Hi all could i have some advice about this please? I recently gave someone ftp access for my hosting. He asked if he could use a couple of MB of space just to store a few files. After messing around today i found a file that contained this: <?PHP function KeyIsInFile($key) { $KeyFile = file("Keys.txt"); foreach($KeyFile AS $KeyFileLine) { $KeyFileLine = str_replace(array("\r", "\n"), "", $KeyFileLine); if(strpos($key, $KeyFileLine) !== FALSE) return true; echo "//$KeyFileLine//$key//"; } return false; } if(empty($_GET['key'])) die("INVALID"); if(KeyIsInFile($_GET['key'])) die("VALID_PASSWORD_FOUND"); die("INVALID"); ?> I dont know about php but just looking at this makes me worried. Could someone reply asap plz and tell me if im just being paranoid or not? thx..
Just change the password, disallow his access and deleted away his files, check your files for any newly updated materials.
It's a poorly-implemented login/password system, intended to allow him to keep random strangers out of one or more of the PHP programs he's got on there. On its own this is nothing to worry about. But I suggest that you kick him out anyway since you evidently don't trust him; everyone would be better off if he found a different arrangement.
Pretty poor login script aswell lol. Must be for multi users or he would of hard coded the keys in the script.