php - personal messaging system not working -


i'm adding personal messaging system site. have 2 tables: 1 users , 1 messages. have 3 php files, 1 see list of messages, 1 make new 1 , 1 read file.

the databases working well, list not show (0 messages). can see error? guess should in 1 of queries. thanks

first file list_pm.php:

 <?php     //we check if user logged     if(isset($_session['id'])) { //we list messages in table  //two queries executes, 1 unread messages , read messages  $req1 = mysqli_query($link,'select m1.id, m1.title, m1.timestamp, count(m2.id) reps, users.id userid, users.email pm m1, pm m2,users ((m1.user1="'.$_session['userid'].'" , m1.user1read="no" , users.id=m1.user2 ) or (m1.user2="'.$_session['userid'].'" , m1.user2read="no" , users.id=m1.user1)) , m1.id2="1" , m2.id=m1.id group m1.id order m1.id desc');  $req2 = mysqli_query($link,'select m1.id, m1.title, m1.timestamp, count(m2.id) reps, users.id userid, users.email pm m1, pm m2,users ((m1.user1="'.$_session['userid'].'" , m1.user1read="yes" , users.id=m1.user2) or (m1.user2="'.$_session['userid'].'" , m1.user2read="yes" , users.id=m1.user1)) , m1.id2="1" , m2.id=m1.id group m1.id order m1.id desc');  ?>  list of messages:<br /> <a href="new_pm.php" class="link_new_pm">new pm</a><br /> <h3>unread messages(<?php echo intval(mysqli_num_rows($req1)); ?>):</h3> <table>         <tr>         <th class="title_cell">title</th>         <th>nb. replies</th>         <th>participant</th>         <th>date of creation</th>     </tr> <?php  //we display list of unread messages  while($dn1 = mysqli_fetch_array($req1)) { ?>         <tr>         <td class="left"><a href="read_pm.php?id=<?php echo $dn1['id']; ?>"><?php echo htmlentities($dn1['title'], ent_quotes, 'utf-8'); ?></a></td>         <td><?php echo $dn1['reps']-1; ?></td>         <td><a href="profile.php?id=<?php echo $dn1['userid']; ?>"><?php echo htmlentities($dn1['email'], ent_quotes, 'utf-8'); ?></a></td>         <td><?php echo date('y/m/d h:i:s' ,$dn1['timestamp']); ?></td>     </tr> <?php } //if there no unread message notice if(intval(mysqli_num_rows($req1))==0) { ?>         <tr>         <td colspan="4" class="center">you have no unread message.</td>     </tr> <?php } ?> </table> <br /> <h3>read messages(<?php echo intval(mysqli_num_rows($req2)); ?>):</h3> <table>         <tr>         <th class="title_cell">title</th>         <th>nb. replies</th>         <th>participant</th>         <th>date or creation</th>     </tr> <?php //we display list of read messages while($dn2 = mysqli_fetch_array($req2)) { ?>         <tr>         <td class="left"><a href="read_pm.php?id=<?php echo $dn2['id']; ?>"><?php echo htmlentities($dn2['title'], ent_quotes, 'utf-8'); ?></a></td>         <td><?php echo $dn2['reps']-1; ?></td>         <td><a href="profile.php?id=<?php echo $dn2['userid']; ?>"><?php echo htmlentities($dn2['email'], ent_quotes, 'utf-8'); ?></a></td>         <td><?php echo date('y/m/d h:i:s' ,$dn2['timestamp']); ?></td>     </tr> <?php } //if there no read message notice if(intval(mysqli_num_rows($req2))==0) { ?>         <tr>         <td colspan="4" class="center">you have no read message.</td>     </tr> <?php } ?> </table> <?php } else {         echo 'you must logged access page.'; } ?> 

//second file make new pm : new_pm.php

<?php //we check if user logged if(isset($_session['id'])) { $form = true; $otitle = ''; $orecip = ''; $omessage = ''; //we check if form has been sent if(isset($_post['title'], $_post['recip'], $_post['message'])) {         $otitle = $_post['title'];         $orecip = $_post['recip'];         $omessage = $_post['message'];          //we remove slashes depending on configuration              if(get_magic_quotes_gpc())         {                        //$otitle = stripslashes($otitle);                 //$orecip = stripslashes($orecip);                 //$omessage = stripslashes($omessage);         }          //we check if fields filled          if($_post['title']!='' , $_post['recip']!='' , $_post['message']!='')         {                 //we protect variables                 // $title = mysqli_real_escape_string($otitle);                 //$recip = mysqli_real_escape_string($orecip);                // $message = mysqli_real_escape_string(nl2br(htmlentities($omessage, ent_quotes, 'utf-8')));                  //we check if recipient exists                  $dn1 = mysqli_fetch_array(mysqli_query($link,'select count(id) recip, id recipid , (select count(*) pm) npm users email ="'.$orecip.'"'));                  if($dn1['recip']==1)                  {                         //we check if recipient not actual user                          if($dn1['recipid']!=$_session['id'])                         {                                 $id = $dn1['npm']+1;                                  //we send message                                  if(mysqli_query($link,'insert pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "1", "'.$otitle.'", "'.$_session['id'].'", "'.$dn1['recipid'].'", "'.$omessage.'", "'.time().'", "yes", "no")'))                                 { ?> <div class="message">the message has been sent.<br /> <a href="list_pm.php">list of personal messages</a></div> <?php                                         $form = false;                                 }                                 else                                 {                                         //otherwise, error occured                                         $error = 'an error occurred while sending message';                                 }                         }                         else                         {                                 //otherwise, user cannot send message himself                                 $error = 'you cannot send message yourself.';                         }                 }                 else                 {                         //otherwise, recipient not exists                         $error = 'the recipient not exists.';                 }         }         else         {                 //otherwise, field empty                 $error = 'a field empty. please fill of fields.';         } } elseif(isset($_get['recip'])) {         //we username recipient if available         $orecip = $_get['recip']; } if($form) { //we display message if necessary if(isset($error)) {         echo '<div class="message">'.$error.'</div>'; } //we display form ?> <div class="content">         <h1>new personal message</h1>     <form action="new_pm.php" method="post">                 please fill following form send personal message.<br />         <label for="title">title</label><input type="text" value="<?php echo htmlentities($otitle, ent_quotes, 'utf-8'); ?>" id="title" name="title" /><br />         <label for="recip">recipient<span class="small">(useremail)</span></label><input type="text" value="<?php echo htmlentities($orecip, ent_quotes, 'utf-8'); ?>" id="recip" name="recip" /><br />         <label for="message">message</label><textarea cols="40" rows="5" id="message" name="message"><?php echo htmlentities($omessage, ent_quotes, 'utf-8'); ?></textarea><br />         <input type="submit" value="send" />     </form> </div> <?php } } else {         echo '<div class="message">you must logged access page.</div>'; } ?> 

and last 1 read message read_pm.php:

<?php //we check if user logged if(isset($_session['id'])) { //we check if id of discussion defined if(isset($_get['id'])) { $id = intval($_get['id']);  //we title , narators of discussion  $req1 = mysqli_query($link,'select title, user1, user2 pm id="'.$id.'" , id2="1"'); $dn1 = mysqli_fetch_array($req1);  //we check if discussion exists  if(mysqli_num_rows($req1)==1) { //we check if user have right read discussion  if($dn1['user1']==$_session['id'] or $dn1['user2']==$_session['id']) { //the discussion placed in read messages  if($dn1['user1']==$_session['id']) {         mysqli_query($link,'update pm set user1read="yes" id="'.$id.'" , id2="1"');         $user_partic = 2; } else {         mysqli_query($link,'update pm set user2read="yes" id="'.$id.'" , id2="1"');         $user_partic = 1; }  //we list of messages  $req2 = mysqli_query($link,'select pm.timestamp, pm.message, users.id userid, users.username, users.avatar pm, users pm.id="'.$id.'" , users.id=pm.user1 order pm.id2');  //we check if form has been sent  if(isset($_post['message']) , $_post['message']!='') {         $message = $_post['message'];          //we remove slashes depending on configuration          if(get_magic_quotes_gpc())         {                 $message = stripslashes($message);         }         //we protect variables          $message = mysqli_real_escape_string(nl2br(htmlentities($message, ent_quotes, 'utf-8')));          //we send message , change status of discussion unread recipient          if(mysqli_query($link,'insert pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "'.(intval(mysqli_num_rows($req2))+1).'", "", "'.$_session['userid'].'", "", "'.$message.'", "'.time().'", "", "")') , mysqli_query($link,'update pm set user'.$user_partic.'read="yes" id="'.$id.'" , id2="1"'))         { ?> <div class="message">your message has been sent.<br /> <a href="read_pm.php?id=<?php echo $id; ?>">go discussion</a></div> <?php         }         else         { ?> <div class="message">an error occurred while sending message.<br /> <a href="read_pm.php?id=<?php echo $id; ?>">go discussion</a></div> <?php         } } else { //we display messages ?> <div class="content"> <h1><?php echo $dn1['title']; ?></h1> <table class="messages_table">         <tr>         <th class="author">user</th>         <th>message</th>     </tr> <?php while($dn2 = mysql_fetch_array($req2)) { ?>          <tr>         <td class="author center"><?php if($dn2['avatar']!='') {         echo '<img src="'.htmlentities($dn2['avatar']).'" alt="image perso" style="max-width:100px;max-height:100px;" />'; } ?><br /><a href="profile.php?id=<?php echo $dn2['userid']; ?>"><?php echo $dn2['email']; ?></a></td>         <td class="left"><div class="date">sent: <?php echo date('m/d/y h:i:s' ,$dn2['timestamp']); ?></div>         <?php echo $dn2['message']; ?></td>     </tr> <?php } //we display reply form ?> </table><br /> <h2>reply</h2> <div class="center">     <form action="read_pm.php?id=<?php echo $id; ?>" method="post">         <label for="message" class="center">message</label><br />         <textarea cols="40" rows="5" name="message" id="message"></textarea><br />         <input type="submit" value="send" />     </form> </div> </div> <?php } } else {         echo '<div class="message">you dont have rights access page.</div>'; } } else {         echo '<div class="message">this discussion not exists.</div>'; } } else {         echo '<div class="message">the discussion id not defined.</div>'; } } else {         echo '<div class="message">you must logged access page.</div>'; } ?> 

the table structure:

create table `pm` (   `id` bigint(20) not null,   `id2` int(11) not null,   `title` varchar(256) not null,   `user1` bigint(20) not null,   `user2` bigint(20) not null,   `message` text not null,   `timestamp` int(10) not null,   `user1read` varchar(3) not null,   `user2read` varchar(3) not null ) engine=myisam default charset=utf8 

really appreciate guys


Comments