Does this php make my website vunerable to attacks?

I've had my website hacked. Files were added. I know there are security issues with php. Does this php open my website up to hackers? The code is

<?php include("_back_to_top.php"); include ("_footer.php"); ?>

The vulnerability issue is not in the content of my include files, yet since people asked, here is the code for the include files:

Footer file:

<link href="css/careycss.css" rel="stylesheet" type="text/css" /><div class="footertext" align="center" style="width:100%; padding-bottom:25px; color: #999999;">content </div><div style="padding-top:15px; font-weight:normal; background-image:url(images/title_divider_line.jpg); background-repeat:repeat-x; width:100%; max-width:900px; height:auto;"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="footertext" style="font-style:italic; padding-top:12px;"><tr><td align="left" style="width:18.4%;"><a href="contact.php"><span style="font-weight: bold;">content</span></a></td><td align="center" style="font-style:normal; width:2%;">content</td><td align="center" style="font-weight:normal; width:18.4%;" ><span style="text-align:right; font-style:italic;">content</span></td><td align="center" style="font-style:normal; width:2%;">content</td><td align="center" style="font-weight:normal; width:18.4%;" ><span style="font-style:italic">content</span></td><td align="center" style="font-style:normal; width:2%;">content</td><td align="center" style="font-weight:normal; width:18.4%;" ><span style="font-style:italic">content</span></td><td align="center" style="font-style:normal; width:2%;">content</td><td align="right" style="font-weight:normal; width:18.4%;" ><a href="mailto:content" style="font-style:italic"> content</a></td> </tr></table><div class="footertext" align="center" style="width:100%; padding-top:25px; color: #666666;">content</div><div style= "font-family:Tahoma, Geneva, sans-serif; font-size:.65em; font-style:italic; color:#CCC; text-align:center; width:100%; padding-top:35px; padding-bottom:200">pxcontent<br /><br /></div></div>

toolbar file:

<link href="css/careycss.css" rel="stylesheet" type="text/css" />

content home.services.projects.contact.in memoriam.

-------------Problems Reply------------

Since this question isn't closed yet, I'll attempt to answer it. The include wouldn't be your security problem. The hacker could have gotten access to your server and added their own code to the files for all we know.

To actually answer the question if it's either your code or something beyond that, we need the code of the files you're including. It could still be that there's a vulnerability with your code.

Category:php Views:21 Time:2018-12-27

Related post

  • What does this PHP do? Is it an encoder/decoder? 2010-10-07

    I don't know PHP at all; this is more of a question of curiosity. Following the PHP function below in the text file are a few thousand characters of text, such as: xnEFstUhSNWGSx5zTq4X/AUw/rtism+klrBETWg0xE1uwb49rnRxrgrgY5EEp3Y0uvTcvLqhUFOP 4n7LDLQpQ

  • how does this php form work without defining variable? 2011-05-05

    how does this php form work without defining $SCRIPT_NAME variable ? <form action="<?php echo $SCRIPT_NAME ?>" method="post"> --------------Solutions------------- This code relies on the ancient, deprecated and horrible register_globals f

  • Why does this PHP regex give me error? 2009-08-14

    Need Some Help With Regex: I want to replace [url=http://youtube.com]YouTube.com[/url] with <a href="http://youtube.com">YouTube.com</a> the regex preg_replace("/[url=(.*?)](.*?)[/url]/is", '<a href="$1">$2</a>', $text); why d

  • Why does this PHP code hang on calls to mysql_query()? 2009-08-26

    I'm having trouble with this PHP script where I get the error Fatal error: Maximum execution time of 30 seconds exceeded in /var/www/vhosts/richmondcondo411.com/httpdocs/places.php on line 77 The code hangs here: function getLocationsFromTable($table

  • Why does this PHP script interfere with my CSS layout? 2010-05-19

    This page uses $_GET to grab an asset id and query a mysql database and return some information. If 'id' does not match anything, no results are displayed but the page looks fine. If 'id' is null an error would occur at $id = $_GET["id"] or die(mysql

  • Why does this PHP tracking pixel not working correctly? 2011-07-01

    I'm working on setting up a simple pixel tracking script with PHP, and the below technically works, but when I look at the inspector in Safari I get the following warning (1by1.gif is a 42B gif): esource interpreted as document but transferred with M

  • How does this PHP know which array key/values to use? 2010-01-18

    Below is part of a PHP database class someone else wrote, I have removed about 80% of it's code, all the un-related code to my question has been removed and just the amount remains that allows me to test this class without actually hitting a real dat

  • What does this php code means 2010-12-21

    Hello I am new to PHP and I don't know exactaly what does this code means $de = array('Ä'=>'ae','ä'=>'ae','Ü'=>'ue','ü'=>'ue', 'Ö'=>'oe', 'ö'=>'oe', 'ß'=>'ss'); strtr($str, ${$de}); The only thing that I need to know is what does

  • Why does this PHP fgetcsv() display only certain parts of the csv? 2011-08-31

    I have this PHP: $handle = fopen($_FILES["csvfile"]["tmp_name"], "r"); while (($data = fgetcsv($handle, 5000, ",", '"')) !== FALSE) { echo "<pre>"; print_r($data); echo "<pre>"; } <form method="post"> <input type="file" name="csv

  • What does this PHP syntax mean and why is this variable NaN? 2011-10-05

    question marks are hard to search for in google. What does this mean step by step? $page = isset($_POST['page'])?$_POST['page']:"0"; I am guessing it means if Post['page'] is set use that value and if not use 0? but i dont get it in detail. Also when

  • Why does this PHP script show errors, but not echo etc.? 2011-11-29

    I have this PHP script http://snippi.com/s/kx0k48g (too long for here, but put it in Snippi). It is built to run by an AJAX GET request. When I supply all the right GET parameters the script seems to run fine (no errors), but it won't echo or anthing

  • Why does this PHP setcookie() argument not set a cookie? 2012-04-13

    I have this PHP setcookie('hello', '0', 0, '/389732/'); Why when I run it does it not set a cookie? I printed the value of $_COOKIE['hello'] out immediately after and it puts out an error because it does not exist. --------------Solutions------------

  • Why does this code make the QImage lose its alpha channel? 2011-08-08

    I'm trying to understand why the code below changes the QImage in Qt. It's not meant to do anything (yet), it's just for testing. When I run the code on an image with alpha, the alpha channel is lost and replaced by a black background. QImage image;

  • Why does this code make my screen go blank in admin when I put it in functions.php? 2012-01-16

    When publishing content or changing any settings in the admin, the screen goes blank, I found that it's due to this code in my functions.php file. Is there something wrong with it? <?php if ( function_exists('register_sidebar') ) { register_sideba

  • Does this PHP code open up a website to SQL Injection 2011-05-23

    I'm working on a web app and I came across this code snippit $email=$_POST['email']; $pass=$_POST['pass']; $pass=md5($pass); $query=mysql_real_escape_string($email,$link); //echo $query."<br>"; $sql=mysql_query("SELECT pass FROM users WHERE ema

  • What does this php construct mean: $html->redirect("URL")? 2009-08-05

    I've seen this "-> " elsewhere used in php. One of the books I used to learn PHP has this in it, but it is never explained. What does it do, how does it work! The redirect bit I know, but what is happening with the $html variable and the redirect

  • Why does this PHP error reference localhost? 2009-08-13

    I'm running XAMPP on my local machine and on a server in the office. Both are Windows machines. I'm writing some code that uses mail() to send email from a form. By default, it uses sendmail.exe (which comes with XAMPP) to send the email. In all case

  • How does this PHP nonce library work? 2009-11-25

    From http://fullthrottledevelopment.com/php-nonce-library#download, there is a PHP nonce library, but there are a few things that I don't know understand. The first one is that it reminds us to set a value for the FT_NONCE_UNIQUE_KEY but it never use

  • Why does this PHP program not work? 2010-05-12

    I'm new to PHP and was learning about PHP functions from w3schools. It said "PHP allows a function call to be made when the function name is in a variable" This program worked <?php $v = "var_dump"; $v('foo'); ?> But this program did not work:

  • what does this PHP operator =& means? 2010-08-19

    Possible Duplicate: what do “=&” / “&=” operators in php mean? I found this operator "=&" in the following code, and I do not know what it means. Could someone explain what it means and does? THE CODE WHERE I READ IT: function ContentPars

  • Does this PHP code look secure for a login system? 2010-12-15

    This is only part of it, but it is first making the connection, then checking to see if the username exists, then inserting the data into a table. I don't really know much about PHP, so there is no need to rip into me. Just trying to learn here, and

  • Does this PHP code crash Apache for anyone else? 2011-06-17

    preg_match_all('/(a)*/', str_repeat('a', 1000), $matches); (edit: change the regexp a bit to make it simpler while still crashing) I ran it on PHP 5.3.5 with Apache 2.0 and it crashes the server. If I change 339 to 338 it doesn't crash anymore, so it

  • what does this php expression regarding session variables mean? 2011-12-27

    What does isset($_SESSION) mean? I found the following code snippet- if (!isset($_SESSION)) { // php code } EDIT: I found the following snippet in define.php of the facebook style chatting script freichat : if (!isset($_SESSION)) { $this->frm_id =

  • What exactly does this PHP exploit code (found on my app)? 2012-02-23

    I've found this code in base 64 on all php files of one of my client's site (wordpress) and I'm trying to understand what it does. I'm also trying to figure out if it was an application exploit or a direct FTP access that has past this code. Everythi

Copyright (C) dskims.com, All Rights Reserved.

processed in 0.120 (s). 11 q(s)