McDonald wrote:
EDIT:
When somebody hacks a site they normally leave something behind (a message or files). Speaking about files, did you check if somebody stored big files somewhere?
This happened ones with my site where somebody placed some big movie files in a folder. It slowed down my site first until it crashed.

skenow wrote:
The database may be there, but it does not sound like it is the way you left it - incorrect password = altered database; blocks missing and modules not installed = altered database, too.

I would:
1. change your database user/password immediately
2. determine if the root user for the database has a password and create one if it doesn't
3. determine if there is an anonymous user that can access the database and remove it if it does exist
4. remove any other database users
5. determine if phpmyadmin can access the db without entering a username/password - change it if it can
6. find your most recent database backup before the hack was noticed and be ready to restore it

skenow wrote:
That script does look valid, as McDonald says.

Can you access any part of your site? login at /user.php, register at /register.php, administration menu at /admin.php

Check your database, it may be the problem - module installation status is stored in the database. If files were missing, you would get 404 errors instead of not installed.

McDonald wrote:
I don't think this script is a hack!

Normally there's a file called adminmenu.php placed in the cache folder on XOOPS 2.0.x websites.

This script is different per site because of the different modules users install.

Probably it's better to put the script back in your cache folder and check if any other files are modified.

Make in the mean time a backup of your database if possible.

irmtfan wrote:
huum maybe clear xoops_session table can help you
installing xoopscare make it easier.

JAVesey wrote:
The buttons behave as expected.

Sorry, but I can't help more and my tech knowledge isn't the best.

JAVesey wrote:
Me neither.

All works swimmingly.