I am using PHP/MySQL to handle the image uploading. I want all images that are uploaded to the logged in user's gallery to only be accessible by the logged in user. I do not want people to be able to guess the file name and directly link to it.
I am thinking that I can just store the images outside the webroot and access them through some PHP. However, if the user wants to later share the image with a friend via a link, how would I allow that?
Are there any other steps I need to take to make sure only the user can see their photos? I take user privacy very seriously and want to get this right.
Thanks for your help in advance!