I'm working on a PHP web application that includes a members-only downloads area.

1.) What is the best way for non-members from directly access the downloads directory and downloading the files
2.) What is the best way for preventing them from ever discovering the actual directory.

I'm assuming that my first step should be to make the directory name a bunch of random values?