6

I am new to PHP.

When someone uploads a file size too big, I want to show them a warning popup and redirect them to a previous page (or vice versa).

if(file size is too big){    
   ob_start();   
   header("location:index.php");    
   echo "<script type='text/javascript'>alert('Your File Size is too big!');</script>";   
   ob_end_flush();   
   exit;    
}

This code above will just redirect me to index.php and doesn't show any warning popup.

Michael Berkowski
  • 267,341
  • 46
  • 444
  • 390
Eric Kim
  • 10,617
  • 4
  • 29
  • 31

4 Answers4

9

Do something like

header("Location: index.php?Message=" . urlencode($Message));

Then on index.php...

if (isset($_GET['Message'])) {
    print $_GET['Message'];
}

In other words, index.php will always check if it's being passed a message in the url. If there is one, display it. Then, just pass the message in the redirect

if you really want to use a modal popup, generate the js...

if (isset($_GET['Message'])) {
    print '<script type="text/javascript">alert("' . $_GET['Message'] . '");</script>';
}

Note that this will break if you use quotes in the message unless you escape them

Basic
  • 26,321
  • 24
  • 115
  • 201
  • This is perfect thank you. I was wondering if I have to worry about code injection since User can type whatever they want in the message. – Eric Kim Jul 28 '12 at 19:37
  • Yes - See [this page](https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet) for a good guide – Basic Jul 28 '12 at 20:08
  • Can you give me an example of injection when using the code you gave me? – Eric Kim Jul 28 '12 at 20:28
  • browse to the url `index.php?Message=%3Cscript%20type%3D%22text%2Fjavascript%22%3Ealert('XSS%20Fail')%3B%3C%2Fscript%3E` (not encoded that's `index.php?Message=`) – Basic Jul 28 '12 at 21:05
  • 1
    Having message in the address is troublesome, I will try to use $_SESSION – Eric Kim Jul 28 '12 at 21:49
  • Your choice - but make sure you clear the message down so it's not re-displayed later. – Basic Jul 28 '12 at 21:52
4
<script type="text/javascript">
alert("YOUR MESSAGE HERE");
location="REDIRECTION_PAGE.php";
</script>
Marco
  • 119
  • 1
  • 3
1

The problem is that header("location:index.php"); sets the response code to 302 automatically. The browser immediately redirects without looking at the contents of the page.

You need to either do the redirect itself in javascript after the alert is sent, or else have the page you're redirecting to do the alert.

Andrew Gorcester
  • 19,595
  • 7
  • 57
  • 73
  • Thanks, I thought ob_start(); ob_end_flush(); was going to fix the problem based on reading other post, but I was wrong. – Eric Kim Jul 28 '12 at 19:39
-1

The code goes like:

if($_FILES['file']['size'] > 200000) //any file size, 200 kb in this case
{
 echo "<script type='javascript'>alert('File size larger than 200 KB')</script>";
}
header("Location: index.php");

The browser will be redirected to index.php page anyway, no matter the file is successfully uploaded or not. Its just that the popup will appear if the file is of larger size.

  • 1
    I do not think this will work. The header must be output before any body content and a 302 redirect causes the browser to ignore body content anyways. – Andrew Gorcester Jul 29 '12 at 00:31