forgot password?
need an account?

Notifications close x

Web Intersect 2 Add On PM System

loading social widgets...
LewisAndersonWritten By: LewisAnderson   flag
Publish Date: December 19, 2014
I have decided to let my domain expire that was hosting the txt for this tut....better move the code here before I forget !! pm_system.php
<?php // Protect this script from direct url access include_once("../php_includes/check_login_status.php"); if($user_ok != true || $log_username == "") { exit(); } ?><?php // New PM if (isset($_POST['action']) && $_POST['action'] == "new_pm"){ // Make sure post data is not empty if(strlen($_POST['data']) < 1){ mysqli_close($db_conx); echo "data_empty"; exit(); } // Make sure post data is not empty if(strlen($_POST['data2']) < 1){ mysqli_close($db_conx); echo "data_empty"; exit(); } // Clean all of the $_POST vars that will interact with the database $fuser = preg_replace('#[^a-z0-9]#i', '', $_POST['fuser']); $tuser = preg_replace('#[^a-z0-9]#i', '', $_POST['tuser']); $data = htmlentities($_POST['data']); $data = mysqli_real_escape_string($db_conx, $data); $data2 = htmlentities($_POST['data2']); $data2 = mysqli_real_escape_string($db_conx, $data2); // Make sure account name exists (the profile being posted on) $sql = "SELECT COUNT(id) FROM users WHERE username='$tuser' AND activated='1' LIMIT 1"; $query = mysqli_query($db_conx, $sql); $row = mysqli_fetch_row($query); if($row[0] < 1){ mysqli_close($db_conx); echo "$account_no_exist"; exit(); } //No message to yourself if ($log_username == $tuser){ echo "cannot_message_self"; exit(); } // Insert the status post into the database now $defaultP = "x"; $sql = "INSERT INTO pm(receiver, sender, senttime, subject, message, parent) VALUES('$tuser','$fuser',now(),'$data2','$data','$defaultP')"; $query = mysqli_query($db_conx, $sql); mysqli_close($db_conx); echo "pm_sent"; exit(); } ?><?php // Reply To PM if (isset($_POST['action']) && $_POST['action'] == "pm_reply"){ // Make sure data is not empty if(strlen($_POST['data']) < 1){ mysqli_close($db_conx); echo "data_empty"; exit(); } // Clean the posted variables $osid = preg_replace('#[^0-9]#', '', $_POST['pmid']); $account_name = preg_replace('#[^a-z0-9]#i', '', $_POST['user']); $osender = preg_replace('#[^a-z0-9]#i', '', $_POST['osender']); $data = htmlentities($_POST['data']); $data = mysqli_real_escape_string($db_conx, $data); // Make sure account name exists (the profile being posted on) $sql = "SELECT COUNT(id) FROM users WHERE username='$account_name' AND activated='1' LIMIT 1"; $query = mysqli_query($db_conx, $sql); $row = mysqli_fetch_row($query); if($row[0] < 1){ mysqli_close($db_conx); echo "account_no_exist"; exit(); } // Insert the pm reply post into the database now $x = "x"; $sql = "INSERT INTO pm(receiver, sender, senttime, subject, message, parent) VALUES('$x','$account_name',now(),'$x','$data','$osid')"; $query = mysqli_query($db_conx, $sql); $id = mysqli_insert_id($db_conx); if ($log_username != $osender){ $query2 = mysqli_query($db_conx, "UPDATE pm SET hasreplies='1', rread='1', sread='0' WHERE id='$osid' LIMIT 1"); } else { $query2 = mysqli_query($db_conx, "UPDATE pm SET hasreplies='1', rread='0', sread='1' WHERE id='$osid' LIMIT 1"); } mysqli_close($db_conx); echo "reply_ok|$id"; exit(); } ?><?php // Delete PM if (isset($_POST['action']) && $_POST['action'] == "delete_pm"){ if(!isset($_POST['pmid']) || $_POST['pmid'] == ""){ mysqli_close($db_conx); echo "id_missing"; exit(); } $pmid = preg_replace('#[^0-9]#', '', $_POST['pmid']); if(!isset($_POST['originator']) || $_POST['originator'] == ""){ mysqli_close($db_conx); echo "originator_missing"; exit(); } $originator = preg_replace('#[^a-z0-9]#i', '', $_POST['originator']); // see who is deleting if ($originator == $log_username) { $updatedelete = mysqli_query($db_conx, "UPDATE pm SET sdelete='1' WHERE id='$pmid' LIMIT 1"); } if ($originator != $log_username) { $updatedelete = mysqli_query($db_conx, "UPDATE pm SET rdelete='1' WHERE id='$pmid' LIMIT 1"); } mysqli_close($db_conx); echo "delete_ok"; exit(); } ?><?php // Mark As Read if (isset($_POST['action']) && $_POST['action'] == "mark_as_read"){ if(!isset($_POST['pmid']) || $_POST['pmid'] == ""){ mysqli_close($db_conx); echo "id_missing"; exit(); } $pmid = preg_replace('#[^0-9]#', '', $_POST['pmid']); if(!isset($_POST['originator']) || $_POST['originator'] == ""){ mysqli_close($db_conx); echo "originator_missing"; exit(); } $originator = preg_replace('#[^a-z0-9]#i', '', $_POST['originator']); // see who is marking as read if ($originator == $log_username) { $updatedelete = mysqli_query($db_conx, "UPDATE pm SET sread='1' WHERE id='$pmid' LIMIT 1"); } if ($originator != $log_username) { $updatedelete = mysqli_query($db_conx, "UPDATE pm SET rread='1' WHERE id='$pmid' LIMIT 1"); } mysqli_close($db_conx); echo "read_ok"; exit(); } ?>
pm_inbox.php
<?php include_once("php_includes/check_login_status.php"); // Initialize any variables that the page might echo $u = ""; $mail = ""; // Make sure the _GET username is set, and sanitize it if(isset($_GET["u"])){ $u = preg_replace('#[^a-z0-9]#i', '', $_GET['u']); } else { header("location: index.php"); exit(); } // Select the member from the users table $sql = "SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1"; $user_query = mysqli_query($db_conx, $sql); // Now make sure that user exists in the table $numrows = mysqli_num_rows($user_query); if($numrows < 1){ echo "That user does not exist or is not yet activated, press back"; exit(); } // Check to see if the viewer is the account owner $isOwner = "no"; if($u == $log_username && $user_ok == true){$isOwner = "yes";} if($isOwner != "yes"){header("location: index.php");exit();} // Get list of parent pm's not deleted $sql = "SELECT * FROM pm WHERE (receiver='$u' AND parent='x' AND rdelete='0') OR (sender='$u' AND sdelete='0' AND parent='x' AND hasreplies='1') ORDER BY senttime DESC"; $query = mysqli_query($db_conx, $sql); $statusnumrows = mysqli_num_rows($query); // Gather data about parent pm's if($statusnumrows > 0){ while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) { $pmid = $row["id"]; //div naming $pmid2 = 'pm_'.$pmid; $wrap = 'pm_wrap_'.$pmid; //button naming $btid2 = 'bt_'.$pmid; //textarea naming $rt = 'replytext_'.$pmid; //button naming $rb = 'replyBtn_'.$pmid; $receiver = $row["receiver"]; $sender = $row["sender"]; $subject = $row["subject"]; $message = $row["message"]; $time = $row["senttime"]; $rread = $row["rread"]; $sread = $row["sread"]; // Start to build our list of parent pm's $mail .= '<div id="'.$wrap.'" class="pm_wrap">'; $mail .= '<div class="pm_header">'.$subject.'<br /><br />'; // Add button for mark as read $mail .= '<button onclick="markRead(''.$pmid.'',''.$sender.'')">Mark As Read</button>'; // Add Delete button $mail .= '<button id="'.$btid2.'" onclick="deletePm(''.$pmid.'',''.$wrap.'',''.$sender.'')">Delete</button></div>'; $mail .= '<div id="'.$pmid2.'">';//start expanding area $mail .= '<div class="pm_post">From: '.$sender.' - '.$time.'<br />'.$message.'</div>'; // Gather up any replies to the parent pm's $pm_replies = ""; $query_replies = mysqli_query($db_conx, "SELECT sender, message, senttime FROM pm WHERE parent='$pmid' ORDER BY senttime ASC"); $replynumrows = mysqli_num_rows($query_replies); if($replynumrows > 0){ while ($row2 = mysqli_fetch_array($query_replies, MYSQLI_ASSOC)) { $rsender = $row2["sender"]; $reply = $row2["message"]; $time2 = $row2["senttime"]; $mail .= '<div class ="pm_post">Reply From: '.$rsender.' on '.$time2.'....<br />'.$reply.'<br /></div>'; } } // Each parent and child is now listed $mail .= '</div>'; // Add reply textbox $mail .= '<textarea id="'.$rt.'" placeholder="Reply..."></textarea><br />'; // Add reply button $mail .= '<button id="'.$rb.'" onclick="replyToPm('.$pmid.',''.$u.'',''.$rt.'',''.$rb.'',''.$sender.'')">Reply</button>'; $mail .= '</div>'; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <link rel="stylesheet" href="style/style.css"> <script src="js/main.js"></script> <script src="js/ajax.js"></script> <script src="js/expand_retract.js"></script> <script language="javascript" type="text/javascript"> function replyToPm(pmid,user,ta,btn,osender){ var data = _(ta).value; if(data == ""){ alert("Type something first weenis"); return false; } _(btn).disabled = true; var ajax = ajaxObj("POST", "php_parsers/pm_system.php"); ajax.onreadystatechange = function() { if(ajaxReturn(ajax) == true) { var datArray = ajax.responseText.split("|"); if(datArray[0] == "reply_ok"){ var rid = datArray[1]; data = data.replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/n/g,"<br />").replace(/r/g,"<br />"); _("pm_"+pmid).innerHTML += '<p><b>Reply by you just now:</b><br />'+data+'</p>'; expand("pm_"+pmid); _(btn).disabled = false; _(ta).value = ""; } else { alert(ajax.responseText); } } } ajax.send("action=pm_reply&pmid="+pmid+"&user="+user+"&data="+data+"&osender="+osender); } function deletePm(pmid,wrapperid,originator){ var conf = confirm(originator+"Press OK to confirm deletion of this message and its replies"); if(conf != true){ return false; } var ajax = ajaxObj("POST", "php_parsers/pm_system.php"); ajax.onreadystatechange = function() { if(ajaxReturn(ajax) == true) { if(ajax.responseText == "delete_ok"){ _(wrapperid).style.display = 'none'; } else { alert(ajax.responseText); } } } ajax.send("action=delete_pm&pmid="+pmid+"&originator="+originator); } function markRead(pmid,originator){ var ajax = ajaxObj("POST", "php_parsers/pm_system.php"); ajax.onreadystatechange = function() { if(ajaxReturn(ajax) == true) { if(ajax.responseText == "read_ok"){ alert("Message has been marked as read"); } else { alert(ajax.responseText); } } } ajax.send("action=mark_as_read&pmid="+pmid+"&originator="+originator); } </script> <style type="text/css"> div.pm_wrap { border: 1px solid #333; margin-bottom: 5px; width: 400px; margin-right: auto; margin-left: auto; } div.pm_header { background-color: #CCC; padding-left: 20px; } div.pm_post { margin-top: 10px; padding-left: 20px; } </style> </head> <body> <?php include_once("template_pageTop.php"); ?> <?php echo $mail; ?> </body> </html>
pm_trashman.php
<?php include_once ("php_includes/db_conx.php"); // Private Message Database Trashman Cron Job // Delete when receiver has never replied and has deleted $query = mysqli_query($db_conx, "SELECT id FROM pm WHERE parent='x' AND rdelete='1' AND hasreplies='0'"); $numrows = mysqli_num_rows($query); if($numrows > 0){ while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) { $id = $row["id"]; $query2 = mysqli_query($db_conx, "DELETE FROM pm WHERE id='$id'"); } } // Delete when both users have checked delete, also delete replies $query3 = mysqli_query($db_conx, "SELECT id FROM pm WHERE parent='x' AND sdelete='1' AND rdelete='1'"); $numrows3 = mysqli_num_rows($query3); if($numrows3 > 0){ while ($row3 = mysqli_fetch_array($query3, MYSQLI_ASSOC)) { $id3 = $row3["id"]; $query4 = mysqli_query($db_conx, "DELETE FROM pm WHERE id='$id3'"); // Gather List Of Replies And Delete Them $query5 = mysqli_query($db_conx, "SELECT id FROM pm WHERE parent='$id3'"); $numrows5 = mysqli_num_rows($query5); if($numrows5 > 0){ while ($row5 = mysqli_fetch_array($query5, MYSQLI_ASSOC)) { $id5 = $row5["id"]; $query6 = mysqli_query($db_conx, "DELETE FROM pm WHERE id='$id5'"); } } } } ?>
template_pm.php
<?php // Protect this script from direct url access // You may further enhance this protection by checking for certain sessions and other means if ((!isset($isFriend)) || (!isset($isOwner))){ exit; } // Initialize our ui $pm_ui = ""; // If visitor to profile is a friend and is not the owner can send you a pm // Build ui carry the profile id, vistor name, pm subject and comment to js if($isFriend == true && $isOwner == "no"){ $pm_ui = "<hr>"; $pm_ui .= '<input id="pmsubject" onkeyup="statusMax(this,30)" placeholder="Subject of pm..."><br />'; $pm_ui .= '<textarea id="pmtext" onkeyup="statusMax(this,250)" placeholder="Send '.$u.' a private message"></textarea>'; $pm_ui .= '<button id="pmBtn" onclick="postPm(''.$u.'',''.$log_username.'','pmsubject','pmtext')">Send</button>'; } ?> <script> function postPm(tuser,fuser,subject,ta){ var data = _(ta).value; var data2 = _(subject).value; if(data == "" || data2 == ""){ alert("Fill all fields"); return false; } _("pmBtn").disabled = true; var ajax = ajaxObj("POST", "php_parsers/pm_system.php"); ajax.onreadystatechange = function() { if(ajaxReturn(ajax) == true) { if(ajax.responseText == "pm_sent"){ alert("Message has been sent."); _("pmBtn").disabled = false; _(ta).value = ""; _(subject).value = ""; } else { alert(ajax.responseText); } } } ajax.send("action=new_pm&fuser="+fuser+"&tuser="+tuser+"&data="+data+"&data2="+data2); } function statusMax(field, maxlimit) { if (field.value.length > maxlimit){ alert(maxlimit+" maximum character limit reached"); field.value = field.value.substring(0, maxlimit); } } </script> <div id="statusui"> <?php echo $pm_ui; ?> </div>
You can read more articles by LewisAnderson by clicking this link:
Articles written by LewisAnderson

User Notes And Comments ↓

Sunday December 21, 2014 11:58:18 PM
Truststanly said:nice video
Thursday January 15, 2015 07:22:36 AM
Omar said:You `re Awesome,Lewis'Never stop ,i am a big fan of you'
Wednesday January 28, 2015 08:54:26 PM
sitesbymatt716 said:where did you move the pm_still and pm_flash images to
Thursday January 29, 2015 05:16:20 AM
LewisAnderson said:Sorry, those graphics are gone. I don't have anywhere to store them.
Wednesday May 18, 2016 03:46:00 PM
herbertbruce8gm said:thanks too
© 2015 webintersect.com
There is a top-shelf free educational course of videos associated with this domain, all about how to build custom communities and social network websites. There are over 45 videos in the course totaling just over 10 hours. We also archived the deprecated course material here for you to reference on the source files page.