Custom scripts which are designed to use Drake CMS as a framework can proceed in 4 ways (ordered from least to most code inclusive):
NOTE: it is not suggested to make harmful operations when including only includes/header.php, see the below mode instead
NOTE: you should check for the highest admin level through $my->is_admin() before making harmful operations since a valid admin user can be also one of the Publishers group (which is the minimum level allowed to acceed to the admin backend)
Studying the architecture, you can easily realize how index.php uses the 3rd and 4th method to render components and output into a template (respectively for frontend and backend).