PixelResources
23-08-2006, 11:59 PM
i have
<?
ob_start();
//the above line needs to be above ALL HTML and PHP (except for <?).
include("config.php");
//gets the config page, which connects to the database and gets the user's information
if ($logged[username])
{
//checks to see if they are logged in
switch($_GET[page])
{
//this allows us to use one page for the entire thing
default:
echo ("- <a href=\"messages.php?page=inbox\">Inbox</a><br />
- <a href=\"messages.php?page=write\">New Message</a>");
break;
case 'write':
if (!$_POST[send])
{
//the form hasnt been submitted yet....
echo ("<form method=\"POST\" style=\"margin: 0px;\">
<dl style=\"margin: 0px;\">
<dt>recipient</dt>
<dd>
<select name=\"to\">
");
$getusers = mysql_query("SELECT * FROM users ORDER BY 'username' ASC");
while ($users = MySQL_Fetch_Array($getusers)) {
echo ("<option value=\"$users[username]\">$users[username]</option>");
}
//the above line gets all the members names and puts them in a drop down box
echo ("
</select>
</dd>
<dt>Message Subject</dt>
<dd><input type=\"text\" name=\"subject\" size=\"20\"></dd>
<dt>Message</dt>
<dd><textarea rows=\"7\" name=\"message\" cols=\"35\"></textarea>
</dd><dt> </dt>
<dd><input type=\"submit\" value=\"Submit\" name=\"send\"></dd>
</dl>
</form>
");
}
if ($_POST[to])
{
//the form has been submitted. Now we have to make it secure and insert it into the database
$subject = htmlspecialchars(addslashes("$_POST[subject]"));
$message = htmlspecialchars(addslashes("$_POST[message]"));
$to = htmlspecialchars(addslashes("$_POST[to]"));
//the above lines remove html and add \ before all "
$send = mysql_query("INSERT INTO `pmessages` ( `title` , `message` ,
`touser` , `from` , `unread` ,
`date` ) VALUES ('$subject', '$message', '$to',
'$logged[username]', 'unread', NOW())");
echo ("Your message has been sent.");
}
break;
case 'delete':
if (!$_GET[msgid])
{
echo ("Sorry, but this is an invalid message!");
}
else
{
$getmsg = mysql_query("SELECT * from pmessages where id = '$_GET[msgid]'");
$msg = mysql_fetch_array($getmsg);
//hmm..someones trying to delete someone elses messages! This keeps them from doing it
if ($msg[touser] != $logged[username])
{
echo ("This message was not sent to you!");
}
else
{
$delete = mysql_query("delete from pmessages where id = '$_GET[msgid]'");
echo ("Message Deleted");
}
}
break;
case 'inbox':
$get = mysql_query("SELECT * from pmessages where touser = '$logged[username]' order by id desc");
echo("
<table bgcolor=\"#dddddd\" border=\"0\" width=\"100%\" cellspacing=\"0\">
<tr>
<td align=\"center\">Subject</td>
<td align=\"center\" width=\"125\">From</td>
<td align=\"center\" width=\"97\">Date</td>
<td width=\"25\">Delete</td>
</tr>
</table>
");
$nummessages = mysql_num_rows($get);
if ($nummessages == 0)
{
echo ("You have 0 messages!");
}
else
{
echo("<table border=\"0\" width=\"100%\" cellspacing=\"1\">");
while ($messages = mysql_fetch_array($get))
{
//the above lines gets all the messages sent to you, and displays them with the newest ones on top
echo ("
<tr>
<td><a href=\"messages.php?page=view&msgid=$messages[id]\">");
if ($messages[reply] == yes)
{
echo ("Reply to: ");
}
echo ("$messages[title]</a></td>
<td width=\"125\">$messages[from]</td>
<td width=\"97\">$messages[date]</td>
<td width=\"25\"><a href=\"messages.php?page=delete&msgid=$messages[id]\">Delete</a></td>
</tr>");
}
echo ("</table>");
}
break;
case 'view':
//the url now should look like ?page=view&msgid=#
if (!$_GET[msgid])
{
//there isnt a &msgid=# in the url
echo ("Invalid message!");
}
else
{
//the url is fine..so we continue...
$getmsg= mysql_query("SELECT * from pmessages where id = '$_GET[msgid]'");
$msg = mysql_fetch_array($getmsg);
//the above lines get the message, and put the details into an array.
if ($msg[touser] == $logged[username])
{
//makes sure that this message was sent to the logged in member
if (!$_POST[message])
{
//the form has not been submitted, so we display the message and the form
$markread = mysql_query("Update pmessages set unread = 'read' where id = '$_GET[msgid]'");
//this line marks the message as read.
$msg[message] = nl2br(stripslashes("$msg[message]"));
//removes slashes and converts new lines into line breaks.
echo ("
<form method=\"POST\" style=\"margin: 0px;\">
<dl style=\"margin: 0px;\">
<dt><b>$msg[title] -- From $msg[from]</b></dt>
<dd>$msg[message]</dd>
<dt><b>Reply</b></dt>
<dd><textarea rows=\"6\" name=\"message\" cols=\"45\"></textarea></dd>
<dt> </dt>
<dd><input type=\"submit\" value=\"Submit\" name=\"send\"></dd>
</dl></form>");
}
if ($_POST[message])
{
//the form HAS been submitted, now we insert it into the database
$message = htmlspecialchars(addslashes("$_POST[message]"));
$do = mysql_query("INSERT INTO `pmessages` ( `title` , `message` , `touser` , `from` , `unread` ,
`date`, `reply`) VALUES
('$msg[title]', '$message', '$msg[from]', '$logged[username]',
'unread', NOW(), 'yes')");
echo ("Your message has been sent");
}
}
else
{
//hmm..this message was NOT sent to the logged in user...so we won't display it.
echo("<b>Error</b><br />");
echo ("This message was not sent to you!");
}}
break;
}
echo("<br /><br /><div align=\"center\"><b><a href=\"?page=inbox\">Inbox</a> ยท <a href=\"?page=write\">New Message</a></b>");
}
?>
I want the messages to display like this
Message from {NameOfSender} - {Subject}
Message from {NameOfSender} - {Subject}
Message from {NameOfSender} - {Subject}
Message from {NameOfSender} - {Subject}
Message from {NameOfSender} - {Subject}
Etc etc.
Thanks :)
Edited by ---MAD--- (forum moderator): Thread closed as it has gone way off topic, thanks :).
<?
ob_start();
//the above line needs to be above ALL HTML and PHP (except for <?).
include("config.php");
//gets the config page, which connects to the database and gets the user's information
if ($logged[username])
{
//checks to see if they are logged in
switch($_GET[page])
{
//this allows us to use one page for the entire thing
default:
echo ("- <a href=\"messages.php?page=inbox\">Inbox</a><br />
- <a href=\"messages.php?page=write\">New Message</a>");
break;
case 'write':
if (!$_POST[send])
{
//the form hasnt been submitted yet....
echo ("<form method=\"POST\" style=\"margin: 0px;\">
<dl style=\"margin: 0px;\">
<dt>recipient</dt>
<dd>
<select name=\"to\">
");
$getusers = mysql_query("SELECT * FROM users ORDER BY 'username' ASC");
while ($users = MySQL_Fetch_Array($getusers)) {
echo ("<option value=\"$users[username]\">$users[username]</option>");
}
//the above line gets all the members names and puts them in a drop down box
echo ("
</select>
</dd>
<dt>Message Subject</dt>
<dd><input type=\"text\" name=\"subject\" size=\"20\"></dd>
<dt>Message</dt>
<dd><textarea rows=\"7\" name=\"message\" cols=\"35\"></textarea>
</dd><dt> </dt>
<dd><input type=\"submit\" value=\"Submit\" name=\"send\"></dd>
</dl>
</form>
");
}
if ($_POST[to])
{
//the form has been submitted. Now we have to make it secure and insert it into the database
$subject = htmlspecialchars(addslashes("$_POST[subject]"));
$message = htmlspecialchars(addslashes("$_POST[message]"));
$to = htmlspecialchars(addslashes("$_POST[to]"));
//the above lines remove html and add \ before all "
$send = mysql_query("INSERT INTO `pmessages` ( `title` , `message` ,
`touser` , `from` , `unread` ,
`date` ) VALUES ('$subject', '$message', '$to',
'$logged[username]', 'unread', NOW())");
echo ("Your message has been sent.");
}
break;
case 'delete':
if (!$_GET[msgid])
{
echo ("Sorry, but this is an invalid message!");
}
else
{
$getmsg = mysql_query("SELECT * from pmessages where id = '$_GET[msgid]'");
$msg = mysql_fetch_array($getmsg);
//hmm..someones trying to delete someone elses messages! This keeps them from doing it
if ($msg[touser] != $logged[username])
{
echo ("This message was not sent to you!");
}
else
{
$delete = mysql_query("delete from pmessages where id = '$_GET[msgid]'");
echo ("Message Deleted");
}
}
break;
case 'inbox':
$get = mysql_query("SELECT * from pmessages where touser = '$logged[username]' order by id desc");
echo("
<table bgcolor=\"#dddddd\" border=\"0\" width=\"100%\" cellspacing=\"0\">
<tr>
<td align=\"center\">Subject</td>
<td align=\"center\" width=\"125\">From</td>
<td align=\"center\" width=\"97\">Date</td>
<td width=\"25\">Delete</td>
</tr>
</table>
");
$nummessages = mysql_num_rows($get);
if ($nummessages == 0)
{
echo ("You have 0 messages!");
}
else
{
echo("<table border=\"0\" width=\"100%\" cellspacing=\"1\">");
while ($messages = mysql_fetch_array($get))
{
//the above lines gets all the messages sent to you, and displays them with the newest ones on top
echo ("
<tr>
<td><a href=\"messages.php?page=view&msgid=$messages[id]\">");
if ($messages[reply] == yes)
{
echo ("Reply to: ");
}
echo ("$messages[title]</a></td>
<td width=\"125\">$messages[from]</td>
<td width=\"97\">$messages[date]</td>
<td width=\"25\"><a href=\"messages.php?page=delete&msgid=$messages[id]\">Delete</a></td>
</tr>");
}
echo ("</table>");
}
break;
case 'view':
//the url now should look like ?page=view&msgid=#
if (!$_GET[msgid])
{
//there isnt a &msgid=# in the url
echo ("Invalid message!");
}
else
{
//the url is fine..so we continue...
$getmsg= mysql_query("SELECT * from pmessages where id = '$_GET[msgid]'");
$msg = mysql_fetch_array($getmsg);
//the above lines get the message, and put the details into an array.
if ($msg[touser] == $logged[username])
{
//makes sure that this message was sent to the logged in member
if (!$_POST[message])
{
//the form has not been submitted, so we display the message and the form
$markread = mysql_query("Update pmessages set unread = 'read' where id = '$_GET[msgid]'");
//this line marks the message as read.
$msg[message] = nl2br(stripslashes("$msg[message]"));
//removes slashes and converts new lines into line breaks.
echo ("
<form method=\"POST\" style=\"margin: 0px;\">
<dl style=\"margin: 0px;\">
<dt><b>$msg[title] -- From $msg[from]</b></dt>
<dd>$msg[message]</dd>
<dt><b>Reply</b></dt>
<dd><textarea rows=\"6\" name=\"message\" cols=\"45\"></textarea></dd>
<dt> </dt>
<dd><input type=\"submit\" value=\"Submit\" name=\"send\"></dd>
</dl></form>");
}
if ($_POST[message])
{
//the form HAS been submitted, now we insert it into the database
$message = htmlspecialchars(addslashes("$_POST[message]"));
$do = mysql_query("INSERT INTO `pmessages` ( `title` , `message` , `touser` , `from` , `unread` ,
`date`, `reply`) VALUES
('$msg[title]', '$message', '$msg[from]', '$logged[username]',
'unread', NOW(), 'yes')");
echo ("Your message has been sent");
}
}
else
{
//hmm..this message was NOT sent to the logged in user...so we won't display it.
echo("<b>Error</b><br />");
echo ("This message was not sent to you!");
}}
break;
}
echo("<br /><br /><div align=\"center\"><b><a href=\"?page=inbox\">Inbox</a> ยท <a href=\"?page=write\">New Message</a></b>");
}
?>
I want the messages to display like this
Message from {NameOfSender} - {Subject}
Message from {NameOfSender} - {Subject}
Message from {NameOfSender} - {Subject}
Message from {NameOfSender} - {Subject}
Message from {NameOfSender} - {Subject}
Etc etc.
Thanks :)
Edited by ---MAD--- (forum moderator): Thread closed as it has gone way off topic, thanks :).