PHP image gallery privacy
Hey Guys,
Basically, I'm trying to create an image gallery to which users can upload photos, and when they login, little thumbnails of each photo are shown. At the minute, I'm trying to devise a way to protect each user's images. So, say I log in, and I right click an image and view its source URL, it might give me something like:
http://mysite.com/users/demifuror/1.jpg
So then, you could just change the username to view another user's images. The thing is, I don't want that to happen!
I'm sure there's a better way to do things, even, a better way to store images rather than in a directory accessible by regular users.
Can anyone maybe talk me through the right approach to protecting a user's privacy, or maybe link me to a tutorial describing the correct way to go about things?
Okay, so using a PHP page to display a specific image based on th3 image id, and whether or not a user is allowed to view it seems fine. But the problem I was thinking about had more to do with how I'd store an image file on my server. it seems that the best way to store it is in folders, maybe in a hierachy like year/month/day/ and then have the filename encrypted, use a robots.txt file to prevent crawlers from listing the files, and using .htaccess to prevent the listing of files in a "index of" type page.
That way, a malicious user won't be able to navigate to a specific user's image directory, rather a directory that contains all images uploaded on a specific date, and when they do, I can maybe just put in a redirect to the home page or something, instead of having the server list all images in the directory. I think thats what Facebook and Bebo use anyway…
Anything else spring to mind to try and improve security?