I have a PHP site with a login system, and am trying to make a feature where only specific usernames can view particular images. I think what I'm trying to do is more involved than merely changing the .htaccess file, because a) this won't help discern between users that are/aren't allowed to view the image, and b) if someone enters the exact URL of the image ("directory/images/photos/230ru0q0238rn230nd_asdi0nqn8.jpg"
) they can still view the image (since it's a physical file in the directory, and not text in a DB, etc.). Again, restricting via .htaccess would restrict the directory as a whole, or all files in it, so I can't figure out how it would work. Ideally, all images would be blocked by trying to access them directly through their direct URL, and the image would only appear between <img>
tags if the user's session/username is valid, else they get an error message.
I've heard the term ACL but I'm not sure this is related to what I'm trying to do.