Skip to main content

How to automatically redirect between HTTP and HTTPS [PHP]

Using HTTPS allows for secure and encrypted communication between your web site and the visitor's browser. Sometimes the transition doesn't happen automatically  so we need to enforce that secure communication between the server and the client, e.g. when using a shopping cart.

One way to automatically switch from HTTP to HTTPS, using php, is a quick check of the HTTP indice in the $_SERVER array. From the php manual on $_SERVER:
$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server.

The $_SERVER array holds number of different indices, which can provide us with valuable information about the visitor. When available we can use this user information to serve different experience to users from different geolocations, networks, based on their browsers, or completely block them out. So please check out the document. I am sure you will find it useful.

What we will do is check if the "HTTPS" indice is present and if it has a value. If either of those is false we will construct a new URI where the URL is "http://" and the URN is the domain name plus the current request path/page.
// Redirect from HTTP to HTTPS
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "")
{
$HTTPURI = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

header("HTTP/1.1 301 Moved Permanently"); // Optional.
header("Location: $HTTPURI");

exit(0);
}

Whenever I do a header redirect I like to also use the php language construct exit, just to ensure that nothing else is processed incase something fails with the preceding code. Also, though not necessary, you should set the header response to "301 Moved Permanently", especially if you always want to use HTTPS in search engine links.

Another way to do the same is to just check if the HTTPS indice's value is set to "on".
// Redirect from HTTP to HTTPS
if ($_SERVER['HTTPS'] != "on")
{
$HTTPURI = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

header("HTTP/1.1 301 Moved Permanently"); // Optional.
header("Location: $HTTPURI");

exit;
}

The nice thing about the above code is that you can use it on any page. So if a visitor has a page bookmarked or they click on a link from an email or another page they will be automatically redirected to a secure session.

I have also created a function version of the above code. You can view and download it at function.http-https-redirect.php.

Comments

Popular posts from this blog

Format MAC Address [JavaScript]

I am currently working on a project which will allow users to register their Wi-Fi enabled, non-web browser enabled, devices on the network. These are devices like printers, Apple TV, and Xbox*. One of the data points that have to be collected from the user is the device MAC address. The project customer wants that address to be properly formatted when they see it in the support ticket.

We have several options. We can format the address either on the back-end after the form has been submitted. Or we can format it on the front end via a separate text field for each character pair, but that is too many fields to handle. A better solution is to use a single field and format the user input at the time of input or upon submit. In those cases, the former is better because the data will already be formatted when the overall form input is being validation after the user clicks the “Submit” button.

We are going to format the user input as it is being provided, thus having proper data when vali…

How to setup Coda 2 to push to GitHub?

Setting up a new site in Coda 2 and cloning a GitHub remote repository is not that big of a deal. Where you will most likely run into problems is when you try to push your changes to the GitHub remote repository. Below I will show you how to update the Git config file in your local repository so you do not run into one of the following errors:
git push failed remote: Remote anonymous access to repository deniedgit push origin master Username: fatal: Could not read passwordThe GitHub repository address I am going to use is that of Source Code DNA: https://github.com/thetitan/sourcecodedna.git. I will assume that you have already setup your Coda 2 site profile and cloned your repository, you have made some changes, and now you are ready to push those changes to your projects GitHub repo.

SNOOZ: Sound. Sleep.

I was on the Snooz Kickstarter page today, revisiting the project’s details and timeline progress. The device, which is a white-noise generating machine, recently became available for pre-order. Snooz is meant to be an alternative to having a TV or a stationary fan running at bed time. In my case, I bought it for my wife so we can get the TV out of the bedroom.

Whilst on the comments page I read the following comment, posted recently by Ken Tran:

I'm not a fan of the new fabric design. ...
I must disagree. If you take a look at the original design, which is all plastic and no style, I must say it is fugly. It is all utilitarian - not something I rally want to look at or see when I walk into the room. The final design, seen on the right, is something that beacons to be explored, looked at, utilized.

I am a big fan of Bang & Olufsen. They use fabric from Kvadrat in their line of products. Incorporating soft materials like fabric or leather in something which is meant to be place…