How to automatically redirect between HTTP and HTTPS [PHP]

Using HTTPS allows for secure and encrypted communication between your web site and the visitor's browser. Sometimes the transition doesn't happen automatically  so we need to enforce that secure communication between the server and the client, e.g. when using a shopping cart.

One way to automatically switch from HTTP to HTTPS, using php, is a quick check of the HTTP indice in the $_SERVER array. From the php manual on $_SERVER:
$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server.

The $_SERVER array holds number of different indices, which can provide us with valuable information about the visitor. When available we can use this user information to serve different experience to users from different geolocations, networks, based on their browsers, or completely block them out. So please check out the document. I am sure you will find it useful.

What we will do is check if the "HTTPS" indice is present and if it has a value. If either of those is false we will construct a new URI where the URL is "http://" and the URN is the domain name plus the current request path/page.
// Redirect from HTTP to HTTPS
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "")
{
$HTTPURI = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

header("HTTP/1.1 301 Moved Permanently"); // Optional.
header("Location: $HTTPURI");

exit(0);
}

Whenever I do a header redirect I like to also use the php language construct exit, just to ensure that nothing else is processed incase something fails with the preceding code. Also, though not necessary, you should set the header response to "301 Moved Permanently", especially if you always want to use HTTPS in search engine links.

Another way to do the same is to just check if the HTTPS indice's value is set to "on".
// Redirect from HTTP to HTTPS
if ($_SERVER['HTTPS'] != "on")
{
$HTTPURI = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

header("HTTP/1.1 301 Moved Permanently"); // Optional.
header("Location: $HTTPURI");

exit;
}

The nice thing about the above code is that you can use it on any page. So if a visitor has a page bookmarked or they click on a link from an email or another page they will be automatically redirected to a secure session.

I have also created a function version of the above code. You can view and download it at function.http-https-redirect.php.

Popular posts from this blog

Messing with WordPress SPAM Bots

Validate Email Address [JavaScript]

How to setup Coda 2 to push to GitHub?