Now I deleted the code, changed all server/script passwords and alls been fine. Now today I noticed that the adsense codes at the bottom of my site were hijacked with some other ads that screwed up the layout.
I have just discovered that this time the code is added to one of the fields in the mysql table. Question is what should I do now? I am changing all passwords yet again. I have sent an email to the developer, its not a free script and alot of the code is encrypted.
I would check your logs for unauthorized connections, it could be that your server is rooted (Sounds unlikely considering the circumstance), and the other thing is it could be SQL injection, or script exploitation.. and you would have to wait for the creator to get back to you.