Well the info in the Cookie could be changed giving other users access to pictures they shouldent. So i would go about to use user ID:s and SESSION variables to get them. in other words, save the USER id into a SESSION at login and then use it when displaying the users pictures.

__________________
Of course the whole point of a doomsday machine, would have been lost if you keep it a secret.