Hello I have a few video files that I wantto prevent anyone who is not logged in to access. So fo example if they are logged in their is a page that lists the files and they click on a link to download it.

The issue is I am not sure how to stop someone from being able to go directly to www.domain.com/files/thefile.zip

and directly downloading it?? I have a php/mysql database system setup for login but I am not sure how to prevent people from just going directly to the files url. I thought maybe put a .htaccess file in the directory to password protect the directory but then that prevents the users who logged in (using my php/mysql userlogin system) from downloading the files.
So then my next thought is maybe their is a way to .htaccess password protect a directory and have php be able to pass the .htaccess a user/pass to validate the person as being able to download a file?? but not sure how todo that??

Or is their a better way? I would love to put the files above the public_html folder but can not figure out how then to allow logged in members to be able to click a link in a page to download it??

You could have a small php script that checks the user authentication and spits the file out at them, without revealing the true path.

Well I have a page that will check if the user is logged in and if so the page will then reload (via a meta refresh tag and load up the .zip file that they would be downloading.

The issue mainly is how to prevent someone from going directly to the file

if(loggedIncCheck())
{
header("Content-type: application/zip");
readfile('files/thefile.zip');
}
else
die("Access Denied");

In this sort of case I believe you have 3 main options:

serve the file directly through a PHP script (as already suggested). This is easy to do but not really suitable for big downloads or heavy use.
keep the file in another location (not web-accessible) and have the PHP script make a temporary soft-link to it on demand. So each user would download a different file called something like dfaioftaysdgakhasdfhao.zip (a long random name, impossible to guess) and although others could go to the same url it will only be usable for a short time - perhaps an hour or so (whatever you choose to allow before you delete the link).
Link directly to the file but limit access to the download directory with .htaccess directives, as you're proposing. One way to do this is to have your PHP script write authorised users' IP addresses to files in a directory and then use rewrite directives in .htaccess to check the visitor's IP against these files.

I'de personally go with #3 - use an .htaccess file to manage your access to your password protected directory and the files inside it.
Simply use a PHP script to execute the "htpasswd" binary which is used to manage your ".htpasswd". Keep it simple.

root@host [~]# htpasswd --help
Usage:
htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password

htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-m Force MD5 encryption of the password.
-d Force CRYPT encryption of the password (default).
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
-D Delete the specified user.
On Windows, NetWare and TPF systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.
root@host [~]#Example:
root@host [~]# htpasswd -bn test test123
test:qVmyH17ocx/QI

root@host [~]#