I made a small framework to let users here administrate small web info pages.
They can upload documents, images, and make some pages protected by folders. ALL DOCUMENTS ARE UPLOADED IN A SINGLE FOLDER FOR A USER (image for the public site, or private document).
To protect page, i add a Cookie/Session mechanism on page they choose to protect. The problem is that if a user decide to add security to a page, and in this page, put a link to a document (so a link to a document uploaded in the user folder), the PHP page is protected, but the link to the document should implicitely be protected too. Same for problem for IMAGES (<IMG>) inserted in this page. The IMG shouldn't be accessible if users are not authenfied.
Who could give me a solution, architecture to implement that kind of protection for a multiple user framework ? Thanks.