protect users' file being accessed so only owner can access?

Question

I am writing a web application in php where users can upload their own files or images, but how can I protect these files from being accessed by others other than the owner

Answer 1

The typical way to do this goes something like...

• A file is uploaded
• The file is moved to a directory that is not accessible from the internet
• An ID is generated for the file and stored in the database

Then, users use the ID to request the file from the server.

For this purpose, you would have a script that queries the database for the file based on the ID, and would then check if the user has access to reading it. If the user has access, it would read the file and output it to the user's browser.

For example, to read a jpeg image in PHP: