It all depends on what the client wants.
Now I'm no coder but I am a photographer and I did build a site for myself that had an area like this.
The problem that I had, and maybe your client is the same, is that I let customers buy photos online and I had it all tied into a printer (Photobox). What this meant was that I had to provide high res images to the printer for printing purposes in a way that meant that I didn't constantly have to manually upload them or e-mail them each time a photo was requested. This meant that I had to put all my high res images on my server so that the printer could download them when required.
What I had to make sure of was that my high res photos were secure as if they got stolen or copied I'd loose a lot of money. With this in mind I used a script called PHPGuardDog. What this did was to allow me to store my high res photos in a directory below the root of my live directory on the server. This way nobody could access them via their browser. The script not only allowed clients to login to their own private gallery where they would see and could order only their photos but it also allowed me to set-up a path that would allow an authenticated user, in this case the printer, to access the high res photos (basically they would access a certain URL and the script would translate that URL into the actual one without ever revealing it to the end user). Even if someone then decided to share this hidden URL with anyone else, unless they were able to authenticate themselves they got blocked. Basically it was secure!
I would say use PHP Guard Dog but sadly they have gone out of business. However I believe that OpenCrypt is very similar and is already interegrated with various payment gateways which may or may not be useful if your client is selling photos online.
