WordPress.org

Ready to get started?Download WordPress

Forums

[closed] Parse error: syntax error, unexpected T_VARIABLE in /functions.php on line 192 (36 posts)

  1. hes2013
    Member
    Posted 1 year ago #

    Hi, I have, since this morning, the following error showing up on my website:

    Parse error: syntax error, unexpected T_VARIABLE in /home/content/xx/xxxxx/html/websites/xxxxxxxx/wp-includes/functions.php on line 192

    and this is the line of code in the php file:

    $mm = substr( $mysqlstring, 8, 2 ); // Mysql string Month

    Any one can help?

  2. t04st3d161
    Member
    Posted 1 year ago #

    We are experiencing the same issues since yesterday.

    Both on the home pages and on the backend dashboard..

    Any ideas?

  3. riversatile
    Member
    Posted 1 year ago #

    Hi,

    Did you test to deactivate all plugins to see what's happening ?

  4. t04st3d161
    Member
    Posted 1 year ago #

    I cannot deactive any plugins, as the backend prompts the same error?

    Parse error: syntax error, unexpected T_VARIABLE in /home/user/public_html/domain.co.za/wp-includes/functions.php on line 192

  5. t04st3d161
    Member
    Posted 1 year ago #

    Seems lots of users are experiencing this since upgrading to 3.5 -

    http://wordpress.org/support/topic/help-site-crashed?replies=24

  6. riversatile
    Member
    Posted 1 year ago #

  7. eystevens
    Member
    Posted 1 year ago #

    Its a hack. It's happening everywhere. You can upload with a fresh copy of function.php, but it will continue to reinfect every hour or so. There is some discussion here: http://wordpress.org/support/topic/help-site-crashed?replies=31

    I think I finally figured mine out.

    1) On all my infected sites, I found a new file named 169b171bbdffdf3759850fef45515c67 among my root files. It looked strange so I deleted it, just in case.

    2) Made sure I had backed up copies of MySql database. Also, downloaded necessary copies of any uploaded post images and theme revisions.

    3) Deleted ALL OTHER FILES.

    4) Manually reinstalled with a completely fresh version of WP 3.5.

    5) Created a NEW wp-config.php file. Mine had a ton of extra code in it that I assume was infected.

    6) Changed host password and WP passwords.

    So far, so good. I've gone about 10 hours without getting hacked, so I think it worked.

    Good luck!

  8. hes2013
    Member
    Posted 1 year ago #

    Where was that infected file located, I cant find a similar file, i cant access my WP admin, same error... If I disable plugins renaming the foolder nothing changes.

  9. filmcafe
    Member
    Posted 1 year ago #

    Really annoyed with this hack! Four sites I'm hosting in the same server were affected.

    I replaced wp-includes/functions.php with the stock file and deleted the nonsense from the first line of wp-config.php <?Blah$Blah*Blah.... ?> down to the real WordPress <? tag.

    Seems to have done the trick.

  10. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

  11. Shan
    Member
    Posted 1 year ago #

    It's that dang eval(gzinflate(base64_decode hack again.

    I cleaned a client's site twice in October because it kept coming back. It will infect nearly every PHP file you have on all your domains. Themes, core files..everything.

    If you're infected like this SWITCH HOSTS because your current one is not keeping you safe. My current client is on GoDaddy -- big surprise -- and I'm switching her to HostGator. You know, a real host. LOL

    Nearly ANY host out there is better than GoDaddy. So just say no to them and save yourselves a lot of trouble & frustration.

  12. aureliustjin
    Member
    Posted 1 year ago #

    Guys, I had the same porblems and the quick fix was to replace the functions.php with a new version of functions.php. That only worked for a bit and then the same problem occured.

    My web host found a missing close on line 191.

    Here is his response:

    "Hello again,

    So, I have been researching this issue for a great amount of time during my
    shift, and think I figured it out.

    Going back to the error you provided:

    "Parse error: syntax error, unexpected T_VARIABLE in
    /home/aurelius/public_html/wp-includes/functions.php on line 192"

    I checked out functions.php, line 192 to be exact. That line looked good, but
    line 191 appeared to have some issues:

    if ( doubl// Mysql string Year

    When I saw that, and no closing parenthesis, I closed it, so it looks like
    this:

    if ( doubl)// Mysql string Year

    Now, the site resolves again."

    It's been over 48 hours and I've yet to experience the same problem as I did before.

    Give it a try.

  13. infiniteprospects
    Member
    Posted 1 year ago #

    THANK YOU Aurelius!!! That worked and my site was down for a week! http://blog.infiniteprospects.com Short of backing up everything and re-coding, wasn't sure what I was going to do and when it would be back up and running. You are THE MAN!!!

    To everyone else in this discussion that thought this was a hack and not a syntax error, did you try this fix?

    "My web host found a missing close on line 191.

    Here is his response:

    "Hello again,

    So, I have been researching this issue for a great amount of time during my
    shift, and think I figured it out.

    Going back to the error you provided:

    "Parse error: syntax error, unexpected T_VARIABLE in
    /home/aurelius/public_html/wp-includes/functions.php on line 192"

    I checked out functions.php, line 192 to be exact. That line looked good, but
    line 191 appeared to have some issues:

    if ( doubl// Mysql string Year

    When I saw that, and no closing parenthesis, I closed it, so it looks like
    this:

    if ( doubl)// Mysql string Year

    Now, the site resolves again."

    It's been over 48 hours and I've yet to experience the same problem as I did before.

    Give it a try.

  14. Shan
    Member
    Posted 1 year ago #

    I do believe it's a hack because I went into my client's core files and found the same gibberish I found on another client's site in October that got her black listed by Google.

    This is the beginning of the injection code hack:

    <?php eval(gzinflate(base64_decode('

    In some cases, it could be a missing closing tag, but in my client's case, it's an injection hack.

  15. To everyone else in this discussion that thought this was a hack and not a syntax error....

    @infiniteprospects: It is a hack and not a simple php error. Look at http://sitecheck.sucuri.net/results/infiniteprospects.com

  16. infiniteprospects
    Member
    Posted 1 year ago #

    SongDog - that is not my blog site - that's my website. Sucuri.net says there is malware on that AND my blog...

    This site says the site blog.infiniteprospects.com is clean...
    Security Check

    Domain clean by Google Safe Browsing: blog.infiniteprospects.com - reference
    Domain clean by Norton Safe Web: blog.infiniteprospects.com - reference
    Domain clean on Phish tank: blog.infiniteprospects.com - reference
    Domain clean on the Opera browser: blog.infiniteprospects.com - reference
    Domain clean by SiteAdvisor: blog.infiniteprospects.com - reference
    Domain clean on Sucuri IP/URL malware blacklist: blog.infiniteprospects.com - reference
    Domain clean by the Sucuri Malware Labs blacklist: blog.infiniteprospects.com - reference
    Domain clean on Yandex (via Sophos): blog.infiniteprospects.com - reference

  17. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    @infiniteprospects: As per the Forum Welcome, please post your own topic. Posting in an existing topic prevents us from being able to track issues by topic. Added to which, your problem - despite any similarity in symptoms - is likely to be completely different.

  18. infiniteprospects
    Member
    Posted 1 year ago #

    esmi - not sure what you're referencing - I started by thanking another commenter and letting them know their fix worked for me. It appears I was experiencing the same issue as the others in this post. Does that need its own topic?

  19. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    It is if you're telling people it's not a hack - when it absolutely, definitely, is.

  20. infiniteprospects
    Member
    Posted 1 year ago #

    OK - looks like it was a hack but this fix can at least allow people to get back into their admin panel... Sorry.

  21. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    No - you're missing the point. Unless you completely de-louse your site, the hacker is likely to walk straight back in. Again and again and again. It is essential to take hacks seriously and take the time out to go through every one of the recommended steps. Quick fixes just won't work for long. You need to start working your way through every one of these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

  22. infiniteprospects
    Member
    Posted 1 year ago #

    understood. However since I run a business full-time and don't have the time, skills or patience to clean my own site, what do you suggest I do now that won't cost me $$?

  23. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    If you can't do the work yourself, the only other option is to shell out $$, I'm afraid. Securi offer a site cleaning service and, I think, also a pretty reasonably priced monitoring service that might be a good investment later on.

  24. Shan
    Member
    Posted 1 year ago #

    [Post content deleted]

  25. infiniteprospects
    Member
    Posted 1 year ago #

    Define "comparatively cheap..." If you don't want to make it public you can email me [moderated]

  26. Shan
    Member
    Posted 1 year ago #

    It's just one site, correct? If your biz site is on the same server/hosting, that could be infected as well.

  27. infiniteprospects
    Member
    Posted 1 year ago #

    2 sites, hosted at GoDaddy, under 1 hosting acct

  28. Shan
    Member
    Posted 1 year ago #

    By the way, GoDaddy is the biggest part of your problem. They have notoriously bad security for their servers and will do nothing to help their cu7stomers. I highly encourage you to get a new host -- one with good security and customer service.

  29. infiniteprospects
    Member
    Posted 1 year ago #

    Yes both sites are affected.

  30. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    @Shan: Do not use these forums to solicit paid work. Such behaviour is strongly discouraged and may result in further action being taken.

Topic Closed

This topic has been closed to new replies.

About this Topic