View file katrinka.ru/admin/msgsend.php

<?php
  include '../wap/config.php';
  include '../wap/guestbook/mylib.php';
  include 'acl.php';
  if (!$uid) list ($uid, $pl) = priv_level();
  $message=htmlspecialchars(trim($_POST['message']),ENT_QUOTES);
  $agent=$_SERVER['HTTP_USER_AGENT'];
  $addr=$_SERVER['REMOTE_ADDR'];
  $to=htmlspecialchars(trim($_POST['to_id']),ENT_QUOTES);
  $tto=htmlspecialchars(trim($_POST['login']),ENT_QUOTES);

    if (!($conn=pg_connect("host=$dbhost port=$dbport dbname=$dbname user=$dbuser password=$dbpass"))) exit;
  pg_query($conn,"SET CLIENT_ENCODING TO 'KOI8';");

  if (($tto!='')&&(!$to)) {
	$res=pg_query($conn,"select id from users where login='$tto';");
	if (pg_numrows($res)==1) $to=pg_result($res,0,0);
  }
 
  if ($to) {
	$res=pg_query($conn,"select moder from users where id='$to';");
	$rows=pg_numrows($res);
	if ($rows==1) $to_mod=pg_result($res,0,0);
	else $to=0;
  }

  if ((!$to)||($to_mod))
  {
?>
оЕ ХЛБЪБОП ЛПНХ
<?php
	pg_close($conn);
	exit;
    }

  if ($message=="")
  {
	  header("Content-type: text/vnd.wap.wml");
?>
рХУФПЕ УППВЭЕОЙЕ
<?php
	pg_close($conn);
	exit;
    }
  
	$mtime=time();
	pg_query($conn,"begin;");
   	$res=pg_query($conn,"insert into messages (fr_u,to_u,message,time,host,agent) values ('$uid','$to','$message','$mtime','$addr','$agent');");
	pg_query($conn,"end;");
	if (!$res) { pg_close($conn); exit; }
    pg_close($conn);
	$link=sprintf("Location: messages.php");
		header($link);
?>