.htaccess

I am having problems getting .htaccess to work properly.
IPart of a site I manage is used for storing documents which are accessed by
authorised users via php scripts, I want to prevent direct access to the
files by typing the file address into a browser. I assumed the following
would work
order deny,allow

deny from all

allow from domain name



order allow,deny

deny from all



domain name is the site name
but this prevents the php scripts from accessing the files as well.
Where am going wrong.
The site is not on my own server but on a unix server running Apache 1.3

Brian