There are many documents about directory structures, but most of them about MVC directory structures. But what if we don't want to use any framework or MVC?
I am really confused.
First option:
/public_html
/css
/images
/libs
index.php
profile.php
search.php
Second option: I can still use ww.mysite.com/index.php, ww.mysite.com/profile.php .. link structure
/libs
/public_html
/css
/images
index.php
profile.php
search.php
Third option: My links will be like this: ww.mysite.com/index.php?view=search
/view
-profile.php
-search.php
/libs
/public_html
/css
/images
index.php
Which one is the best practice? Directory structure does it matter about security? Thank you for all helps!
I think the third option is the best, but I'd extend if further (see below). If a file can be accessed directly from the internet it can potentially provide information if something goes wrong.
In the first and second option, if the mime type is set wrong or for some other reason PHP doesn't parse the file, it will generally display as text/html or plain text. In the first and second option, this means someone could potentially grab information such as database logins.
I usually set it up similar to option three, but pass everything to another index file, and don't make the URI match the files view=search indicates grab the file search.php from the view folder. I don't know about this set up, but this is personal taste.
My setup would look like this
/private
/view
-profile.php
-search.php
/libs
-index.php
/public_html
/css
/images
-index.php
public_html/index.php just hands off to private meaning if it's passed as plain text, it doesn't provide any information except that your files are stored in another directory. All processing is done by private/index.php
<?php
require_once('../private/index.php');
Even with configuration errors I've never found a serious problem with this setup.