Hi,
1. There is no code for that. Once the files are outside the public_html folder, the files are secured automatically as no one can access them directly since apache won't give access to them for HTTP requests. In a way, you could say that it's apache which is responsible for that but it's a bit of a stretch.
2. and 3. The user has to be logged in. When the user then click on the download link, HikaShop will verify that the logged in user has a confirmed order for the product of the file he is trying to download, then, it will load the file in memory via the direct hard drive file access functions of PHP and send the file data to the browser of the user as a download.
HIKASHOP ESSENTIAL 60€The basic version. With the main features for a little shop.
HIKAMARKETAdd-on Create a multivendor platform. Enable many vendors on your website.
HIKASERIALAdd-on Sale e-tickets, vouchers, gift certificates, serial numbers and more!
MARKETPLACEPlugins, modules and other kinds of integrations for HikaShop
