ho provato a fare un cosa così:

codice:
<? 

include("header.php");
include("menu.php");

$array_reserved=array("admin","home","login","logout","menu","pagina3");

if(in_array($_GET['page'],$array_reserved)) {
  $p="auth/";
}

else {
$p="main"; 
}

if(isset($_GET['page'])){
$p=$_GET['page'];
if($p!=basename($p) || !preg_match("/^[A-Za-z0-9\-_]+$/",$p) || $p=="index" || !file_exists($p.".php"))
$p="error";
}



include($p.".php");
include("footer.php"); 

?>
ma non funziona...