Sometimes in PHP, when it is used to include a page, and the page is specified in the URL, hackers can change it to include pages that shouldn't be accessible!
they could try:
If you are making a system like this, it's worth remembering this.
To secure it, you can make your links like this:
then in the script:
if ($page == "indexpage") *display index.html*
else *tell them to go away*
This site is ok, it looks like you have done this, but it is easy to forget!
Be warned everyone!