I found this to be very effective. You can use MM functions in the php file to determine who has access to the file after signing in.
about 5 years ago
I use a plugin called S3FlowShield. It works in conjunction with Amazon S3, effectively timing out a file link after a designated number of seconds. So, people who have access to the membership page will be able to download the content, but if they share the link to the file with a non-member, the link won't work.