R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________

site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs




Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Send Private Message for Form Creator Form CMS

This script is called send-message_.php

The Send Private Message for Form Creator Form CMS script is one of a group of PHP scripts that handle both the administrative and end-user aspects of a general purpose HTML Form Creator that allows not just input boxes but multiple selection enabled select/option lists as well. In addition to the expectable editing scripts for both administrative and end-user functions, there's also a Search and Match script so that users can use the scripts to find other users with various individual or group commonalities, including proximity searches, i.e., find all the users within various distances. There are even private messaging scripts.

In case you wonder why private messaging is related to a general purpose HTML Form Creator, the answer isn't really that odd. Although there are a zillion possible uses one can put custom, administrator-created forms to, and equally as many form configurations one can create, the two most prominent uses we envisioned when we created our HTML form creator are matching apps for individuals and matching apps for groups. An example of the former is dating site apps like Match.com and an example of the latter is MC (Microcommunity) Search and Match — Search for Compatible Groups. If you don't yet know what MCs are, feel free to go to The Big Answer and find out. It should be obvious that the first thing one does when looking for compatible people—either as individuals or groups—is contact the ones the matching apps find that you are compatible with. So our apps provide a link to a personal messaging script in both our matching script search results and in our Private Messaging Inbox, on this page. In the latter, when a user contacts you, you may use the provided link to reply.

In short, then, whether you want to make a form where clowns, boy scout troups, gays, stamp collectors, bird watchers, swingers, Elvis lovers, conspiracy theory advocates, or others find one another according to various compatibility standards you devise, or simply make a form unrelated to compatibility, matching, or searching, our form creator scripts will allow you to handle both the administrative and end-user aspects of a general purpose HTML Form Creator that allows not just input boxes but multiple selection enabled select/option lists as well. Let your imagination guide you in your usage of our CMS system for form creation and use.

The purpose of this script is to process the user's private messages, filtering out unsafe or unacceptable content, then enter the message into the my_privatemessages MySQL database table (creating the table in the db if it does not exist yet), then email the user that is getting the new personal message, letting him know about it. In using our HTML form creator CMS system, you may PM users anytime via the HTML Form Creator—Form to Send Private Message script. That script has the form used for creation of private messages. It sends its submitted form data to this script: send-message_.php.

First, we start up a session (in the checkid_.php script) and include the config.php script to ensure that our connection to our database is made correctly. This file has the codes below in it:

$theemailaddress = "yoursite@yoursite.com"; //EDIT ME
$roothostname = "localhost";
$theusername = "yourusername"; //EDIT ME
$thepassword = "yourpassword"; //EDIT ME
$thedatabasename = "yourdb"; //EDIT ME
mysql_connect("".$roothostname."","".$theusername."","".$thepassword."") or die(mysql_error());
mysql_select_db("".$thedatabasename."") or die(mysql_error());

We also use the checkid_.php script to ensure that the session id variable is set, and send the user to register-with-captcha_.php if it is not. Then we put the session variable 'username' into $U—we will be checking that it is set in a second. Then we define a named constant '_NODIRECTACCESS'. We include the config.php file (in the includes folder) which uses the PHP defined() function to check on this constant. If it is not set, we are thrown out of the config.php file like yesterday's trash.

Next we check if the session variables 'groupname', 'username', and 'userid' are set. If not, we are sent to the login script. We make sure $U is still equal to the session variable 'username', that it is not an empty string, and that it's at least 6 characters long or . . . you guessed it . . . the login script. We make sure the session id is set and send them away if not.

The my_privatemessages table created in this script has many fields. We need to record what the messages are, who they are from who they are to, when they are sent, whether the user has read it yet (marked it READ or NOT READ), whether the sender marked it deleted yet, whether the recipient marked it deleted yet, what the id of the message is, and what the subject of the message is. The weird data type ENUM is used in the table. An ENUM is a data type in the form of a string object with a value chosen from a list of permitted values that are enumerated explicitly in the column specification at table creation time. Some say ENUM is good., e.g.: "So enums in DBs are a good thing, and should be used wherever possible." Some say ENUM is NOT good., e.g.: "ENUM Data Type Is Evil." We say ENUM is useful: it works great in our MySQL database table.

Next, the strip_tags() function filters tags out of the user inputs. Then the PHP function substr() forces the data to conform to maximum length standards—trimming off excess. Then the strlen() function makes sure data fulfills minimum length standards, and if not, the user sees "Fill form completely, please." and is sent back to the form to redo it.

Next there is bunch of data filters that convert more dangerous characters into less dangerous ones. You can use the str_replace() function to replace nasty or hateful words with nicer ones, also. It is up to you whether you want to take the trouble.

After the character changes come the regular expression replacement patterns, which allows only alphanumerics, spaces, and . , ! ? - _ ` | in subjects and messages, and use the PHP function preg_replace(). The $touser data allows alphanumerics and underscores only. Two hyphens in a row can be a problem, so this is filtered into one hyphen at a time. Finally, the function mysql_real_escape_string() is run to make the data secure for putting into a MySQL table.

The membership table my_members is checked for the group name input as the message recipient, and if it is not found in the table, the user sees "This Group Name does not exist. Please try again." and he is sent back to the form. The user id gets stored in $_SESSION['touser'] for safekeeping, then the message is put into the MySQL table my_privatemessages. Note that the deleted, readit, and outdel fields get 0 at first—users may change the status of what messages are deleted or read anytime.

If the MySQL storing goofed up, the user is told. Then the my_members table is accessed for the email address of the recipient and he or she is sent an email telling him or her about the new private message. This means that if a user finds a compatible group or person from using the compatibility matching script HTML Form Creator—Search and Match, the party he found does not have to be online or checking his inbox. He merely needs to check his email occasionally, which most of us do.

Note that the administrator or website host needs to change the part of the email message that says http://www.yourwebsite.com/login_.php since it is silly to think that www.yourwebsite.com is really the actual name of the site! The link, in the email, will work if changed to the correct URL (plus /login_.php) where the login_.php file and the rest of the HTML form creator CMS system are stored.

Finally, the user is informed that: "Message sent." so he will be confident that his PM will get to his intended recipient.

The script below is called: send-message_.php


<?php

include_once"checkid_.php";
$U=$_SESSION['username'];
define('_NODIRECTACCESS', TRUE);
include_once"includes/config.php";
if (!isset($_SESSION['groupname']) || !isset($_SESSION['userid']) || !isset($_SESSION['username']) || $_SESSION['username']<>$U || !isset($U) || $U=="" || strlen($U)<6 || !isset($_SESSION['sessionid'])){echo '<script language="javascript">alert("Please login."); window.location = "login_.php";</script>';}

//send-message_.php

$sql = "CREATE TABLE IF NOT EXISTS my_privatemessages (
id INT(4) NOT NULL AUTO_INCREMENT,
touser INT(4) NOT NULL,
fromuser INT(4) NOT NULL,
subject VARCHAR(150) NOT NULL,
message TEXT NOT NULL,
readit ENUM('0','1') NOT NULL DEFAULT '0',
deleted ENUM('0','1') NOT NULL DEFAULT '0',
datesent VARCHAR(40) NOT NULL,
outdel ENUM('0','1') NOT NULL DEFAULT '0',
PRIMARY KEY (id)
) ENGINE=MyISAM AUTO_INCREMENT=1";

mysql_query($sql);

$touser = strip_tags($_POST['touser']);
$subject = strip_tags($_POST['subject']);
$message = strip_tags($_POST['message']);
$message = substr($message,0,700);
$subject = substr($subject,0,150);
$touser = substr($touser,0,40);
if(!isset($touser) || !isset($subject) || !isset($message) || strlen($touser)<3 || strlen($subject)<3 || strlen($message)<3){
echo '<script language="javascript">alert("Fill form completely, please."); window.location = "send-message-form_.php"; </script>';

}else{

$message=str_replace("@", "-at-", $message);
$message=str_replace("/", "|", $message);
$message=str_replace(";", ",", $message);
$message=str_replace(":", ",", $message);
$message=str_replace("+", " plus ", $message);
$message=str_replace("&", " and ", $message);
$message=str_replace("'", "`", $message);
$message=str_replace('"', '``', $message);
$message=str_replace(">", " greater than ", $message);//< killed with strip_tags which dumps rest of message
$message=str_replace("=", " equals ", $message);
$pattern1 = '/[^a-zA-Z0-9\\s\\.\\,\\!\\?\\-\\_\\`\\|]/i';
$pattern2 = '/[^a-zA-Z0-9\\_]/i';
$replacement = '';
$touser=preg_replace($pattern2, $replacement, $touser);
$touser=mysql_real_escape_string($touser);
$pattern3 = '/--/';
$replacement3 = ' -';
$subject=preg_replace($pattern3, $replacement3, $subject);
$subject=preg_replace($pattern3, $replacement3, $subject);
$message=preg_replace($pattern3, $replacement3, $message);
$message=preg_replace($pattern3, $replacement3, $message);
$subject=preg_replace($pattern1, $replacement, $subject);
$subject=mysql_real_escape_string($subject);
$message=preg_replace($pattern1, $replacement, $message);
$message=mysql_real_escape_string($message);

$fromuser = $_SESSION['userid'];
$_SESSION['subject'] = $subject;
$_SESSION['message'] = $message;
$_SESSION['to_group'] = $touser;
$to_group = $touser;
$time = time();

$check_touser_name = mysql_query("SELECT * FROM my_members WHERE groupname = '$touser' LIMIT 1") or die(mysql_error());
if(mysql_num_rows($check_touser_name) == 0)
{echo '<script language="javascript">alert("This Group Name does not exist. Please try again.");window.location="send-message-form_.php";</script>;';
}else{

$row=mysql_fetch_assoc($check_touser_name);
$touser=$row['id'];
$_SESSION['touser'] = $touser;// to what id?

$sql = "INSERT INTO my_privatemessages
(id,touser,fromuser,subject,message,readit,deleted,datesent,outdel)
VALUES (NULL, '$touser', '$fromuser', '$subject', '$message', '0', '0', '$time', '0')";

$res=mysql_query($sql);
if(!$res){
echo '<script language="javascript">alert("Message was not sent—something went wrong."); window.location="send-message-form_.php";</script>';}

$sql = "SELECT email FROM my_members WHERE id = '$touser'";

$res=mysql_query($sql);
$row=mysql_fetch_assoc($res);
$e=$row['email'];

$to = $e;
$subject = "You have a new private message on our Website!";
$message = "You have a new private message on our Website, ".$to_group.".\n\nClick link to log in and see it: http://www.yourwebsite.com/login_.php \n\nDo not reply to this email.\n\nRegards,\n\nour Website's management";
$headers = "From: NO-REPLY@yourwebsite.com";
$mail_sent = mail($to, $subject, $message, $headers);

mysql_close();

echo '<script language="javascript">alert("Message sent."); window.location = "send-message-form_.php"; </script>';
}}
?>