Looking for a quick job fix on my PHP Code (out dated). The code that needs fixed is below. Needs to work with global_register turned off (need to use $GET_['page'] method most likely.. Paying $5...shouldn't take a lot of time or resources.
Basically the code is that if you load the main page at pingpros.com it would load the default include into the index.php (in this instance welcome.php).
Be careful with your code. If you allow any type of files to be uploaded to your site then someone could possibly execute any php they want simply by uploading a file (with any extension) and then setting the GET environment to the correct subdirectory/file when they call your script.
You should never include a file based on a passed-in variable. You're just asking for trouble. Plus, your variable is called "page". Spammers/Crackers will search google for URLs that have the word "page" as a variable and will find sites with your script and they will do everything they can to exploit your script.
I recommend you come up with another solution such as using a case statement and pass in a numeric value, then include a file based on the value. I'm sure there are other ways to protect this.