Currently I am building a web page that allows the user to upload some pictures to the server. The user can only upload pictures if he is already login.
The pictures uploaded is stored in the server like for example: pictures/"userid"/some_pictures.jpg
My question is how to restrict other users from accessing the some_pictures.jpg or the "userid" folder by by just simply typing the url address. Only the user that login with that userid can access it's own folder or pictures.
For example: A user has login with its $_SESSION['userid'] = 1234. So only this user can access this directory > pictures/1234/some_pictures.jpg if another user login with 1235 as his userid, he won't be able to access the 1234/ directory