Untitled

<?php

/*
In order for this script to work correctly, it
must be named pm.php

Please note that in order to use this script, you
will need a MySQL Database. To create the table,
run this query on your database in phpMyAdmin.

CREATE TABLE `forum_question` (
`id` int(4) NOT NULL auto_increment,
`subject` varchar(255) NOT NULL default '',
`message` longtext NOT NULL,
`from` varchar(65) NOT NULL default '',
`to` varchar(65) NOT NULL default '',
`date` varchar(25) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;
*/

// First retrieve the username
session_start();
$username = $_SESSION['myusername'];

// Check that the user is logged in. Customize the result as you please.
if (!isset($_SESSION['myusername'])) {
    die('Not Logged In');
}

// Fill in the below variables with your MySQL info
$db_host = 'localhost';
$db_user = '';
$db_pass = '';
$db_name = '';
$tbl_name = '';

// Make the database connection
mysql_connect($db_host, $db_user, $db_pass) or die ('Cannot Connect To Database');
mysql_select_db($db_name) or die ('Cannot Select Database');

// If a private message listing was requested
if (!isset($_GET['act'])) {

    // Add a header. Customise as you please
    echo "<h1>Private Messaging: Inbox</h1>";
    echo "<a href=pm.php?act=compose>Compose</a><br>";

    // Begin the table. Customize as you please.
    echo "<table width=100%><tr>";
    echo "<td>Subject</td>";
    echo "<td>From</td>";
    echo "<td>Date</td>";
    echo "</tr>";

    // Perform the listing query
    $result = mysql_query("SELECT * FROM ".$tbl_name." WHERE to='".$username."';");

    // Start looping. You can customize the result as you please, but leave the $row intact
    while($row = mysql_fetch_array($result)){
        echo "<tr>";
        echo "<td><a href=pm.php?act=read&id=".$row['id'].">".$row['subject']."</a></td>";
        echo "<td>".$row['from']."</td>";
        echo "<td>".$row['date']."</td>";
        echo "</tr>";
    }

    // End the table
    echo "</table>";

// If the user requested to read a PM
}elseif ($_GET['act'] == 'read') {

    // Add a header. Customise as you please
    echo "<h1>Private Messaging: Read</h1>";
    echo "<a href=pm.php>Back to Inbox</a><br>";

    // Begin the table. Customize as you please.
    echo "<table width=100%>";

    // Perform the reading query
    $result = mysql_query("SELECT * FROM ".$tbl_name." WHERE id='".$_GET['id']."';");

    // Start looping. You can customize the result as you please, but leave the $row intact
    while($row = mysql_fetch_array($result)){
        echo "<tr>";
        echo "<td>From</td><td>".$row['from']."</td>";
        echo "<td>Date</td><td>".$row['date']."</td>";
        echo "<td>Subject</td><td><b>".$row['subject']."</b></td>";
        echo "<td>Message</td><td>".$row['message']."</td>";
        echo "</tr>";
    }

    // End the table
    echo "</table>";

// If the user requested to compose a PM
}elseif ($_GET['act'] == 'compose') {

    // Add a header. Customise as you please
    echo "<h1>Private Messaging: Compose</h1>";
    echo "<a href=pm.php>Back to Inbox</a><br>";

    // Echo the form parts. Customize as you please.
    echo "<form method=post action=pm.php?act=send>";
    echo "Recipient: <input type=name name=to><br>";
    echo "Subject: <input type=subject name=subject>";
    echo "<p><textarea name=message></textarea></p>";
    echo "</form>";

// If the user requested to send a PM
}elseif ($_GET['act'] == 'send') {

    // Generate an ID
    $id = date('mdHis');

    // Generate the date
    $date = date('h:iA l jS F Y');

    // Perform the query
    mysql_query("INSERT INTO `".$tbl_name."` VALUES (".$id.", '".$_POST['subject']."', '".$_POST

['message']."', '".$username."', '".$_POST['to']."', '".$date."');") or die ('Could Not Send!');

    // Finished. Customize this as you please.
    echo "Sent.";

}else{
    die('Bad Request');
}