Php,image download


when users upload the image i save it to the image folder in htdocs directory. so any user without logging into site can go type the url/images/"name" would get it. what is the best way to prevent this. since the browse would just request just like the user typing directly in the address bar the location of the image.
I was thinking of using a script to download each image file from a directory after checking the session details. Do you think will it will a good approach if so can you suggest me a script.
I don't want to use database. I think it will be slow. OR if it is the better approach let me know.


Best Solution

You could put it outside the htdocs/ directory, and mod_rewrite the images/ dir to image.php or something. So url/images/test.jpg would translate to image.php?path=test.jpg

image.php may look something like this:

if($loggedin) {
    header("Content-Type: image/jpeg");
    echo file_get_contents("../images/".$_GET["path"]);

Don't forget to sanitize the input! You don't want the user to access arbitrary files.