If .htaccess isn't getting the job done for you, it is possible to set up a script to serve up images subject to whatever sorts of access control you want. It can be done in any language and the technique is conceptually pretty simple.
The idea goes something like this:
1) Store your images outside of your document root. This will prevent direct access to them.
2) Create a script that takes the name of the image to serve as an input parameter.
3) Return a proper Content-Type header from your script.
4) Open the file using the script and print its contents to standard output.
Now, there are a few caveats about this technique. First, be sure to validate the file name because it will be possible for your script to print back any file in the filesystem, which is a potential security risk. Second, if your images are large, you may need to be careful about not using too much memory if you try to read the entire file in one gulp and print it out all at once.