Hey!

Today, I am going to teach you how to make a Private Message (PM) script in PHP.

Before we start, I want to tell you what you should know, and what files we will create.
Then we will continue with the codes, and descriptions. I would like if you learned something from this tutorial.
If you find any errors (Even if I spell something wrong), I would like you to post it in this thread.

What you should know:

You should know HTML. Just a bit (forms, and maybe a little design if you would like that).
You should know much about PHP and Mysql.
You should know how to create a login-script, because you will need it for this tutorial.
if you don't know how to create one, you can check a very simple login-script tutorial that I made some time ago:
How to create a login-script

Now.. Lets start with the Mysql table, or? Thanks to Vujsa I could make this one

messages.SQL



The things we have done here is:
We have created a table named 'messages'.
then we have created some columns:
message_id : This is the column where the ID of the message will be stored. we will need this when we will get the messages from the table.
from_user : This is the column where the name of user that sent the message will be stored.
to_user : This is the column where the name of the user that the message was sent to is stored.
message_title : This is where the title of the message will be stored.
message_contents: This is where the content of the message will be stored.
message_read : This will check if the message id read or not.

Save this in a file and call it "messages.SQL" or something.

Now after you have created the table (if you don't know how to import SQL files, you should go and learn )
You should start with the inbox file.

inbox.php



simple isn't it?
The first things we do are very simple.
We start the session.
We require the database.php file (the database.php is the file where the mysql connections and stuff is stored. you should know how to created such a file. if you don't know, i'll create one in the end of this tutorial, only for you )
then we create a variable for the set session, to make it easier to write.
Then we create some variables.
the $get_messages is the variable where the message id is stored.
the $get_messages2 is the variable where all the messageinfo is stored.
Then we create a simple for-loop that will show all the messages that is sent to the user that is logged in(check w3schools or google or whatever, if you don't know what that is.).
the first thing we do here is:
Check if the message is read.
If it isn't, the loop will add "(new)" after the message title. else, it will just show the message title.
The last thing we do is:
Add 2 buttons. One to send a new message, and one to go back to the home-page.

Now lets begin with the new message file.

new_message.php



The things we do here, are also very simple.
The first things we do is:
Start the session.
require the database.php file.
create a variable for the set session.
then we create the forms.
a textbox for the message title.
a textbox where you write to who you want to send the message.
a textbox for the message content.
and then, you see this line:
<input type="hidden" name="message_from" value="'.$user.'">
This is a hidden line, and the user will not see it.
this invisible textbox, includes the name of the user that is writing the message.
remember that we created a variable named $user that includes the session name?
the session name, includes the username. and where the "value" is "$user", the username is inserted by the code.
then we create a normal submit box, that will send the message, and we are done with this file.

Now we should create a file, that checks if the sent message is ok to send.

messageck.php



now you guys should know the first things we do (starting a session and including the database file.).
Now the second thing we do in this script is creating a variable for every single form in the last script.
We create a variable for the message title, content, "to-user" and so on.
We do also create a variable that selects the username that was set in the "to-user" form.
Then we create a if-statement that checks if the user excists. If not, the code will write an error message, and show you a back-button.
Then it will check if there is any content and title. If not, an error message will be written, and a back-button will be shown.
Else if everything worked as it should work, the message will be inserted in the database table that we created earlier.

Now we should create a file that will let the user read the message, or ?

read_message.php



you know the first things we do here.

the second things I do is creating a variable that includes the value from the"<a href="read_message.php?messageid=' . $row['message_id'] . '">" in the inbox file.
then I create a variable that will include all the info about the message with that id (and check if the post is sent to the user or not [If it isn't, the post will be empty, else, the contents will be shown]).
then I create three echos.
The first one will write the title of the message.
the second one will write the name of the user that sent the message.
the last one will write the content of the message.

then I just add a back-button. simple isn't it?

now for those of you who don't know how to make a database.php file, here it is, but I won't comment it.

database.php



Remember!
If you find any errors, post them here, and I will try to fix them as soon as possible.
I have tryed this PM system, and it works!

Thanks for reading! //Feelay

This post has been edited by Feelay: Mar 15 2008, 12:49 PM

Nicely done Feelay.

I like when someone takes the time to write a tutorial about something they just learned since the learning experience is still fresh in their minds. As a result, the tutorial usually includes information that many time would be left out because the writer assumes that the reader has pre-existing knowledge of the subject.

I would suggest one security addition.
In read_message.php, you don't check the reader's id which means that if I were to type the following url in my browser:
domain.com/read_message.php?messageid=221
Then I could read that message even if it didn't belong to me.

Change your query to something like this:


Which will only get the message if the message id and the user id match the message id requested. If the query returns empty, just do an error message that the "message could not be found" or "you are not authorized..."!

vujsa

thanks Vujsa I've been trying to do that security thing, but an error about the letter (small and big letter) occur. I'll change that as soon as I've tryed it

If you changed to user_id (numeric) instead of using usernames, then you will eliminate a lot of potential errors that could pop up.

Most systems use a numeric user_id instead of a username that way the input data is formated in a predictable way and prevents errors that can come up with lower/upper case issues, special characters, etc...

You probably have a user table with usernames, id's, email, etc.

Just use that table as the translator! The queries are more complex but just as quick. You basically have to "JOIN" tables together to use the information all at the same time.

Here is an example of such query using the PM table and the user table!



I know it is complex but, here is your data from the query:
user_to.id = 22
user_to.username = vujsa
user_from.id = 1
user_from.username = Feelay
msg.message_id = 321
msg.to_user = 22
msg.from_user = 1
msg.message_title = My Title
msg.message_contents = Hi vujsa, thanks for the widget!
msg.message_read = 1

That assumes that my id is 22 and your id is 1.

You can then use the returned data however you like.

It is much easier to do (depending on your point of view) to use aliases for each item like so:

this just give you easier names to use.

For information about JOIN, see here:
http://dev.mysql.com/doc/refman/5.1/en/join.html

For more information about aliases, see here:
http://dev.mysql.com/doc/refman/5.1/en/select.html

Hope this helps,
vujsa

way to complex But I have found another solution.. I'll will change to this when I really know how to use it.
The thing that will happen is:
If the user is trying to view someone elses message, the message will be empty.

edit:
I've chnaged the tutorial now. if the user is trying to view someone elses message, it will be empty.
it was acctually the first thing you said that was the solution vujsa But I couldn't make an error occur if the message didn't belong to the user.. my brain is not working hard enough

This post has been edited by Feelay: Mar 15 2008, 02:21 PM

Yeah this would be cool but i i was to make a private message system i would do it inside of a members system Nice

This is inside of a members system But I didn't have time to write it, and between, I have already made members system tutorials

Thanks, im searching for a script like this in years:)
uum... i got a problem, it only say this
Please help

This post has been edited by Normano: Jun 23 2008, 05:42 PM