php实现站内私信功能

实现站内私信功能

数据库设计

创建私信相关的数据表，通常包括用户表和私信表。用户表存储用户信息，私信表存储消息内容。

用户表（users）结构示例：

CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(50) NOT NULL,
    email VARCHAR(100) NOT NULL,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

私信表（messages）结构示例：

CREATE TABLE messages (
    id INT AUTO_INCREMENT PRIMARY KEY,
    sender_id INT NOT NULL,
    receiver_id INT NOT NULL,
    message TEXT NOT NULL,
    is_read BOOLEAN DEFAULT FALSE,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    FOREIGN KEY (sender_id) REFERENCES users(id),
    FOREIGN KEY (receiver_id) REFERENCES users(id)
);

发送私信功能

创建一个表单用于发送私信，表单提交后处理发送逻辑。

发送私信表单示例：

<form action="send_message.php" method="post">
    <input type="hidden" name="receiver_id" value="<?php echo $receiver_id; ?>">
    <textarea name="message" placeholder="输入消息内容"></textarea>
    <button type="submit">发送</button>
</form>

发送私信处理（send_message.php）：

<?php
session_start();
require_once 'db_connection.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_SESSION['user_id'])) {
    $sender_id = $_SESSION['user_id'];
    $receiver_id = $_POST['receiver_id'];
    $message = trim($_POST['message']);

    if (!empty($message)) {
        $stmt = $pdo->prepare("INSERT INTO messages (sender_id, receiver_id, message) VALUES (?, ?, ?)");
        $stmt->execute([$sender_id, $receiver_id, $message]);
        header("Location: messages.php?success=1");
        exit;
    }
}
header("Location: messages.php?error=1");
exit;
?>

查看私信功能

创建一个页面用于显示用户收到的私信列表。

私信列表页面（messages.php）：

<?php
session_start();
require_once 'db_connection.php';

if (!isset($_SESSION['user_id'])) {
    header("Location: login.php");
    exit;
}

$user_id = $_SESSION['user_id'];
$stmt = $pdo->prepare("SELECT m.*, u.username as sender_name FROM messages m JOIN users u ON m.sender_id = u.id WHERE m.receiver_id = ? ORDER BY m.created_at DESC");
$stmt->execute([$user_id]);
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
?>

<!DOCTYPE html>
<html>
<head>
    <title>我的私信</title>
</head>
<body>
    <h1>收到的私信</h1>
    <?php foreach ($messages as $message): ?>
        <div>
            <p>来自: <?php echo htmlspecialchars($message['sender_name']); ?></p>
            <p>内容: <?php echo htmlspecialchars($message['message']); ?></p>
            <p>时间: <?php echo $message['created_at']; ?></p>
        </div>
    <?php endforeach; ?>
</body>
</html>

标记已读功能

在查看私信时，可以添加标记已读的功能。

更新私信为已读：

$stmt = $pdo->prepare("UPDATE messages SET is_read = TRUE WHERE id = ? AND receiver_id = ?");
$stmt->execute([$message_id, $user_id]);

实时通知

使用Ajax轮询或WebSocket实现新消息实时通知。

Ajax轮询示例：

setInterval(function() {
    $.ajax({
        url: 'check_new_messages.php',
        success: function(response) {
            if (response.count > 0) {
                $('#notification').text('你有 ' + response.count + ' 条新消息');
            }
        }
    });
}, 5000);

检查新消息（check_new_messages.php）：

<?php
session_start();
require_once 'db_connection.php';

if (!isset($_SESSION['user_id'])) {
    exit;
}

$user_id = $_SESSION['user_id'];
$stmt = $pdo->prepare("SELECT COUNT(*) as count FROM messages WHERE receiver_id = ? AND is_read = FALSE");
$stmt->execute([$user_id]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);

header('Content-Type: application/json');
echo json_encode($result);
?>

安全性考虑

对用户输入进行过滤和验证，防止SQL注入和XSS攻击。

$message = filter_input(INPUT_POST, 'message', FILTER_SANITIZE_STRING);

使用预处理语句防止SQL注入，对输出内容使用htmlspecialchars()防止XSS攻击。

echo htmlspecialchars($message, ENT_QUOTES, 'UTF-8');

性能优化

为频繁查询的字段添加索引，例如receiver_id和is_read字段。

CREATE INDEX idx_receiver ON messages(receiver_id);
CREATE INDEX idx_read_status ON messages(is_read);

对于大量消息，实现分页功能减轻数据库压力。

$page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
$limit = 10;
$offset = ($page - 1) * $limit;

$stmt = $pdo->prepare("SELECT m.*, u.username as sender_name FROM messages m JOIN users u ON m.sender_id = u.id WHERE m.receiver_id = ? ORDER BY m.created_at DESC LIMIT ? OFFSET ?");
$stmt->execute([$user_id, $limit, $offset]);