Home      Products & Services      Contact Us      Links

WebHatchers will design & develop your site for you.

Website Menu Heaven: menus, buttons, etc.

Send us your questions.

site search by freefind

SEO, Google, Privacy
   and Anonymity
Browser Insanity
Popups and Tooltips
Free Website Search
HTML Form Creator
Buttons and Menus
Image Uploading
Website Poll
IM and Texting
   or Not MySQL
Personal Status Boards
Content Management
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs

Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement

Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Sending a Private Message to Search and Match Users

This script is called send-message.php

First, we use the check-id.php script to ensure that the session id variable is set, and send the user to Login to MC Search and Match Profile and Account Management if it is not. Then we put the session variable 'username' into $U—we will be checking that it is set in a second. Then we define a named constant '_NODIRECTACCESS'. We include the config.php file (in the includes folder) which uses the PHP defined() function to check on this constant. If it is not set, we are thrown out of the config.php file like yesterday's trash.

Next we check if the session variables 'groupname', 'username', and 'userid' are set. If not, we are sent to the login-to-mc.php script. We make sure $U is still equal to the session variable 'username', that it is not an empty string, and that it's at least 6 characters long or . . . you guessed it . . . the login script. We make sure the session id is set and send them away if not.

Now we create the MySQL messaging table privatemessages if it does not exist. The table is standard stuff except for the ENUM data type. As specified in http://dev.mysql.com/doc/refman/5.0/en/enum.html, "An ENUM is a string object with a value chosen from a list of permitted values that are enumerated explicitly in the column specification at table creation time." I.e., if someone tries to enter a value in a ENUM('0','1') field that is not '0' or '1', then a blank value will be entered.

The variables $subject, $message, and $touser get loaded with POSTed form variables from Form to Send Private Message. The strip_tags() function dumps their tags and the substr() function ensures they are not too long by trimming any excess. Then, if any of these values is nothing or under 3 characters, the user sees "Fill form completely, please." and is sent to Form to Send Private Message.

Then the $message string is processed so that "@" is changed into "-at-", "/" is changed into "|", ";" is changed into ",", ":" is changed into ",", "+" is changed into " plus ", "&" is changed into " and ", single quote is changed into "`", double quote is changed into '``', "=" is changed into " equals ", ">" is changed into
" greater than " (< is killed with strip_tags which dumps rest of message).

The preg_replace() function uses regular expression patterns to allow only certain characters in the $subject and $message and $touser strings. We look for -- in $message and $subject and change it to - twice each since if you do it once, it is possible to miss a -- pattern, which can be used in bad ways, as can quotes, semicolons, =, @, etc. Once the 3 strings are sanitized, we run the mysql_real_escape_string() function on them for extra security before storing them in a MySQL db table, even though we've already taken care of most security issues. We also stick these 3 into session variables.

The database is queried for the $touser group name. If it is not found, the user sees "This Group Name does not exist. Please try again." and is sent back to the message form. We use the mysql_fetch_assoc() function on the query results and get the id of the group and stick it in a session variable as well as into $touser. Finally, we use the MySQL INSERT INTO statement to insert the message, etc., into the table privatemessages.

Having sent the message, we now get the group's email address from the associative array from the db and use it to send an email to the group we are messaging. In the message is "You have a new private message on our Website!" We don't want an email reply, so we put NO-REPLY in the From of the headers. Then we alert the message sender that "Message sent." and send him back to the message form at Form to Send Private Message.

The script below is called: send-message.php


if (!isset($_SESSION['groupname']) || !isset($_SESSION['userid']) || !isset($_SESSION['username']) || $_SESSION['username']<>$U || !isset($U) || $U=="" || strlen($U)<6 || !isset($_SESSION['sessionid'])){echo '<script language="javascript">alert("Please login."); window.location = "login-to-mc.php";</script>';}


$sql = "CREATE TABLE IF NOT EXISTS privatemessages (
touser INT(4) NOT NULL,
fromuser INT(4) NOT NULL,
subject VARCHAR(150) NOT NULL,
message TEXT NOT NULL,
readit ENUM('0','1') NOT NULL DEFAULT '0',
deleted ENUM('0','1') NOT NULL DEFAULT '0',
datesent VARCHAR(40) NOT NULL,
outdel ENUM('0','1') NOT NULL DEFAULT '0',


$touser = strip_tags($_POST['touser']);
$subject = strip_tags($_POST['subject']);
$message = strip_tags($_POST['message']);
$message = substr($message,0,700);
$subject = substr($subject,0,150);
$touser = substr($touser,0,40);
if(!isset($touser) || !isset($subject) || !isset($message) || strlen($touser)<3 || strlen($subject)<3 || strlen($message)<3){
echo '<script language="javascript">alert("Fill form completely, please."); window.location = "send-message-form.php"; </script>';


$message=str_replace("@", "-at-", $message);
$message=str_replace("/", "|", $message);
$message=str_replace(";", ",", $message);
$message=str_replace(":", ",", $message);
$message=str_replace("+", " plus ", $message);
$message=str_replace("&", " and ", $message);
$message=str_replace("'", "`", $message);
$message=str_replace('"', '``', $message);
$message=str_replace(">", " greater than ", $message);//< killed with strip_tags which dumps rest of message
$message=str_replace("=", " equals ", $message);
$pattern1 = '/[^a-zA-Z0-9\\s\\.\\,\\!\\?\\-\\_\\`\\|]/i';
$pattern2 = '/[^a-zA-Z0-9\\_]/i';
$replacement = '';
$touser=preg_replace($pattern2, $replacement, $touser);
$pattern3 = '/--/';
$replacement3 = ' -';
$subject=preg_replace($pattern3, $replacement3, $subject);
$subject=preg_replace($pattern3, $replacement3, $subject);
$message=preg_replace($pattern3, $replacement3, $message);
$message=preg_replace($pattern3, $replacement3, $message);
$subject=preg_replace($pattern1, $replacement, $subject);
$message=preg_replace($pattern1, $replacement, $message);

$fromuser = $_SESSION['userid'];
$_SESSION['subject'] = $subject;
$_SESSION['message'] = $message;
$_SESSION['to_group'] = $touser;
$to_group = $touser;
$time = time();

$check_touser_name = mysql_query("SELECT * FROM mc_members WHERE groupname = '$touser' LIMIT 1") or die(mysql_error());
if(mysql_num_rows($check_touser_name) == 0)
{echo '<script language="javascript">alert("This Group Name does not exist. Please try again.");window.location="send-message-form.php";</script>;';

$_SESSION['touser'] = $touser;// to what id?

$sql = "INSERT INTO privatemessages
VALUES (NULL, '$touser', '$fromuser', '$subject', '$message', '0', '0', '$time', '0')";

echo '<script language="javascript">alert("Message was not sent—something went wrong."); window.location="send-message-form.php";</script>';}

$sql = "SELECT email FROM mc_members WHERE id = '$touser'";


$to = $e;
$subject = "You have a new private message on our Website!";
$message = "You have a new private message on our Website, ".$to_group.".\n\nClick link to log in and see it: http://www.yourwebsite.com/login-to-mc.php \n\nDo not reply to this email.\n\nRegards,\n\nour Website's management";
$headers = "From: NO-REPLY@yourwebsite.com";
$mail_sent = mail($to, $subject, $message, $headers);


echo '<script language="javascript">alert("Message sent."); window.location = "send-message-form.php"; </script>';