webpage.class.php');
session_start();
?>

<form action="send.php" method="post" name="sendpm">
<table>
<tr>
<td>
To Users Name
</td>
<td>
<select name="messageTo" id="messageTo" />
<option value = <?php $sql = "SELECT * FROM gn_users";
$queryresult = mysql_query($sql) or die (mysql_error());
while($row = mysql_fetch_assoc($queryresult)){
$userFirstName= $row['userFirstName'];
$userSurname = $row['userSurname'];
echo "<option value = $userFirstName > $userSurname</option>\n";
}
mysql_free_result($queryresult);
?></option>
</td>
</tr>
<tr>
<td>
Subject
</td>
<td>
<input type="text" name="messageSubject" id="messageSubject" />
</td>
</tr>
<tr>
<td>
Message
</td>
<td>
<textarea name="messageBody" cols="60" rows="10" id="messageBody"></textarea>
</td>
</tr>
<tr>
 <td colspan="2">
<input type="submit" value="Send PM" />
</td>
</tr>
</table>
</form>

[Psycho]

Impossible to know from what you have provided. But, I see some things that look "off".

 

<select name="messageTo" id="messageTo" />
<option value = <?php $sql = "SELECT * FROM gn_users";
$queryresult = mysql_query($sql) or die (mysql_error());
while($row = mysql_fetch_assoc($queryresult)){
 $userFirstName= $row['userFirstName'];
 $userSurname = $row['userSurname'];
 echo "<option value = $userFirstName > $userSurname</option>\n";
}
mysql_free_result($queryresult);
?></option>

 

1. You start an opening option tag, then run your query and create the options, and then having a closing option tag. The HTML markup would be messed up. basically you are putting all the options inside a parent set of options. makes no sense.

2. The value of an option tag should be enclosed in quotes.

3. There is no closing SELECT Tag

4. Are you really wanting the first name as the value? you should be using the ID of the record

 

So, whatever the value of the options are, they will be passed in the post data. You should verify that by doing a print_r(%_POST) on the page that receives the form data. If the values are passed and not getting saved, then you need to look at the code for saving the records.

 

This is what I think your code should look like for creating the select list.

 

<?php

//Put this section at the top of the script
$query = "SELECT userID, userFirstName, userSurname FROM gn_users";
$result = mysql_query($query) or die (mysql_error());
$toOptions = '';
while($row = mysql_fetch_assoc($queryresult))
{
   $toOptions .= "<option value=\"{$row['userID']}\">{$row['userFirstName']} {$row['userSurname']}</option>\n";
}

?>

<!-- this goes in the body of the HTML -->
<select name="messageTo" id="messageTo" />
<?php echo $toOptions; ?>
</select>

[dannyp100]

Thankyou so much!! That's perfect! I'm a beginner at this, but you explained it so well

I have one more query to ask. Bascially I have an inbox which is working fine. But when i click on a message that is

displayed in the inbox it redirects to a page called viewmessage.php which doesn't display the message.

Here is the code:

 

<?php
session_start();
include 'gradnetconn.php';
$messageID = $_GET['messageID'];
if(!isset($messageID)) {
header('location: inbox.php');
}
else if(isset($messageID)) { 

$getmessage = mysql_query("SELECT * FROM 'gn_messages' WHERE 'messageTo' = '$messageTo' AND 'messageID' = '$messageID'");
  while($return= mysql_fetch_object($getmessage)) { //returning the selected message

 echo "<h2>$return->messageSubject</h2>";
 echo "<p>$return->messageBody</p>";
 echo "<p>From: $return->messageFrom On: $return->messageDate</p>";
}
}
?>

 

 

It comes up with these errors:

 

Notice: Undefined variable: messageTo

(on line 14)

 

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource

(on line 15)

 

 

Thankyou again

[Psycho]

To start, look at the code that creates links in your inbox. They *should* have a parameter on them for the "messageID" and they apparently do not. Without that you cannot get the message to display. That will resolve the "Notice" message above which will also resolve part of the problem with the query. But, here are some other issues:

 

$messageID = $_GET['messageID'];
if(!isset($messageID)) {

 

You SET $messageID and then do a check if it is set. Kind of pointless since it would always be set. It may be set as null if $_GET['messageID'] is not set - but $messageID would always be set in that logic.

 

else if(isset($messageID)) 

 

If the if() condition is checking if something is not set, just use else. No need to use elseif() with a condition to see if it is set.

 

$getmessage = mysql_query("SELECT * FROM 'gn_messages' WHERE 'messageTo' = '$messageTo' AND 'messageID' = '$messageID'");

 

1. Don't create your queries directly in the mysql_query() function call. Create the query as a string variable so if something goes wrong you can echo it to the page for debugging.

 

2. Where is $messageTo defined? Do you really need it since you are specifying the message ID? I could see where you might want to use it to restrict people from seeing messages not intended for them, but that's not how I'd do it.

 

3. NEVER EVER user user submitted values (POST, GET, COOKIE) in your queries without properly escaping/sanitizing them

 

4. If you are only getting one record - don't use a while() loop

 

Sample code. This is not meant to be a copy/paste solution. only an idea of how the logic might look

<?php
session_start();
include 'gradnetconn.php';

$currentUser = $_SESSION['user'];

$messageID = (isset($_GET['messageID'])) ? intval($_GET['messageID']) : 0;
if(!$messageID)
{
   header('location: inbox.php');
   exit();
}

$query = "SELECT *
	  FROM 'gn_messages'
	  WHERE 'messageID' = '$messageID'"

$result = mysql_query($query) or die(mysql_error());

$message = mysql_fetch_object($result);
if($message->messageTo != $currentUser)
{
   echo "You are not allowed to view this message";
}
else
{
   echo "<h2>$message->messageSubject</h2>";
   echo "<p>$message->messageBody</p>";
   echo "<p>From: $message->messageFrom On: $message->messageDate</p>";
}

?>

[Barand]

Your form method in your initial post in this thread is POST whereas you are using $_GET['message_id']

[dannyp100]

Thankyou once again for the advice

For the final part of the simple system, i''m hopefully going to integrate notifications to a user when they recieve a new email.

Do you know any good tutorials/tips for doing this?

 

There is also a possiblity at the end to integrate an add friend/add contact function aswell, do you know any good tutorials that would help me with this?

 

Thankyou

[dannyp100]

I have followed the logic you provided and created code to follow this. The only error that comes up now is:

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''gn_messages' WHERE 'messageID' = '21'' at line 1

 

Sorry if i continue to sound completely dumb, i'm fairly new to this.

Thanks again

[Barand]

don't put table names in quotes

[dannyp100]

Thanks, i'm just careless!

I'm trying to figure out why a message that has not been read is coming up as read.

 

This is my view message code:

<?php
session_start();
include 'gradnetconn.php';
$currentUser = $_SESSION['userID'];
$messageID = (isset($_GET['messageID'])) ? intval($_GET['messageID']) : 0;
if(!$messageID)
{
header('location: inbox.php');
exit();
}
$query = ("SELECT * FROM gn_messages WHERE messageID = '$messageID'");
$result = mysql_query($query) or die(mysql_error());
$message = mysql_fetch_object($result);
if($message->messageRead == "0") {
$update = mysql_query("UPDATE `gn_messages` SET `messageRead` = '1' WHERE `messageID` = '$message->messageID' LIMIT 1"); }
if($message->messageTo != $currentUser)
{
echo "You are not allowed to view this message";
}
else
{
echo "<h2>$message->messageSubject</h2>";
echo "<p>$message->messageBody</p>";
echo "<p>From: $message->messageFrom On: $message->messageDate</p>";
}

 

Then this is my inbox code:

 

<?php
include 'gradnetconn.php';
session_start();

$messageTo = $_SESSION['userID'];
$sql = mysql_query("SELECT * FROM gn_messages WHERE messageTo = $messageTo AND messageDeleted = '0'
ORDER BY messageDate DESC");
?>
<table width='95%'>
<tr><th>From</th><th>Message Subject</th><th>Date Recieved</th></tr>
<?php
 while($return = mysql_fetch_object($sql)) {

  $return->messageDate = gmdate('d/\m/\y g:ia');
  if($return->messageRead = "0") {
  $messageRead = "notread.jpg";
  }
  else {
  $messageRead = "read.jpg";
  }
  echo "<tr><td><img src='".$messageRead."' /></td>
  <tr><td>$return->messageFrom</td><td><a href='viewmessage1.php?messageID=$return->messageID'>$return->messageSubject</a>
  </td><td>$return->messageDate</td></tr>";
}

?>
</table>

 

I don't seem to know why in my inbox, whenever a message is recieved it always says its read?

[MDCode]

if($return->messageRead = "0") {

 

Look closely at this line

[dannyp100]

I still wouldn't know what would be wrong with that line?

[Christian F.]

What's the difference between comparison operators (equality, in this case) and assignment operators? If you can answer that, you can answer what's wrong with the above sentence.

[dannyp100]

Done thanks for the heads up!

 

I have one final question and then my system should be working correctly. I can successfully view a message from my inbox. I am now trying to view a message from my outbox. (outboxview.php)

This is the code for my view message from inbox:

 

<?php
session_start();
include 'gradnetconn.php';
$currentUser = $_SESSION['userID'];
$messageID = (isset($_GET['messageID'])) ? intval($_GET['messageID']) : 0;
if(!$messageID)
{
header('location: inbox.php');
exit();
}
$query = ("SELECT * FROM gn_messages WHERE messageID = '$messageID'");
$result = mysql_query($query) or die(mysql_error());
$message = mysql_fetch_object($result);
if($message->messageRead == "0") {
$update = mysql_query("UPDATE `gn_messages` SET `messageRead` = '1' WHERE `messageID` = '$message->messageID' LIMIT 1"); }
if($message->messageTo != $currentUser)
{
echo "You are not allowed to view this message";
}
else
{
echo "<h2>$message->messageSubject</h2>";
echo "<p>$message->messageBody</p>";
echo "<p>From: $message->messageFrom On: $message->messageDate</p>";
}

 

I altered it ever so slightly for outboxview.php as it is the same idea

 

<?php
session_start();
include 'gradnetconn.php';
$currentUser = $_SESSION['userID'];
$messageID = (isset($_GET['messageID'])) ? intval($_GET['messageID']) : 0;
if(!$messageID)
{
header('location: outbox.php');
exit();
}

$query = ("SELECT * FROM gn_messages WHERE messageID = '$messageID'");
$result = mysql_query($query) or die(mysql_error());
$message = mysql_fetch_object($result);
if($message->messageFrom != $currentUser)
{
echo "You are not allowed to view this message";
}
else
{
echo "<h2>$message->messageSubject</h2>";
echo "<p>$message->messageBody</p>";
echo "<p>From: $message->messageTo On: $message->messageDate</p>";
}
?>

 

This doesn't work, it just redirects to the outbox page. Any solutions or ideas?

 

Thankyou

[Christian F.]

Use the same file/page to show the PM, no matter where it's located. No point in having two files which does essentially the same. Then just have one IF-test that tests all of the conditions for reading the PM.

The only thing you need to do differently, is if you're using a link back to the previous folder. Then you'll need to send the name of that page along the message ID, so you can construct the correct link in the view.

Edited February 7, 2013 by Christian F.

[Psycho]

It's very disappointing to try and help someone out when they don't appear to be even trying.

 

You say that you are just being redirected to the outbox, correct? Are you saying you don't see anything in that code that would perform that redirect???

$messageID = (isset($_GET['messageID'])) ? intval($_GET['messageID']) : 0;
if(!$messageID)
{
  header('location: outbox.php');
  exit();
}

 

So, you know there is a condition check that (if true) will redirect to the outbox. That condition is predicated on $_GET['messageID']

 

Have you tried echoing $_GET['messageID'] to the page to verify what it contains or, better yet, do a print_r($_GET)? Did you look at the HTML source code on the outbox.php page to verify that the links are created with the correct URL parameter for 'messageID'? Did you look at the PHP code on that page to see how that parameter is being created?

 

In short, have you done anything to actually figure out the problem on your own rather than just trying it, seeing it doesn't work, and then posting here? You do not need to be a programmer to do simple debugging.

[Psycho]

Use the same file/page to show the PM, no matter where it's located. No point in having two files which does essentially the same. Then just have one IF-test that tests all of the conditions for reading the PM.

The only thing you need to do differently, is if you're using a link back to the previous folder. Then you'll need to send the name of that page along the message ID, so you can construct the correct link in the view.

 

I'd agree. But, I would also modify the permission check (if you've implemented one) to only display the message if the message is FROM or TO the current user.

[dannyp100]

Honestly, i am trying. I'm just a total beginner who is extremely lame at this.

Everything i have tested seems to be fine with the outbox. View source, echoed etc

It all seems fine and is corresponding to the correct messageID. It just won't seem to display anything.

 

Thanks for the advice Christian, i would love to do it that way but i'll just stick to ways i understand atm until I have more experience with php. Apologies for wasting anyones time, I genuinely am a total beginner and so confused!

 

Thankyou

[Psycho]

I gave you a number of things to try. At least try those and report what results you get.

 

As for Christian's suggestion you should absolutely do that. Otherwise you are only creating more work for yourself. Just change the name of the original inboxview.php file to something like viewmessage.php. Then call that file when trying to view messages from either the inbox or the outbox. That way you only have one file to maintain. If you find a bug when viewing inbox messages you would be inclined to only fix the issue in the viewinbox.php file and would likely forget that the same problem must also exist in the viewoutbox.php file. That will lead to fractured code.

[dannyp100]

Okay so I stopped being all mopy and lazy and continued testing everything.

A user can successfully see outbox and inbox messages. Problem fixed!

 

The final parts of my system are:

- deleting inbox/outbox messages

- message notifications if a user has received a new message.

 

I have had absolutely no experience of this whatsoever and have no where to start. Could anyone link me to advice/tutorials or tips?

 

Thanks again

[ajaxsoundscool]

www.webintersect.com  or www.developphp.com   great tutorials! Im a beginner too and im trying to build a PM system. mines working, but my issue is that when i send a message to someone, it all goes through great etc... that person receives the message however it doesnt pop up in the box, you have to refresh the damn page all the time! so annoying and i cant get my head around it. If anyone can help me, please do, i will send over my PM system code and details of the mysqli database. 

 

Cheers

 

Guy