There's no way to use code to prevent access to a particular folder on your site. You need to look into locking down the folder permissions on the server, then use your code to grant access to your authenitcated users. Usually, this will involve using code to interact with Apache or Windows folder permissions.
Just as an example, I run Apache on Linux, so I can use Apache to grant an authenticated user elevated rights to a particular folder through an Apache user account. This is generally the most effective way to prevent unauthorized access to a folder.
As an additional measure, I randomly scramble all file names. Users have to be logged in to unscramble them using a random encryption key stored in the database (different key for each file). In itself, this won't prevent unauthorized access to the files, but it adds a lot of overhead for a potential hacker. File names can't simply be "guessed", but assuming the hacker knows the file name, he wouldn't know which file is which. Assuming the hacker manages to download a file anyway, he then has to decipher the mime type to give it a meaningful name...and by then he may realize the file is useless in the first place.
You may also consider storing files as "blobs" (binary large objects) in your database. There are some obvious disadvantages to this, but also some advantages. You'd have to do some research on blob data to decide if it would work for you.
