sounds like your php script outputs html which points to the jpg file. so while the script actually does run as mysiteadmin, the script isn’t accessing the jpg file – the browser is, and it’s going to do that as dhapache.
you can’t prevent people from going directly to the image file because you can’t reliably tell if they’re doing that or if they’re requesting the image because they just loaded a page which displays the image.
if you have a php login system and you only want registered users to be able to access the image, you can move the image file outside your document root and write a php script which checks if there’s a user logged in and then passes through the image with the appropriate headers. if there’s no user logged in you could fail with a 404 or 403 or even pass through a different image.
track7 - my dream-hosted site