Laravel image gallery logic

Question

I recently started to develop a pretty huge site. On the site i would like to allow users to upload their sample works. We are pretty limited at the moment so the images wil

Answer 1

The metode of Storing the folder table and using the scandir function is a standared procedure. And allow php to retrive the file names from the folder. If you have a number of files then try categorizing them with year and month order like in wordpress. Like

2012
  01
  02
  03
2013
  01
  02
  03 

etc inside the folder id. So the total number of images in a folder will be comparatively less.

Answer 2

Ok - lets break this down into a few sub-answers;

Question:

- Is this a good logic in your opinion
- Can this lead problems in the future
- What would you offer for this functionality

Answer:

The logic seems sounds - but I'm curious where you will store the images? Inside public_html - or outside the web root? If you have the images inside public_html - and allow the browser to access them directly, it will allow users to 'guess' other user folders and access those. You need to store the data securely.

To make images outside the webroot, and make sure only authorized users can access them - you should use readfile(). Something like this will do the trick

function user_file($file_name = "")
{
    if ($file_name)
    {
         // Ensure no funny business names to prevent directory transversal etc.
         $file_name = str_replace ('..', '', $file_name);
         $file_name = str_replace ('/', '', $file_name);

         // now do the logic to check user is logged in
         if (Auth::check())
         {
                // Serve file via readfile() - we hard code the user_ID - so they
                // can only get to their own images
               readfile('../your_app/samples/'.Auth::user()->id.'/'.$file);
         }
    }
}

Question:

I think this will lead to a huge database, second are the id's, after x time when there will be more users, the id's will increase, and i know this will sound strange, but since lot of users will upload images will lead to huge id's, what i mean by this it will maybe reach millions

Answer:

According to the mySQL features page:

We use MySQL Server with databases that contain 50 million records. We also know of users who use MySQL Server with 200,000 tables and about 5,000,000,000 rows.

So thats 5 billion rows. You will maybe get to a few million. So you are safe here (depending upon your hardware).

Question:

...but since lot of users will upload images will lead to huge id's, what i mean by this it will maybe reach millions, is there a way to solve this problem?

Answer:

If you dont want to store millions of records, and your worried about performance, one option is to keep the folder table, but drop the image table. Instead you can use scandir() on the folder - and get PHP to retrieve the file names from the directory itself. Then you dont have as much overhead.

<?php
    $list_of_user_files = scandir("$user_id/$folder_id");
    foreach ($list_of_user_files as $file) {
          echo "File: $file <br>";
    }
?>