I had this posted in another thread, but it was off topic from the original post...

All I need to know is what exactly is going on in these SQL queries belowso that I can pass the right stuff to the variables to get the PM to go through.

Thanks for any help.

And I was talking in the Ucash/Ushop forum yesterday and someone mentioned PMing a member after they were 'theifed'. I liked the idea and tried to poke around and see if there was a function to send PMs like creating threads, but couldn't find one.
Hmmm. Looks like there isn't a function to do it, but these DB queries do:

$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmtext\n\t(fromuserid, fromusername, title, message, touserarray, iconid, dateline, showsignature, allowsmilie)\nVALUES\n\t($bbuserinfo[userid], '" . addslashes($bbuserinfo['username']) . "', '$title', '$message', '" . addslashes(serialize($tostring)) . "', $iconid, " . TIMENOW . ", $signature, $disablesmilies)");

$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pm (pmtextid, userid, folderid, messageread) VALUES ($pmtextid, $bbuserinfo[userid], -1, 1)");

$DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1 WHERE userid=$bbuserinfo[userid]");

Can anyone explain how I pass whatever is needed in these queries and/or what the queries are exactly doing?

bump? anyone?

well the queries are pretty much self explanatory. The first one ads the PM to the database. The text, sender, reciever, title, icon, whatever is saved here.
The middle one enters a database row with a little less data. This is probably used when displaying the pm folders overview, as the database query gets a lot less intensive.
The last one ads a pm to the users pm count.

Could someone fill in the values for me for a fake PM? I guess the part I really don't understand is the addslashes and serialze stuff in the first query. Yeah I suck at PHP.

LOL

addslashes()
Should be used around all character data when inserting into the datebase to avoid exploits.

serialize
Used to store and array (or any other var) into a single field keeping the type an attribures. This means that you can later unserialize this single field again into the origianl var.

$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmtext\n\t(fromuserid, fromusername, title, message, touserarray, iconid, dateline, showsignature, allowsmilie)\nVALUES\n\t(1, '" . addslashes(fly) . "', 'test', 'this is a test', '" . addslashes(serialize(1)) . "', 0, " . TIMENOW . ", 0, 1)");

So would that be a valid query for the first one?

edit: I guess not.
Fatal error: Call to a member function on a non-object in /home/prozac/public_html/useless/test2.php on line 12

I suck at this.

I believe it would, yes.

$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmtext\n\t(fromuserid, fromusername, title, message, touserarray, iconid, dateline, showsignature, allowsmilie)\nVALUES\n\t(1, '" . addslashes(fly) . "', 'test', 'this is a test', '" . addslashes(serialize(1)) . "', 0, " . TIMENOW . ", 0, 1)");

So would that be a valid query for the first one?

edit: I guess not.


I suck at this.

Oops. I forgot I needed all the REQUIRE stuff at the top. HAHAHAHAHA

Now I don't get an error, but cant see the message inserted. =(

'fraid I don't think that's right. There's a load of logic missing.

The below code is untested but I think shoudl work. There's nothing in the way of email notification or read receipts in there.

James



$from_userid=1;
$from_username='adam';

$to_userid=2;
$to_username='eve';

$title = 'This is the subject';
$message = 'This is the message body';
$iconid = 0;
$signature=1; // 1 to show sig, 0 to hide it
$disablesmilies=1; // 1 to hide smilies, 0 to show them


// shouldn't need to edit below here


// build touserarray
$tostring=array($to_userid => $to_username);

// store the message
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmtext\n\t(fromuserid, fromusername, title, message, touserarray, iconid, dateline, showsignature, allowsmilie)\nVALUES\n\t($from_userid, '" . mysql_escape_string($from_username) . "', '". mysql_escape_string($title) ."', '". mysql_escape_string($message) ."', '" . addslashes(mysql_escape_string($tostring)) . "', $iconid, " . TIMENOW . ", $signature, $disablesmilies)");

// get the inserted private message id
$pmtextid = $DB_site->insert_id();

// save in outbox
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pm (pmtextid, userid, folderid, messageread) VALUES ($pmtextid, $from_id, -1, 1)");

// send in receiving user's inbox
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pm (pmtextid, userid) VALUES ($pmtextid, $to_userid)");

// add to PM sending user's total
$DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1 WHERE userid=$from_userid");
// add to PM receiving user's total
$DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1 WHERE userid=$to_userid");

Sweet! That was it. Initally I hadn't listed the other queries because I wanted to get the first one right. I really need to figure out how arrays work. LOL

Here was my final code. The only thing you missed was adding to the recipients unread totals, and I wanted a pmpopup...

$from_userid=1;
$from_username='fly';

$to_userid=1;
$to_username='fly';

$title = 'This is the subject1';
$message = 'This is the message body1';
$iconid = 0;
$signature=1; // 1 to show sig, 0 to hide it
$disablesmilies=1; // 1 to hide smilies, 0 to show them


// shouldn't need to edit below here


// build touserarray
$tostring=array($to_userid => $to_username);

// store the message
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmtext\n\t(fromuserid, fromusername, title, message, touserarray, iconid, dateline, showsignature, allowsmilie)\nVALUES\n\t($from_userid, '" . mysql_escape_string($from_username) . "', '". mysql_escape_string($title) ."', '". mysql_escape_string($message) ."', '" . addslashes(mysql_escape_string($tostring)) . "', $iconid, " . TIMENOW . ", $signature, $disablesmilies)");

// get the inserted private message id
$pmtextid = $DB_site->insert_id();

// save in outbox
// $DB_site->query("INSERT INTO " . TABLE_PREFIX . "pm (pmtextid, userid, folderid, messageread) VALUES ($pmtextid, $from_id, -1, 1)");

// send in receiving user's inbox
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pm (pmtextid, userid) VALUES ($pmtextid, $to_userid)");

// update recipient pm totals (with pm-popup)
// $DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1, pmunread=pmunread+1, pmpopup=2 WHERE userid IN(" . implode(', ', $pmpopupSql) . ")");

// add to PM sending user's total
$DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1 WHERE userid=$from_userid");

// add to PM receiving user's total (with pm-popup)
$DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1, pmunread=pmunread+1, pmpopup=2 WHERE userid=$to_userid");

Here's the function in uShop 0.96 (which will be released "soon"):

// Send a PM.
function uttstore_send_pm($title, $text, $user, $from=0) {
global $DB_site, $bbuserinfo, $vboptions;

if ($from == 0) {
$from = $bbuserinfo;
}

if ($from == "default") {
$from = $DB_site->query_first("SELECT * FROM ".TABLE_PREFIX."user WHERE userid=$vboptions[uttstore_pmfrom]");
}

$title = str_replace(" ", " ", $title);
$text = str_replace(" ", " ", $text);

if (isset($user[0]['userid'])) {
// Sending to multiple.
foreach ($user as $omguser) {
$tostring["$omguser[userid]"] = $omguser['username'];
}
} else {
// Sending to one.
$tostring["$user[userid]"] = $user['username'];
}

$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pmtext\n\t(fromuserid, fromusername, title, message, touserarray, iconid, dateline, showsignature, allowsmilie)\nVALUES\n\t($from[userid], '" . addslashes($from['username']) . "', '$title', '".addslashes($text)."', '" . addslashes(serialize($tostring)) . "', 0, " . TIMENOW . ", 0, 1)");
$pmtextid = $DB_site->insert_id();

if (isset($user[0]['userid'])) {
// Sending to multiple.
foreach ($user as $omguser) {
(isset($pmquery) ? $pmquery .= ",\n\t" : $pmquery = '');
$pmquery .= "($pmtextid, $omguser[userid])";
(isset($in) ? $in .= ",$omguser[userid]" : $in = $omguser['userid']);
}
} else {
$pmquery .= "($pmtextid, $user[userid])";
$in = $user['userid'];
}

$DB_site->query("INSERT INTO " . TABLE_PREFIX . "pm (pmtextid, userid) VALUES $pmquery");
$DB_site->shutdown_query("UPDATE " . TABLE_PREFIX . "user SET pmtotal=pmtotal+1, pmunread=pmunread+1 WHERE userid IN ($in)");

}

$title and $text should be the title and body of the message respectively, $user can either be an array of a username and userid, or an array of arrays of usernames and userids if you are sending to multiple people ($user['userid'] and $user['username'] or $user[0]['userid'] and so on). $from should be a username/userid array of the user you want the PM to be from, or if it is not set, it defaults to $bbuserinfo. It also has a $from = "default" code in there which could be used, but you might want to change the setting it looks for. ;)

Thanks! Must... resist... urge... to ask about .96... LOL