I have a PHP page which I use for instructors of courses to upload student rosters, etc. The PHP operation is pretty simple. it renames the file to a standard format, inserts a random string of numbers to make it hard to guess and inserts the path in the database.
Question is what is the recommended best practice for this.
Should Files be placed in the same directory as the instructor control panel PHP files in an uploads folder? Or should they be stored outside the web directory? I don't want different instructors viewing other instructors credentials and rosters?
Someone told me just put a blank index file so they cant view the /uploads folder but that seems like a bad work around.
If the images are stored outside the public_html folder how to you include them for viewing later without showing the user the path?