homepage Welcome to WebmasterWorld Guest from 54.227.12.219
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
CGI form mailer with file upload capability
Torontonian




msg:3985622
 5:10 pm on Sep 7, 2009 (gmt 0)

Hi,

I've just added a contact form to my website using an open-source CGI email handler [snip], and it's working fine.

Now I'd like to add a file-upload component to this contact form, so that anyone using the form could (optionally) upload a file.

Right now the HTML coding of my form begins as follows:

<form method="post" action="/cgi-bin/contact.cgi">

Is it possible to have a .cgi script that can accomplish both tasks of (1) e-mailing the form contents, and (2) uploading the file (if the user chooses to include one) to the server? Or do I need two separate scripts?

(I've checked the page source of similar file-upload-capable contact forms on other websites, and it seems they often use a .php file for the action, e.g. <form method="post" action="contact.php">)

My web programming skills are elementary and I'm new to Perl and CGI scripting, so my apologies in advance if my question doesn't make sense.

[edited by: phranque at 8:54 pm (utc) on Sep. 7, 2009]
[edit reason] No urls, please. See TOS [webmasterworld.com] [/edit]

 

rocknbil




msg:3985633
 5:40 pm on Sep 7, 2009 (gmt 0)

Welcome aboard Torontonian,

Is it possible to have a .cgi script that can accomplish both tasks of (1) e-mailing the form contents, and (2) uploading the file (if the user chooses to include one) to the server?

Absolutely.

Right now the HTML coding of my form begins as follows:

<form method="post" action="/cgi-bin/contact.cgi">

First, you will have to add the enctype multipart/form-data

<form method="post" action="/cgi-bin/contact.cgi" enctype="multipart/form-data">

This is because when submitted, the data stream sent to the server is divided into - you guessed it - multiple parts, and each part is separated by a boundary. The boundary contents are the "regular" fields in the form and any file upload fields.

The "tricky" part is parsing out the data and separating the multiple parts out correctly. This is not really all that tricky if you use the CGI library. It does all the work for you.

use CGI;

it seems they often use a .php file for the action, e.g. <form method="post" action="contact.php">)

Just a different technology, and truth be known, the off-the-shelf implementation of PHP file uploads is limited to 2 MB. Doing uploads with perl has no such limit.

Do a search for "perl upload" and you'll see lots of very simple scripts to learn how to do this. All you need to do is incorporate it into your current mailer.

- Add enctype
- add file upload element to form
- use CGI to parse out input instead of a stock parse routine
- add code to upload attached file and what to do with it (in truth, a file is "attached" to a form)

This discussion naturally leads to attaching the file to the incoming email, and yes, this is also possible. There are many ways, I use the library Mime::Lite to manage this.

Torontonian




msg:3985734
 10:04 pm on Sep 7, 2009 (gmt 0)

Rocknbil, thank you very much for the warm welcome and helpful guidance.

A few follow-up questions:

You mentioned attaching the file to the incoming email... Is this an alternative to file uploading? Would the end result be that, in either case, the file ends up on the server? Which method would you recommend?

Also, hypothetically, if I were to set the form's destination email address to, say, a gmail account, could I get the file transferred from the end user's hard drive to the gmail account without any files being stored on my host server? (The only reason I ask is that this would seem more secure, in the event that someone tried to upload a malicious file.)

Finally, is there any website where I might find a freeware cgi script that would fill my need -- incorporating a form-field data mailer and optional file upload in one script? I've done several google searches but haven't found an open-source all-in-one yet.

Sorry for asking so many questions at once.

rocknbil




msg:3986091
 4:48 pm on Sep 8, 2009 (gmt 0)

You mentioned attaching the file to the incoming email... Is this an alternative to file uploading?

Not directly, I only mention it because it's a natural progression of discussion. More of an add-on. To attach a file you must first upload it, so it's not really an "alternative." You'd upload, send email with attachment, then either leave uploaded file on the server or delete it. This kind of leads to an understanding of the next q . . .

if I were to set the form's destination email address to, say, a gmail account, could I get the file transferred from the end user's hard drive to the gmail account without any files being stored on my host server?

No you'd have to upload it somewhere first to attach it. You could then delete it from the server.

in the event that someone tried to upload a malicious file.

There are several methods to avoid this, a bit longer discussion.

is there any website where I might find a freeware cgi script that would fill my need

Speaking for myself, maybe other coders too, I write code and don't spend a lot of time surfing looking for open source code - but the ones I do find invariably have security holes or are just sloppy. So I can't suggest anything because I spend my time growing my own, not looking for open source code.

If you decide to find a provider (which I'd suggest,) this is not a real difficult project, it's fairly simple "for someone who knows what they are doing." *

* This is a bit of an inside joke for providers/coders, don't use this in an RFP or all you'll get is turkeys. :-)

Torontonian




msg:3986370
 1:42 am on Sep 9, 2009 (gmt 0)

Wow. If that's the case, I think I'll take your advice and avoid open-source... the last thing I want is to have a site with security holes.

Many thanks for the help!

rocknbil




msg:3986418
 3:41 am on Sep 9, 2009 (gmt 0)

Just to clarify, I'm not saying "avoid open source," I'm just saying the contact/upload programs I've seen that are free are poorly written - but important to note that I don't do a lot of "hunting" for open source stuff.

There's a lot of good open source software, but the contact forms I've seen seem to be a bit shoddy.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved