Contact Enhanced Documentation

Description

Contact Enhanced allows your user to upload Multiple Files at once, with multiple file selection, progress bars and validation. The files are uploaded via Ajax, so the form will be processed much faster (version 3.2 and newer).

Requirement

  1. Have watched the Form Fields -> Basic Features screencast;
  2. In Joomla 3.2 and newer, jQuery and Bootstrap will be loaded (automatically);

Multiple Fiels Custom FieldUsage

1. Select Components → Contact Enhanced → Form Fields from the drop-down menu on the back-end of your Joomla! installation, then Select Multiple Files from the Field Type select list;

2. Choose a category for your Form Field, then Save the changes.

3. Configure the options under the Multiple Files Parameters tab. Available

  • File Extensions: Enter the allowed file extensions;
  • Max File Size: Enter the maximum allowed file size per file (in Kb);
  • Number of Files: Number of files allowed per Custom Field;
  • Show Number of files: Whether or not to display the remaining number of files allowed;

Security:

Now Contact Enhanced will record all messages with attachments over 2Mb, even if you have the Auto Save option disabled. In the email you will see links to the download the attachments. The links are encrypted so users will not know the path to the uploaded file neither the real filename, therefore no malicious user will be able to upload an executable file and execute. This is just an extra layer of security because you already have the whitelist feature in the Multiple File Upload Custom Field.

Security warning: A lot of security measures have been taken to avoid malicious users to execute uploaded files, however to increase security it is CRITICAL that this directory is NOT accessible directly via the web. The default uploaded files directory is /administrator/components/com_contactenhanced/uploadedfiles but you can change to a location OUTSIDE the web site root directory. In order to change the uploadedfiles directory edit the CE_UPLOADED_FILE_PATH define in this file /components/com_contactenhanced/defines.php. In Linux server it will look something like this:

define('CE_UPLOADED_FILE_PATH',            '/home/user/ce_uploadedfiles/');

But if you must have it in the web directory (and you are using Apache AND the web server configuration allows .htaccess files to restrict access to directories) then protect it by creating a file in the uploadedfiles directory called .htaccess, containing these lines bellow or just renaming the htaccess.txt file located in that folder:

order deny,allow  deny from all 

If you are using IIS, you need to edit the properties of the data directory (from the Internet Information Services Manager console) and deny access to that folder to everybody from the web (i.e., to the user IUSR_computername, where computername is the network name of the computer Joomla, and the data directory, are on).

If you don't protect the data directory from direct web access, anybody can access and execute files uploaded by Contact Enhanced forms. If you do not allow your users to upload executable files or scripts (exe,php,dll,...), you should not have any problem, however it is always good to be safe! :-)

Troubleshooting

  • Fail2ban: It has been reported an incompatibility with Fail2ban (an intrusion prevention software framework which protects computer servers from brute-force attacks). Which requires to configure an exception in the server options. If you have any problem uploading files, ask your web hosting provider if you have this software installed on your server and ask to add an exception for Contact Enhanced;
Recommend to a friend

Copyright © 2018 IdealExtensions.com. All Rights Reserved.

This site is not affiliated with or endorsed by the Joomla!™ Project. It is not supported or warranted by the Joomla!™ Project or Open Source Matters™. The Joomla!™ logo is used under a limited license granted by Open Source Matters™, the trademark holder in the United States and other countries.
We may collect your IP address and your browser's User Agent string while using our site for security reasons and deriving aggregate information (analytics). This information is retained for a minimum of 1 and a maximum of 24 months.

Get email notifications of new releases

SIGN UP NOW TO OUR NEWSLETTER

AND NEVER MISS AN IMPORTANT UPDATE

captcha 
You may opt-out at anytime.
Feedback