Hi Guys, I'm a newbie at PHP so I asked a guy to do some PHP code changes on my website. Today I found the above file on my html_public directory area on my website? I have changed the passwords not to allow him back on... but I need someone to tell me what this file does? It looks like a Sitemap Creator, why would he do this?
I assume that .functions.inc.php will contain functions that are being used across your site. The file is then simply included and all functions are available thus saving time to have rewrite them or coy and paste them. Without posting the file online it is impossible to see what the file does. Sitemaps are very useful for search engines. What changes did you ask him to make?
Here is the file... <?php /* # # +------------------------------------------------------------------------------+ # | Sitemap Creator 0.2 alpha build 20080109 | # +------------------------------------------------------------------------------+ # | A PHP script that creates sitemap.org sitemaps compatible with google, yahoo | # | , MSN, ASK.com and Morever.com sitemaps. | # | This release contains a crawler/spider that crawls your website, and creates | # | csv file that you can edit before creating your sitemaps. | # | | # +------------------------------------------------------------------------------+ # | Email | # | Web www.gadelkareem.com | # | | # | This script is free software; you can redistribute it and/or | # | modify it under the terms of the GNU General Public | # | License as published by the Free Software Foundation; either | # | version 2 of the License, or (at your option) any later version. | # | | # | This script is distributed in the hope that it will be useful, | # | but WITHOUT ANY WARRANTY; without even the implied warranty of | # | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | # | General Public License for more details. | # | Before using, modifying or publishing this class, you should refer to the | # | GNU GENERAL PUBLIC LICENSE Version 2. This is available at: | # | http://www.gnu.org/licenses/gpl.txt | # +------------------------------------------------------------------------------+ # | .functions.inc.php : Functions , do not edit | # +------------------------------------------------------------------------------+ # */ define('SMC_SM_URL', 'http://gadelkareem.com/2007/12/10/sitemap-creator-02a-create-sitemaps-09-valid-for-google-yahoo-and-msn-sitemaps/'); define('SMC_URL', 'http://gadelkareem.com/'); if(!function_exists('file_put_contents')) { if (!defined('LOCK_EX')) define('LOCK_EX', 2); function file_put_contents($filename, $content, $flags = null) { if ( ( $fh = @fopen($filename, 'wb') ) === false) return false; if (!@flock($fh, LOCK_EX)) return false; if ((@fwrite($fh, $content)) === false) return false; @fclose($fh); return true; } } if (!function_exists('file_get_contents')) { function file_get_contents($filename) { if (false === $fh = @fopen($filename, 'rb') ) { return false; } clearstatcache(); if ($fsize = @filesize($filename)) { $data = fread($fh, $fsize); } else { $data = ''; while (!feof($fh)) { $data .= fread($fh, 8192); } } fclose($fh); return $data; } } if ( !function_exists('sys_get_temp_dir') ) { // Based on http://www.phpit.net/ // article/creating-zip-tar-archives-dynamically-php/2/ function sys_get_temp_dir() { // Try to get from environment variable if ( !empty($_ENV['TMP']) ) return realpath( $_ENV['TMP'] ); else if ( !empty($_ENV['TMPDIR']) ) return realpath( $_ENV['TMPDIR'] ); else if ( !empty($_ENV['TEMP']) ) return realpath( $_ENV['TEMP'] ); // Detect by creating a temporary file else { // Try to use system's temporary directory // as random name shouldn't exist $temp_file = tempnam( md5(uniqid(rand(), TRUE)), '' ); if ( $temp_file ){ $temp_dir = realpath( dirname($temp_file) ); unlink( $temp_file ); return $temp_dir; }else{ return false; } } } } /*caching function*/ function & _cache($name, $val=0, $checking = false){ $retVal = false; if(!SMC_USE_CACHE) return $retVal; clearstatcache(); if( !is_dir(SMC_DATA_CACHE) ){ if(!@mkdir(SMC_DATA_CACHE,0777)) return $retVal; #_error('Cache Directory <strong>"'.SMC_DATA_CACHE.'"</strong> does not exist', 'WARNING'); } $file = SMC_DATA_CACHE.md5($name); if(!empty($val)){ if( @file_put_contents($file,serialize($val),LOCK_EX) ) $retVal = true; #else #_error('Could not write cache, please check Cache folder <strong>"'.SMC_DATA_CACHE.'"</strong> is writtable', 'WARNING'); }else{ if( file_exists($file) && time()-filemtime($file) < SMC_CACHE_TTL ) if($checking) $retVal = true; elseif( !($cont=@unserialize(@file_get_contents($file))) ){ _error('Could not get cache!', 'WARNING'); }else return $cont; } return $retVal; } /*retrieves urls contents*/ /*using curl library is much faster*/ function & get_content($url , $nocache=false){ if( !$nocache && $cont =& _cache($url) ) return $cont; $fbug = false; $cont = array(); $cookie_file = sys_get_temp_dir().'/smc_cookies'; $user_agent = "Sitemaps Creator ".SMC_VERSION."(compatible; sitemapcreatorbot/".SMC_VERSION."; +http://gadelkareem.com/) "; /*if(strpos($url,'http://') === false) $url = 'http://'.$url;*/ ini_set('user_agent', $user_agent); if( SMC_USE_FOPEN ){ $cont['content']= trim(file_get_contents($url)); }elseif( !SMC_USE_CURL || !function_exists('curl_init')){ $parse_url = & _parse_url($url); clearstatcache(); $cookies = file_exists($cookie_file) ? @file_get_contents($cookie_file) : ''; if ( ($fp = @fsockopen($parse_url['host'], $parse_url['port'], $errno, $errstr, SMC_CONNECT_TIME_OUT)) === false) { switch($errno) { case -3: _error( 'Socket creation failed (-3)', 'WARNING'); case -4: _error( 'DNS lookup failure (-4)', 'WARNING'); case -5: _error( 'Connection refused or timed out (-5)', 'WARNING'); default: _error( 'Connection failed ('.$errno.') '.$errstr, 'WARNING'); } return $fbug; } socket_set_timeout($fp, SMC_CONNECT_TIME_OUT); $get = "GET {$parse_url['path']}{$parse_url['query']} HTTP/1.1\r\n"; $get .= "Host: {$parse_url['host']}\r\n"; $get .= "User-Agent: {$user_agent})\r\n"; $get .= "Referer: {$parse_url['scheme']}://{$parse_url['host']}{$parse_url['path']}\r\n"; $get .= "Connection: close\r\n\r\n"; socket_set_blocking($fp, true); fwrite($fp, $get); $res = ''; while ( '' != ($line=trim(fgets($fp, 1024))) ) { if ( false !== ($pos=strpos($line, ':')) ) $header[str_replace('-', '_', strtolower(substr($line, 0, $pos)))] = trim(substr($line, $pos+1)); elseif( preg_match('#\s([0-9]{3})\s#i', $line, $code) ) $header['http_code'] = intval($code[0]); } if( SMC_CALC_LAST_MODIFIED ) $header['filetime'] = !empty( $header['last_modified'] ) ? strtotime(trim($header['last_modified'])) : ( !empty($header['date']) ? strtotime(trim($header['date'])) : -1 ); if ( !empty($header['location']) ){ $cont = & get_content($header['location']); $header['http_code'] = 200; $header['url'] = $header['location']; } if (isset($header['transfer_encoding']) && $header['transfer_encoding'] == 'chunked') { $chunk = hexdec(fgets($fp, 1024)); } else { $chunk = -1; } $res = ''; while ($chunk != 0 && !feof($fp)) { if ($chunk > 0){ $part = fread($fp, $chunk); $chunk -= strlen($part); $res .= $part; if ($chunk == 0){ if (fgets($fp, 1024) != "\r\n") ; $chunk = hexdec(fgets($fp, 1024)); } } else { $res .= fread($fp, 1024); } } fclose($fp); $cont['content'] = $res; }else{ #curl exists $options = array( CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_USERAGENT => $user_agent, CURLOPT_CONNECTTIMEOUT => SMC_CONNECT_TIME_OUT, CURLOPT_TIMEOUT => SMC_CONNECT_TIME_OUT, CURLOPT_MAXREDIRS => 10, CURLOPT_COOKIEJAR => $cookie_file, CURLOPT_COOKIEFILE => $cookie_file, ); $ch = curl_init($url); curl_setopt_array( $ch, $options ); $cont['content'] = trim(curl_exec($ch)); $err = curl_errno( $ch ); $errmsg = curl_error( $ch ); if($err){ _error("{$errmsg} for URL <strong>{$url}</strong>", 'ERROR'.$err); return $fbug; } $header = curl_getinfo($ch); curl_close($ch); } if(isset($header)){ if(SMC_CALC_LAST_MODIFIED) $cont['lastmod'] = $header['filetime'] != -1 ? $header['filetime'] : false; if ( isset($header['content_type']) && stripos($header['content_type'], 'text') === false ){ _error("Document type is <strong>{$header['content_type']}</strong> for URL <strong>{$url}</strong>"); return $fbug; } if ( isset($header['http_code']) && $header['http_code'] != 200 ){ $code = "{$header['http_code']}"; _error("<a href=\"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.".($code{0}).".".($code{2}+1)."\" target=\"_blank\" ><strong>{$header['http_code']} Error</strong></a> Found for URL <strong>{$url}</strong>", 'WARNING'); return $fbug; } if ( isset($header['url']) && $header['url'] != $url ){ #redirection $url = $cont['new_url'] = $header['url']; } } if(!$nocache) _cache($url, $cont); return $cont; } /*main crawler function*/ function crawl($url, $depth=1, $link_str=0 ){ global $urls, $start_time; if( !$url = valid_link($url) ) return; if( isset($urls[$url]) ){ if( SMC_CALC_PERIORITY == 1) $urls[$url]['priority'] += $link_str; return; } if( blacklist($url ,true) ) return; $cont =& get_content($url); if( empty($cont['content']) ){ blacklist($url); return; }elseif( isset($cont['new_url']) ){ blacklist($url); crawl($cont['new_url'], $depth+1, $link_str); return; } #<base> tag , only to use with make_link() preg_match('#<base\s+[^>]*href\s*=\s*["\']?([^:]+://[^"\'\#\s>]+)#i', $cont['content'], $base ) ; #selecting valid URLs from current page content preg_match_all( '#<\s*(?:a|frame|iframe|meta|form|link)[^>]*\s+(?:href|src|URL|action)\s*=\s*["\']?(?!mailto|news|javascript|ftp|telnet|callto|ed2k|(?!"([^"\'\#\s>]+)#is', $cont['content'], $matches); foreach( $matches[1] as $sub ){ if( $link = valid_link( (!empty($base[1]) ? $base[1] : $url) , $sub) ) $links[] = $link; } if( !isset($links) || !$links) return; $urls[$url] = array( 'lastmod' => (!SMC_CALC_LAST_MODIFIED || empty($cont['lastmod']) ) ? time() : $cont['lastmod'], 'priority' => $link_str, ); for( $i=0,$max = count($links);$i<$max && !( _time()-$start_time > SMC_CRAWL_TIME_OUT || _mem() > SMC_MEMORY_LIMIT ); $i++ ){ $link = $links[$i]; /* KNOWN BUG : depth is not accurate as urls are added from recursive crawl(), some urls are parsed faster */ $p = ( SMC_CALC_PERIORITY == 1) ? (($max-$i) /$max) /$depth : ( ( SMC_CALC_PERIORITY == 3 ) ? (strlen($link)/100) + count(explode('/', $link)) : 0 ); crawl($link, $depth+1, $p); } } /*validating urls*/ function valid_link($url, $sub=''){ if( !empty($sub) && preg_match('#\.(ico|png|jpg|gif|css|js)(\?[^\?/]*)?$#i', $sub) ) #excluding graphics return false; $url = make_link( $url , $sub); if(preg_match('#^https?://[^/]*'.str_replace('.','\.',SMC_SITE).'/[^\#]*$#i', $url)) return $url; return false; } /*reformats the urls */ function make_link($url,$sub=''){ $sub = cleanurl($sub); $url = cleanurl($url); if( strpos($sub, '://') !== false && ($parse_url = & _parse_url($sub)) ){ return $parse_url['scheme'].'://'.$parse_url['host'].$parse_url['path'].$parse_url['query']; } $parse_url = & _parse_url($url); if($sub == '' || $sub == '/') return $parse_url['scheme'].'://'.$parse_url['host'].$parse_url['path'].$parse_url['query']; while( preg_match('#^/?\.+/(.+)#', $sub, $match) ){ $sub = $match[1]; $url = preg_replace('#(/[^/]+)(?:/[^/]*)$#','\\1',$url); $match = array(); } if( $sub{0} == '/' ) return $parse_url['scheme'].'://'.$parse_url['host'].$sub; $url = preg_replace('#/[^/]*$#','/',$url); return $url.$sub; } function cleanurl($url){ $url = str_replace('&', '&', $url); $url = preg_replace("#([^:]+)//#i", "\\1/", $url); return preg_replace("#(sid=[^;&]+)|(\?$)#i", "", $url); } /*calculating periority, frequency*/ function calc(){ if( !SMC_CALC_PERIORITY ) return; global $urls; $tot = count($urls); $i = 0; foreach($urls as $url){ if($url['priority'] == 0) continue; if(!isset($max)){ $max = $min = $url['priority']; }elseif($url['priority'] > $max) $max = $url['priority']; elseif( $url['priority'] > 0 && $url['priority'] < $min) $min = $url['priority']; } foreach($urls as $url => $arr){ $i++; $p = 0; if($url == 'http://'.SMC_SITE.'/' ) $urls[$url]['priority'] = 1; else{ switch( SMC_CALC_PERIORITY ){ case 1: default: $p = round( @( (($urls[$url]['priority']/$max) /$min) / ($tot/2) ) , 3) ; break; case 2: $p = round( ($tot-$i)/$tot , 3) ; break; case 3: $p = round( @($min / $urls[$url]['priority']) , 3) ; break; } $urls[$url]['priority'] = $p > 1 ? 1 : ( $p < SMC_MIN_PERIORITY ? SMC_MIN_PERIORITY : $p ); } if(SMC_CALC_FREQUENCY){ switch( $p ){ case $p >= 0.8 : $urls[$url]['freq'] = 'hourly'; break; case $p >= 0.4 : $urls[$url]['freq'] = 'daily'; break; case $p >= 0.2 : $urls[$url]['freq'] = 'weekly'; break; case $p >= 0.1 : $urls[$url]['freq'] = 'monthly'; break; case $p < 0.1 : $urls[$url]['freq'] = 'yearly'; break; } } } } /*echo anything for debuging output*/ function _echo($val){ echo "<hr /><pre >"; if($val===false) $val = "false"; elseif($val===true) $val = "true"; elseif($val===0) $val = "zero"; elseif($val==='') $val = "empty string"; elseif($val===NULL) $val = "NULL"; elseif(is_array($val) || is_object($val)) $val = var_export($val,1); elseif(is_file($val)) $val = file_get_contents($val); echo htmlspecialchars($val); echo "</pre><hr />"; } function _error($msg, $title='NOTICE'){ if(SMC_SHOW_ERROR) echo "<div><strong>{$title}: </strong>{$msg}</div>"; return false; } function blacklist(&$url,$check=false){ if(!SMC_USE_BLACKLIST) return false; $file = SMC_DATA_ERRORS.md5($url); clearstatcache(); if($check){ return (file_exists($file) && (time()-filemtime($file)) < SMC_CACHE_TTL); } if( !is_dir(SMC_DATA_ERRORS) ) if(!@mkdir(SMC_DATA_ERRORS,0777)) return _error('Could not create error directory, please check if cache directory is writable', 'WARNING'); @touch($file); } function _time() { list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec); } function _mem() { if(function_exists("memory_get_peak_usage")) { $mem = memory_get_peak_usage(true); } else if(function_exists("memory_get_usage")) { $mem = memory_get_usage(true); }else return false; return round($mem / 1024 / 1024,2); } function & _parse_url(&$url){ $p = parse_url($url); if(!$p) return $p; $p['host'] = preg_replace('#^(?:www\.)?(.*)$#i', (SMC_USE_WWW ? 'www.\\1' : '\\1'), $p['host']); if ( empty($p['port']) ) { if ($p['scheme'] == 'https') { $p['port'] = "443"; } else { $p['port'] = "80"; } } if ( empty($p['path']) ) { $p['path'] = '/'; } #code from http://enarion.net/google/ crawler class $query_encoded = ''; if (!empty($p['query']) ) { $query_encoded = '?'; foreach (split('&', $p['query']) as $id => $quer) { $v = split('=', $quer); if (!empty($v[1])) { $query_encoded .= $v[0].'='.rawurlencode(urldecode($v[1])).'&'; } else { $query_encoded .= $v[0].'&'; } } $query_encoded = substr($query_encoded, 0, strlen($query_encoded) - 1); $query_encoded = str_replace('%2B','+', $query_encoded); } $p['query'] = $query_encoded; return $p; } function clean_dir($count=false, $dir=1){ $dir = $dir == 1 ? SMC_DATA_CACHE : SMC_DATA.'errors/'; if ($handle = @opendir($dir)) { $i = 0; while (false !== ($file = readdir($handle))) { if ($file != "." && $file != ".." && $file != "test" && !is_dir($dir.$file)) { if(!$count && @unlink($dir.$file)) echo "{$dir}{$file} <font color=red>deleted</font><br>"; $i++; } } if(!$count){ if(!$i) echo '<strong>No cache files found in '.$dir.'</strong>'; else echo '<strong>'.$i.' files deleted successfully</strong>'; }else return $i; closedir($handle); } return 0; } function draw_table(){ global $urls; $sitemaps = array(); clearstatcache(); if ($handle = @opendir(SMC_DATA_SITEMAPS)) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != ".." && $file != "default") { $sitemaps[] = $file; } } closedir($handle); } if(!empty($sitemaps)){ echo '<p>Displaying '.count($sitemaps).' Sitemaps found on '.SMC_SITE.'</p>'; echo '<table width="100%" border="1" cellspacing="0" cellpadding="0"> <tr> <th scope="col" width="40%">Sitemap</th> <th scope="col" width="30%">Date Created</th> <th scope="col" width="30%">Ping \'em</th> </tr>'; foreach($sitemaps as $sm){ echo "<tr> <td><div><a href=\"".SMC_SELF."?do=showsitemap&sm={$sm}.xml.gz\">sitemap{$sm}.xml.gz</a></div></td> <td>".date( "H:i:s Y-m-d",filemtime(SMC_DATA_SITEMAPS.$sm) )."</td> <td><a href=\"".SMC_SELF."?do=ping&sm={$sm}\">Ping</a></td> </tr>"; } echo '</table>'; } if( !empty( $urls ) ){ echo '<p>Displaying '.count($urls).' URLs found on '.SMC_SITE.'</p>'; echo '<table width="100%" border="1" cellspacing="0" cellpadding="0"> <tr> <th scope="col">URL</th> <th scope="col" width="5%">Priority</th> <th scope="col" width="5%">Last Modified</th> <th scope="col" width="5%">Frequency</th> </tr>'; foreach($urls as $url => $arr){ echo "<tr> <td><div><a href=\"{$url}\" target=\"_blank\">{$url}</a></div></td> <td>{$arr['priority']}</td> <td>".gmdate("Y-m-d\TH:i:s",$arr['lastmod'])."</td> <td>{$arr['freq']}</td> </tr>"; } echo '</table>'; echo '<br /><strong>Use this URL to add to your crontab or schedule tasks :</strong> <br /><div class="secure">http://'.SMC_SITE.SMC_SELF.'?do=createsitemap&secure='.md5(SMC_PASS).'</div>'; } } function csv( $read=false ){ global $urls; clearstatcache(); if($read){ if( !@file_exists(SMC_DATA_SITES.SMC_SITE) ) return false; $file = file(SMC_DATA_SITES.SMC_SITE); foreach($file as $line){ $data = explode("\t", $line); $urls[trim($data[0])] = array( 'priority' => floatval($data[1]), 'lastmod' => intval($data[2]), 'freq' => trim($data[3])); } return; } $data = ''; if( empty($urls) ) return false; foreach($urls as $url => $arr ) $data .= "{$url}\t{$arr['priority']}\t{$arr['lastmod']}\t{$arr['freq']}\n"; if( !is_dir(SMC_DATA_SITES) ) if( !@mkdir(SMC_DATA_SITES,0777) ) return false; if(@file_put_contents(SMC_DATA_SITES.SMC_SITE, $data, LOCK_EX)){ @chmod(SMC_DATA_SITES.SMC_SITE,0777); return true; }else return false; } function create_sitemap(){ global $urls; clearstatcache(); if( !is_dir(SMC_DATA_SITEMAPS) ) if( !@mkdir(SMC_DATA_SITEMAPS,0777) ) return false; $sm = date("Ymd",time()); $cont = '<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet type="text/xsl" href="'.SMC_SELF.'?do=gss.xsl"?><urlset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/09/sitemap.xsd" xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">'; foreach($urls as $url => $arr){ $cont.='<url>'; $cont.='<loc>'.utf8_encode(htmlentities($url, ENT_QUOTES )).'</loc>'; if(!empty($arr['lastmod'])) $cont.="<lastmod>".gmdate("Y-m-d\TH:i:s",$arr['lastmod'])."+00:00</lastmod>"; if(!empty($arr['freq'])) $cont.="<changefreq>{$arr['freq']}</changefreq>"; $cont.="<priority>{$arr['priority']}</priority>"; $cont.='</url>'; } $cont.='</urlset>'; $fh = gzopen( SMC_DATA_SITEMAPS . $sm, 'wb'); gzwrite( $fh, $cont); gzclose($fh); if(@file_put_contents( SMC_DATA_SITEMAPS . 'default', $sm)) echo "<a href=\"".SMC_SELF."?do=showsitemap&sm={$sm}.xml.gz\">sitemap{$sm}.xml.gz</a> Created successflly with ".count($urls)." URLs<br />"; ping_em($sm); } function get_sitemap(){ $sm = !empty($_GET['sm']) && intval($_GET['sm']) ? intval($_GET['sm']) : @file_get_contents( SMC_DATA_SITEMAPS .'default'); $sm = SMC_DATA_SITEMAPS.$sm; clearstatcache(); if(@file_exists($sm)) { @ini_set('zlib.output_compression', '0'); @ini_set('zlib.output_compression_level', '-1'); @header('Content-type: text/xml; charset=UTF-8'); @header("Expires: " . gmdate("D, d M Y H:i:s",time()+(60*60*24)) . " GMT"); if(isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'],'gzip')===false){ readgzfile($sm); }else{ @header('Content-Length: '.filesize($sm)); @header('Content-Encoding: gzip' ); if(strpos($_SERVER["SERVER_SOFTWARE"], 'lighttpd') !==false) @header("X-LIGHTTPD-send-file: {$sm}"); else @readfile($sm); } if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("#(msnbot|Lycos_Spider|eMiragorobot|Slurp|Ask Jeeves|WebCrawler|Scooter|googlebot)#si", $_SERVER['HTTP_USER_AGENT'])) _mail('Sitemap crawled', $sm." has been viewed"); exit; }else{ _mail('Sitemap not found', $sm.' could not be found'); @header('Cache-Control: no-cache'); @header('Status: 404 Not Found'); echo 'Sitemap file not found'; return; } } function ping_em($sm){ if(!SMC_PING) return; global $pings; $out = ''; $sm = urlencode("http://".SMC_SITE."/sitemap.php?do=showsitemap&sm={$sm}.xml.gz"); foreach($pings as $domain => $val){ $out .= "<br />"; if( $reply = & get_content( $val.$sm, true ) ) $out .= "Pinged <a href=\"{$val}{$sm}\" ><strong>{$domain}</strong></a> said: <br />".preg_replace("#\n+|\s+|<script [^>]+>[^>]+</script>|<[^>]*>#is",' ',chop($reply['content']))."<br />"; else $out .= "<font color=\"red\">Failed to ping <strong><a href=\"{$val}{$sm}\" >{$domain}</a></strong></font><br />"; } _mail('Ping results', $out); echo $out; } function robots(){ $robots = $_SERVER['DOCUMENT_ROOT'].'/robots.txt'; if(!@touch($robots)) return _error( '<strong>'.$robots.'</strong> does not exist or is not writtable, please chmod 666', 'WARNING'); $robotstxt = file_get_contents($robots); if(strpos($robotstxt, 'Sitemap :') !== false){ echo "<a href=\"http://".SMC_SITE."/robots.txt\">robots.txt</a> already contains reference to sitemap<br />"; }else{ $robotstxt .= "\nSitemap : http://".SMC_SITE."/sitemap.php?do=showsitemap&sm=sitemap.xml.gz\n"; if( file_put_contents($robots, $robotstxt ,LOCK_EX) ) echo "<a href=\"http://".SMC_SITE."/robots.txt\">robots.txt</a> edited successfully<br />"; } _echo($robotstxt); } function login(){ if(!SMC_PASS) return; if( (isset($_POST['pass']) && $_POST['pass'] == SMC_PASS) || (isset($_COOKIE['smc_pass']) && $_COOKIE['smc_pass'] == md5(SMC_PASS)) || (isset($_GET['secure']) && $_GET['secure'] == md5(SMC_PASS) && isset($_GET['do']) && $_GET['do'] == 'createsitemap') ) return; echo '<br /><div align="center">'; if(isset($_POST['pass'])) echo '<font color="red">Wrong Password, please check on the script config file</font><br />'; echo '<h2>Login</h2><form method="post" action="'.SMC_SELF.'"><input type="password" name="pass" size="15"/><input type="submit" value="Login" /></form></div><div class="cp"><hr /><a href="'.SMC_SM_URL.'" >Sitemap Creator <?php echo SMC_VERSION ?></a> By <a href="'.SMC_URL.'">GadElKareem</a></div> </body></html>'; exit; } function _mail($title,$msg){ if(!SMC_EMAIL) return; $title = '[SITEMAP]'.$title; $msg = preg_replace('#<[^>]*>#s','',str_replace('<br />', "\n", $msg)); $msg .= "\nIP -: http://whois.domaintools.com/{$_SERVER['REMOTE_ADDR']}". "\nDate -: ".date(" h:i:s a ( l d F Y )"). "\nBot -: {$_SERVER['HTTP_USER_AGENT']}". "\nLocation -: http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; $headers = "From: _SITE; $headers .= "\r\nMIME-Version: 1.0 \r\nX-Mailer: Sitemap Creator Mailer\r\n"; mail(SMC_EMAIL,$title,$msg,$headers); } ?>
All I asked the guy to do is to make users enter more information to register on my website. But for some unknown reason, even though he's made the changes he's also put this file in the public area of my website. I didn't ask for it but its there.
It really doesn't look suspicious (then again, I haven't closely read every line). I think he probably just included it by accident or out of habit.
Thanks for the input SmallPotatoes and stephan2307. I've had other suggestions that he may have put this script in to get all the emails of your users who've registerd. But then I don't quite see how in the script above when the emails are in a mysql database.