I like your solution checking the coockie from the .htaccess this will give a much quicker loading solution then my solution.
.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
# Rules to prevent php execution in uploads
RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
#redirect all FILES for login check (excluding PHP)
RewriteCond !^(.*)/uploads/([0-9]+/.*)\.php(.?)$ - [NC]
RewriteRule ^(.*)/uploads/([0-9]+/.*)\.* /wordpress/file.php?img=$2 [L]
</IfModule>
file.php
<?php
// load wordpress
require_once('wp-load.php');
if( is_user_logged_in() ):
$file = ABSPATH.'/wp-content/uploads/'.$_GET['img'];
if (file_exists($file))
{
$ftype="application/octet-stream";
$finfo = @new finfo(FILEINFO_MIME);
$fres = @$finfo->file($file);
if (is_string($fres) && !empty($fres)) {
$ftype = $fres;
}
header('Content-Type: ' . $ftype);
header('Content-Length: '.filesize($file));
header('Content-Disposition: filename=".basename($file));
send_nosniff_header();
flush();
readfile($file);
}
else
{
global $wp_query;
$wp_query->set_404();
status_header(404);
include( get_query_template( "404' ) );
}
else:
auth_redirect();
endif;
die();
?>