If you have files in the public_html area - then protecting them and restricting their access is very difficult.
The best option is to hide the files in a secure directory, outside of public_html - and use php readfile() function to 'serve' the files to users once you have confirmed they can access a specific file.
Something like this will do the trick as an example:
function user_file($file_name = "")
{
if ($file_name)
{
// Ensure no funny business names to prevent directory transversal etc.
$file_name = str_replace ('..', '', $file_name);
$file_name = str_replace ('/', '', $file_name);
// now do the logic to check user is logged in
if (Auth::check())
{
// Serve file via readfile() - we hard code the user_ID - so they
// can only get to their own images
readfile('../your_app/samples/'.Auth::user()->id.'/'.$file);
}
}
}