We are in need of modifying our contact form in order for a customer to have the ability to browse to a file on their local machine and send it along with the email that we get from the form already.  Any advice or direction would be a huge help!

Thank you!
in ML by (175 points)

2 Answers

0 votes

I'd be very careful with this. We get hack attempts daily.

If I understand this, you would like them to fill out the contact form and then add a file from their computer? If so, this file will have to be saved somewhere on the web server in order to be mailed out.

I'd think twice about allowing just anyone to upload files to your server. Maybe in the contact form page, you just write "Please email <blah blah> form to [email protected]? it's not good to put email addresses directly on your web page as spiders come and grab them and give them to spammers, but I like it better than the other alternative.

Or, you could do this. Create the contact form and have it go to [email protected]. Create an autoreply from this email address that says, "if you are new please send form <blah blah> to [email protected] . This way, you keep it pretty secure and accomplish the file transfer without adding it to your server.

...hope this helps.

oh, and if i'm not understanding your question and was just babbling....sorry about that.

by (1.5k points)
0 votes

I would highly suggest checking what the file exstion is and only allow certain file exstions. But since that varries per place I won't give a direct example for this.

If you do not want to save the file to folder on your sever there are ways to attach a file without saving it. I just requires to use custom coding to send the email in Contact.ascx.cs. Which can be done wihout source it just requires being famliar with how to send emails in .net.

To do so the the 1st setp is adding a FileUpload control to Contact.ascx.

Then change the email code in Contact.ascx.cs to something like this:

using (System.Net.Mail.MailMessage msg = new System.Net.Mail.MailMessage())
{
	StringBuilder message = new StringBuilder();
	message.Append("<html><body>");
	message.Append(GetContactTopic());
	message.Append("</body></html>");
	msg.To.Add(AppLogic.AppConfig("GotOrderEMailTo"));
	msg.From = new System.Net.Mail.MailAddress(AppLogic.AppConfig("GotOrderEMailFrom"));
	msg.Subject = Subject;
	msg.IsBodyHtml = true;
	msg.Body = message.ToString();

	if (FileUpload1.HasFile)
	{
		string strFileName = System.IO.Path.GetFileName(FileUpload1.PostedFile.FileName);
		System.Net.Mail.Attachment af = new System.Net.Mail.Attachment(FileUpload1.PostedFile.InputStream, strFileName);
		msg.Attachments.Add(af);
	}
	
	SmtpClient client = new SmtpClient(AppLogic.AppConfig("MailMe_Server"));
	if (AppLogic.AppConfig("MailMe_User").Length != 0)
	{
		System.Net.NetworkCredential SMTPUserInfo = new System.Net.NetworkCredential(AppLogic.AppConfig("MailMe_User"), AppLogic.AppConfig("MailMe_Pwd"));
		client.UseDefaultCredentials = false;
		client.Credentials = SMTPUserInfo;
	}
	else
	{
		client.Credentials = CredentialCache.DefaultNetworkCredentials;
	}
	client.Send(msg);
}
by (5k points)
Thanks for sharing this..
...