If you did not put it there, just delete it before it does any more damage, change all your server and database login passwords, notify the system admin, and do a security audit of your site.
If you did put it there, then contact the person who supplied the code (though I'm guessing this is not the case).
