[eluser]crikey[/eluser]
Hi all
I'm in the planning (pencil and paper) stage of my application, so sorry about the vagueness of my question and lack of code samples.
My app will allow users to upload items to a database. An "item" consists of data and an image associated with the item. Pretty basic. Two pieces of data that will be stored for an item is the user_id of the user adding the item, and a value that determines if the item is "public" or "private".
I would store the image as somepath/images/user_id/filename.jpg where filename is a random string of about 12 alphanumeric characters.
Registered and "guest" users of the application can search for items, and matching items will be listed in the results (only if "public"), including a thumbnail of each item's image, linking to the full-size image. Logged-in users can search and "public" items plus "private" items that match their user_id (using sessions I guess) will be included in the results.
My question is, because the HTML for the search results will include the image paths, what can I do to prevent someone who views the page source from typing lots of different combinations of filenames in the url and possibly getting an image associated with a "private" item?
Is there a programming or IA technique that is typical for such a thing?
Oh, I'm very new to PHP too, so if the solution is real obvious, don't be too hard on me!
Cheers
