: Looking for easy-to-maintain and secure directory structure for multipart site I recently inherited an older custom PHP website that consists of three parts: a public section for all to see, a

Posted in: #Security #SiteMaintenance #SiteStructure

I recently inherited an older custom PHP website that consists of three parts: a public section for all to see, a members section, and an administrator section. The directory section resembles the following:

->css
->doc
->inc
->js
->member
->css
->doc
->inc
->js
->admin
->css
->doc
->inc
->js

It looks like the site was originally produced by copying over a directory three times. Maintenance is turning out to be a pain because there are three copies of most functions. If I want to change the uploader, for instance, I have to remember to change it three times. However, the three sections are now very different from each other and have very different uses, so over time, many functions have evolved away from one another. This means that I have to diff before I copy, just in case.

A big frontend overhaul is planned and we're also updating security and moving from mysql_query to PDO. This seems like a good time to overhaul the structure too.

So my first question is, what is a good way to keep the tripartite structure for users but simplify? Is there a downside to creating a single inc or lib directory at the top level and putting all common files there?

For an additional complication, we would like to modernize the login so I am investigating panique's Huge php-login package. It would be used for member and admin logins. That package has an MVC structure and looks like it is meant to serve as the foundation for an entire site. But, I am not sure how I should incorporate it into our preexisting site... I'm reluctant to copy it over twice, for the admin and member sections. I'm wondering whether I should place the member and admin directories inside the php-login directory, or place php-login inside the common lib directory that I'm considering...

10.01% popularity Vote Up Vote Down

: If you're referring to caching from the way google looks at it, then use the robots noarchive tag like this: <meta name="robots" content="noarchive"> If you're referring to browser caching

@Angela700

0 Comments

: Setting up Google Analytics for an intranet website I'm trying to set up Google Analytics on an intranet site that is not publicly accessible. I read the help page that states you have to

@Angela700

Posted in: #GoogleAnalytics

1 Comments

: Here's other code that is similar to yours that makes it easy to understand what is blocking: RewriteCond %{HTTP_REFERER} !^http://mySite1.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://mySite2.com$

@Angela700

0 Comments

: Time for an official answer. What I learned is that hackers like to try to exploit the shell shock bug with variants. They like to try to use lines containing (){} and ( ){:;} and similar,

@Angela700

0 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Nickens628

As for object structure, I would go from this:

->css
->doc
->inc
->js
->member
->css
->doc
->inc
->js
->admin
->css
->doc
->inc
->js

To this:

->guest
->loginpage.php
->guest_only_item_1.php
->guest_only_item_2.php
...
->guest_only_item_n.php
->common
->shared_php_file_1.php
->shared_php_file_2.php
...
->shared_php_file_n.php
->somestylesheet.css
->somejavascript.js
->someimage.jpg
->someniceimage.png
->member
->member_only_item_1.php
->member_only_item_2.php
...
->member_only_item_n.php
->admin
->admin_only_item_1.php
->admin_only_item_2.php
...
->admin_only_item_n.php

I'm not sure how many items you plan to have for each type of user, so I assumed at least three which is why I listed the item lines three times per section. The common section is for files that are shared by everyone.

Then in PHP, when you load the special page, you can use the following PHP code at the beginning to add the common php files (if applicable) regardless of the section you are in:

include "../common/shared_php_file_1.php";
include "../common/shared_php_file_2.php";

and in the HTML part, you can use the following code fragments in your code to add the common files:

<link rel="stylesheet" href="../common/somestylesheet.css">

<script type="text/javascript" src="../common/somejavascript.js"></script>

<img src="../common/someimage.jpg" width=1 height=1>

<img src="../common/someniceimage.png" width=1 height=1>

If you use the image tag, make sure you set the width and height values to the actual image sizes, and not 1.

Also, in your setup, you will want to have the login script create a cookie of some sorts that stores a special hash that represents that a user is logged in then when the user tries to access the site, have your script read it, and match it up against the user database and if the user isn't in the right section of the site, he/she should be redirected there. If the user isn't logged in, then he/she should be redirected to the guest section.

Just make sure the database has at bare-minimum three fields. One for username, one for password, and one for the type of user.

10% popularity Vote Up Vote Down

Feed

: Looking for easy-to-maintain and secure directory structure for multipart site I recently inherited an older custom PHP website that consists of three parts: a public section for all to see, a

More posts by @Angela700

: If you're referring to caching from the way google looks at it, then use the robots noarchive tag like this: <meta name="robots" content="noarchive"> If you're referring to browser caching

: Setting up Google Analytics for an intranet website I'm trying to set up Google Analytics on an intranet site that is not publicly accessible. I read the help page that states you have to

: Here's other code that is similar to yours that makes it easy to understand what is blocking: RewriteCond %{HTTP_REFERER} !^http://mySite1.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://mySite2.com$

: Time for an official answer. What I learned is that hackers like to try to exploit the shell shock bug with variants. They like to try to use lines containing (){} and ( ){:;} and similar,

Login to post a comment!

1 Comments

Back to top | Use Dark Theme