PHP Security: website directory structure

[RLJ]

Hi all,

 

So I've nearly finished coding my first website. Currently all the files are in the same directory on my harddrive, but I now want to create a proper folder structure that will be secure. I have been reading up on this a lot on various websites, but it seems like most articles on this topic are targetted at developers with much more complicated websites than mine, and it's all a bit over my head.

 

My website is quite simple, it consists of the following:

 

1) html files and php files that print something to the screen that I want to be accessible to the user by typing in the url in the browser.

 

2) html and php files that are called upon by 1, they either print something to the screen inside an iframe or not at all - I want these files to be accessible only to 1) and not directly to the user by typing the url

 

3) image files and includes, etc.

 

(and also 4) a MySQL database, but maybe this doesn't really have anything to do with the website folder structure.)

 

What should my directory structure be and where should I put 1), 2), 3), etc.?

Thanks a lot!

[RLJ]

Anyone? Sorry if this is a noobish question, but I've never done this before!

 

Thanks

[ignace]

Can you give us an example of your directory layout? If your PHP includes the HTML (template) files, it might be wise to put these into a sub directory and add a .htaccess with a Deny from all rule (PHP will still be able to access the files).