making Login work with Message system

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Smackie
Forum Contributor
Posts: 302
Joined: Sat Jan 29, 2005 2:33 pm

making Login work with Message system

Post by Smackie »

i am having a bit of a trouble making my message system work with my login system can someone help me put these two scripts together??

Login

Code: Select all

<?php
session_start();
// dBase file
include "dbConfig.php";

if ($_GET["op"] == "login")
                {
	if (!$_POST["username"] || !$_POST["password"])
		{
		die("Please go back and Supply a username and password.");
		}

	// Create query
	$q = "SELECT * FROM `dbUsers` "
		."WHERE `username`='".$_POST["username"]."' "
		."AND `password`=PASSWORD('".$_POST["password"]."') "
		."LIMIT 1";
	// Run query
	$r = mysql_query($q);

	if ( $obj = @mysql_fetch_object($r) )
	{
		// Login O.K., create session variables
		$_SESSION["valid_id"] = $obj->id;
		$_SESSION["valid_user"] = $_POST["username"];
		$_SESSION["valid_time"] = time();

 // Redirect to member page
if($obj->Auth == 2)
{
Header("Location: adminpage.php");
}else{

Header("Location: members.php");
                                }
                           	}
	else
		{
		// Login not successful
		die("Sorry, could not log you in. Wrong login information.");
		}
	                }
                else
		{
include "colors.html";
		echo "<form action=\"?op=login\" method=\"POST\">";
		echo "Username: <input name=\"username\" size=\"15\"><br />";
		echo "Password: <input type=\"password\" name=\"password\" size=\"15\"><br />";
		echo "<input type=\"submit\" value=\"Login\">";
		echo "</form>";
		}

?>
Message System

Code: Select all

<? session_start(); ?>

<?
$dbh=mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("db");
?>

<? 
/*
$_SESSION["valid_id"]=1;
$_SESSION["valid_user"]="smackie"; 
$_SESSION["valid_time"]=time(); 
*/
?>

<? 
//Whether to show page or not
if($_SESSION["valid_id"])
{ 
?>

<?
$name=$_SESSION["valid_user"];
$id=$_SESSION["valid_id"];

$unread=0;
$result=mysql_query("SELECT * FROM `sma_pm`") or die(mysql_error());
$n=mysql_num_rows($result);

for($i=1;$i<=$n;$i++)
{
	$z=mysql_fetch_assoc($result);
	$pm[$z["id"]]=$z;
	
	if((!$pm[$i]["read"])&&($pm[$i]["to"]==$_SESSION["valid_user"]))
	{
		$unread++;
	}
}
?>

<table width="750" height="100%" border="0" cellspacing="0" cellpadding="0" valign="top">
  <tr>
    <td width="130" valign="top"><br>
      <table align="center" width="130" border="1" bordercolor="#3399cc" cellspacing="0" cellpadding="0" valign="top">
        <tr> 
          <td height="20" bgcolor="#336699" valign="center"><font face="verdana" size="2">PMs</font></td>

        </tr>
        <tr> 
          <td valign="top"> 
            <p><font face="verdana" size="1.5">
				<a href="index.php?p=new">New PM</a><br>
				<a href="index.php?p=inbox">Inbox <? if($unread){echo "($unread)";} ?></a><br>
				<a href="index.php?p=sent">Sent</a><br>
			</font></p>
            </td>
        </tr>
      </table>

            <?
			if(isset($_GET["p"]))
			{
				$p=$_GET["p"];
			}
			else
			{
				$p="indx";
			}
			
			switch($p)
			{
				case "inbox":
					for($q=1;$q<=count($pm);$q++)
					{
                                                	$ipm=$pm[$q];
						if($ipm["to"]==$_SESSION["valid_user"])
						{
							$new="";
							if(!$ipm["read"])
							{
								$new="_new";
							}
							echo "<img src='mail".$new.".gif'> &nbsp;<a href='?p=read&m=".($ipm["id"])."'>".$ipm["subject"]."</a><br>";
						}
					}
				break;
				
				case "read":
					$mid=$_GET["m"];
					if($pm[$mid]["to"]==$_SESSION["valid_user"] || $pm[$mid]["from"]==$_SESSION["valid_user"])
					{
						echo '
						<h2>'.$pm[$mid]["subject"].'</h2><br>
						From: '.$pm[$mid]["from"].'<br>
						<blockquote>
						'.$pm[$mid]["message"].'
						</blockquote>
						';
						
						mysql_query("UPDATE `sma_pm` SET `read` = '1' WHERE `id` ='".$mid."' LIMIT 1 ;");
					}
					else
					{
						echo "This message isn't for you.";
					}
				break;
			
				case "new":
					?>
					<form method="post" action="index.php">
					  <p>Subject: 
						<input class="formItem" name="subject">
					  </p>
					  <p>To: 
						<select name="to" class="formItem">
						  <option>Choose...</option>
						  <?
								$q=mysql_query("SELECT * FROM `sm_users`");
								
								while($usr=mysql_fetch_assoc($q))
								{
									echo "<option>".$usr["name"]."</option>";
								}
								?>
						</select>
					  </p>
					  <p>
						Message:<br>
						<textarea name="message" class="formItem" style="height:200px;width:450px;"></textarea>
					  </p>
					  <input type="submit" value="Send" class="formItem" >
					</form>
					<?
				break;
                                    
                                    case "sent":
					foreach ($pm as $ipm)
					{
						if($ipm["from"]==$_SESSION["valid_user"])
						{
							$new="";
							if(!$ipm["read"])
							{
								$new="_new";
							}
							echo "<img src='mail".$new.".gif'> &nbsp;<a href='?p=read&m=".($ipm["id"])."'>".$ipm["subject"]."</a><br>";
						}
					}
                                    break;
				
				case "indx":
				default:
					if(isset($_POST["message"]) && isset($_POST["subject"]) && isset($_POST["to"]))
					{
						$msg=htmlspecialchars($_POST["message"]);
						$sub=htmlspecialchars($_POST["subject"]);
						$to=htmlspecialchars($_POST["to"]);
				
						$w=mysql_query("INSERT INTO `sma_pm` ( `id` , `subject` , `from` , `to` , `date` , `time` , `read` , `message` )
						VALUES (
						'', '$sub', '".$_SESSION["valid_user"]."', '$to', '01/05/05', '13:15', '0', '$msg'
						);") or die(mysql_error());
						
						echo "Your message '$sub' has been sent to '$to'.";
					}
					else
					{
						echo "This is your PM index.";
					}
				break;
			}
			
			?>
            <p> <br>
<? } ?>


login mysql tables
#
# Table structure for table `dbUsers`
#

DROP TABLE IF EXISTS dbUsers;
CREATE TABLE dbUsers (
`id` int( 10 ) AUTO_INCREMENT Primary ,
`username` varchar( 25 ) ,
`Auth` int( 1 ) ,
`password` varchar( 25 ) ,
`email` varchar( 50 )
) TYPE=MyISAM;
);
message system tables
(run once)

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Untitled</title>
</head>
<body>
<?
$dbh=mysql_connect ("localhost", "USER_NAME", "PASSWORD") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("DATABASE_NAME");

mysql_query("
CREATE TABLE `-DATABASE-NAME-`.`sma_pm` (
`id` mediumint( 8 ) unsigned NOT NULL AUTO_INCREMENT ,
`subject` varchar( 255 ) NOT NULL default '',
`from` varchar( 255 ) NOT NULL default '',
`to` varchar( 255 ) NOT NULL default '',
`date` varchar( 255 ) NOT NULL default '',
`time` varchar( 255 ) NOT NULL default '',
`read` smallint( 1 ) NOT NULL default '0',
`message` text NOT NULL ,
PRIMARY KEY ( `id` )
);
") or die(mysql_error());
?>
</body>
</html>
sorry if its pretty long but i am in need of some help :S

Thank you
Smackie
User avatar
Skara
Forum Regular
Posts: 703
Joined: Sat Mar 12, 2005 7:13 pm
Location: US

Post by Skara »

You want to check if you're logged in in the message thing, right?
I didn't read any of your code but that you used $_SESSION. You simply need to check the password and die or redirect if it's not right.
e.g.

Code: Select all

if (!valid($_SESSION['pass'])) {
  //either:
  header('login.php');
  //or:
  die('Error: Not logged in');
}
that help any?
Smackie
Forum Contributor
Posts: 302
Joined: Sat Jan 29, 2005 2:33 pm

Post by Smackie »

not really manly i need that and make it where the "To list" has all my usernames that are on my database from login script...
The Monkey
Forum Contributor
Posts: 168
Joined: Tue Mar 09, 2004 9:05 am
Location: Arkansas, USA

Post by The Monkey »

Smackie wrote:not really manly i need that and make it where the "To list" has all my usernames that are on my database from login script...

Code: Select all

<?PHP
$to_list_query = mysql_query("SELECT username FROM dbUsers"); // Query all users
$to_list = mysql_result($to_list_query);

// Loop over every username in the database
while ( $user = mysql_fetch_assoc($to_list) )
{
     echo $user['username']; // print the username
}
?>
:D
Smackie
Forum Contributor
Posts: 302
Joined: Sat Jan 29, 2005 2:33 pm

Post by Smackie »

theres already a code in there that does that but i need it to work with my login script.. i need everything to work with my login script
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Are you asking some one to integrate your scripts for you?

All you have to do is remove the login parts of your chat script, and redo it with the login credentials given by your logic script and then pull the neccesary information from the db for your chat script.
Smackie
Forum Contributor
Posts: 302
Joined: Sat Jan 29, 2005 2:33 pm

Post by Smackie »

First off its not a chat its a message system.. and second of all everytime i try making them work together it keeps giving me headers already sent out or its just a blank sheet sometimes (for some odd reason..)
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

your headers already sent problem can be solved by reading Jason's tutorial Headers already sent
Smackie
Forum Contributor
Posts: 302
Joined: Sat Jan 29, 2005 2:33 pm

Post by Smackie »

I know how to fix the header already being sent out but it keeps giving errors or its a blank page

http://www.hauntedgraveyard.net/Message/index.php

see i have my script on that page but yet its totally blank and i dont know why (yes i my server does support php) its been acting up like that for the last few days...
thats why im looking for someone else to help me fix that script up so it will be done and i will know it will work..
Post Reply