engelsystem/includes/model/Message_model.php

<?php

/**
 * Returns Message id array
 */
function Message_ids()
{
    return sql_select("SELECT `id` FROM `Messages`");
}

/**
 * Returns message by id.
 *
 * @param $message_id message
 *                    ID
 */
function Message($message_id)
{
    $message_source = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
    if ($message_source === false) {
        return false;
    }
    if (count($message_source) > 0) {
        return $message_source[0];
    }
    return null;
}

/**
 * TODO: use validation functions, return new message id
 * TODO: global $user con not be used in model!
 * send message
 *
 * @param $receiver_user_id User
 *                          ID of Reciever
 * @param $text             Text
 *                          of Message
 */
function Message_send($receiver_user_id, $text)
{
    global $user;

    $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text));
    $receiver_user_id = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($receiver_user_id));

    if (
        ($text != "" && is_numeric($receiver_user_id))
        && (sql_num_query("
            SELECT *
            FROM `User`
            WHERE `UID`='" . sql_escape($receiver_user_id) . "'
            AND NOT `UID`='" . sql_escape($user['UID']) . "'
            LIMIT 1
        ") > 0)
    ) {
        sql_query("
            INSERT INTO `Messages`
            SET `Datum`='" . sql_escape(time()) . "',
                `SUID`='" . sql_escape($user['UID']) . "',
                `RUID`='" . sql_escape($receiver_user_id) . "',
                `Text`='" . sql_escape($text) . "'
        ");
        return true;
    }

    return false;
}
reviewed cookies api 2014-01-07 15:50:16 +01:00			`<?php`

prohibit inline control structures on model and view 2016-09-29 11:18:17 +02:00			`/**`
			`* Returns Message id array`
reviewed cookies api 2014-01-07 15:50:16 +01:00			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function Message_ids()`
			`{`
			return sql_select("SELECT `id` FROM `Messages`");
reviewed cookies api 2014-01-07 15:50:16 +01:00			`}`

			`/**`
			`* Returns message by id.`
			`*`
make short variable names longer 2016-09-29 12:45:06 +02:00			`* @param $message_id message`
Formatting 2017-01-02 15:43:36 +01:00			`* ID`
reviewed cookies api 2014-01-07 15:50:16 +01:00			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function Message($message_id)`
			`{`
			$message_source = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($message_id) . "' LIMIT 1");
			`if ($message_source === false) {`
			`return false;`
			`}`
			`if (count($message_source) > 0) {`
			`return $message_source[0];`
			`}`
			`return null;`
reviewed cookies api 2014-01-07 15:50:16 +01:00			`}`

			`/**`
			`* TODO: use validation functions, return new message id`
			`* TODO: global $user con not be used in model!`
			`* send message`
			`*`
make short variable names longer 2016-09-29 12:45:06 +02:00			`* @param $receiver_user_id User`
Formatting 2017-01-02 15:43:36 +01:00			`* ID of Reciever`
			`* @param $text Text`
			`* of Message`
reviewed cookies api 2014-01-07 15:50:16 +01:00			`*/`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`function Message_send($receiver_user_id, $text)`
			`{`
			`global $user;`
Formatting 2017-01-02 15:43:36 +01:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text));`
			`$receiver_user_id = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($receiver_user_id));`
Formatting 2017-01-02 15:43:36 +01:00
			`if (`
			`($text != "" && is_numeric($receiver_user_id))`
			`&& (sql_num_query("`
			`SELECT *`
			FROM `User`
			WHERE `UID`='" . sql_escape($receiver_user_id) . "'
			AND NOT `UID`='" . sql_escape($user['UID']) . "'
			`LIMIT 1`
			`") > 0)`
			`) {`
			`sql_query("`
			INSERT INTO `Messages`
			SET `Datum`='" . sql_escape(time()) . "',
			`SUID`='" . sql_escape($user['UID']) . "',
			`RUID`='" . sql_escape($receiver_user_id) . "',
			`Text`='" . sql_escape($text) . "'
			`");`
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`return true;`
			`}`
Formatting 2017-01-02 15:43:36 +01:00
PSR-2 formatting 2017-01-02 03:57:23 +01:00			`return false;`
reviewed cookies api 2014-01-07 15:50:16 +01:00			`}`