/user_directory is actually user_directory/web but dont let that get you in a tissy. Here’s a huge PROTIP: Unless you don’t care at all about your app and don’t care about security or any of that, you should NEVER (repeat after me, “NEVER”) make the root of your project the same as the web root.

E.g. wherever your index.php is… your main app should be BENEATH it. Understand? Your main app’s code should never be reachable via the website. While people are finally catching onto this tip in 2011, violations are still abundant and existant in pratically every open sourced project, including wikipedia, drupal, wordpress, joomla, to name just a few. // so would you put the main app’s code into another subdirectory with a .htaccess file disallowing users from accessing it? // I’m impressed you know about .htaccess already. But no, Monica. Why do that when you can stick it totally outside your app’s web root? // so let me see if I get this right… http://repo.phpexperts.pro/source/user_directory/files database.config is in /var/www/user_directory/, which is called the PROJECT ROOT the main front controller (which handles ALL requests) is in /var/www/user_directory/web/, which is called the SERVER ROOT If there was a botched PHP install, for instance, and all code became viewable, then ONLY the web/index.php would be viewable, cuz everything else is BELOW the server root.