You can code a PHP file that will check if user is logged in, or if users have the permission to access the file.
I'll assume your public directory is public_html.
For the storage of images, you'll need to store them outside of the public directory (public_html).
Example Code (e.g. image.php?file=profile_pic_mike_1). image.php is in public_html and profile_pic_mike_1 will be in the directory that is not accessible to the public.
<?php
// checking for $_SESSION, change accordingly to your method
session_start();
if(!$_SESSION['logged_in']){
session_destroy();
header("Location:index.php");
}
// $_GET['file'] will be profile_pic_mike_1
if(isset($_GET['file'])){
$file_dir = "../";
$file = $file_dir . $_GET["file"];
// get if user has the permission
// if yes, assign `true` to $permission ($permission = true;)
if (!file_exists($file)) {
echo "File not found.";
} else if (!$permission) {
echo "You do not have the permission to view this image.";
} else {
// You'll need to change the Content-type accordingly
header("Content-type: image/png");
readfile($file);
exit;
}
}
?>
List of Content-type for images: http://php.net/manual/en/function.image-type-to-mime-type.php.
You'll need to check if the user has the permission to view the file, one way to do it by saving the permissions in a MySQL DB.
