Form Mail ASP.NET

Started by Cobra, December 14, 2007, 07:16:43 AM

Previous topic - Next topic
December 14, 2007, 07:16:43 AM Last Edit: January 09, 2015, 12:58:32 PM by Tazinator
Just finished writing this script which is an ASP.NET VB form mail script that is based off the formmail.pl script.

There is one or two extra features that i plan on adding to it but otherwise it is pretty good as is. Hasn't been stress tested yet.. so if anyone finds any bugs or vulnerabilities let me know and i will get it sorted.



Code  ASP Select
<%@ Page Language="VB" ContentType="text/html" ResponseEncoding="utf-8" %>
<% @Import Namespace="System.Web.Mail" %>
<% 
     
    '###############################################
    '####        Form Mail .NET Script v1.0     ####
    '####              written by               ####
    '####       Cobra - cobra@hfactorx.org      ####
    '###############################################

    
    '###############################################
    '####       Script Variables                ####
    '###############################################
    
     '_RecipientEmail
     'Email address for recipient email account
     'Format: name1@domain1.com,name2@domain2.ie
     
     '_Subject
     'Subject of the sending form for Email formating
     
     '_Sender
     'Set the senders email/reply-to address
     
     '_RequiredFields
     'Set the fields that the site admin requires from the user
     'Format: field1,field2,field3,field4
     
     '_RedirectURL
     'Set the URL that the script will redirect to after completion
     
     '_EnVars
     'Set the required Environment Variables you wish to retrieve
    
    
    '###############################################
    '####          Form Mail Configuration      ####
    '###############################################
    
        
       'SMTPserver
       'Leave as default to to use Web Application mail server
       'User Defined: localhost
       Dim SMTPserver As String = mail.domain.com
       
       '_RecipientEmail
       'Set default _RecipientEmail
       Dim _RecipientEmail As String = "cobra@hfactorx.org"
       
       '_Subject
       'Set default Subject Header
       Dim _Subject As String = "Web Contact Form"
       
       '_Sender
       'Set default senders address
       Dim _Sender As String = _RecipientEmail
       
       '_RedirectURL
       'Set default redirect URL
       Dim _RedirectURL As String = Request.ServerVariables("HTTP_REFERER")
              
       'MailType
       'Set the format email is sent in
       'Options: HTML, TEXT
       Dim MailType As Integer = MailFormat.HTML
       
       'Priority
       'Set email Priority
       'Options: Low, Normal, High
       Dim Priority As Integer = MailPriority.Normal
       
       'AllowedReferrers
       'Create the list of allowed referrers
       'example: ("domain.com","127.0.0.1")
       Dim AllowedReferrers As New ArrayList
       AllowedReferrers.add("hfactorx.org")
       AllowedReferrers.add("209.59.10.71")
    

    '###############################################
    '####        END Form Mail Configuration    ####
    '###############################################

   
   '## Check Stage 1: Check Referrer
   Dim RefURL() As String = Split(Request.ServerVariables("HTTP_REFERER"), "/")
   Dim RefId As String = RefURL(2).replace("www.", "")
   Dim RefState As Boolean
   Dim strItem As String 
   
      For Each strItem in AllowedReferrers
         If strItem = RefId Then
            RefState = True
         End if
      Next 
   
   If Not RefState 
     Response.write("<h1>Action Denied: Bad Referrer</h1>")
     Response.End()
   end if
   
   
   '## Check Stage 2: Script Required Variables
   If Request.Form("_Subject") <> "" then 
      _Subject = Request.Form("_Subject")
   End If
   
   If Request.Form("_Sender") <> "" then 
      _Sender = Request.Form("_Sender")
   End If
   
   If Request.Form("_RedirectURL") <> "" then 
      _RedirectURL = Request.Form("_RedirectURL")
   End If
   
      '## Check Stage 3: Email Validation
   Dim Recipients() As String = Split(Request.Form("_RecipientEmail"), ",")
   Dim RecipientItem As String
   for each RecipientItem in Recipients
     RecipientItem = Trim(RecipientItem)
    
   If NOT Regex.IsMatch(RecipientItem, "\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*") then 
      response.write("<h1>No Valid Recipient Address was provided</h1>")
      response.End()
    End If
   
   next
   _RecipientEmail = Join(Recipients, ",")
   
   If NOT Regex.IsMatch(_Sender, "\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*") then 
      response.write("<h1>No Valid Sender Address was provided</h1>")
      response.End()
    End If


   
   '## Check Stage 4: Form User Required Fields
   if Request.Form("_RequiredFields") <> "" then
     Dim Required() As String = Split(Request.Form("_RequiredFields"), ",")
    Dim MissingCount As Integer = 0
    Dim requiredItem As String 
     for each requiredItem in Required
       requiredItem = Trim(requiredItem)
       if Left(requiredItem, 1) <> "_" and Request.Form(requiredItem) = "" then
         Response.write("<strong>Missing value for:</strong>" & requiredItem & "<br/>")
       MissingCount =+ 1
       end if
     next
    if MissingCount > 0 then 
       Response.End()
    End if
   end if
   
   
   
   'Define request variables
   Dim emailBody, formField, currentFieldName, currentFieldValue As String
   
      'Build Email Content
      for each formField in request.form 
         currentFieldName = formField 
         currentFieldValue = request.form(formField) 
         
         if Left(currentFieldName, 1) <> "_" then
            'Check format required for email an use:
             if MailType = 1 then
               emailBody = emailBody & "<strong>" & currentFieldName & "</strong>: " & currentFieldValue & "<br/>"
            elseif MailType = 0 then
               emailBody = emailBody & currentFieldName & ": " & currentFieldValue & VbCrLf
            end if
            
         end if
      next 
      
      'Check if Environment Variables are required and display
      if Request.Form("_EnVars") <> "" then
         Dim EnVars() As String = Split(Request.Form("_EnVars"), ",")
         Dim EnVarItem As String
         
               if MailType = 1 then
            
             emailBody = emailBody & "<p>Environment Variables:</p><p>"
               For each EnVarItem in envars
                  EnVarItem = Trim(EnVarItem)
                   emailBody = emailBody & "<strong>" & EnVarItem & "</strong>: " & Request.ServerVariables(EnVarItem) & "<br/>"
               Next
             emailBody = emailBody & "</p>"
             
               elseif MailType = 0 then
               
               For each EnVarItem in envars
               emailBody = emailBody & EnVarItem & ": " & Request.ServerVariables(EnVarItem) & VbCrLf
               Next
               
               end if
       end if   
      

          'Send Email
     Dim ojMailCom as New MailMessage()
     ojMailCom.To = _RecipientEmail
     ojMailCom.From = _Sender
     ojMailCom.BodyFormat = MailType
     ojMailCom.Priority = Priority
     ojMailCom.Subject = _Subject
   
     ojMailCom.Body = emailBody
     SmtpMail.SmtpServer = SMTPserver
     
  try
    SmtpMail.Send(ojMailCom)
    response.redirect(_RedirectURL)

  catch exc as Exception
    Response.Write("<h1>Send failure: </h1>" + exc.ToString())
  End Try

%>
I am not suffering with insanity... I am loving every minute of it.

SMF spam blocked by CleanTalk