<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Frontend</title>
  </head>
  <body>
    <nav>
        <div>
            <a href="index.php?page=welcome">
                Welcome</a>
        </div>
        <div>
            <a href="index.php?page=contact">
                Contact</a>
        </div>
    </nav>
    <div id="main">
        <?php
            if(isset($_GET['page']))
            {
                // get content of the paramter
                $page = $_GET['page'];
                // sanitize
                $page = str_replace('..','',$page);
                $page = str_replace('/','',$page);
                $page = str_replace('\\','',$page);
                // compose filename
                $filename='Pages/'.$page.'.php';
                // check if the file exists
                if(file_exists($filename))
                    // include the file
                    include($filename); 
            }
        ?>
    </div>
  </body>
</html>