Previous | Next

     After checking your inbox, deleting junk, and looking at a few messages you may be wanting to write a message, and this page will let you do it. Basically on this page we have a form that sends the form information to itself once you press send. We need inputs for the reciever, the title, and the message body, then we need to check to make sure none of those are blank once the form is submitted and if they are we return an error message. However we need to distinguish between a completely blank form and a form with just one or two pieces missing so that our users wont always get errors when trying to compose a message. We do that by seeing that if every input is empty we assume the user just came to this apge for the first time, so submitting a completely blank form will give no error. If the form is all good then we stick it into the database with the information of who the sender and reciever are, the title, and message body. We also have flood counter that uses the date function for minutes and seconds and does a difference check of two different time variables.


    <?php
session_start
();
$user $_SESSION['username'];
    
    include 
'db.php';
    
    
//This checks to see if a user is logged in or not by seeing if the sessioned username varialble exists.
    //You could change this check to however you want to validate your members, this is just how I did it.
    
if(!$user)
        {
        echo 
"<br><p>Blah blah you arent logged in and stuff, you should do that or something</p><br>";
        }
        
    else
        {
        
//Query the database to see how many messages the logged in user has, then do a little math
        //Find the percentage that your inbox is full (message count divided by 50)
        //50 messages maximum, you can change that
        
$sql mysql_query ("SELECT pm_count FROM users WHERE username='$user'");
        
$row mysql_fetch_array ($sql);
        
$pm_count $row['pm_count'];
        
        
//This is the math to figure out the percentage.
        //The message could divided by 50 then multiplied by 100 so we dont have a number less than 1
        
$percent $pm_count/'50';
        
$percent $percent '100';
        
?>
        <br>
        <center>
        <b><p><a href="inbox.php">Inbox</a> | <a href="compose.php">Compose</a> | <a href="sent.php">Sentbox</a></b>
        <b><p><?php echo "$pm_count"." of 50 Total  |  "."$percent"."% full"?></p></b>
        </center>
        <br>
        <?php
        
//So here we get the variable submitted through the form to this page
        //So here we get the variable submitted through the form to this page
        
$reciever htmlspecialchars($_POST['username'], ENT_QUOTES); // Strip out special html characters including single and double quote
        
$reciever mysql_real_escape_string($reciever); //Escape any characters that could be used in an sql injection attack
        
        
$subject htmlspecialchars($_POST['subject'], ENT_QUOTES);
        
$subject mysql_real_escape_string($subject);
        
        
$message htmlspecialchars($_POST['message'], ENT_QUOTES);
        
$message mysql_real_escape_string($message);
        
$error '0';
        
        
//If they are all blank we jsut say to compose a message
        
if(!$reciever AND !$subject AND !$message)
            {
            
?>
            <p><b>Please compose a message.</b></p>
            <br>
            <?php
            
}
        
        
//Since this form was partially filled out we need to return an error message
        
else
            {
            if (!
$reciever)
                {
                
$error 'You must enter a reciever to your message';
                }
            
            if (!
$subject)
                {
                
$error 'You must enter a subject';
                }
            
            if (!
$message)
                {
                
$error 'You must enter a message';
                }
            
            
//If the variable error is not set to zero, we have a problem and should show the error message
            
if($error != '0')
                {
                echo 
"<p>$error</p><br>";
                }
            
            
//There are no errors so far which means the form is completely filled out    
            
else
                {
                
//Are the trying to send a message to a real user or to something they just made up?
                
$user_check mysql_query("SELECT username FROM users WHERE username='$reciever'");
                
$user_check mysql_num_rows($user_check);
                
                
//The user is real and not made up if this is true
                
if($user_check '0')
                    {
                    
//There might already be a sessioned time variable, if so we need to get it for the flood check
                    
$time $_SESSION['time'];
                    
                    
//If there is a time variable already, set it to the varialbe $old_time
                    
if($time '0')
                        {
                        
$old_time $time;
                        }
                    
                    
//Here we get the minutes and seconds on the server time using the date function, and set that to the $time variable
                    //Now we find the difference between this time ($time) and the time that the page was submitted ($old_time)
                    
$time date('is');
                    
$difference $time $old_time;
                    
                    
$_SESSION['time'] = $time;
                    
                    
//If the two times have a difference greater or equal to 15, which is 15 seconds, they can submit the message, this is for flood protection
                    
if($difference >= '15')
                        {
                        
//Get their private message count
                        
$sql mysql_query ("SELECT pm_count FROM users WHERE username='$reciever'");
                        
$row mysql_fetch_array ($sql);
                        
$pm_count $row['pm_count'];
                        
                        
//You cant have more than 50 private messages, if they try sending a message to a user with a full inbox return an error message
                        
if(pm_count == '50')
                            {
                            
$error 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message untill that user deletes some of their messages.';
                            }
                            
                        else
                            {    
                            
//And not we stick the message in the database with all the correct information
                            
mysql_query("INSERT INTO messages (reciever, sender, subject, message) VALUES('$reciever', '$user', '$subject', '$message')") or die (mysql_error());
                            
//Add 1 to the pm count, update the reciever with the new pm count
                            
$pm_count++;
                            
mysql_query("UPDATE users SET pm_count='$pm_count' WHERE username='$reciever'");
                            }
                            
                        
//Let the user know everything went ok.
                        
echo "<p><b>You have successfully sent a private message!</b></p><br>";
                        }
                    
                    
//Since they are trying to send messages faster than every 15 seconds, give them an error message    
                    
else
                        {
                        
$error 'You must wait 15 seconds before sending another private message';
                        }
                    }
                
                
//If they mis spelled or, made up a username, then give an error message telling them its wrong.
                
else
                    {
                    
$error 'That username does not exist, please try again. Remember to check your spelling, and don't make stuff up at random.';
                    }
                }
            }
            
        //Since we may have set the error variable to something while trying to send the messae, we need another error check
        if($error != '
0')
            {
            echo "<p>$error</p><br>";
            }
            
        else
            {
            //Here'
s the form for the input
            ?>
            <form name="send" method="post" action="compose.php">
            <table width="80%">
              <tr>
                <td width="150px" align="left" valign="top"><p>Username</p></td>
                <td width="" align="left" valign="top"><input name="username" type="text" id="username" value="<?php echo "$reciever"?>"></td>
              </tr>
              
              <tr>
                <td width="150px" align="left" valign="top"><p>Subject</p></td>
                <td width="" align="left" valign="top"><input name="subject" type="text" id="subject" value="<?php echo "$subject"?>"></td>
              </tr>
              
              <tr>
                <td width="150px" align="left" valign="top"><p>Message Body</p></td>
                <td width="" align="left" valign="top"><textarea name="message" type="text" id="message" value="" cols="50" rows="10"></textarea></td>
              </tr>
                  
              <tr>  
                <td></td>
                <td><input type="submit" name="Submit" value="Send Message"></td>
              </tr>
            </table>
            </center>
            </form>
            <?php
            
}
        }    
    
?>
    


     One last thing real quick, if you encounter any problems during this tutorial or with code not working, PLEASE e-mail me at "bedfordd @ egmods.com" (Remove the spaces).

Part One - Getting Started: The first page will tell you how to set up the database and table that you will need for the Private Messaging System, and will also show you how to connect to the database you just created.

Part Two - Inbox: The second page will teach you first of all, how to make the inbox. This page will search for any message that have been sent to the logged in user, display them, let the user click a link to view them, and finally to select them for deletion.

Part Three - Delete: The third page will recieve the information from the inbox page for which private messages need to be deleted, process the information, and to actually do the deletion.

Part Four - View Messages: The fourth page will teach you how to recieve the id variable sent through the URL when you click the link on the inbox to view the message. It will double check that you are the reciever of the message, and will display the message in full.

Part Five - Compose: The fifth page will teach you how to make the form to write a message and to send the form to itself, do some error checking to make sure they didnt try to send a blank message, or a message to a non existant user, or a message to themself.

Part Six - Sent Messages: The sixth, and least useful page, will just show you which messages you have sent to other users that haven't been read or deleted yet.