PHP - Messagebox System
iam making a message where if you click on a members profile you can send them a message and it fill out the to and from form automaticly which is working but i cant get it to work when you press reply to add sending details.. hope that makes sense.
viewprofile.php Code: [Select] Echo '<a href="new_message.php?username=' . $info['username'] . '">"message me"</a><br>'; when u click message me from the user profile it carry's over the user name no problems. now if your just read a message and wish to reply read_message.php Code: [Select] session_start(); $myusername=$_SESSION['myusername']; require "database.php"; $getuname = $_GET['from_user']; $messageid = $_GET['messageid']; $message = mysql_query("SELECT * FROM messages WHERE message_id = '$messageid' AND to_user = '$myusername'"); $message=mysql_fetch_assoc($message); echo "<h1>Title: ".$message['message_title']."</h1><br><br>"; echo "<h3>From: ".$message['from_user']."<br><br></h3>"; echo "<h3>Message: <br>".$message['message_contents']."<br></h3>"; echo '<form name="backfrm" method="post" action="inbox.php">'; echo '<input type="submit" value="Back to Inbox">'; // trying to carry over the the form_user to the next page Echo '<a href="new_message.php?from_user=' . $getuname['from_user'] . '">"Reply to message"</a><br>'; // ?> new message page. Code: [Select] if (!isset($_GET['username'])) { $getuname = mysql_real_escape_string($_GET['username']); }else{ $getuname = mysql_real_escape_string($_GET['from_user']); } ?> <form name="message" action="messageck.php" method="post"> Subject:<input type="text" name="message_title"> <br> <? echo '<input type="hidden" name="message_to" value="'.$getuname.'"><br>'; ?> Message: <br> <textarea rows="10" cols="50" name="message_contents"> </textarea> <?php echo '<input type="hidden" name="message_from" value="'.$myusername.'"><br>'; Similar Tutorialshello dear PHP-Fans - greetings to you - and a happy new year!! i set up a WAMP-System on my openSuse 11.4 system. In order to learn as much as i can bout PHP i want to do some tests and write some scripts. Well the WAMP is allready up and running. Now i try to give the writing access to the folder mkdir /srv/www/ where the php-scripts should go in... i want to give write permission to all to all files in /srv/www As root I generally: mkdir /srv/www/ chown <webmaster usrername> /srv/www/ /srv/www/ should be readable and traversable by all, but only writeable by it's owner (the user designated as the webmaster.) can i do this like mentioned above,... Love to hear from you greetings db1 i am trying to add a like system to my forum similar to facebook where it shows how many people like a post. this is my code so far: $like_list = ""; $likes = explode("|", $post_info['post_likes']); $amount_likes = count($likes); $ac_likes = ($amount_likes / 2); $slice = array_slice($likes, 0, 4, true); $remain = array_slice($likes, 4, $ac_likes, true); $remain_num = count($remain); if ($ac_likes >= 4) { for($i=0; $i<$ac_likes; $i+=2) { $like_list .= $likes[$i].", "; } $like_list .= " and $remain_num others like this"; } elseif ($amount_likes == 1 ) { $like_list .= "0 people like this"; } elseif ($ac_likes == 1) { $like_list = implode(", ", $likes); $like_list .= " likes this"; } else { $like_list = implode(", ", $likes); $like_list .= " like this"; } $post_info['post_likes'] contains data like: Code: [Select] user1|123456789|user2|123456789 where the number is the timestamp. unfortunatly $like_list prints the username and the timestamp when i would like it to only display the username. This means printing every 2nd element in the array starting from 0. I have seen this done with for loops but i am not using one therefore i am stuck. Any ideas? and is this the best database setup for likes? the post_likes column is added on to the end of the post table.
Hi this is my login script i do have the html if you need to see it please ask & i was wondering if anyone would be kind enough to tell me how i can get my ban system to work Thanks
<?php require 'connect.php'; if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; //Prevent hackers from using SQL Injection $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"; $result = mysql_query($sql); $count = mysql_num_rows($result); $user_level = $_GET['user_level']; $_SESSION['user_level'] = $user_level; if($count == 1) { $_SESSION['username']; $_SESSION['password']; header("Location: index.php"); } else { echo "Please check the username and password you entered is correct."; } if($_SESSION['user_level'] == 0) { $_SESSION['username']; $_SESSION['password']; header("Location: index.php"); } else if($_SESSION['user_level'] == -1) { die(); header("Location: banned.php"); } else if($_SESSION['user_level'] < -1) { die(); echo "An error has occurred please contact your administrator."; } else if($_SESSION['user_level'] == 1) { $_SESSION['username']; $_SESSION['password']; header("Location: admin.php"); } } ?> Edited by Tom8001, 23 November 2014 - 12:18 PM. Hi all I have been looking though loads of tutorials regarding log in method for websites (not APIs), and cant help find that they are outdated. So I am asking what is the correct way to create a log in system using php? Modern websites use JavaScript for asynchronous web requests so this requirement should also be catered for. APIs and mobile apps use access tokens which is very secure if implemented correctly. Can we use the token principle for websites? As the way I see it that most php log in systems use php sessions and they create a session and save some data in this session when the user successfully authenticates, however the session id is held in a cookie so if the cookie is stolen then they have access to your account. API access tokens are expired and refreshed periodically so is there such a implementation method for web sites too? Hello, I have the following code Code: [Select] class Uploads extends Controller { public function __construct() { parent::__construct(); if (empty($_FILES)) { log_message('error', 'Uploads - files empty'); exit('No files uploaded'); } ini_set('memory_limit', '128M'); $this->load->helper('file'); $this->load->helper('helpers'); $this->load->model('uploads_model'); } public function font_handler() { $this->uploads_model->font_handler(); } } class Uploads_model extends Model { public function font_handler() { $config = array( 'max_size' => '8388', 'allowed_types' => 'ttf', 'upload_path' => 'assets/fonts/' ); $this->load->library('upload', $config); if ($this->upload->do_upload('Filedata')) { $file = $this->upload->data(); $jsFile = $file['raw_name'].'.js'; $query = $this->db->where('location', 'menuFont')->get('fonts')->row(); if ($query->customFile != '' && file_exists('assets/fonts/'.$query->customFile)) { unlink('assets/fonts/'.$query->customFile); } $path = getcwd() . '/assets/fonts/cufon/convert.php'; $command = 'php ' . $path . ' -u "U+??" ' . $file['full_path'] . ' 1> ' . getcwd() . '/assets/fonts/' . $jsFile; system($command); } } } Ok so, the ttf file is uploaded correctly and I can run $command from the command promt in putty and it works perfect, but when I try to run the same command from system() the js file just contains (from the controller) "No files uploaded" I have no idea why this is happening? Anyone have any ideas? Also one thing i'm not sure about is if it should be 1> or > when creating the js file?!? Thanks guys! <form action='index.php' method='POST' enctype='multipart/form-dat'> <select name='votes'> <option>SEATOWN</option> <option>vote1</option> <option>vote2</option> <option>vote3</option> </select> <input type='submit' name='vote' value='Vote'> </form> <?php $vote=$_GET['votes']; if(isset($_POST['vote'])) { echo "voted"; echo $vote; } ?> why would this not echo out anything for $vote??? cheers matt Hi all I am building a website for a restaurant where the registered user can do booking in the booking page where user finds the booking form. my problem is I created the log in system but cannot workout with the booking page. I have this scenario - Customer visits site & registers details (name, email etc) on a "registration page" (creating a username & password which goes into your database) - done that Next day, customer visits site and logs in on a "log in page" using the username & password from the previous day which is now stored in your database. Can now make a booking based on this log in. (cannot do this) I'm making a game where you earn points and lose points based on the actions that you take and the actions that your opponents take. What's the best way to create this system. Should I use mysql to store all the data and if so, should I set up the actions in a seperate table or should I just join the actions from all of my other tables. I'm not quite sure what the best method is. Here are some script that i have been working on and i seems to not work so i want to make a select friend list that when they select the friend that they want to send the message to it sends it to them , that sounded stupid but ya. so here is my script , kinda big . pm_inbox.php i did edit the code from its original state because its to big! so here is the sections where is most needed Code: [Select] <?php // Start_session, check if user is logged in or not, and connect to the database all in one included file include_once("scripts/checkuserlog.php"); ?> <?php if (!isset($_SESSION['idx'])) { echo '<br /><br /><font color="#FF0000">Your session has timed out</font> <p><a href="login.php">Please Click Here</a></p>'; exit(); } //THIS IS WHERE I STARTED $selecteduser = $_POST["selecteduser"]; $id = ""; $username = ""; $id = preg_replace('#[^0-9]#i', '', $id); $sql = mysql_query("SELECT * FROM myMembers WHERE id='$id' LIMIT 1"); while($row = mysql_fetch_array($sql)){ $username = $row["username"]; $friend_array = $row["friend_array"]; $check_pic = "members/$id/image01.jpg"; $default_pic = "members/0/image01.jpg"; if (file_exists($check_pic)) { $user_pic = "<img src=\"$check_pic?$cacheBuster\" width=\"218px\" />"; } else { $user_pic = "<img src=\"$default_pic\" width=\"218px\" />"; } $selecteduser .= "<option value='$friend_array'>Friends</option>"; } // Decode the Session IDX variable and extract the user's ID from it $decryptedID = base64_decode($_SESSION['idx']); $id_array = explode("p3h9xfn8sq03hs2234", $decryptedID); $my_id = $id_array[1]; $my_uname = $_SESSION['username']; // Put user's first name into a local variable // ------- ESTABLISH THE INTERACTION TOKEN --------- $thisRandNum = rand(9999999999999,999999999999999999); $_SESSION['wipit'] = base64_encode($thisRandNum); // Will always overwrite itself each time this script runs // ------- END ESTABLISH THE INTERACTION TOKEN --------- ?> <?php // Mailbox Parsing for deleting inbox messages if (isset($_POST['deleteBtn'])) { foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); if ($key != "deleteBtn") { $sql = mysql_query("UPDATE private_messages SET recipientDelete='1', opened='1' WHERE id='$value' AND to_id='$my_id' LIMIT 1"); // Check to see if sender also removed from sent box, then it is safe to remove completely from system } } header("location: pm_inbox.php"); } ?> // Start Private Messaging stuff $('#pmForm').submit(function(){$('input[type=submit]', this).attr('disabled', 'disabled');}); function sendPM ( ) { var pmSubject = $("#pmSubject"); var pmTextArea = $("#pmTextArea"); var sendername = $("#pm_sender_name"); var senderid = $("#pm_sender_id"); var recName = $("#pm_rec_name"); var recID = $("#pm_rec_id"); var pm_wipit = $("#pmWipit"); var url = "scripts_for_profile/private_msg_parse.php"; if (pmSubject.val() == "") { $("#interactionResults").html('<img src="images/round_error.png" alt="Error" width="31" height="30" /> Please type a subject.').show().fadeOut(6000); } else if (pmTextArea.val() == "") { $("#interactionResults").html('<img src="images/round_error.png" alt="Error" width="31" height="30" /> Please type in your message.').show().fadeOut(6000); } else { $("#pmFormProcessGif").show(); $.post(url,{ subject: pmSubject.val(), message: pmTextArea.val(), senderName: sendername.val(), senderID: senderid.val(), rcpntName: recName.val(), rcpntID: recID.val(), thisWipit: pm_wipit.val() } , function(data) { $('#private_message').slideUp("medium"); $("#interactionResults").html(data).show().fadeOut(10000); document.pmForm.pmTextArea.value=''; document.pmForm.pmSubject.value=''; $("#pmFormProcessGif").hide(); }); } }function toggleViewAllFriends(x) { if ($('#'+x).is(":hidden")) { $('#'+x).fadeIn(200); } else { $('#'+x).fadeOut(200); } } // End Private Messaging stuff</script> <style type="text/css"> .hiddenDiv{display:none} #pmFormProcessGif{display:none} .msgDefault {font-weight:bold;} .msgRead {font-weight:100;color:#666;} </style> </head> <body> <div id="bg" class="stage"></div> <div id="container"> <div id="sun" class="stage"></div> <div id="clouds" class="stage"> <div id="stage" class="stage"> <?php include_once "header_template.php"; ?> <a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers('private_message');">Compose Message</a></div><div class="interactContainers" id="private_message"> <form action="javascript:sendPM();" name="pmForm" id="pmForm" method="post" type="hidden"> <font size="+1">Send A Private Message to <strong><em><?php echo "$selecteduser"; ?></em></strong></font><br /><br /> Subject: <input name="pmSubject" id="pmSubject" type="text" maxlength="64" style="width:98%;" /> Message: <textarea name="pmTextArea" id="pmTextArea" rows="8" style="width:98%;"></textarea> <input name="pm_sender_id" id="pm_sender_id" type="hidden" value="<?php echo $_SESSION['id']; ?>" /> <input name="pm_sender_name" id="pm_sender_name" type="hidden" value="<?php echo $_SESSION['username']; ?>" /> <input name="pm_rec_id" id="pm_rec_id" type="hidden" value="<?php echo $id; ?>" /> <input name="pm_rec_name" id="pm_rec_name" type="hidden" value="<?php echo $username; ?>" /> <input name="pmWipit" id="pmWipit" type="hidden" value="<?php echo $thisRandNum; ?>" /> <span id="PMStatus" style="color:#F00;"></span> <br /><input name="pmSubmit" type="submit" value="Submit" /> or <a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers('private_message');">Close</a> <span id="pmFormProcessGif" style="display:none;"><img src="images/loading.gif" width="28" height="10" alt="Loading" /></span></form> </div> <span id="jsbox" style="display:none"></span> </td> </tr> </table> Hi, I'm trying to code a very basic commenting system, my only worries is how I'm going on about disabling the user from putting any html php etc.. in the comment so it gets displayed on the page.. I have on idea of what to look for, any help is much appreciated I considdered this: strip_tags() but what i want is to display the comment just without actually executing the code if you get me? I'm trying to build a login system and alot of the code is similar to what i used to make my news cms. basically all i wanna accomplish right now is to get the user input inserted into my database. I've already tested it out, and I get no errors, but like with the cms, the database isn't getting queryed. Here's the code: (process.php) Code: [Select] <?php $first_name=$_POST['first_name']; $last_name=$_POST['last_name']; $age=$_POST['age']; $city=$_POST['city']; $state=$_POST['state']; $country=$_POST['country']; $zip=$_POST['zip']; $birthdate=$_POST['birthdate']; $gender=$_POST['gender']; $sexuality=$_POST['sexuality']; $race=$_POST['race']; $religion=$_POST['religion']; $status=$_POST['status']; $about=$_POST['about']; $website=$_POST['website']; $user_name=$_POST['user_name']; $password=$_POST['password']; $email=$_POST['email']; mysql_connect("your hostname", "your database name", "your password") or die(mysql_error()); mysql_select_db("your database name") or die(mysql_error()); $sql = sprintf("INSERT INTO Users (first_name, last_name, age, city, state, country, zip, birthdate, gender, sexuality, race, religion, status, about, website, user_name, password, email) VALUES ('%s', '%s', '%s', '%s', '%s')", mysql_real_escape_string($first_name), mysql_real_escape_string($last_name), mysql_real_escape_string($age), mysql_real_escape_string($city), mysql_real_escape_string($state), mysql_real_escape_string($country), mysql_real_escape_string($zip), mysql_real_escape_string($birthdate), mysql_real_escape_string($gender), mysql_real_escape_string($sexuality), mysql_real_escape_string($race), mysql_real_escape_string($religion), mysql_real_escape_string($status), mysql_real_escape_string($about), mysql_real_escape_string($website), mysql_real_escape_string($user_name), mysql_real_escape_string($password), mysql_real_escape_string($email)); $result = mysql_query($sql); Print "Congratulations! You are now a registered member on yourwebsite.com!"; ?> (register/index.php) Code: [Select] <script language = "Javascript"> function Validate() { if (document.register.first_name.value == '') { alert('You have not specified your first name!'); return false; } if (document.register.last_name.value == '') { alert('You have not specified your last name!'); return false; } if (document.register.age.value == '') { alert('You have not specified your age!'); return false; } if (document.register.country.value == '') { alert('You have not entered a country!'); return false; } if (document.register.birthdate.value == '') { alert('You have not entered your date of birth!'); return false; } if (document.register.gender.value == '') { alert('You have not specified your gender!'); return false; } if (document.register.user_name.value == '') { alert('You have not entered a username!'); return false; } if (document.register.email.value == '') { alert('You have not entered an email!'); return false; } if (document.register.password.value == '') { alert('You have not entered a password!'); return false; } return true; } </script> <form name="register" method="post" action="http://www.djsmiley.net/register/process.php" onsubmit="return Validate();"> <table width="100%" border="0"> <tr> <td>First Name:</td> <td><label> <input type="text" name="first_name" id="first_name" /> </label></td> </tr> <tr> <td>Last Name:</td> <td><input type="text" name="last_name" id="last_name" /></td> </tr> <tr> <td>Age:</td> <td><input type="text" name="age" id="age" /></td> </tr> <tr> <td>City:</td> <td><input type="text" name="city" id="city" /></td> </tr> <tr> <td>State:</td> <td><input type="text" name="state" id="state" /></td> </tr> <tr> <td>Country:</td> <td><input type="text" name="country" id="country" /></td> </tr> <tr> <td>Zip:</td> <td><input type="text" name="zip" id="zip" /></td> </tr> <tr> <td>Birthdate:</td> <td><input type="text" name="birthdate" id="birthdate" /></td> </tr> <tr> <td>Gender:</td> <td><input type="text" name="gender" id="gender" /></td> </tr> <tr> <td>Sexuality:</td> <td><input type="text" name="sexuality" id="sexuality" /></td> </tr> <tr> <td>Race:</td> <td><input type="text" name="race" id="race" /></td> </tr> <tr> <td>Religion:</td> <td><input type="text" name="religion" id="religion" /></td> </tr> <tr> <td>Marital Status:</td> <td><input type="text" name="status" id="status" /></td> </tr> <tr> <td>About You:</td> <td><label> <textarea name="about" id="about" cols="45" rows="5"></textarea> </label></td> </tr> <tr> <td>Website:</td> <td><input type="text" name="website" id="website" /></td> </tr> <tr> <td width="13%">Username: </td> <td width="87%"><input type="text" name="user_name" id="user_name" /></td> </tr> <tr> <td>Email: </td> <td><input type="text" name="email" id="email" /></td> </tr> <tr> <td>Password: </td> <td><input type="password" name="password" id="password" /></td> </tr> <tr> <td> </td> <td><input name="Register Button" type="submit" class="Button1" id="Register Button" value="Register" /> <input name="Reset Button" type="reset" class="Button1" id="Reset Button" value="Clear" /></td> </tr> </table> <label></label> </form> I've abandoned my old script and switched to this one: http://www.evolt.org/node/60384 I got it working on my site just fine (djsmiley.net/members/register - you can test it out if u want). i just want to know how i can put all of the code into the pages i created using my template. It doesn't specify how this can be done in the tutorial, which is why im confused. I've tried everything but keep getting errors. Help? Looking for the best way to set-up the db of a messaging system. Here's what I have so far (basically pulled from another forum), don't know if Table1 is even really necessary: Table1: id user_message_id recepient_id recepient_read Table2: user_message_id sender_id sender_read subject message created_at updated_at Basically it needs to function where, someone submits a message to the admin or moderator, the admin/moderators can review and reply, and then the user can submit another reply, and keeps going indefinitely. I want each reply to show up almost like a forum thread. How would I chain the reply messages to the original messages? First of all hello as I am new to this forum. Ok so, I am have been trying for the past few days to create a login system in PHP for a website I am creating, and I am having serious problems. I have tryed so many tutorials and they all are not working, my conclusion is they are outdated or not fully understandable. So what I want to create - Registration Forgot password Login page Email activation Member page My hosting has the latest php and mysql as far as I know so could someone please give me an up to date simple tutorial on creating this. Lastly the program I am using is Dreamweaver CS5 Thankyou. is there any available for me to enhanced on /etc? How would I go about starting 1 i want 1 with 32 numbers and i need to have to run a query every 1hour how would i go about this? I've created a template system. I've got a function to assign a page (the templates are in /template/skin). It all works fine in the main root, but if I had a directory it won't work. $dir = "template/skin"; That is found in template/ I need to be able to assign the template even in directories. ok i need directing to a tutorial, an easyish one that can help me do a secure login and registration system. Something that uses sessions and mysql. something with sql injection and other security. i need it very secure. hope you can help. Hey guys, I'm starting to build a website and I was wondering wether I should use a library template engine such as smarty, or use pure php, such as this tutorial - http://www.massassi.com/php/articles/template_engines/ Basically the website will not expose any of the users/designers to the designer portion of the website. I am scratching my head wether I should use smarty or pure php, even Facebook uses smarty, from what I have heard. I need some answers. Thank you all! Hello there, Thank you for taking the time to visit my thread. I've been brainstorming for the past few days trying to establish the best method of a content management system. I'm curious since you are all highly advanced PHP coders what you think the best method of content management is I would like it to be presented in the URL in the following method: file.php?v=example So please share your ideas remember there is never a stupid suggestion I want to hear all your possibilities please! |