Hi, my name is Constantin Boiangiu, I'm a romanian web developer. Based on the info you provided, it looks like a case of sql and/or file injection. Please note that the deadline term I gave is mainly based on how well you code is written and it's the maximum time I would require.
As for experience, I have about 6 years of PHP developing. Unfortunately, I'm not a gold member but I can still do high quality work even without it.