private messaging add on

this is a private messaging system you can add to your login system. still some things missing but maybe somebody can add to it

first add the mail table

CREATE TABLE `mail` (
`UserTo` tinytext NOT NULL,
`UserFrom` tinytext NOT NULL,
`Subject` mediumtext NOT NULL,
`Message` longtext NOT NULL,
`status` text NOT NULL,
`SentDate` text NOT NULL,
`mail_id` int(80) NOT NULL auto_increment,
PRIMARY KEY (`mail_id`)
);

mail.php

Code:


<?php
   include("include/session.php");
   if(!$session->logged_in){
            die;
   }
        include("header.php");
?>
   <h1>User Message System</h1>
   <form method="POST" action="mail.php">
      <input type="submit" name="mailAction" value="Compose" /><input type="submit" name="mailAction" value="Inbox" />
   </form>

<?php

   if(!empty($_POST['mailAction']) && isset($_POST['mailAction'])){
      $action = $_POST['mailAction'];
   } else {
      $action = 'Inbox';
   }



   if(($action=="Compose") || ($action=="Reply")) {
   
      if(isset($_POST['mailSubject']) && !empty($_POST['mailSubject'])){
         $mailSubject = 'Re: '.$_POST['mailSubject'];
      } else {
         $mailSubject = "";
      }
      
      if(isset($_POST['mailFrom']) && !empty($_POST['mailFrom'])){
         $mailTo = $_POST['mailFrom'];
      } else {
         $mailTo = "";
      }
      
      
      ?>
   <form action="mail.php" method="POST">
            <table border="0">
           <tr><td><b>To:</b></td><td><input type="text" name="mailTo" size="20" value="<?=$mailTo;?>"></td></tr>
      <tr><td><b>Subject:</b></td><td><input type="text" name="mailSubject" size="20" value="<?=$mailSubject;?>"></td></tr>
            </table>
                <b>Message:</b><br>
                <textarea rows='16' cols='45' name='mailMessage'></textarea><br>
                <input type="submit" name="mailAction" value="Send" />
   </form>
      <?php
   }
   
   
   if($action=="Send") {
         
      if(empty($_POST['mailSubject']) || !isset($_POST['mailSubject'])){
         echo "Subject Blank";
      } else {
         $subject = $_POST['mailSubject'];
      }
      
      if(empty($_POST['mailTo']) || !isset($_POST['mailTo'])){
         echo "To Blank";
      } else {
         $mailTo = $_POST['mailTo'];
      }
      
      if(empty($_POST['mailMessage']) || !isset($_POST['mailMessage'])){
         echo "Message Blank";
      } else {
         $message = $_POST['mailMessage'];
      }
      
      $date = date('m/d/Y')." at ".date('g:i.s')." ".date('a');
      
      $q   = "INSERT INTO mail (UserTo, UserFrom, Subject, Message, SentDate, status)
                  VALUES ('$mailTo','$session->username','$subject','$message','$date','unread')";
      if(!($send = $database->query($q))){
         echo "A letter could not be sent to ".$mailTo."!";
      } else {
         echo "Message Sent to ".$mailTo."!";
      }
      
   }
   
   
   if($action=="Inbox") {
   
      $user = $session->username;
      $q = "SELECT * FROM mail WHERE UserTo = '$user' ORDER BY SentDate DESC";
      $getMail = $database->query($q) or die(mysql_error());

      echo "<div id=\"inbox\">";
      
      if(mysql_num_rows($getMail) == 0){
         echo "<p>you have no mail</p><br /><br />";
      } else {         
         ?>
         <table>
            <tr class="title">
               <td colspan="2" align="center">Action</td>
               <td>Status</td>
               <td>From</td>
               <td>Subject</td>
               <td>Time</td>
            </tr>
         </div>
         <?php
         while($mail = mysql_fetch_array($getMail)){
         echo "<form action='mail.php' method='post'>";
            ?>
               <tr>
                  <input type="hidden" name="mail_id" value="<?php echo $mail['mail_id']; ?>" />
                  <td align="center"><input type="submit" name="mailAction" value='View' /></td>
                  <td align="center"><input type="submit" name="mailAction" value="Delete" /></td>
                  <td><?php echo $mail['status']; ?></td>
                  <td><?php echo $mail['UserFrom']; ?></td>
                  <td><?php echo $mail['Subject']; ?></td>
                  <td><?php echo $mail['SentDate']; ?></td>
               </tr>
            <?php
         echo "</form>";

         }
      }         
      echo "</table>";
   
   }
   
   
   if($action == "View") {
   
      
      $mail_id = $_POST['mail_id'];
      $user = $session->username;
      $result = $database->query("SELECT * FROM mail WHERE UserTo = '$user' AND mail_id = '$mail_id'") or die ("cant do it");
      $row = mysql_fetch_array($result);
      
      
      if($row['UserTo'] != $session->username) {
         echo "<font face=verdana><b>This isn't your mail!";
         exit;
      }
      
      $q = "UPDATE mail SET status='read' WHERE UserTo='$session->username' AND mail_id='$row[mail_id]'";
      $database->query($q) or die("An error occurred resulting that this message has not been marked read.");
      
      ?>
         <form method="post" action="mail.php">
            <div id="single">
               <p class="grid_1">From: </p><p class="grid_2"><?php echo $row['UserFrom']; ?><input type="hidden" name="mailFrom" value="<?php echo $row['UserFrom']; ?>" /></p>
               <p class="grid_1 clear">Subject: </p><p class="grid_2"><?php echo $row['Subject']; ?><input type="hidden" name="mailSubject" value="<?php echo$row['Subject']; ?>" /></p>
               <p class="grid_4 clear">body: <br /><?php echo $row['Message']; ?><br /></p>
               <p class="grid_4 clear" align="right"><input type="submit" name="mailAction" value="Reply" /></p>
            </div>
         </form>
      <?php
   }
   
   
   if($action == 'Delete') {
      $id = $_POST['mail_id'];
      $query = $database->query("DELETE FROM mail WHERE mail_id='$id' LIMIT 1");
      
      if(!$query) {
         echo "The message wasn\'t deleted";
      } else {
         header("Location: mail.php");
                      die;
      }
   }
?>


then add this on the very bottom of session.php

Code:


 /**
    * This will get the number of new messages
    * sent to this user's session.
    */
      $q = "SELECT mail_id FROM mail WHERE UserTo = '$session->username' and status = 'unread'";
      $numUnreadMail = $database->query($q) or die(mysql_error());
      $numUnreadMail = mysql_num_rows($numUnreadMail);


put this on the very bottom of constants.php

Code:


/**
 * This defines the absolute path
 */

define("ABSPATH", dirname(__FILE__)."/");

/**
 * This boolean constant controls whether or
 * not the user to user mail function is active
 */

define("MAIL", true);

/**
 * The only part you need to change is the http://
 * Is your url to the pages http? you can change it
 * to whatever like ftp, https, etc
 */

define("WEBPATH", urlencode("http://yeahuhok.xtreemhost.com/index.php".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]));



then to get it to appear on your navigation just add this to it

Code:


<?php
   if(MAIL){
      echo "[<a href=\"mail.php\">You have $numUnreadMail unread mail</a>]<br>";
   }
?>


enjoy

this is very cool! awesome work! ive played around with it briefly and was able to get it working correctly without an issue. i plan on diving deeper into the code in a week or two to check out exactly how it does what it does!

A++ mod mattastic!!

thanks , i'll be posting more mods soon

This is awesome BUT I'm having an issue, if I send a message to user123 but write in User123 I get the "this isn't your mail" How would I go about fixing that?

On a sidenote, I removes header.php include since I dunno what it was good for and it gave me an error since there is no... header.php

this looks good, member features always get my vote.

CaptainKirby wrote:This is awesome BUT I'm having an issue, if I send a message to user123 but write in User123 I get the "this isn't your mail" How would I go about fixing that?

in the mail.php there is a code remove the whole code part.

Spoiler:

this will make it a bit more unsecure but it solves your problem.

I dont know what "header.php" is suppose to be so i just removed it just like you.

I hope someone can complete this add on.