This may be too broad as there's no definitive answer - however you're asking earnestly for advice so I'll make this a community wiki answer that anyone can improve upon (or kill off as they see fit).
I think you're off to a good start but there are a few things to consider:
Keeping the http files separate from application files is a good idea but I'd split it one further in future, instead of:
/public
Split that into:
/http
/https
Giving you two document roots, one for http documents and the other for https. That way, in future, if you need to add an SSL Certificate you can keep the secure part completely separate from the non-secure part. This means if you put a "Contact Us" form (for instance) under /https it can never be accessed over http - http://www.example.com/contact simply won't work (it doesn't exist under that docroot).
If you add a CMS that could also have it's own document root so that you can completely lock it down (e.g. restrict access by IP address) and that should also have an SSL Cert.
The structure of your /site directory is entirely down to you but it might be worth looking at the MVC pattern. Essentially this is a way of separating concerns, Model, View and Controller. A very simplified explaination would be:
Models are your things - it's really an entire layer that holds your classes and how they talk to the database. You might have a Product class that holds the structure of a product, with an associated Product/database class that does the fetching and updating of that product in the database.
Views are your templates - essentially how you display things on the screen.
Controllers are the glue that stick everything together - so a product category controller would know to fetch the Category model with the category id (from $_GET) which would propagate itself with the category intro from the database and all the relevant products (which would have propagated themselves from the database). The Controller would then attach the Category View to generate what you see on the screen.
With this in mind, it's likely your /site folder might look more like:
/site
App.php // core application class (eq base.php)
/model
/category
Category.php
/db
Category.db.php
/product
Product.php
/db
Product.db.php
/user
User.php
/db
User.db.php
/controller
IndexController.php // for the homepage perhaps
CategoryController.php // for a product category
ProductController.php // for a product
/view
Index.phtml
Category.phtml
Product.phtml
/sub
header.phtml
footer.phtml
index.php
The index file now simply becomes a kind of router - you pass it variables and it fetches the relevant Controller which performs the actions required.
Essentially it will be a very sparse file, it could literally be something as simple as:
require_once realpath("path/to/App.php");
$app = App::start(); // using a Singleton Pattern
$app->fetch($_GET)->content();
Singleton Pattern: Creating the Singleton design pattern in PHP5
Most MVC systems use something like Apache's mod_rewrite to route all requests to the index page. This allows you to use RESTful URLs like http://www.example.com/toys/dinosaurs - your Controller then fetches the data relevant to /toys/dinosaurs; it could be mapped to a category using an url table in the database for instance.
This is essentially how most Frameworks work in PHP but you might be interested in looking at some for inspiration, education or to use one on this project:
... and there are oh, so many others ...
