Skip to main content.
home | support | download

Back to List Archive

Swish-e and authorisation-based document access

From: Oebe Rombout <oebe(at)>
Date: Thu Oct 19 2006 - 15:41:10 GMT

I'm trying to find out if Swish-e is compatible with the rights-based 
document access that I use in a website.

The website works as following:
A user can login at the website. Depending on his role/rights he sees a 
large list of documents.
This list is generated from the database, where the document filename, 
-location and content-type is stored. When you want to download a 
document, you click a link like /download.php?id=3002. This file 
(download.php) checks if the user is authorised to see/downlaod the 
document, reads its data from a location higher than the webdir and 
outputs it with the necessary headers.

The location of the documents is NOT direct reachable via http:// and 
the files are renamed to i.e. 3002.dat. When outputted by 
download-document it get it's original filename back.

Not logged in users can see some documents. Logged in users can see some 
more documents and logged in admins can see even more documents.
I'd like to have a search-page where you can find only the documents 
that you're authorised to see when you're logged in.

My question:
Is this possible with Swish-e and my authentication structure?

Thanks in advance,

0ebe - Occhio Design

A part of the script used in download.php:

// lookup requested file in database
$file = $adodb->GetRow("SELECT, d.filename, d.mimeType, d.section 
FROM Documents d WHERE = ? LIMIT 1", array($_GET['id']));

// check file
$fileName      = $documentId . ".dat";
$filePath      = $download_base . $fileName;

// output headers and stream file contents
if (!empty($file['mimeType'])) {
     header("Content-type: " . $file['mimeType']);

$fileSize = filesize($filePath);
header("Content-Length: " . $fileSize);
header("Content-disposition: inline; filename=" . $file['filename']);

Received on Thu Oct 19 08:41:20 2006