15

I'm new to the web development, recently I create a web application with Php/Mysql, and now I want to put it on to the server but I feel that my files organization is bad (very bad).

my project files structure looks something like that

|--XAMPP htdocs
    |--MyProject
        |--config.php
        |--functions.php
        |--header.php
        |--nav.php
        |--index.php
        |--js   
        |--css
        |--images
        |--register
            |--index.php
        |--messages
            |--inbox
                |--index.php
                |--handle_inbox.php
            |--outbox
                |--index.php
                |--handle_outbox.php
            |--trash
                |--index.php
                |--handle_trash.php
            |--uploaded_files
        |-- ...

what I can do to improve this structure and make it secure ?!

Az.Youness
  • 2,167
  • 1
  • 24
  • 33
  • 2
    A very nice question but the answer is opinion based. BTW you can't have the same directory several times (messages) at the same root. – B001ᛦ Feb 26 '16 at 10:30
  • 3
    Hard to comment on security without knowing your project. – Progrock Feb 26 '16 at 10:31
  • @Progrock at least how I can make config.php file and uploaded_files directory inaccessible ! – Az.Youness Feb 26 '16 at 10:38
  • 1
    If you are using Apache, for instance, there are some configurations to avoid a file (like config.php) being server and to block the contents of a directory. – Ed de Almeida Feb 26 '16 at 10:42
  • 1
    @BBeta, please find my answer below. Also the generic recommendation would be, as soon as you are new to PHP development, to use even a simple PHP Framework, it will allow you to structure the code, files, and organize them in a good architectural way. You may start with the **CodeIgniter**, it's extremely lightweight. – Farside Feb 26 '16 at 10:48
  • @Farside I write most of code for the project, It's impossible to rewrite it in framework, even if it's possible I want to learn more about PHP before using any framework, for your answer I'm trying now to understand how listed framework do the job ... – Az.Youness Feb 26 '16 at 10:52
  • @EddeAlmeida do you have some links plz ? – Az.Youness Feb 26 '16 at 10:54
  • 1
    @Farside is completely right in his answer. Even if you don't want (or can't) rewrite your whole project using a framework, at least you should observe a framework closely and use its security practices. I'm going to post some links anyway. – Ed de Almeida Feb 26 '16 at 11:09
  • 1
    http://serverfault.com/questions/174708/apache2-how-do-i-restrict-access-to-a-directory-but-allow-access-to-one-file-w – Ed de Almeida Feb 26 '16 at 11:10
  • 1
    http://stackoverflow.com/questions/2679524/block-direct-access-to-a-file-over-http-but-allow-php-script-access – Ed de Almeida Feb 26 '16 at 11:10
  • @EddeAlmeida thnx for those useful links – Az.Youness Feb 26 '16 at 11:24

2 Answers2

16

Paul M. Jones has done some fantastic research into common practice of tens of thousands of github projects in the realm of PHP. He has compiled a standard filesystem structure based on this research. Take a look at the Standard PHP Package Skeleton and base your project off of it.

You do not need all of the file structure that he recommends, but it's a great place to start. If you are planning to open-source your project, this file structure will make the most sense to your potential contributors and users.

Eric Poe
  • 383
  • 2
  • 9
  • I don't quite understand this. If I'm creating a login system with a login.php login form that contains PHP and HTML, this has to go in `/src` or `/public`? – user2924019 May 25 '22 at 09:14
  • @user2924019 The current way to build a PHP / HTML site is to separate your concerns. Do not combine your HTML and PHP in the same file unless you are using it as a templating system (place in `/src`) to generate your publicly viewable HTML (place in `/public`) or to dynamically build HTML via front-end controller. Further reading: https://phptherightway.com/#templating – Eric Poe Jun 03 '22 at 20:26
  • I've been forcing myself to learn Laravel. It makes a lot of sense to keep these separate, and I do quite like the framework despite how much of a pain it was to get it setup and working on a Plesk server! I will check out the link now. – user2924019 Jun 05 '22 at 11:34
7

The recommendation would be to have all the script "hidden" from straight access, and to have separately public directory.

You may check the best practices from different frameworks, how they organize the directories:

I'd recommend to guide these best practices, as they came to this through the long way and tons of tries.

Farside
  • 9,923
  • 4
  • 47
  • 60