summaryrefslogtreecommitdiff
path: root/includes/model
diff options
context:
space:
mode:
Diffstat (limited to 'includes/model')
-rw-r--r--includes/model/Message_model.php22
1 files changed, 22 insertions, 0 deletions
diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php
index 0141208b..d42dca5f 100644
--- a/includes/model/Message_model.php
+++ b/includes/model/Message_model.php
@@ -26,4 +26,26 @@ function mMessage($id) {
return null;
}
+
+/**
+ * send message
+ *
+ * @param $id User ID of Reciever
+ * @param $text Text of Message
+ */
+function mMessage_Send($id, $text) {
+ global $user;
+
+ $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text));
+ $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags( $id));
+
+ if (($text != "" && is_numeric($to)) &&
+ (sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) ) {
+ sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
+ return true;
+ } else {
+ return false;
+ }
+ }
+
?> \ No newline at end of file