From 6664433fabc8d2173c74c74bc30f569e68228fa2 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Sun, 5 Jan 2014 19:34:17 +0100 Subject: cookie-0006-API-add-cmd-sendMessage.patch --- includes/model/Message_model.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'includes/model/Message_model.php') diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php index 0141208b..d42dca5f 100644 --- a/includes/model/Message_model.php +++ b/includes/model/Message_model.php @@ -26,4 +26,26 @@ function mMessage($id) { return null; } + +/** + * send message + * + * @param $id User ID of Reciever + * @param $text Text of Message + */ +function mMessage_Send($id, $text) { + global $user; + + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text)); + $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags( $id)); + + if (($text != "" && is_numeric($to)) && + (sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) ) { + sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); + return true; + } else { + return false; + } + } + ?> \ No newline at end of file -- cgit v1.2.3-54-g00ecf