Send Private Message for Form Creator Form CMS
This script is called send-message_.php
The Send Private Message for Form Creator Form CMS script is one of a group of PHP scripts that handle both the administrative and end-user aspects of a general purpose HTML Form Creator that allows not just input boxes but multiple selection enabled select/option lists as well. In addition to the expectable editing scripts for both administrative and end-user functions, there's also a Search and Match script so that users can use the scripts to find other users with various individual or group commonalities, including proximity searches, i.e., find all the users within various distances. There are even private messaging scripts.
In case you wonder why private messaging is related to a general purpose HTML Form Creator, the answer isn't really that odd. Although there are a zillion possible uses one can put custom, administrator-created forms to, and equally as many form configurations one can create, the two most prominent uses we envisioned when we created our HTML form creator are matching apps for individuals and matching apps for groups. An example of the former is dating site apps like Match.com and an example of the latter is MC (Microcommunity) Search and Match — Search for Compatible Groups. If you don't yet know what MCs are, feel free to go to The Big Answer and find out. It should be obvious that the first thing one does when looking for compatible people—either as individuals or groups—is contact the ones the matching apps find that you are compatible with. So our apps provide a link to a personal messaging script in both our matching script search results and in our Private Messaging Inbox, on this page. In the latter, when a user contacts you, you may use the provided link to reply.
In short, then, whether you want to make a form where clowns, boy scout troups, gays, stamp collectors, bird watchers, swingers, Elvis lovers, conspiracy theory advocates, or others find one another according to various compatibility standards you devise, or simply make a form unrelated to compatibility, matching, or searching, our form creator scripts will allow you to handle both the administrative and end-user aspects of a general purpose HTML Form Creator that allows not just input boxes but multiple selection enabled select/option lists as well. Let your imagination guide you in your usage of our CMS system for form creation and use.
- HTML Form Creator
- Edit Options in HTML Form Creator Form
- Administrator Page for HTML Form Creator
End-User HTML Form Creator Scripts
- HTML Form Creator—Register with Captcha
- HTML Form Creator—View Profile
- HTML Form Creator—Edit Profile
- HTML Form Creator—Search and Match
- HTML Form Creator—Search and Match — Security
- HTML Form Creator—Search and Match — JavaScript
- HTML Form Creator—Search and Match — Form
- HTML Form Creator—Search and Match — PHP
- HTML Form Creator—Enter Record in Form
- HTML Form Creator—View Record in Form
- HTML Form Creator—Profile and Account Management
- HTML Form Creator—Login to Profile and Account Management
- HTML Form Creator—Logout of Profile and Account Management
- HTML Form Creator—Delete Group Account
- HTML Form Creator—Forgot User Name
- HTML Form Creator—Forgot Password
- HTML Form Creator—Form to Send Private Message
- HTML Form Creator—Send Private Message
- HTML Form Creator—Private Message Outbox
- HTML Form Creator—Private Message Inbox
- HTML Form Creator—Delete Private Message from Inbox
- HTML Form Creator—Delete Private Message from Outbox
- HTML Form Creator—Private Message Logout
- HTML Form Creator—Search and Match Session Monitoring
- HTML Form Creator—Configure File for Database Connection
- HTML Form Creator—Captcha Script for Registration and Login
Administrative HTML Form Creator Scripts
The purpose of this script is to process the user's private messages, filtering out unsafe or unacceptable content, then enter the message into the my_privatemessages MySQL database table (creating the table in the db if it does not exist yet), then email the user that is getting the new personal message, letting him know about it. In using our HTML form creator CMS system, you may PM users anytime via the HTML Form Creator—Form to Send Private Message script. That script has the form used for creation of private messages. It sends its submitted form data to this script: send-message_.php.
First, we start up a session (in the checkid_.php script) and include the config.php script to ensure that our connection to our database is made correctly. This file has the codes below in it:
$theemailaddress = "yoursite@yoursite.com"; //EDIT ME
$roothostname = "localhost";
$theusername = "yourusername"; //EDIT ME
$thepassword = "yourpassword"; //EDIT ME
$thedatabasename = "yourdb"; //EDIT ME
mysql_connect("".$roothostname."","".$theusername."","".$thepassword."") or die(mysql_error());
mysql_select_db("".$thedatabasename."") or die(mysql_error());
We also use the checkid_.php script to ensure that the session id variable is set, and send the user to register-with-captcha_.php if it is not. Then we put the session variable 'username' into $U—we will be checking that it is set in a second. Then we define a named constant '_NODIRECTACCESS'. We include the config.php file (in the includes folder) which uses the PHP defined() function to check on this constant. If it is not set, we are thrown out of the config.php file like yesterday's trash.
Next we check if the session variables 'groupname', 'username', and 'userid' are set. If not, we are sent to the login script. We make sure $U is still equal to the session variable 'username', that it is not an empty string, and that it's at least 6 characters long or . . . you guessed it . . . the login script. We make sure the session id is set and send them away if not.
The my_privatemessages table created in this script has many fields. We need to record what the messages are, who they are from who they are to, when they are sent, whether the user has read it yet (marked it READ or NOT READ), whether the sender marked it deleted yet, whether the recipient marked it deleted yet, what the id of the message is, and what the subject of the message is. The weird data type ENUM is used in the table. An ENUM is a data type in the form of a string object with a value chosen from a list of permitted values that are enumerated explicitly in the column specification at table creation time. Some say ENUM is good., e.g.: "So enums in DBs are a good thing, and should be used wherever possible." Some say ENUM is NOT good., e.g.: "ENUM Data Type Is Evil." We say ENUM is useful: it works great in our MySQL database table.
Next, the strip_tags() function filters tags out of the user inputs. Then the PHP function substr() forces the data to conform to maximum length standards—trimming off excess. Then the strlen() function makes sure data fulfills minimum length standards, and if not, the user sees "Fill form completely, please." and is sent back to the form to redo it.
Next there is bunch of data filters that convert more dangerous characters into less dangerous ones. You can use the str_replace() function to replace nasty or hateful words with nicer ones, also. It is up to you whether you want to take the trouble.
- "@" is changed to "-at-",
- "/" is changed to "|",
- ";" is changed to ",",
- ":" is changed to ",",
- "+" is changed to " plus ",
- "&" is changed to " and ",
- single quote is changed to "`",
- double quote is changed to '``',
- ">" is changed to " greater than ",
- "=" is changed to " equals ".
(< is killed with strip_tags() function which dumps the rest of message.)
After the character changes come the regular expression replacement patterns, which allows only alphanumerics, spaces, and . , ! ? - _ ` | in subjects and messages, and use the PHP function preg_replace(). The $touser data allows alphanumerics and underscores only. Two hyphens in a row can be a problem, so this is filtered into one hyphen at a time. Finally, the function mysql_real_escape_string() is run to make the data secure for putting into a MySQL table.
The membership table my_members is checked for the group name input as the message recipient, and if it is not found in the table, the user sees "This Group Name does not exist. Please try again." and he is sent back to the form. The user id gets stored in $_SESSION['touser'] for safekeeping, then the message is put into the MySQL table my_privatemessages. Note that the deleted, readit, and outdel fields get 0 at first—users may change the status of what messages are deleted or read anytime.
If the MySQL storing goofed up, the user is told. Then the my_members table is accessed for the email address of the recipient and he or she is sent an email telling him or her about the new private message. This means that if a user finds a compatible group or person from using the compatibility matching script HTML Form Creator—Search and Match, the party he found does not have to be online or checking his inbox. He merely needs to check his email occasionally, which most of us do.
Note that the administrator or website host needs to change the part of the email message that says http://www.yourwebsite.com/login_.php since it is silly to think that www.yourwebsite.com is really the actual name of the site! The link, in the email, will work if changed to the correct URL (plus /login_.php) where the login_.php file and the rest of the HTML form creator CMS system are stored.
Finally, the user is informed that: "Message sent." so he will be confident that his PM will get to his intended recipient.
The script below is called: send-message_.php
<?php
include_once"checkid_.php";
$U=$_SESSION['username'];
define('_NODIRECTACCESS', TRUE);
include_once"includes/config.php";
if (!isset($_SESSION['groupname']) || !isset($_SESSION['userid']) || !isset($_SESSION['username']) || $_SESSION['username']<>$U || !isset($U) || $U=="" || strlen($U)<6 || !isset($_SESSION['sessionid'])){echo '<script language="javascript">alert("Please login."); window.location = "login_.php";</script>';}
//send-message_.php
$sql = "CREATE TABLE IF NOT EXISTS my_privatemessages (
id INT(4) NOT NULL AUTO_INCREMENT,
touser INT(4) NOT NULL,
fromuser INT(4) NOT NULL,
subject VARCHAR(150) NOT NULL,
message TEXT NOT NULL,
readit ENUM('0','1') NOT NULL DEFAULT '0',
deleted ENUM('0','1') NOT NULL DEFAULT '0',
datesent VARCHAR(40) NOT NULL,
outdel ENUM('0','1') NOT NULL DEFAULT '0',
PRIMARY KEY (id)
) ENGINE=MyISAM AUTO_INCREMENT=1";
mysql_query($sql);
$touser = strip_tags($_POST['touser']);
$subject = strip_tags($_POST['subject']);
$message = strip_tags($_POST['message']);
$message = substr($message,0,700);
$subject = substr($subject,0,150);
$touser = substr($touser,0,40);
if(!isset($touser) || !isset($subject) || !isset($message) || strlen($touser)<3 || strlen($subject)<3 || strlen($message)<3){
echo '<script language="javascript">alert("Fill form completely, please."); window.location = "send-message-form_.php"; </script>';
}else{
$message=str_replace("@", "-at-", $message);
$message=str_replace("/", "|", $message);
$message=str_replace(";", ",", $message);
$message=str_replace(":", ",", $message);
$message=str_replace("+", " plus ", $message);
$message=str_replace("&", " and ", $message);
$message=str_replace("'", "`", $message);
$message=str_replace('"', '``', $message);
$message=str_replace(">", " greater than ", $message);//< killed with strip_tags which dumps rest of message
$message=str_replace("=", " equals ", $message);
$pattern1 = '/[^a-zA-Z0-9\\s\\.\\,\\!\\?\\-\\_\\`\\|]/i';
$pattern2 = '/[^a-zA-Z0-9\\_]/i';
$replacement = '';
$touser=preg_replace($pattern2, $replacement, $touser);
$touser=mysql_real_escape_string($touser);
$pattern3 = '/--/';
$replacement3 = ' -';
$subject=preg_replace($pattern3, $replacement3, $subject);
$subject=preg_replace($pattern3, $replacement3, $subject);
$message=preg_replace($pattern3, $replacement3, $message);
$message=preg_replace($pattern3, $replacement3, $message);
$subject=preg_replace($pattern1, $replacement, $subject);
$subject=mysql_real_escape_string($subject);
$message=preg_replace($pattern1, $replacement, $message);
$message=mysql_real_escape_string($message);
$fromuser = $_SESSION['userid'];
$_SESSION['subject'] = $subject;
$_SESSION['message'] = $message;
$_SESSION['to_group'] = $touser;
$to_group = $touser;
$time = time();
$check_touser_name = mysql_query("SELECT * FROM my_members WHERE groupname = '$touser' LIMIT 1") or die(mysql_error());
if(mysql_num_rows($check_touser_name) == 0)
{echo '<script language="javascript">alert("This Group Name does not exist. Please try again.");window.location="send-message-form_.php";</script>;';
}else{
$row=mysql_fetch_assoc($check_touser_name);
$touser=$row['id'];
$_SESSION['touser'] = $touser;// to what id?
$sql = "INSERT INTO my_privatemessages
(id,touser,fromuser,subject,message,readit,deleted,datesent,outdel)
VALUES (NULL, '$touser', '$fromuser', '$subject', '$message', '0', '0', '$time', '0')";
$res=mysql_query($sql);
if(!$res){
echo '<script language="javascript">alert("Message was not sent—something went wrong."); window.location="send-message-form_.php";</script>';}
$sql = "SELECT email FROM my_members WHERE id = '$touser'";
$res=mysql_query($sql);
$row=mysql_fetch_assoc($res);
$e=$row['email'];
$to = $e;
$subject = "You have a new private message on our Website!";
$message = "You have a new private message on our Website, ".$to_group.".\n\nClick link to log in and see it: http://www.yourwebsite.com/login_.php \n\nDo not reply to this email.\n\nRegards,\n\nour Website's management";
$headers = "From: NO-REPLY@yourwebsite.com";
$mail_sent = mail($to, $subject, $message, $headers);
mysql_close();
echo '<script language="javascript">alert("Message sent."); window.location = "send-message-form_.php"; </script>';
}}
?>