php实现私信

实现私信功能的PHP方案

私信功能通常涉及用户间消息的发送、存储和展示。以下是实现私信功能的核心模块和代码示例：

数据库设计

创建消息表存储私信记录：

CREATE TABLE private_messages (
    id INT AUTO_INCREMENT PRIMARY KEY,
    sender_id INT NOT NULL,
    recipient_id INT NOT NULL,
    message TEXT NOT NULL,
    is_read TINYINT DEFAULT 0,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    FOREIGN KEY (sender_id) REFERENCES users(id),
    FOREIGN KEY (recipient_id) REFERENCES users(id)
);

发送私信功能

创建消息发送处理脚本（send_message.php）：

<?php
session_start();
require 'db_connection.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_SESSION['user_id'])) {
    $sender_id = $_SESSION['user_id'];
    $recipient_id = filter_input(INPUT_POST, 'recipient_id', FILTER_VALIDATE_INT);
    $message = trim(filter_input(INPUT_POST, 'message', FILTER_SANITIZE_STRING));

    if ($recipient_id && !empty($message)) {
        $stmt = $pdo->prepare("INSERT INTO private_messages 
                             (sender_id, recipient_id, message) 
                             VALUES (?, ?, ?)");
        $stmt->execute([$sender_id, $recipient_id, $message]);

        header("Location: messages.php?success=1");
        exit;
    }
}
header("Location: messages.php?error=1");
?>

收件箱功能

创建消息列表页面（messages.php）：

<?php
session_start();
require 'db_connection.php';

$user_id = $_SESSION['user_id'] ?? null;
if (!$user_id) {
    header("Location: login.php");
    exit;
}

// 获取收到的消息
$stmt = $pdo->prepare("SELECT pm.*, u.username as sender_name 
                       FROM private_messages pm
                       JOIN users u ON pm.sender_id = u.id
                       WHERE pm.recipient_id = ?
                       ORDER BY pm.created_at DESC");
$stmt->execute([$user_id]);
$received_messages = $stmt->fetchAll();

// 获取发送的消息
$stmt = $pdo->prepare("SELECT pm.*, u.username as recipient_name 
                       FROM private_messages pm
                       JOIN users u ON pm.recipient_id = u.id
                       WHERE pm.sender_id = ?
                       ORDER BY pm.created_at DESC");
$stmt->execute([$user_id]);
$sent_messages = $stmt->fetchAll();
?>

<!-- HTML显示部分 -->
<div class="message-container">
    <h3>收件箱</h3>
    <?php foreach ($received_messages as $msg): ?>
    <div class="message <?= $msg['is_read'] ? '' : 'unread' ?>">
        <p>来自: <?= htmlspecialchars($msg['sender_name']) ?></p>
        <p><?= nl2br(htmlspecialchars($msg['message'])) ?></p>
        <small><?= $msg['created_at'] ?></small>
    </div>
    <?php endforeach; ?>
</div>

消息标记为已读

添加消息状态更新功能：

// 在查看消息时标记为已读
if (isset($_GET['mark_as_read'])) {
    $message_id = filter_input(INPUT_GET, 'mark_as_read', FILTER_VALIDATE_INT);
    if ($message_id) {
        $stmt = $pdo->prepare("UPDATE private_messages 
                              SET is_read = 1 
                              WHERE id = ? AND recipient_id = ?");
        $stmt->execute([$message_id, $user_id]);
    }
}

安全性增强措施

添加CSRF防护和输入验证：

// 在表单中添加CSRF token
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));

// 在提交时验证
if ($_POST['csrf_token'] !== $_SESSION['csrf_token']) {
    die('CSRF验证失败');
}

实时消息通知（可选）

使用WebSocket或AJAX轮询实现实时通知：

// 前端定期检查新消息
setInterval(function() {
    fetch('check_new_messages.php')
        .then(response => response.json())
        .then(data => {
            if (data.new_messages > 0) {
                document.getElementById('notification').textContent = data.new_messages;
            }
        });
}, 30000);

性能优化建议

对于大量消息的系统：

• 实现分页查询
• 为常用查询字段添加索引
• 考虑将长时间不活跃的对话归档

以上代码提供了私信系统的基础实现，可根据具体需求扩展功能如消息撤回、已读回执、附件支持等。