i like that it's simple. but it looks like 10 000 other sites. a bit unoriginal.
also learn a bit about security.
make sure u validate what pages can and cant be included.
it's good that u put include($pagename.'.php');
w/o the .php any file could be included on your server. or maybe they still can. i just cant figure out how to make it ignore .php =D
you didnt validate for ../
so if u have some important file say
/home/a114588/o2x/file.php
technically people cannot access file.php cause it's outside of public_html file
but with your setup it is possible
http://ae-hq.com/o2x/index.php?id=../file
try creating file.php outside public_html see if it includes it
also i dont know if this is harmful to the server
http://ae-hq.com/o2x/index.php?id=/h...html/o2x/index
but that'll include index file for a long time =D.
do something like
PHP Code:
if (preg_match('/index/i',$id))
{
include('home.php');
}
make sure u validate what pages can and cant be included.
goodluck with the site man.