Just wanted to here the opinions of others on this.
I build a website for a client (a commercial photographer), and it contains a login page where the clients can login and view their galleries. It does not have or need e-commerce yet.
Firstly, for the DB schema, I have table user_gallery that contains 2 fields - the ID of the user (i.e. the client) and a folder name relevant to the client. This will work by allowing me to associated many folders to 1 client so I can then looking in the galleries/user_id then any client-specific sub-directories listed in the user_gallery table.
Regarding the client area… is this generally best done as a module?
The application will scan directories (as mentioned above) based on the user ID. AM I required to filter all the actions in the controller to POST-only in order to block the possibility of URL manipulation to give access to galleries not belonging to the logged-in client or am I save enough as the client’s ID (the user ID) will be taken from the web user instance?
Any thoughts would be appreciated… I consider myself pretty good with Yii and database modelling but I have never had to do anything like this before so I am looking for input from others to make sure I have got it right!