There is often too much code on a system to test all of this as a first step. But most of this code is already working.
I would start with methods that have been modified recently. Presumably most of the rest of the software works to some extent, and testing that is unlikely to find so many bugs that will be found in new or recently redesigned code.
If you have finished work (I doubt that in the near future, if you have about 1 or more developers who work near you), you can go to methods that use modified methods, to methods with a high degree of complexity in accordance with software metrics and with methods critical for the safe operation of the system (login with password, storage of customer payment data, etc.).
One way to help decide what to consider in the next test is to use a testing tool. This is usually used to determine how well the software is tested, but if you do not have a large number of tests that you already know, it will tell you: your code is not very well tested: - {so there is no point in running it earlier in the test process construction. (As you get more tests, you and your managers will eventually want to find out.) However, coverage testing tools also tend to provide complete lists of code that have been implemented or not as part of your tests, and this gives an idea that you should check node: code that did not execute.
Our SD PHP Test Coverage tool works with PHP and will provide this information both through an interactive and an interactive viewer and as a generated report. He will tell you which methods, classes, files and subsystems (according to the directory hierarchy) were tested and to what extent. If the file named "login.php" has not been tested, you can easily see it. And this explicit view makes it much easier to make a smart decision what to test further than just guessing based on what you can know about the code.