Restrict access to images on my website except through my own htmls

Question

On my website I store user pictures in a simple manner such as: \"image/user_1.jpg\".

I don\'t want visitors to be able to view images on my server just by trying us

Answer 1

You are right considering option #3. Use service script that would validate user and readfile() an image. Be sure to set correct Content-Type HTTP header via header() function prior to serving an image. For better isolation images should be put above web root directory, or protected by well written .htaccess rules - there is definitely a way of protecting files and/or directories this way.