engelsystem/includes/model/Message_model.php

<?php

/**
 * Returns Message id array
 */
function Message_ids()
{
    return sql_select("SELECT `id` FROM `Messages`");
}

/**
 * Returns message by id.
 *
 * @param $message_id message
 *          ID
 */
function Message($message_id)
{
    $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
    if ($message_source === false) {
        return false;
    }
    if (count($message_source) > 0) {
        return $message_source[0];
    }
    return null;
}

/**
 * TODO: use validation functions, return new message id
 * TODO: global $user con not be used in model!
 * send message
 *
 * @param $receiver_user_id User
 *          ID of Reciever
 * @param $text Text
 *          of Message
 */
function Message_send($receiver_user_id, $text)
{
    global $user;
  
    $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text));
    $receiver_user_id = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($receiver_user_id));
  
    if (($text != "" && is_numeric($receiver_user_id)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($receiver_user_id) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0)) {
        sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($receiver_user_id) . "', `Text`='" . sql_escape($text) . "'");
        return true;
    }
  
    return false;
}
reviewed cookies api 2014-01-07 15:50:16 +01:00			`<?php`

prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`/**`
			`* Returns Message id array`
reviewed cookies api 2014-01-07 15:50:16 +01:00			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function Message_ids()`
			`{`
			return sql_select("SELECT `id` FROM `Messages`");
reviewed cookies api 2014-01-07 15:50:16 +01:00			`}`

			`/**`
			`* Returns message by id.`
			`*`
make short variable names longer 2016-09-29 12:45:06 +02:00			`* @param $message_id message`
reviewed cookies api 2014-01-07 15:50:16 +01:00			`* ID`
			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function Message($message_id)`
			`{`
			$message_source = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
			`if ($message_source === false) {`
			`return false;`
			`}`
			`if (count($message_source) > 0) {`
			`return $message_source[0];`
			`}`
			`return null;`
reviewed cookies api 2014-01-07 15:50:16 +01:00			`}`

			`/**`
			`* TODO: use validation functions, return new message id`
			`* TODO: global $user con not be used in model!`
			`* send message`
			`*`
make short variable names longer 2016-09-29 12:45:06 +02:00			`* @param $receiver_user_id User`
reviewed cookies api 2014-01-07 15:50:16 +01:00			`* ID of Reciever`
			`* @param $text Text`
			`* of Message`
			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function Message_send($receiver_user_id, $text)`
			`{`
			`global $user;`
reviewed cookies api 2014-01-07 15:50:16 +01:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text));`
			`$receiver_user_id = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($receiver_user_id));`
reviewed cookies api 2014-01-07 15:50:16 +01:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			if (($text != "" && is_numeric($receiver_user_id)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($receiver_user_id) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0)) {
			sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($receiver_user_id) . "', `Text`='" . sql_escape($text) . "'");
			`return true;`
			`}`
small code improvements 2016-09-30 18:49:33 +02:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`return false;`
reviewed cookies api 2014-01-07 15:50:16 +01:00			`}`