Without their knowledge we should not enable anything as main photo.
If they upload and make any photos public they must assign one photo as the main photo. Having a main photo is a key element of the script as there's nothing worse than a site that shows no default (main) photo of it's members. Therefore you should recommend that they upload some sort of photo and make it public and as a their default (main) photo, this also ensures that their profile has max exposure on the site as a main photo is a key element.
And how a user shall get another users private photo on request.
If they make photos private it shows in the member's connect menu how many public and private photos they have. If the member has any private photos and a another member clicks the private photos link in the connect menu it says they must be friends in order to view their private photos, so they would need to make a friend request. If it's just a visitor (non-member) clicks the private photos they will be asked to login as this is a members only feature.
So to request access to view a members private photos simply requires a request to be friends. This gives them access to view all private photos of that member, there is no function that allows a member to give access to view just a single private photo from their collection.
