In this post I’ll show how to set up CodeIgniter in a way that your code and configuration (passwords!) are safe. It will involve moving the “system” and “application” outside the (public) document root.

Seperating both <em>system</em>' and application’ has obvious advantages for maintainance and for reusibility. Using a seperate `www’ directory enables you to publish all your application specific JS/CSS and other public files.

The first thing we need to do is to create an checkout of the latest CodeIgniter release (currently 1.7.1) <div class=’bogus-wrapper’>

now move the application folder outside the system folder:

1
2

$ cd  somepathoutsidedocumentroot
$ mv system/application ./application

Now move the system and application folder to some folder outside of your public document root. Let’s call this directory <em>non-www</em>'. The documentroot directory will be called www’.

In the root of your checkout you will find an index.php. Copy/move this file to www. Open it and look for the following lines:

1
2

$system_folder = "system";
$application_folder = "application";

Change them to the following: <div class=’bogus-wrapper’>

Now you are up and running. Probably you want something like nice url’s. For this you can use the following .htaccess

1
2

RewriteEngine on
RewriteRule ([^/]*)\/\?([^/?]*)$ $1/$2 [R]

1
2

RewriteCond $1 !^(index\.php|test\.php|export\.php|robots\.txt|css|img|js|favicon\.ico|doc|data|user_guide|js)
RewriteRule ^(.*)$ ./index.php/$1 [L]

Now, go and create some new shiny sites.