I am using PHP/MySQL to handle the image uploading. I want all images that are uploaded to the logged in user's gallery to only be accessible by the logged in user. I do not want people to be able to guess the file name and directly link to it.
I am thinking that I can just store the images outside the webroot and access them through some PHP. However, if the user wants to later share the image with a friend via a link, how would I allow that?
Are there any other steps I need to take to make sure only the user can see their photos? I take user privacy very seriously and want to get this right.
Thanks for your help in advance!
If you have a really large media file to send, we recommend using FileWhopper, an online file transfer service with no file size limits. With FileWhopper, you can send over files and folders of any size, even if it's a 10TB media pack. Your photos and videos will be delivered in original quality.
You are correct in your original assumption. Store your files outside of the public directory and use a PHP script to check authorization and display the image.
To get around the sharing problem you can give them an area where they can say "Share this photo" and it will display a URL like
http://www.yoursite.com/image/12390123?v=XA21IW
XA21IW would be some unique hash stored in a table and they can specify a lifetime or you can code one yourself. When the page loads and v is passed in you can lookup a table to determine if it is a valid hash for that image id.
You have some options here. Every time they click "Share this photo" you can:
Or simply allow images to be public/private.
You could use a profile(user)-based sharing system, where logged-in user A can indicate that logged-in user B is allowed to view image C, and can add/remove such permissions at will.
If linking viewing to a user account is not possible, you could have 'view passwords' on the images or on groups of images (such as a gallery); the URL to view the images would check if the user/owner is the one viewing and if not, it would demand the password.
I think there is no problem is storing the images outside the webroot and access them through some PHP. You can always access them with the php script, when ever user shares it.. even it is more secure to do so, beacuse you can always perform some security checks. before actually displaying the image.
Thanks.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With