summaryrefslogtreecommitdiff
path: root/includes/model/Message_model.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/model/Message_model.php')
-rw-r--r--includes/model/Message_model.php16
1 files changed, 8 insertions, 8 deletions
diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php
index 92b76a80..0195fbea 100644
--- a/includes/model/Message_model.php
+++ b/includes/model/Message_model.php
@@ -10,11 +10,11 @@ function Message_ids() {
/**
* Returns message by id.
*
- * @param $id message
+ * @param $message_id message
* ID
*/
-function Message($id) {
- $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
+function Message($message_id) {
+ $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
if ($message_source === false) {
return false;
}
@@ -29,19 +29,19 @@ function Message($id) {
* TODO: global $user con not be used in model!
* send message
*
- * @param $id User
+ * @param $receiver_user_id User
* ID of Reciever
* @param $text Text
* of Message
*/
-function Message_send($id, $text) {
+function Message_send($receiver_user_id, $text) {
global $user;
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text));
- $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($id));
+ $receiver_user_id = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($receiver_user_id));
- if (($text != "" && is_numeric($to)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($to) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0)) {
- sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($to) . "', `Text`='" . sql_escape($text) . "'");
+ if (($text != "" && is_numeric($receiver_user_id)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($receiver_user_id) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0)) {
+ sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($receiver_user_id) . "', `Text`='" . sql_escape($text) . "'");
return true;
} else {
return false;