private message system- unknown user problem
Posted: Fri May 25, 2012 4:45 pm
Hi..
Up until now, I've succeed to follow the tutorial until the new conversation part where when i try to post to unknown or non-existing user, the message "The following user could not be found" won't appear. There are many errors message I've got.Now I'm really stuck and could you or anyone help me? I really appreciate your help =) Here I include my code
index.php
Up until now, I've succeed to follow the tutorial until the new conversation part where when i try to post to unknown or non-existing user, the message "The following user could not be found" won't appear. There are many errors message I've got.Now I'm really stuck and could you or anyone help me? I really appreciate your help =) Here I include my code
index.php
<?php include('core/init.inc.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html versions:-//w3c//DTD XHTML 1.1//EN" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="ext/css/main.css" /> <title>private Message</title> </head> <body> <div id="wrap"> <?php include($include_file); ?> </div> </body> </html>new_conversation.page.inc.php
<?php if (isset($_POST['to'], $_POST['subject'], $_POST['body'])){ $errors = array(); echo mysql_error(); if(empty($_POST['to'])){ $errors[] = 'you must enter at least one name.'; } else if (preg_match('%^[a-z, ]+$%i', $_POST['to']) === 0){ $errors[] = 'the list of names you gave does not look valid.'; }else{ $user_names = explode(',', $_POST['to']); foreach ($user_name as &$name){ $name = trim($name); } $user_ids = fetch_user_ids($user_names); if (count($user_ids) !== count($user_names)){ $errors[] = 'the following user could not be found: '. implode(', ', array_diff($user_names, array_keys($user_ids))); } } if(empty($_POST['subject'])){ $errors[] = 'you must enter subject.'; } if(empty($_POST['body'])){ $errors[] = 'you must enter body.'; } if(empty($errors)){ // } } if (isset($errors)){ if (empty($errors)){ echo '<div class="msg success">Your message has been sent <a href="index.php?page=inbox"> Return to your inbox </a></div>'; } else { foreach ($errors as $error){ echo '<div class="msg error">', $error, '</div>'; } } } ?> <form action="" method="post"> <div> <label for="to">To</label> <input type="text" name="to" id="to" value="<?php if (isset($_POST['to'])) echo htmlentities($_POST['to']); ?>"/> </div> <div> <label for="subject">Subject</label> <input type="text" name="subject" id="subject" value="<?php if (isset($_POST['subject'])) echo htmlentities($_POST['subject']); ?>" /> </div> <div> <textarea name="body" rows="20" cols="110"><?php if (isset($_POST['body'])) echo htmlentities($_POST['body']); ?></textarea> </div> <div> <input type="submit" value="Send" /> </div> </form>user.inc.php
<?php //check username and password combination function validate_credentials($user_name, $user_password){ $user_name = mysql_real_escape_string($user_name); $user_password = sha1($user_password); $result = mysql_query("SELECT user_id FROM users WHERE user_name = '$user_name' AND user_password = '$user_password' "); echo mysql_error(); if (mysql_num_rows($result) != 1){ return false; } return mysql_result($result, 0); } function fetch_user_ids($user_names){ foreach ($user_names as &$name){ $name = mysql_real_escape_string($name); } $result = mysql_query("SELECT user_id, user_name FROM user WHERE user_name IN ('" . implode("','", $user_names) . "')"); $names = array(); while (($row = mysql_fetch_assoc($result)) !== false){ $name[$row['user_name']] = $row['user_id']; } return $names; } ?>inbox.page.inc.php
<div class="actions"> <p> Welcome..</p> <a href="index.php?page=new_conversation">New conversation</a> <a href="index.php?page=logout">Logout</a> </div>init.inc.php
<?php $core_path = dirname(__FILE__); if (empty($_GET['page']) || in_array("{$_GET['page']}.page.inc.php",scandir("{$core_path}/pages")) == false){ header('HTTP/1.1 404 Not Found'); header('Location: index.php?page=inbox'); die(); } session_start(); mysql_connect("localhost","root","") or die ("Couldn't connect!"); mysql_select_db("private_message_system") or die ("Couldn't find db!"); include("{$core_path}/inc/user.inc.php"); if (isset($_POST['user_name'], $_POST['user_password'])){ if (($user_id = validate_credentials($_POST['user_name'], $_POST['user_password'])) !== false){ $_SESSION['user_id'] = $user_id; header('Location: index.php?page=inbox'); die(); } } if (empty($_SESSION['user_id']) && $_GET['page'] !== 'login'){ header('HTTP/1.1 403 forbidden'); header('Location: index.php?page=login'); die(); } $include_file = "{$core_path}/pages/{$_GET['page']}.page.inc.php"; echo $include_file; ?>login.page.inc.php
<h1>Login</h1> <?php if (isset($_POST['user_name'], $_POST['user_password'])){ echo 'Login Failed'; } ?> <form action="index.php?page=login" method="post"> <div> <label for="user_name">Name</label> <input type="text" name="user_name" id="user_name" /> </div> <div> <label for="user_password">Password</label> <input type="password" name="user_password" id="user_password" /> </div> <div> <input type="submit" value="login"/> </div> </form>logout.page.inc.php
<?php session_destroy(); ?> <div class="msg success"> You have logout.</div>