Performance wouldn’t be improved by retrofitting an autoloader but application security would be. None of those require_once statements appears to be wrapped in an appropriate is_readable(), which would allow for a graceful failure in the event that one of those files can’t be read in by the server process.
Unless there’s an appropriate error handler implementation elsewhere in radicore, the thing just falls over when it can’t require a file - potentially yielding filesystem paths to the browser. Unless all of those .inc files are outside of the web root (or the server’s set up to deliver .inc files as php), that’s a serious issue.
Even just replacing the require_once’s with a custom loader function would be a vast improvement.
function radicore_require($filename)
{
if (!is_readable($filename)) {
// fail gracefully
}
require_once $filename;
}