diff options
Diffstat (limited to 'includes/model/Message_model.php')
| -rw-r--r-- | includes/model/Message_model.php | 81 |
1 files changed, 50 insertions, 31 deletions
diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php index 652b60ea..ebd4b37e 100644 --- a/includes/model/Message_model.php +++ b/includes/model/Message_model.php @@ -1,27 +1,30 @@ <?php +use Engelsystem\Database\DB; + /** * Returns Message id array + * + * @return array */ -function Message_ids() { - return sql_select("SELECT `id` FROM `Messages`"); +function Message_ids() +{ + return DB::select('SELECT `id` FROM `Messages`'); } /** * Returns message by id. * - * @param $message_id message - * ID + * @param int $message_id message ID + * @return array|null */ -function Message($message_id) { - $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1"); - if ($message_source === false) { - return false; - } - if (count($message_source) > 0) { - return $message_source[0]; - } - return null; +function Message($message_id) +{ + $message_source = DB::select('SELECT * FROM `Messages` WHERE `id`=? LIMIT 1', [$message_id]); + if (empty($message_source)) { + return null; + } + return array_shift($message_source); } /** @@ -29,23 +32,39 @@ function Message($message_id) { * TODO: global $user con not be used in model! * send message * - * @param $receiver_user_id User - * ID of Reciever - * @param $text Text - * of Message + * @param int $receiver_user_id User ID of Reciever + * @param string $text Text of Message + * @return bool */ -function Message_send($receiver_user_id, $text) { - global $user; - - $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text)); - $receiver_user_id = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($receiver_user_id)); - - if (($text != "" && is_numeric($receiver_user_id)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($receiver_user_id) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0)) { - sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($receiver_user_id) . "', `Text`='" . sql_escape($text) . "'"); - return true; - } - - return false; -} +function Message_send($receiver_user_id, $text) +{ + global $user; -?>
\ No newline at end of file + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text)); + $receiver_user_id = preg_replace('/([^\d]{1,})/ui', '', strip_tags($receiver_user_id)); + + if ( + ($text != '' && is_numeric($receiver_user_id)) + && count(DB::select(' + SELECT `UID` + FROM `User` + WHERE `UID` = ? + AND NOT `UID` = ? + LIMIT 1 + ', [$receiver_user_id, $user['UID']])) > 0 + ) { + return DB::insert(' + INSERT INTO `Messages` (`Datum`, `SUID`, `RUID`, `Text`) + VALUES(?, ?, ?, ?) + ', + [ + time(), + $user['UID'], + $receiver_user_id, + $text + ] + ); + } + + return false; +} |