Laravel 3 - how to securely store user's data in ubuntu server [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed 8 years ago.

Improve this question

In my web application, a user can upload their profile picture. They can sell their mobile online, so they can also upload images of their mobile, but if I store profile picture and mobile photos in mylaravel-app/public/(css js images user-photos) then every other user can see those photos as well.

How should I store the photo in another directory so that only the user can see only their photos, and also user must not be able to see whole directory of photos from url like:

      `site.com/photos (whole directory is exposed )` 

Answer 1

One way to do this would be to give each user their own folder for photos, so if a user id was 1, their directory would be mylaravel-app/public/photos/userid, then put the user id that matches up with the photos in a separate table in the database. You can also chmod the folder so only the application can access the photo directory. Here is an article for that: File Permissions

Answer 2

You could store it in the database along with metadata like who owns it and other permissions and make a page that pulls the photo from the database, checking to make sure that the user accessing it is able to. You can use .htaccess to make the page look like a directory accepting the image name as a parameter.