Dont waste your time doing it with htacess. In order to protect the files you have to use HTTP_REFERRER however that information is given to the server from the users browser. Not all browsers give that information or give it correctly or allow people to change it.
Put the files in a non-web accessible directory and store the paths in a database then in the pages the links for the files will run through the database which you can then control and people can't hotlink.
CodingForums Supreme Overlord
All Hail Spookster