Several people on the PHP section have asked about how to make a Private Messaging system, whether for a game, forum, Etc. Private Messaging is extremely simple to set up, and I will show it here.
ok, since we need to connect to the Database on each page, i've created one called "config.php".
Code:
<?php
$localhost = "$localhost";
$mysqlusername = "$mysqlusername";
$mysqlpassword = "$mysqlpassword";
$db = "$db";
$con = mysql_connect($localhost, $mysqlusername, $mysqlpassword);
mysql_select_db("$db", $con);
?>
First off, we need to create a table called "messages" in the DB we have selected. it will have the columns "to_user", "message", and "from_user", "sent_deleted", and "deleted". "sent_deleted" is for a user to delete the PM after they have sent it, whereas "deleted" tells us that the pm has been deleted by the receiver. Neither of the last two are necessary, but I like to keep them in the table for reference.
Code:
<?php
//Connect to the Database
require("config.php");
//query to create the Table
mysql_query("CREATE TABLE messages(
to_user VARCHAR(30),
from_user VARCHAR(30),
deleted VARCHAR(3) DEFAULT no,
sent_deleted VARCHAR(3) DEFAULT no,
message VARCHAR(1000))")
or die(mysql_error());
echo "Table Created!";
?>
Secondly, we need to create a form to add the message into the database. I call this "sendpm.php".
Code:
<?php
session_start();
require("config.php");
$message = $_POST['forward2'];
if (isset($_POST['submit']))
{
// if the form has been submitted, this inserts it into the Database
$to_user = $_POST['to_user'];
$from_user = $_POST['from_user'];
$message = $_POST['message'];
mysql_query("INSERT INTO messages (to_user, message, from_user) VALUES ('$to_user', '$message', '$from_user')")or die(mysql_error());
echo "PM succesfully sent!";
}
else
{
// if the form has not been submitted, this will show the form
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h3>Send PM:</h3></td></tr>
<tr><td></td><td>
<input type="hidden" name="from_user" maxlength="32" value = <?php echo $_SESSION['username']; ?>>
</td></tr>
<tr><td>To User: </td><td>
<input type="text" name="to_user" maxlength="32" value = "">
</td></tr>
<tr><td>Message: </td><td>
<TEXTAREA NAME="message" COLS=50 ROWS=10 WRAP=SOFT></TEXTAREA>
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Send Message">
</td></tr>
</table>
</form>
<?php
}
?>
I also decided to make an outbox, so users can view PMs they have sent.
Code:
<?php
session_start();
require("config.php");
$user = $_SESSION['username'];
if (isset($_POST['delete'])) {
$id = $_POST['id'];
mysql_query("UPDATE messages SET sent_deleted = 'yes' WHERE from_user = '$user' AND id = '$id'")or die(mysql_error());
echo "Message succesfully deleted from your outbox.";
}
$user = $_SESSION['user'];
$sql = mysql_query("SELECT * FROM messages WHERE from_user = '$user' AND sent_deleted = 'no'")or die(mysql_error());
while($row = mysql_fetch_array( $sql ))
{
/* I have set each element into it's OWN echo statement for easy readind.
however it is possible to create it in one echo statement like the following:
echo "Message ID#: ".$row['id'];
*/
echo "<table border=1>";
echo "<tr><td>";
echo "Message ID#: ";
echo $row['id'];
echo "</td></tr>";
echo "<tr><td>";
echo "To: ";
echo $row['to_user'];
echo "</td></tr>";
echo "<tr><td>";
echo "From: ";
echo $row['from_user'];
echo "</td></tr>";
echo "<tr><td>";
echo "Message: ";
echo $row[message];
echo "</td></tr>";
echo "</br>";
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2></td></tr>
<tr><td></td><td>
<input type="hidden" name="id" maxlength="5" value = "<?php echo $row['id']; ?>">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="delete" value="Delete PM # <?php echo $row['id']; ?> from outbox">
</td></tr>
</table>
</form>
<?php
}
echo "</table>";
echo "</br>";
?>
Lastly, we need the actual inbox, where users can view Private Messages that have been sent to them.
Code:
<?php
session_start();
require("config.php");
$user = $_SESSION['user'];
if (isset($_POST['view_old'])) {
$user = $_SESSION['user'];
$query = mysql_query("SELECT * FROM messages WHERE to_user = '$user' AND deleted = 'no'")or die(mysql_error());
while($row2 = mysql_fetch_array($query))
{
echo "<table border=1>";
echo "<tr><td>";
echo "Message ID#: ";
echo $row2['id'];
echo "</td></tr>";
echo "<tr><td>";
echo "To: ";
echo $row2['to_user'];
echo "</td></tr>";
echo "<tr><td>";
echo "From: ";
echo $row2['from_user'];
echo " ";
echo "</td></tr>";
echo "<tr><td>";
echo "Message: ";
echo bb ($row2['message']);
echo "</td></tr>";
echo "</br>";
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2></td></tr>
<tr><td></td><td>
<input type="hidden" name="id" maxlength="32" value = "<?php echo $row2['id']; ?>">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="delete" value="Delete PM # <?php echo $row2['id']; ?>">
</td></tr>
</table>
</form>
<?php
}
}
if (isset($_POST['delete'])) {
$id = $_POST['id'];
$user = $_SESSION['username'];
$sql = mysql_query("UPDATE messages SET deleted = 'yes' WHERE id = '$id' AND to_user = '$user'")or die(mysql_error());
echo "Your message has been succesfully deleted.";
}
$sql = mysql_query("SELECT * FROM messages WHERE to_user = '$_SESSION[username]'")or die(mysql_error());
while($row = mysql_fetch_array($sql))
{
$user = $_SESSION['user'];
echo "<table border=1>";
echo "<tr><td>";
echo "Message ID#: ";
echo $row[id];
echo "</td></tr>";
echo "<tr><td>";
echo "To: ";
echo $row[to_user];
echo "</td></tr>";
echo "<tr><td>";
echo "From: ";
echo $row[from_user];
echo "</td></tr>";
echo "<tr><td>";
echo "Message: ";
echo $row[message];
echo "</td></tr>";
echo "</br>";
mysql_query("UPDATE messages SET read_yet = 'yes' WHERE to_user = '$user' AND id ='$row_id'")or die(mysql_error());
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2></td></tr>
<tr><td></td><td>
<input type="hidden" name="id" maxlength="32" value = "<?php echo $row['id']; ?>">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="delete" value="Delete PM # <?php echo $row['id']; ?>">
</td></tr>
</table>
</form>
<?
}
echo "</table>";
?>
NOTE: this is an extremely simple PM system with NO security against SQL Injection. If you wish to prevent SQL Injection, I suggest you read some tutorials.)
Please comment on this and let me know how good/bad of a tutorial this is =) thank you guys.
Regard.
STIWARD.