Browsing "Older Posts"

Browsing Category " PHP "

Before I can start talking about PHP RESTful micro frameworks, let me first say that I am first and foremost Java developer. At the same time, my personal and official job also requires of me to work with PHP, from time to time.

It was never my intention to write an article about this topic. A purpose of this blog is to help mobile developers working with JavaScript; PHP was never part of it. But as things go I made a decision to write a rather complex set of jQuery Mobile tutorials that required server side communication. My first thought was to use Java Play Framework. This plan backfired when I found out that a lot of my readers were PHP developers.

Everything mentioned before urged me to switch to PHP but at the same time I was required to spend some time searching for the best replacement for the Play Framework. This article is dedicated to this search.

I will try to be as much objective as I can. Before I chose these frameworks, I spent a lot of time playing with everything available trying to find a perfect one. This doesn’t mean other frameworks are wrong or inadequate, as you will see, my decision was hard, and it took time.

Before I start take a look at a list of my chosen 10, in alphabetical order

BulletPHP
Fat-Free Framework
Limonade
Phalcon
Recess PHP
Silex
Slim
Tonic
Wave Framework
Zaphpa

src:gajotres.net

Tags: PHP

RESTful Micro Frameworks for PHP

By Sinh Pham → Sunday, 10 May 2015

Here is a fresh list of Cakephp Projects from Github. Github is the Nr.1 resource for Cakephp projects in my opinion, second place probably is occupied by Code Google and 3th place by Sourceforge.

If you have Cakephp questions and If you didn't find yet the answer to these questions on cakephp google group or ask.cakephp.org than is a big chance to get it from github or stackoverflow.com.

QuickAppsCMS / QuickApps-CMS
https://github.com/QuickAppsCMS/QuickApps-CMS

Tags: Cakephp → PHP → PHP FrameWork

Open Source Cakephp Projects and Resources

By Sinh Pham → Monday, 13 October 2014

I have heard and read so many positive reviews on PhpStorm IDE in the past. So I am working on windows and xampp,so on.
If PEAR is absent, follow the steps below to get it installed.

1 .Download PEAR’s installation PHAR file, copy and paste it to your PHP server installation directory (i.e. where php.exe resides).
2. Open windows command prompt: Start -> type in ‘cmd’ -> press Enter.
3. CD into your php server folder (in XAMPP, the folder is C:\path\to\xampp\php) like this:

cd c:\path\to\php\server\folder

4 .Run the following command to start the PEAR installation.

Tags: PHP → Php storm

PHPStorm and PHP_CodeSniffer on XAMPP

By Sinh Pham → Monday, 8 September 2014

The Doctrine documentation is comprised of tutorials, a reference section and cookbook articles that explain different parts of the Object Relational mapper.
Doctrine DBAL and Doctrine Common both have their own documentation.

Tags: Doctrine2 → MVC → PHP → PHP FrameWork → php2

Doctrine 2 ORM’s documentation PDF

By Sinh Pham → Monday, 16 June 2014

Learn expert CodeIgniter techniques and move beyond the realms of the User Guide
Create mini-applications that teach you a technique and allow you to easily build extras on top of them
Create CodeIgniter Libraries to minimize code bloat and allow for easy transitions across multiple projects
Utilize third-party APIs (Twitter oAuth and Facebook Connect) and make use of some less-known helper functions – CodeIgniter's hidden gems
A step-by-step, practical guide with examples and screenshots

Tags: CodeIgniter → PHP → PHP FrameWork → php2

CodeIgniter 1.7 Professional Development pdf free

By Sinh Pham → Sunday, 15 June 2014

Download : http://www.jetbrains.com/phpstorm/

Name: EMBRACE
Key: ( spaces with ):
===== LICENSE BEGIN =====
68585-12042010
00000rq8KHZcfF"JeepL!9"grdOKEP
A4Y"n9dgI0huKoOsihYHpahhne5eK8
T8itWFXW4!36oOef0s605UQ7mCNZTQ
===== LICENSE END =====

Tags: IDE → PHP → PHP FrameWork → Php storm → php2

Key Active PHP storm 7.x

By Sinh Pham → Thursday, 29 May 2014

Open Source PHP E-Commerce Platforms Compared

Just a few short years ago, options for Open Source PHP ecommerce platforms were extremely limited, and often the only way to put together an ecommerce store online was to have a bespoke system built. Not any more, though - now there are plenty of options. We take a look at the top five contenders to see what each has to offer.

The Contenders

The first name down was the big dog in this particular park - Magento. In a relatively short space of time, it has achieved remarkable success, and its recent acquisition by eBay indicates little intent to slow down.
OpenCart Logo

Second, showing great promise, is the wonderful OpenCart. OpenCart is known for being a speedy way to get an e-Commerce site online and for having an easy-to-work-with codebase. Not as full-featured or "entreprisey" as Magento, it is nevertheless an excellent platform.
PrestaShop Logo

Usually mentioned in the same breath as OpenCart as a worthy alternative to Magento, PrestaShop is a capable platform using the Smarty templating engine. The most common complaint? It's developerd primarily by a company in Paris, so unless your French is up to speed you may find the documentation a touch tricky.
Drupal Logo

The only entry in the list which isn't a specialist e-Commerce platform, Drupal is still an extremely popular choice, largely because of its large community and vast array of extensions. It has strengths in areas where the other contenders are lacking, primarily due to its primary function being as a CMS rather than an e-Commerce system. The Commerce plugin (as one of several options) adds e-Commerce functionality to the system.
osCommerce Logo

And finally, bringing up the rear, is the oldest of the lot - osCommerce. Despite a history of poor security, difficult maintenance and spaghetti code, it remains one of the most used platforms and has a huge community behind it. Development has slowed recently, prompting rumours that the project may be heading for the graveyard.
With the exception of Drupal, where an extension is required to add basic e-Commerce functionality, this comparison will not include functionality added through extensions - I am comparing the products out of the box.

Installation

Magento was simple to download, with older versions of the software available in tabs, although, system requirements were hidden away on the downloads page. Installation instructions were provided during the download process, and the installation guide was excellent. Installation was slow, though, largely because of the size of the software. It could have done with more explanatory text - osCommerce did this well - and any cleanup was handled automatically, which was excellent.
OpenCart has a reassuringly professional feel to its installation procedure. Downloads were easy to find, including earlier versions, although no installation guidance was provided when downloading. Requirements checking was simple and clear, and your stage in the process well indicated. It also lacked explanatory text and there was no option to clean up automatically after itself and set sensible permissions.
PrestaShop downloads were easy to find and grab, though system requirements were rather better hidden, with a link near the bottom of the download page. The download screen links to installation guides on the main PrestaShop site, which are excellent and include videos - but these are not linked to from the installation procedure, which is a real shame. System requirements checking was simple enough, with clear instruction on what to do to correct any issues. Cleanup is not automated, but is enforced (good idea) - you can't log in until you've renamed your administration folder and deleted the install folder. Finally, each of the two installations run during the writing of this article resulted in errors in either the admin area or the shop itself.
Drupal downloads were easy enough to find, and installation instructions and system requirements were both linked obviously from the downloads page. Indications of where you are in the installation process are simple, and requirements checking during the process was good, with clear instructions on how to address any issues. Unfortunately, it is the only of the systems to require you to manually create a configuration file, and this seemed rather unnecessary. As with most of the other platforms, there was little help text along the way. Drupal did clean up after itself though, with the installer being disabled after it has been run.
osCommerce was less smooth than the others to download - it's not obvious where to go to download the software from the homepage, although the downloads page is very simple. Requirements were specified on the download page, but no installation instructions. It was simple to install, with a guided process that confirmed requirements were met, gave good feedback and included plenty of help text. It might have been nice if it had given the option to run a cleanup script once complete, to wipe the install directory and set sensible permissions.

Theming

Magento has an excellent theming engine, with the ability to inherit elements from one theme to another, making theme variants easy and quick to produce. The sheer volume of folders and nesting can be daunting to someone new to the platform. There are some excellent themes to download as well, which can often provide a good starting point. Unfortunately, Magento is also extremely heavy, loading large amounts of CSS and JavaScript by default. Themes often end up being extremely large, making ongoing management sometimes more painful than with other systems.
OpenCart uses PHP files for its templates, which is something I am a fan of (why introduce a new variable and control syntax, processed by PHP, when it already has these things?) and as a result the templates are simple to write and maintain. Themes are held in folders, so many can be installed to a site at once. There are plenty of themes available as well, both free and paid.
PrestaShop makes use of the well-known Smarty templating engine, and can handle multiple templates being installed at one time. The themes don't have the ability, like Magento, to inherit elements from each other, but they are easy to build and simple to maintain. There are plenty of themes available as well, both free and paid.
Theming Drupal is not considered terribly good fun. Designers and front end coders working with it for the first time have a distinctive haunted look, largely because the parts of each page can come from so many different places. On the plus side, multiple templates can exist side by side, and templates can include extra functionality when needed. There are also some excellent templates available to download, although most will require some work to make them fit the specifics of your site, depending upon the modules you have installed.
The default osCommerce theme is terribly outdated and a major let down. As with the other platforms, though, there are some stunning templates available. Unfortunately, there is no integrated templating engine, and as a result many templates require changing of core files for installation.

Extensibility

All of the contenders score well on extensibility, with both the type, range and ease of building of extentions (a.k.a. addons) taken into account. Drupal and Magento are pretty even - Drupal has a much larger collection of extensions, largely because they are quicker and cheaper to build, but Magento's are generally of a higher quality.
The rest are all fairly evenly matched, with extensions numbering in the thousands providing similar added functionality to all of the platforms. OpenCart has a slight edge over PrestaShop and osCommerce when it comes to extensions development though, thanks to better documentation than PrestaShop and better architecture than osCommerce.
The most commonly required extensions - for payment and shipping configuration - are all present on all platforms for most of the large providers.

Development

Most stores require at least some ongoing development, integrating with new services and adding new features over time. So how do these platforms compare when it comes to having some custom work done?
It is difficult to know how to score Magento when it comes to development. The system's architecture, inheritance setup, XML config system and use of the MVC pattern all make it usually excellent to work with. It provides plenty of API interfaces, reusable objects, and has intelligent use of namespacing to reduce the risk of conflicts between modules. The code is also clean and well documented throughout. On the other hand, it can be slow to write for - it is a monster, with hundreds of files in a nested structure that really takes some getting used to. The observer pattern used frequently in Magento can make debugging some problems deeply painful, as you need to find which of dozens of observers are causing a headache. Overall, it is the most technically advanced, and by some way, but that carries with it something of an overhead, making development for Magento often more expensive than comparable systems.
OpenCart is, for the most part, pretty simple to develop for. It's generally faster than Magento, thanks to a simpler structure and faster page times. It uses an MVC pattern, and has great documentation. It does suffer from an unfortunate folder structure, where a single simple custom module can have files in lots of different parts of the directory tree, but once you are familiar with the layout this is less of an issue. There is a lot of repetition in creating OpenCart modules as well - Magento's easy Grid/Edit/Form setup is much simpler and faster. Overriding core functionality is also a painful experience, relying on third party modules that search and replace within code, rather than hooks or class overrides. Despite these shortcomings, generally OpenCart's simplicity makes developing modules more of a pleasure than with some of the competition.
PrestaShop has a better module folder structure than OpenCart, similar to Magento's way of doing things, with every module in its own distinct folder. The development documentation has not been great in the past, though does seem to be improving. PrestaShop also provides a robust system for overriding core functionality as well as a variety of hooks and an API.
Drupal uses a simple and straightforward module system for development, meaning modules can often be added extremely quickly, each within its own folder. If the recommended development practices are followed, it's easy enough to avoid conflicts between modules. Where Drupal can be trickier is in overriding core functionality. Often the only way to do so is to copy a core module, alter it, and make the same changes whenever updating in future (this is not dissimilar to other platforms, of course). Drupal does separate themes from modules well, but does not go quite as far as an MVC pattern. Drupal uses a system of hooks to enable you to tap into or override normal functionality in your own modules, however this becomes problematic when wanting to modify or interact with third party modules, as these may not implement hooks in the same way, if at all.
osCommerce is extremely poor when it comes to development. Almost all development work involves modifying core files, and those are largely procedural code. There is no universal URL handler to tap into, no module system, no hooks. This does mean it is often extremely quick to make small changes to the site. It also means those changes can have far-reaching effects, upgrades are extremely painful, and security issues are easy to introduce.

Support

Drupal is well in the lead here, with extensive and varied support communities. They have forums, their own Stack Exchange site (in addition to a healthy amount of activity on the main Stack Overflow), and each module has its own mini-support system complete with bug tracking. All of which is lucky, because with Drupal you can spend a lot of time looking for help.
Magento is just a little behind Drupal. There is an active community on the main Stack Overflow site, and Magento have their own forums - although a large number of posts there seem to go unanswered. Magento also offer paid support options.
OpenCart, PrestaShop and osCommerce all score roughly evenly here. All have their own active forums (OpenCart, PrestaShop, osCommerce), and all have small communities on Stack Overflow (OpenCart, PrestaShop, osCommerce). PrestaShop offer a variety of paid support options as well.

Hosting and Performance

With Open Source systems a couple of the potential major costs usually associated with ecommece businesses are no longer an issue - building a system is unnecessary, and no need to pay for a license. However, there are still significant costs associated with hosting to be considered. Performance is a significant issue too, with slow sites converting customers at a lower rate than faster competitors.
Magento scores poorly here, requiring a beefier server than the other contenders to serve a comparable level of traffic, as well as needing PHP modules that are not always present on web servers by default. Performance can be very poor without tweaking of server configurations and addition of opcode caching modules. Even with plenty of server-side shenanigans, pages are heavy and difficult to trim to a healthy size. It redeems itself slightly with its ability to scale to multiple servers easily, but, for smaller online shops, this is an area where Magento has much room for improvement.
OpenCart and PrestaShop are evenly matched, with comparable load times out of the box and similar hosting requirements. They are not as demanding or as expensive to host as Magento, and both will work on the majority of PHP hosts.
Drupal will run on most PHP hosts, but will usually be pushing the limits of standard virtual hosts. It runs well on VPSes and up, but also suffers from slow load times. As with the other sites, speed can be vastly improved with opcode caching and some of the community modules.
osCommerce is not terribly fast when it comes to page loads out of the box, though there are plenty of optimisations you can perform to bring it up to spec. Where it does score well, however, it ubiquity of hosting. It has been around since early version of PHP and runs fine on a standard virtual server, so can be one of the cheapest and easiest system to host.

Management

Management of a store, including product pricing, inventory and data, categorisation, order statuses and so on is important to any e-Commerce venture. A management system should be intuitive and quick enough that customer service staff can use it without extensive training, and should allow restriction of access to different parts of the system for different users. Functionality like the ability to manage multiple stores from a single interface, handle multiple languages, or customise designs for specific pages or sections, while not universally required, is becoming more and more important.
Magento scores well in most ways, although their management area is not particularly intuitive (especially when it comes to order statuses, invoicing and shipping). Access control is excellent, and the system allows almost every aspect of products to be controlled through their EAV model. Products can be of various types (attribute sets and configurable products both work very well), special offers are powerful (although no 3 for 2 support is still a serious omission), and rule-based product relationships are very useful. Magento also offers multi-website and multi-store functionality, although this can have a significant negative effect on performance.
OpenCart is more intuitive than Magento, handles multiple stores well, and has a basic but functional permissions management system. Editing of products, categories and orders is simple and quick. Especially nice is its support of multiple languages. However, special offer support is weak, automated relating of products is missing, and stock control for configurable products is limited to one criteria (so if you sell tshirts, you can't specify stock for each combination of colour and size you have available).
PrestaShop supports configurable products well and has good granular permissions management. Unfortunately, it is not particularly intuitive, and does not support multiple stores from a single installation (although this feature is currently in testing, so should be available soon). Unfortunately, like OpenCart, it also has weak special offer management facilities and no support for automated relating of products. I do like that management of an item, that on other systems is spread over several pages, is often on one page in PrestaShop - a small point, but much appreciated.
Drupal scores badly here, largely as a result of e-Commerce being an addon, rather than native functionality. As a result, categories, products and related products are traumatic to set up. Access control and multiple store support are both good, but the kinds of refinements expected of a modern e-Commerce platform are lacking - most things are possible, but slow and usually in a way that makes introduction of errors almost inevitable. Finally, and possibly most seriously, it is badly let down by its counter-intuitive administration area.
osCommerce is simple to use, though not intuitive. Unfortunately, that is largely where the positives end - it cannot support multiple stores, configurable products, related products or users with different levels of permissions. Many of these features are available by way of community modules, however. It does have basic support for special offers, and a simple to manage system for categories.

CMS

This is an area where Drupal shines, and where Magento, OpenCart, PrestaShop and osCommerce are well behind the curve. A modern CMS allows granular control of access to edit content, versioning of documents, publishing dates, commenting on posts and so on. At the minimum, an e-Commerce platform should be able to offer basic blog functionality. Only Drupal is up to the task here, being first and foremost a CMS.

Security

Only osCommerce presents a serious concern out of the box, with a terrible reputation for, and history of, insecurity. Efforts to improve it are ongoing, but once a product has a reputation for poor security it is tough to change it.
Drupal fares a bit better, although the reliance on modules means that sometimes, even though the main platform itself might be secure, exploitable weaknesses are introduced (this is true of all of the platforms to some extent, but Drupal has greater reliance on extensions if run as an e-Commerce platform). Generally security of the Drupal platform has been good, and it's been well tested, running high profile sites like Whitehouse.gov without incident.
Magento, OpenCart and PrestaShop are all fairly even here. Exploits of the core platforms are comparable in number and severity. Magento offers an Enterprise version of their software (for a fee) and this claims to be fully PCI compliant - if this were to be brought to the Community edition as well, it would have an advantage in future.

Consumers

Finally, how easy is each for a consumer to use, and how good is each platform at bringing in customers and marketing specific products? This is almost entirely dependant upon the theme chosen, the quality of development and hosting, and a thousand other factors. However, out of the box, ...
Magento is excellent for consumers, despite a few recurring issues. Filterable categories are excellent, and Magento handles complex products extremely well, making the shopping process very straightforward. Integrations with third parties for payments are also mature and well tested, meaning few surprises for shoppers. Sometimes let down by bizarre behaviour (categories showing as empty and the search returning no results being common issues), it is still comfortably ahead of the competition. Search engine optimisation is excellent, and the ability to run promotions from the CMS at various points in the site is also very welcome.
OpenCart, PrestaShop and osCommerce are very evenly matched here. All provide a friendly browsing experience, and both suffer from the serious ommision of category filters; however all also have an excellent shopping and checkout processes. OpenCart and PrestaShop both include product comparison, while of the three only OpenCart includes wishlist functionality. OpenCart and PrestaShop have excellent SEO capabilities, and both provide support for promotions on the site.
With a little patience, Drupal is capable of providing a simple and easy to use shopping experience. It lacks some of the options and more advanced refinements of the dedicated e-Commerce offerings, but with Drupal anything is possible - given enough time. It also has good SEO support and the ability to run promotions through the site.

Comparison Table

	Magento	OpenCart	Prestashop	Drupal	osCommerce
/10 Installation	8	7	7	7	7
/10 Theming	7	8	7	5	3
/10 Extensibility	8	7	6	8	6
/10 Development	8	7	8	6	2
/10 Support	6	5	6	8	5
/10 Hosting	4	6	6	5	7
/10 Management	9	7	6	3	2
/10 CMS	4	3	3	8	2
/10 Security	8	8	8	7	4
/10 Consumers	8	7	6	5	5
/100 Totals	70	65	63	62	43

Winners and Losers

Magento, despite extremely rapid growth, easy installation and excellent extensions, is let down by a lacklustre CMS, expensive running and development costs, and a comparatively poor (unless you are prepared to pay) support setup. Third party extensions and community sites exist to cover most of these shortfalls though, and the quality of code and the power available to extensions make this a great choice for serious e-Commerce businesses.
If you're looking to keep your development costs down, both OpenCart and PrestaShop are fine choices, though for me OpenCart seems to have the edge at the moment. Both have a bit of a way to go to catch Magento, though, especially when it comes to addons and sales features.
If you're after content bells and whistles, you're going to find it tough to talk yourself out of Drupal. It isn't the easiest system to develop with, but there's not much out there that can compete with it on power.
osCommerce is, at the moment, just not competitive, and has not kept pace with the comparable alternatives. Best avoided, for now.

Honourable Mentions

Other Languages
You'll have noticed by now that the above are all PHP/MySQL-based platforms. There are plenty of languages out there and there are open source e-Commerce platforms available on almost all of them. If you're more comfortable with another language than PHP ... then very sorry, but you've been reading the wrong list.
MODX
Personally, my favourite CMS for content sites is MODX - it's easy to use, simple to develop for, and has a great community. Unfortunately, e-commerce support is weak, with most solutions available being third party integrations (e.g., FoxyCart) rather than native e-commerce. However, talk of new e-commerce options is rife, and I'm hopeful something will come along to fill this gap soon.
Wordpress
Much like MODX, Wordpress does not have native e-commerce functionality. However, again as with MODX, Wordpress has plenty of plugins that can add a store to a blog, such as WP e-Commerce. There's still a long way to go until either Wordpress or MODX is competitive when it comes to e-commerce, but the signs for both are encouraging.
Zen Cart
It was a tough choice whether to pick Zen Cart or osCommerce for the fifth contender in this rundown. When I revisit this later on, most likely it will be Zen Cart that makes the cut. osCommerce I chose for this first comparison because of its age and because of its prevalence - it is still widely used, even if well behind more modern options.

TL;DR

Drupal if you need a decent CMS. Otherwise, in order: Magento, OpenCart, PrestaShop, osCommerce.

More : www.addedbytes.com/blog/open-source-php-e-commerce-platforms/

Tags: Drupal → E-Commerce → Magento → Open Cart → PHP → php2 → Prestashop

Compare Open Source PHP E-Commerce Platforms

By Sinh Pham → Wednesday, 28 May 2014

In August 2009 I had been programming with CodeIgniter a little over 2 years, in that time I learned a lot of things which would have been good to know when I began. I made a list of stuff I considered best practices for programming in CodeIgniter, which I have kept up to date. But as I have since moved on to another framework this is it, the final update was on: March 2nd, 2012
These 2 posts I licensed under MIT so do with it as you please as long as you give proper acknowledgement about the origin.
RT(F)M: Read the User Guide & watch tutorials
Clear and simple, don’t ask questions before you looked into the awesome thing that makes CI stand out among frameworks: The CodeIgniter User Guide. There’s a lot of references in this article to the user guide, but those are highlights for specific topics - the whole thing should be read!
Also to get started you can find some video tutorials on nettuts+ or view the (very dated) video tutorials on the CodeIgniter website. The latter is using an older version but when you take that into consideration it’s still a nice place to start understanding the basics of using CI.
MVC programming
If you don’t know the MVC pattern read up on it! You’ll learn soon the value of putting the data-access in models, the application logic in controllers and the visuals in views. But if you haven’t done programming in such a pattern before it might take a while to sink in, give it the chance to sink in!
A good guideline is to put as little as possible into your controller. Adhere to the DRY principle: Don’t Repeat Yourself. When functionality is needed in more than one place, create a library, helper or model (depending on what kind of functionality it is). You’ll notice that once you start to grasp the MVC basics this will become habitual and you’ll start to reap the benifits that good clean MVC code bring.
You can read up on MVC in the CI User Guide: MVC, Flow chart, Models, Views & Controllers.
Or external sources like Wikipedia.
Error reporting and debugging
One of the most often made mistakes is to forget to turn off PHP errors or Database errors, both of which are gigantic security riscs. It’s a security risk because you allow an attacker to debug his hacking using the displayed warnings.
Codeigniter offers environment settings to help with this. On any public site error_reporting should be set to 0 (or at most E_ERROR), database setting db_debug should be set to false and just for extra measure I tend to do a ini_set(‘display_errors’, ‘Off’).
At the same time you should debug your application with error_reporting set to -1 (this will show E_ALL and E_STRICT, E_ALL doesn’t include E_STRICT warnings), and solve every notice and warning before making your application public. You tend to spot “invisible” bugs sooner and thus write better code. (more on the error reporting levels on php.net)
One way to make all of this easy has been for me to set the db_debug value (in the application/config/database.php config file) to a constant I declare MP_DB_DEBUG. And add the following code to the top of the main index.php to replace the error_reporting() declaration when the site is live (will disable all errors):

ini_set('display_errors', 'Off'); error_reporting(0); define('MP_DB_DEBUG', false);

But when in production or testing phase I’d suggest:

ini_set('display_errors', 'On'); error_reporting(-1); define('MP_DB_DEBUG', true);

For even better error reporting Dan Horrigan ported a great error reporting script to CI which you can find on Github. This must never be switched on in a live-site environment but is a huge help during production and has probably saved me hours already.
Application & System directory placement
An absolute best practice is to put the system & application directories outside the webroot. If your main index.php is in your FTP in a directory like /public_html/ try if you can upload the system directory to the root as /system/. That way no one can access your PHP files except through the index.php.
Don’t forget to change the values $system_folder and $application_folder in the main index.php file. $system_folder should be relative to the index.php file, $application_folder should be relative to the system folder.

Security
Read up on SQL injection, XSS (CSS), CSRF (XSRF) and understand them before you decide if you need measures against them or not. Also read up in the CI user guide on the security guidelines and XSS filtering from the Input class. Probably the most important guidline is to validate and check all the input from users before any kind of interaction with your database, filesystem, etc.
There’s a pretty good overview of all the issues and some solutions Writing secure PHP.
SQL Injection
Using CI’s Active Record should take care of this problem.
XSS
Be aware which parts of your site are vulnerable to attacks of this kind and be sure to filter all user input when you can’t be a 100% sure the user is to be trusted.
CSRF
As of CI2.0 support for tokens is built in, this is explained on the bottom of the Security class docs. To learn more you can do a google search on “CSRF tokens” for protecting simple form submissions and actions done by URL. Or for AJAX operations search Google for “double cookie submission”.
SPAM
Always protect your email forms, comment forms and any other kind of free user submitted data against spamming. The easy way is to only allow each IP/User agent to submit once every minute, while that doesn’t protect against hackers & bots it does protect you against the usual internet trolls.
The best way is to use Captcha like reCAPTCHA to protect email & comment forms on your website. You can search the forums on how to intergrate reCAPTCHA with CI. CI2 also provides a CAPTCHA helper.
Performance
Write good clean code and understand your code, don’t just copy paste the stuff others wrote and always look for ways to improve your code. Just never ever sacrifice security for performance. The PHP Style guide from the CodeIgniter manual is a very good place to learn to write better code.
DRY
Don’t Repeat Yourself. Put shared code where it belongs: in libraries, helpers or models, but not in controllers. Definite rule of thumb: when you’re copy-pasting code, you probably just put it in the wrong place for a second time.
Caching
Caching is a pretty good way to improve performance, especially the ammount of database operations needed can be scaled back easily by using cache. Take a look into page caching & database caching, and Caching drivers.
HTTP headers
On the client side you can improve performance by sending HTTP headers along that instruct the browser to keep your stuff in it’s cache. This is also good to read up on when using AJAX because you’ll need to disable browser-cache for those operations. Google it!
Example for AJAX return data (that shouldn’t be browser-cached at all):

$this->output->set_header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); $this->output->set_header("Cache-Control: no-store, no-cache, must-revalidate"); $this->output->set_header("Cache-Control: post-check=0, pre-check=0", false); $this->output->set_header("Pragma: no-cache");

Example for things that should be kept for a long time (like css, javascripts):

$this->output->set_header('Cache-Control: private, pre-check=0, post-check=0, max-age=2592000'); $this->output->set_header('Expires: ' . gmstrftime("%a, %d %b %Y %H:%M:%S GMT", time() + 2592000)); $this->output->set_header('Last-Modified: ' . gmstrftime("%a, %d %b %Y %H:%M:%S GMT", time() - 20));

Database access & ORM
CodeIgniter has a library called Active Record (AR) that can help you write your queries without writing any SQL. It’s pretty powerful and the better way to go when you’re no SQL expert or aren’t sure how to protect your queries against SQL injections.
When you need more power an Object Relational Mapper (ORM) might be the thing for you, and while CI doesn’t come with an ORM there are some options out there that are all very good.
The most populair is probably DataMapper OverZealous Edition (DMZ). Others are Doctrine (there’s a tutorial on PHP and stuff) and RapidDataMapper.
User auth & ACL
A very much debated topic since it doesn’t come with CI and there are as many who think it should, as there are who think the opposite. All I can advise you on this is to search the forums and look for a system that’s still active, has good security and that intergrates easily into your application. Or research the examples and write your own.
At this point I would recommend Ion Auth, it’s very well written and probably alot better than you’d write on your first try. And if you are planning on writing your own, read through it for inspiration.
Anything else?
Search the forums and the wiki, and if you can’t find it you can always ask.
Did I forget anything or get anything wrong? Reply and I’ll look into into it.

More: http://ellislab.com/forums/viewthread/125687/