#!/bin/bash

tIFS=$(echo -en "\n\b\t")
oIFS="$IFS"

WDIR=/web

Fver=libraries/joomla/version.php

uldirs="tmp cache images"

SURE="$1"

rmifsure() {
    [ "x$1" == "x" ] && exit 13
    [ -f "$1" ] || exit 17
    if [ "$SURE" == "SURE" ]; then
	echo "   [Deleting $1]"
	rm "$1"
    fi
}

if ! [ -d "$WDIR" ]; then
    echo "$WDIR doesn't exist."
fi

vhdirs=`find $WDIR/*/*/ -mindepth 1 -maxdepth 1 -type d`

for vhdir in $vhdirs; do

    if [ -f $vhdir/$Fver ]; then
	JVER=`grep -e "var .RELEASE" $vhdir/$Fver |sed "s/.*'\(.*\)';/\1/"`
	if [ "$JVER" == "1.5" ];then
	    echo "--- $vhdir (Joomla v1.5)"

	    for uldir in $uldirs; do
		IFS="$tIFS"
		gifs=`find $vhdir/$uldir/ -type f -size -100k -iregex ".*\.\(gif\|png\|jpg\)"`
		for giff in $gifs; do
		    if (grep -i "hacked by" "$giff">/dev/null); then
			echo "binary inject: $giff"
			rmifsure "$giff"
		    fi
		    if (grep -i "<?php" "$giff">/dev/null); then
			echo "PHP inject: $giff"
			rmifsure "$giff"
		    fi
#		    if (grep -i "<html" "$giff">/dev/null); then
#			echo "HTML inject: $giff"
#			rmifsure "$giff"
#		    fi
		done
		IFS="$oIFS"
	    done

	fi
    fi

done

if [ "$SURE" != "SURE" ]; then
    echo "*** Nothing was done. Use SURE as parameter to delete."
fi