I have developed a script to upload & delete images. The images will be saved to a directory like webroot/images. The file names relating to each users upload will be saved in the database when a publish button is clicked. Until then the images will be uploaded in order so that I can show a preview. All seems to work fine except a security vulnerability that allows users to delete other users images. Eg: Any user can copy the file name of an image & inject it to the delete script. Is there any mechanism to prevent this issue.
Hope this explanation isn't boring, its a little hard to explain.