Frankly I would avoid FTP unless this is a server hidden behind a company firewall to which internet users have no access.
FTP takes a great deal of effort and detailed platform knowledge to secure.
I would be inclined to say do the whole thing using a PHP web server - but make your life easy by using open-source blog or forum platform as the PHP application.
You may find that Wordpress or phpBB, or another solution on:
meet your requirements, and if you choose a mainstream one (lots of downloads) the security updates are usually pretty timely.
Hope that helps,