I'd like to prevent people who aren't logged in on my website from downloading files on the server. The current system in place doesn't let you see the location of the files until you log in, where you can click the link to download them. After you know the path to the file there is nothing stopping the user from downloading without logging in.

I've really got no idea on how to approach this problem, does anyone have an idea on how to do this?

If running on apache you may consider looking at the htpasswd module (http://httpd.apache.org/docs/1.3/programs/htpasswd.html).

Or using the GET paramater find the file which is hidden below the www folder. And just before you link to this file test for your session variable.
eg
domain.com/download.php?file=photo.jpg

<?
if($_SESSION[loggedin] == true){
header("SET MIME TYPE AND OTHER VALUES");
$file = file_get_contents("../../dowloads/".$_GET[file]);
echo $file;
}else{
echo "You need to be logged in to download.";
}

And when you echo the $file it'll be handled as initiating a download?

I think I'll try to set that up sometime today.

Depending on the type of file. In the header() section to can set it to display it inline or as attachment. visit www.php.net/manual/en and search for header() to find out more about it if you want

Thanks, this should be all the information I need to get started.