A
Anonymous
Guest
if you want your files to be downloadable only by verified users you have to protect them from beeing accessed via www in the first place. so place a htaccess with "deny from all" in the files root folder. after that you have the options to 1. generate a htpasswd with the user credentials or 2. use a php script with readfile() to passthrough the file contents on valid login