Don't mind my long post, just posting cool suggestions!
Maybe you could add a wildcard to the end of "php" as well, so it becomes "*.php*" since there's always the possibility of them using older versions. I've seen sites myself that use extensions like ".php3" and ".php5". Other cool extensions other interesting extensions might be: ".shtml" (server side html), cfm (coldfusion) and yeah like you said maybe perl, ruby or other scripting languages.
You could make some sort of array with extensions like that and look for files with names like: (conf, config, global, db, database).extension in the webserver root directories such as /var/www and /home/user/public_html.
For more fulltext search after database credentials in php, you could maybe try to search for
php PDO instances through regex or something. For example: "${variable} = new PDO (${variables here}...);".
Also if the user have automated backups via cronjobs or something and doesn't want to store his password directly in the .sh file, there might be a possibility that he has stored the mysql credentials in his
my.cnf file in any of these
locations (Might be worth looking into).
If they have MySQL safemode enabled there might be a possibility that the credentials is stored in the php.ini file instead of in the php source code of the application. Like this:
http://webmasters.stackexchange.com/a/72124 .
