Transferring data between pages
Hi,
I posed a question asking how to stop other logged in users from reading other users messages by typing http://read_messages.php?message=1 and changing the message number, this was solved by using the following MySQL query:
$query = "SELECT * FROM messages WHERE userto='$_SESSION[userid]' AND messageid ='$_GET[messageid]'";
Can I use a query like this to stop users from emailing any user? for example, when I click on send message to user from a users profile, the url has: http://send_message.php?sendto=username with the username at the end, I tried using a hidden textbox and a form to transfer the username to the send message page but it didn't seem to transfer correctly.
Is it possible to stop users from entering any username in the url and sending them a message?
pr0gr4mm3r posted this at 13:09 — 31st March 2008.
He has: 1,502 posts
Joined: Sep 2006
What kind of users can messages be sent to?
greg posted this at 13:54 — 31st March 2008.
He has: 1,581 posts
Joined: Nov 2005
Adding to what pr0gr4mm3r wrote, do you allow anyone send messages to anyone?
What I'm asking (and I 'think' is what pr0gr4mm3r was getting at) for what reasons (or under what circumstance) would you NOT want a certain user to send another user an email?
If users have access to all profiles, and therefore all email addresses as they are in the profiles, maybe it is not a problem?
drew22299 posted this at 17:47 — 31st March 2008.
They have: 105 posts
Joined: Mar 2006
I see what you mean, at the moment users can view any profile and send a message to a user (not using that users email because it's not displayed, messages go to the message table. I'm guessing I would need a friends list or some sort of privacy setting that users could use to control who can send them a message?
greg posted this at 09:05 — 1st April 2008.
He has: 1,581 posts
Joined: Nov 2005
If it's a messaging system you made on your site, I made one of these recently.
I simply made a blocked list and friends list for members.
So they could set their own message system to be one of three things:
1) Recieve all, could block certain users
2) Recieve only from friends, user sending had to be on reciepient's friends list
3) Block all, only admin/mods could send this person a message
1, 2 and 3 are a set label in each users row in the DB table - allow_all, friends and block_all (DB field named messagetype)
Default upon registration is allow_all.
Then the queries are in if else. So for example -
If $row['messagetype'] == "allow_all" - then check sender is not on blocked list, if yes then tell sender is blocked for this user, else allow message to be sent
you get the idea
It is a little tricky, but not hard to check for the correct things depending on what the user has their messaging preferences set to.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.