Anonymous file access to a DocMoto Repository

A common requirement is to reference a file held within a DocMoto repository as a link on a web page.

A typical example might be a link to a public policy document, or a PDF of a company brochure.

In cases such as these the requirement is for the file to be accessed "anonymously", that is to say that the viewer clicking on the link to access the file can do so without entering a username and password.

This article shows how this can be achieved. To implement the solution detailed you will need access to a web server that can process PHP.

Project files

This article is accompanied by a full set of project files available here.


You will need a web server which is configured to execute php scripts. The web server does not need to be on the same physical server as the DocMoto server.

The architecture

DocMoto is a secure WebDAV server. As such it isn't possible to connect anonymously, instead we need to create an architecture that gives the viewer the impression that they are accessing files without logging into DocMoto.

Unfortunately we cannot do this directly from within the viewer's browser using a scripting language such as Javascript.

This is because DocMoto's secure authentication method will always result in a browser presenting a login pop-up, requesting a username and password.

The only way around this is to create an architecture that has a "server side" component.

A server side component in this case is code that runs on a web server. In this article we are going to use a PHP script.

The basic purpose of the server side component is to receive a request for a file from the viewer's browser, to log into DocMoto using the username and password of an existing DocMoto account, to retrieve the file and return it to the viewer's browser.

Since the server side script logs into DocMoto and not the viewer, the overall process gives the impression that the viewer has accessed the file anonymously.

For this architecture to work there must be something to pass the file details from the browser to the server side script. This is the client side component, and in this case we are using a very simple Javascript function.

Client side Javascript

The client side Javascript consists of a simple function, getDMFile. This function takes as its parameter the URL of the file held in the DocMoto repository. It then passes this value back to the server side PHP script getDMFile.php.

//This function takes the URL from the link anchor
//and sends it to the php script.

 function getDMFile(myURL)
      window.location.href = "getDMFile.php?fileURL=" + myURL;
      return false;

The Javascript function is called from a hyperlink (anchor) within the web page. The function is called when a viewer clicks on the link. The javascript 'onclick' event is used. See below.

<a href='#' onclick="getDMFile('');">Company Brochure</a> 

File URL's are pasted into the function as follows getDMFile('paste the file url here')

Tip: To obtain the correct URL for a file within DocMoto use the "Copy link to Clipboard" menu item. You will need the http value. By using Copy Link to Clipboard any spaces and other HTML characters will be correctly translated.

Note: When using the Copy Link to Clipboard feature your links may be using https. Https is not supported by this technique so you will need to change the protocol from https to http and the port from 3984 to 3983.


You can create as many links as you want using this technique.

Server side PHP

The server side PHP consists of two files. getDMFile.php which accepts input from the client and returns the file, and DocMotoSimpleDownloadLibrary.php which contains the code to connect to DocMoto and retrieve the file.

DocMotoSimpleDownloadLibrary.php is out of scope of this article, suffice it to say that it contains the class definition for two objects, a DocMotoConnection, which contains the DocMoto user account credentials, and a WebDavClient which connects to the DocMoto server and retrieves the file.

getDMFile.php accepts the input from the client side Javascript. It creates a DocMotoConnection, then creates a WebDavClient and calls the getFile method. This returns the required file which is sent back to the browser using the echo command.

getDMFile.php MUST be configured for your setup. The variables that need changing are:

  1. $host : The Docmoto server URL, eg
  2. $username : The DocMoto account username used for connection. This will be a user specified within DocMoto's "Users and Groups" administration section.
  3. $password : The DocMoto user account password.

The file is reproduced below.

require_once 'php/DocMotoSimpleDownloadLibrary.php';

//Variables to set
$host = ''; //The DocMoto server URL, eg
$username = 'anon'; // The DocMoto user name used for connection
$password = 'wex23yt$$'; // The password of the DocMoto user

/* Note It is best to assign a dedicated DocMoto user account (username)
 * to this script. If you assign an account that is already in use then 
 * that user will be disconnected from DocMoto whenever the script is run.


$path = '';

//Create a DocMoto connection. Use http and 3983
$conn = new DocMotoConnection();
$conn->host = $host;
$conn->protocol = 'http';
$conn->port = '3983';
$conn->username = $username;
$conn->password = $password;

//Create a WebDavClient object
$dm = new WebDavClient($conn);

//Get the file and echo it back to the browser.
//Logout to make sure connection clears down
    echo $dm->getFile($path, true);
catch (CHttpException $e) 
    echo $e->message;

//Get the path. Check for any bad characters.
function setPath()
    $temp = filter_input(INPUT_GET, 'fileURL', FILTER_SANITIZE_SPECIAL_CHARS);
    if (isset($temp)){

      global $path;
      $path = $temp;

Choosing a DocMoto user account

It is best to assign a dedicated user account to the script. This is because DocMoto only allows a user to hold open one connection at any one time. If you try and use an existing user's account then that user will be logged off DocMoto whenever the script is run.


The user account should not be a member of the DocMoto "administrators" group. Ideally the user account should only have READ access to any of the files referenced.

Whilst the php script holds the user account details in plain text this represents a minimal security risk as the details are purely server side. They are never transmitted across the internet and are not accessible to anybody accessing the web server via a browser.

The technique detailed in this article does NOT support https (SSL) transmission. This should not pose any particular issues as the content being transmitted is to be regarded as being accessible to anonymous visitors.

Still have a question?

If you still can't find the answer to your question or need
more information, please contact the DocMoto team: