Feelay

way to complex But I have found another solution.. I'll will change to this when I really know how to use it. The thing that will happen is: If the user is trying to view someone elses message, the message will be empty. edit: I've chnaged the tutorial now. if the user is trying to view someone elses message, it will be empty. it was acctually the first thing you said that was the solution vujsa But I couldn't make an error occur if the message didn't belong to the user.. my brain is not working hard enough

Very Nice :)It Don't really like Internet Explorer 7, But I Will Give 8 a try :)Edit: I have instlled it now. But I get a strange error.. I can't explain it exactly, because my computer is a swedish version. But it says something like:"Internet Explorer Have run into a problem, and must be shut down" everytime I start it. Any ideas?My friend tryed it too, and his computer is much better than mine, and he is also getting this error.

Hey! I am trying to do the following: A user type his name in a textbox, and press the submit button. Then, another file checks if the name exist in the database. if it does, the code will select the id from the database where the username is (SELECT id from username where username='$textboxvalue') This is the code I am using: <?phpsession_start();require "database.php";$to=$_POST['message_to'];$ck_reciever = mysql_query("SELECT username FROM user WHERE username = '".$to."'");$to_id = mysql_query("SELECT id FROM user WHERE username = '".$to."'");die($to_id ."<br>".$ck_reciever."<br>".$to);?> but when i try to echo all these variables (die(blabla))this is what I get: anyone who knows what might be wrong? Thanks //Feelay

Thanks Vujsa :)And yes. I remebered that I had read your topic, when I saw TavoxPeru's post

thanks Vujsa I've been trying to do that security thing, but an error about the letter (small and big letter) occur. I'll change that as soon as I've tryed it

OK.. only one thing I can say here.. If you really have not made anything wrong.. Send an Email to the admins, and they will tell you if you did anything wrong or not!Changing your IP because you got banned for doing nothing is the same as hitting a police man when he caught you because he thought that you robbed someone, when you haven't..

OK. Now it's my turn to make a short reply ;)Everything You guys is saying is true.The hosting is better than ever. everything they offer is better than ever. Every option. The bandwidth(10GB). the space (500MB).The mail function. MySQL. PHP. PHPmyAdmin. Everything!Even this forum is great! The community. the way people help each other. If anyone is having problem, someone will help.Maybe someone can be mean sometimes.. But else, everything here is very good.But you have everyone forgot something very important :)The Admins (and mods of course) Without them, nothing here would be running. Without them, this place would not exist.They are also very good ;)//Feelay

The thing that turbopowder... said is true.MySQL is a "tool" or whatever you want to call it, that stores data.MySQL stores the password for every user. The username for every user. MySQL is the tool that stores all the information about the users.But of course.. you can use it for other stuff. Like storing forum posts and topics. In some cases, you can store pictures in it, but thats not anything I would recomend.But as I said.. MySQL is a tool where you can store data in different tables.

Hey! Today, I am going to teach you how to make a Private Message (PM) script in PHP. Before we start, I want to tell you what you should know, and what files we will create. Then we will continue with the codes, and descriptions. I would like if you learned something from this tutorial. If you find any errors (Even if I spell something wrong), I would like you to post it in this thread. What you should know: You should know HTML. Just a bit (forms, and maybe a little design if you would like that). You should know much about PHP and Mysql. You should know how to create a login-script, because you will need it for this tutorial. if you don't know how to create one, you can check a very simple login-script tutorial that I made some time ago: How to create a login-script Now.. Lets start with the Mysql table, or? Thanks to Vujsa I could make this one messages.SQL CREATE TABLE `messages` ( `message_id` int(11) NOT NULL auto_increment, `from_user` varchar(65) character set latin1 collate latin1_general_ci NOT NULL, `to_user` varchar(65) character set latin1 collate latin1_general_ci NOT NULL, `message_title` varchar(65) NOT NULL, `message_contents` longtext NOT NULL, `message_read` int(11) NOT NULL default '0', PRIMARY KEY (`message_id`)) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=21; The things we have done here is:We have created a table named 'messages'. then we have created some columns: message_id : This is the column where the ID of the message will be stored. we will need this when we will get the messages from the table. from_user : This is the column where the name of user that sent the message will be stored. to_user : This is the column where the name of the user that the message was sent to is stored. message_title : This is where the title of the message will be stored. message_contents: This is where the content of the message will be stored. message_read : This will check if the message id read or not. Save this in a file and call it "messages.SQL" or something. Now after you have created the table (if you don't know how to import SQL files, you should go and learn ) You should start with the inbox file. inbox.php <?phpsession_start();require "database.php";$userfinal=$_SESSION['session_name'];// get the messages from the table.$get_messages = mysql_query("SELECT message_id FROM messages WHERE to_user='$userfinal' ORDER BY message_id DESC") or die(mysql_error());$get_messages2 = mysql_query("SELECT * FROM messages WHERE to_user='$userfinal' ORDER BY message_id DESC") or die(mysql_error());$num_messages = mysql_num_rows($get_messages);// display each message title, with a link to their contentecho '<ul>';for($count = 1; $count <= $num_messages; $count++){ $row = mysql_fetch_array($get_messages2); //if the message is not read, show "(new)" after the title, else, just show the title.if($row['message_read'] == 0){ echo '<a href="read_message.php?messageid=' . $row['message_id'] . '">' . $row['message_title'] . '</a>(New)<br>';}else{echo '<a href="read_message.php?messageid=' . $row['message_id'] . '">' . $row['message_title'] . '</a><br>';}}echo '</ul>';echo '<form name="newmsgfrm" method="post" action="new_message.php">'; echo '<input type="submit" value="Send a New Message">'; echo '</form>';echo '<form name="backfrm" method="post" action="index.php">'; echo '<input type="submit" value="Back to Home">'; echo '</form>';?> simple isn't it?The first things we do are very simple. We start the session. We require the database.php file (the database.php is the file where the mysql connections and stuff is stored. you should know how to created such a file. if you don't know, i'll create one in the end of this tutorial, only for you ) then we create a variable for the set session, to make it easier to write. Then we create some variables. the $get_messages is the variable where the message id is stored. the $get_messages2 is the variable where all the messageinfo is stored. Then we create a simple for-loop that will show all the messages that is sent to the user that is logged in(check w3schools or google or whatever, if you don't know what that is.). the first thing we do here is: Check if the message is read. If it isn't, the loop will add "(new)" after the message title. else, it will just show the message title. The last thing we do is: Add 2 buttons. One to send a new message, and one to go back to the home-page. Now lets begin with the new message file. new_message.php <?phpsession_start();require "database.php";$userfinal=$_SESSION['session_name'];$user=$userfinal;?><form name="message" action="messageck.php"method="post"><input type="text" name="message_title"> Title: <br><input type="text" name="message_to"> To: <br>Message: <br><textarea rows="20" cols="50" name="message_content"></textarea><?phpecho '<input type="hidden" name="message_from" value="'.$user.'"><br>';?><input type="submit" value="Submit"></form> The things we do here, are also very simple.The first things we do is: Start the session. require the database.php file. create a variable for the set session. then we create the forms. a textbox for the message title. a textbox where you write to who you want to send the message. a textbox for the message content. and then, you see this line: <input type="hidden" name="message_from" value="'.$user.'"> This is a hidden line, and the user will not see it. this invisible textbox, includes the name of the user that is writing the message. remember that we created a variable named $user that includes the session name? the session name, includes the username. and where the "value" is "$user", the username is inserted by the code. then we create a normal submit box, that will send the message, and we are done with this file. Now we should create a file, that checks if the sent message is ok to send. messageck.php <?phpsession_start();require "database.php";$title=$_POST['message_title'];$to=$_POST['message_to'];$content=$_POST['message_content'];$from=$_POST['message_from'];$time=$_POST['message_date'];$ck_reciever = "SELECT username FROM user WHERE username = '".$to."'"; if( mysql_num_rows( mysql_query( $ck_reciever ) ) == 0 ){die("The user you are trying to contact don't excist. Please go back and try again.<br><form name=\"back\" action=\"new_message.php\"method=\"post\"><input type=\"submit\" value=\"Try Again\"></form>");}elseif(strlen($content) < 1){die("Your can't send an empty message!<br><form name=\"back\" action=\"new_message.php\"method=\"post\"><input type=\"submit\" value=\"Try Again\"></form>");}elseif(strlen($title) < 1){die("You must have a Title!<br><form name=\"back\" action=\"new_message.php\"method=\"post\"><input type=\"submit\" value=\"Try Again\"></form>");}else{mysql_query("INSERT INTO messages (from_user, to_user, message_title, message_contents, message_date) VALUES ('$from','$to','$title','$content','$time')") OR die("Could not send the message: <br>".mysql_error()); echo "The Message Was Successfully Sent!";?><form name="back" action="inbox.php"method="post"><input type="submit" value="Back to The Inbox"></form><?php}?> now you guys should know the first things we do (starting a session and including the database file.).Now the second thing we do in this script is creating a variable for every single form in the last script. We create a variable for the message title, content, "to-user" and so on. We do also create a variable that selects the username that was set in the "to-user" form. Then we create a if-statement that checks if the user excists. If not, the code will write an error message, and show you a back-button. Then it will check if there is any content and title. If not, an error message will be written, and a back-button will be shown. Else if everything worked as it should work, the message will be inserted in the database table that we created earlier. Now we should create a file that will let the user read the message, or ? read_message.php <?phpsession_start();$userfinal=$_SESSION['session_name'];require "database.php";$messageid = $_GET['message'];$message = mysql_query("SELECT * FROM messages WHERE message_id = '$message_id' AND to_user = '$userfinal'");$message=mysql_fetch_assoc($message);echo "<h1>Title: ".$message['message_title']."</h1><br><br>";echo "<h3>From: ".$message['from_user']."<br><br></h3>";echo "<h3>Message: <br>".$message['message_contents']."<br></h3>";echo '<form name="backfrm" method="post" action="inbox.php">'; echo '<input type="submit" value="Back to Inbox">'; echo '</form>';?> you know the first things we do here. the second things I do is creating a variable that includes the value from the"<a href="read_message.php?messageid=' . $row['message_id'] . '">" in the inbox file. then I create a variable that will include all the info about the message with that id (and check if the post is sent to the user or not [if it isn't, the post will be empty, else, the contents will be shown]). then I create three echos. The first one will write the title of the message. the second one will write the name of the user that sent the message. the last one will write the content of the message. then I just add a back-button. simple isn't it? now for those of you who don't know how to make a database.php file, here it is, but I won't comment it. database.php <?phpmysql_connect ("localhost", "mysql_username", "mysql_password") or die ('I cannot connect to the database because: ' . mysql_error());mysql_select_db ("db_name");?> Remember!If you find any errors, post them here, and I will try to fix them as soon as possible. I have tryed this PM system, and it works! Thanks for reading! //Feelay

No one can view the code, or even know that they excist. that should be enough.

Hey! How can i make my included files 100% safe. Like if I include a file witht his code.. include "bla.php"; How can i make it 100% safe? I know I must close the php tags in the included files. but what more =?

I will make this short I am sure that all of you know how east German was after the second world war? Thats how the world will look 2050. Trust me.. We are killing the earth. And in 10 years, it will be too late to try to heal it. And many humans (no offence) are too dumb, so stop using so much oil. The petrol Mafias wont allow us to use cars that works on water (that excists).. Many people can't afford, or don't want to buy cars that work on etanol. And thats only one reason. Another one is that humans are cutting down trees. Lets say 1000 trees / year grow up. The humans cut down something like 4000 trees / year.. The rainforrest: in less than 10 years, it will be gone.. As I said: in 2050 Earth will look like east German after the second world war. Tudor: Not two planets.. We would need 5 Planets named "earth" if natural resources continue to be exploited at the current rate =/ Another planet is impossible. They are exploring the Red Planet "Mars". It is impossible for us to live there. I do belive more in aliens, than humans living on Mars.

Code -|- <?phpsession_start();$nuser=$_SESSION['user'];$auser=$_SESSION['admin'];if($nuser){$userfinal=$nuser;}elseif($auser){$userfinal=$auser;} if(isset($userfinal)){require "database.php";$username = $_GET['messageid'];$user = mysql_query("SELECT * FROM messages WHERE message_id = '$username'");$user=mysql_fetch_assoc($user);if($user['to_user'] != $userfinal){die("You are trying to view another users posts! Thats impossible!");}else{if($user['message_read'] == 0){mysql_query("UPDATE messages SET message_read='1' WHERE message_id='$username'");}echo "<h1>Title: ".$user['message_title']."</h1><br><br>";echo "<h3>From: ".$user['from_user']."<br><br></h3>";echo "<h3>Message: <br>".$user['message_contents']."<br></h3>";echo '<form name="backfrm" method="post" action="inbox.php">'; echo '<input type="submit" value="Back to Inbox">'; echo '</form>';}}else{ echo"You must be logged in to view this page!";}?> Table -|-

Very Good Tutorial (and correct ). When I was doing this the first time, it took me ages to find a tutorial that told you how to do it I am sure this will help many people. Thank you. But.. I am not 100% sure, but shouldn't this be in the tutorials section =?

I have tried all theese stuff. !=, ==, =. None of them works. And Between When i used the !=, the code was like this if($userfinal != $user['to_user']){echo "error.. or whatever";}else{blabla} But as I said. none of them works :S And btw. I am trying to make Them _ic.. but they still don't work. they are _ic already..

I have tryed that mysql case instasetive thing. but it is still not working :S this is the if-statement I am using: if($userfinal == $user['to_user']){I have also tryed: if($userfinal = $user['to_user']){But then, nothing happened. It didn't block the user from viewing someone elses posts.

Isn't there any solution that is 50% fast, and 50% secure ? And 100% easy :)The thing sparkx said is right.. because maybe a user would like to be named "JohnnyD" or whatever..

Hey! Is there anyway to make the following: Mysql don't care if the users character is small or big. If I type Feelay instead of feelay, in my message when I want to write to myself, mysql thinks that I wrote to someone else. I want to be able to write both Feelay and feelay and send to the same user. Is that possible? This is the code I am using atm: /*if($user['to_user'] != $userfinal){die("You are trying to view another users posts! Thats impossible!");}*/ (I have made it as a comment, because it is unusable atm).

Hey!I know it is possible, but I don't know how to do it.Anyone who know how I can make the following:When a user type a message, and press Send, he will come to a page that will check the message. If an Error occur, the user must press a button, that will take him back to the message, and fix the error. but The problem is, that when the user press the button, his message is gone, and he must write it again. bad luck, if the message was long. Hope You undertsand what I want :)Thanks //Feelay

Thanks alot Vujsa ! Now I have made a version 0.1 PM script. I'll make a tutorial about it someday And as you said, it was very easy to make the script just took me 3 hours ;)Thanks again //Feelay

thank you guys Now. what is the best way to avoid SQL injections ?

Hey!Anyone who know a tutorial where they teach you how to protect your scripts from danger (hacks and stuff)? I think I need to start to think about theese stuff now.

Oh! I just saw this when I said that I couldn't extract folders, I ment about the thing pyost said. But about the ftp, I understood from the first time you said it (about Internet explorer then not the cmd), and it works just fine Thank You, both, Again //Feelay

hmm.. Is it possible to use an USB(mp3-player, but I use it as an USB) instead of a CD? would it work ?(Put all the files in the mp3-player, and then boot with it.)

I know how to burn a cd But the problem is, that I have no CDs left.. and my dad wont buy before the summer..Thats why I asked if it is possible to install it without a cd (and dvd). And if yes, how.