diff options
Diffstat (limited to 'includes/model/Message_model.php')
-rw-r--r-- | includes/model/Message_model.php | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php index 92b76a80..0195fbea 100644 --- a/includes/model/Message_model.php +++ b/includes/model/Message_model.php @@ -10,11 +10,11 @@ function Message_ids() { /** * Returns message by id. * - * @param $id message + * @param $message_id message * ID */ -function Message($id) { - $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1"); +function Message($message_id) { + $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1"); if ($message_source === false) { return false; } @@ -29,19 +29,19 @@ function Message($id) { * TODO: global $user con not be used in model! * send message * - * @param $id User + * @param $receiver_user_id User * ID of Reciever * @param $text Text * of Message */ -function Message_send($id, $text) { +function Message_send($receiver_user_id, $text) { global $user; $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text)); - $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($id)); + $receiver_user_id = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($receiver_user_id)); - if (($text != "" && is_numeric($to)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($to) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0)) { - sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($to) . "', `Text`='" . sql_escape($text) . "'"); + if (($text != "" && is_numeric($receiver_user_id)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($receiver_user_id) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0)) { + sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($receiver_user_id) . "', `Text`='" . sql_escape($text) . "'"); return true; } else { return false; |