Hi guys. Cool script. Great price. In the interest of quality, I'd like to make the following comments:

1. To require register_globals = on is a huge security hole. According to PHP: "You should do your best to write your scripts so that they do not require register_globals to be on; Using form variables as globals can easily lead to possible security problems, if the code is not very well thought of." Is that the case here, and are you taking the appropriate steps to eliminate this requirement?

2. What's with the use of short <? php tags?. That's universally regarded as bad coding practice to use the short tag instead of the long ones for software intended to run on third-party servers.

3. Requiring open_basedir = (no value) is both unusual and a huge security hole. Again, from PHP: "NOTE: this is considered a "broken" security measure. Applications relying on this feature will not recieve full support by the security team. For more information please see /usr/share/doc/php5-common/README.Debian.security".

At a bare minimum, you should distribute an include file to hold these settings, leaving the main php.ini pristine, using something like:
Code:
<?php  ini_set('include_path',ini_get('include_path').':../includes:');  ?>