I want to limit access to images, therefore, I will be putting them outside of the web root, and when a user links to an image, it will authenticate them via user/pass from our database, and then (if authenticated) read the image file, and output it with the appropriate mime type.
Any image links will be something like:
<img src="/image.php?id=324fwqrefv35fq5">
Where the id is the imageId in the database.
Does this sound like a good way, and also- is there such code out there for php?
Sounds like a good way to do it. That's how I'd attack it, anyway. The code itself should be pretty trivial for you to write yourself, although Google may be fruitful in turning up someone else's solution.
Edit
I didn't see your link format. Honestly, that's a pretty ugly URL. Why not use mod_rewrite or something so it looks like you are accessing an image? For example,
<img src="/image_324fwqrefv35fq5.png">
Just rewrite the URL to the format you specified in your answer so the user has a nicer URL to look at. But that's neither here nor there; just a second suggestion.
That is how I would do it. I have not seen any code for anything like that but like Marc said it should be trivial to write.