I am a photographer/engineer/programmer and I am using Piwigo as a proofing software.  After a photo shoot I create a new user for my client, create a new private album, give them permission to only their albums, and upload their photos to their album.

This works great!  They can log in and only see their albums/photos.

I do some boudoir/nude photography and so keeping these images secure is important to me (and the client).  I understand there are risks that people can get the passwords and get into the albums, etc...   Nothing online is completely secure.  I understand...

The one thing that concerns me is that the image files themselves are not protected in any way.  While the album is private, the actual JPG files are public.  So if I posted the URL to a image that is in a private gallery, you all could see it with no problem.

Is there a way to prevent access to the JPG files themselves unless the user is logged in and has permissions to see the specific file?

I am thinking the URL to the photos should be a PHP script that checks permissions and serves up the binary data from the file if the user is logged in, or a dummy file if not.

Does something like this already exist?  Or am I going to have to start coding?  :)

Thank you,
Jared