How to Redirect a User to a Secure Connection Using PHP


In this article, we go over how to redirect a user to a secure connection using PHP.

If you have a secure website, your website exists as regular pages (http) and secure pages (https).

Regular pages begin with http. So, for example, a regular page may be This page is not secure, and provides no encryption of user data such as of passwords or credit cards or other sensitive user information.

Secure pages begin with https. So, for example, a secure page may be https://www.example.hello.html. This page is secure, and provides encryption of sensitive user data.

If your site inherently exists as https and you've coded all of your links with absolute links that include https, this does not guarantee that your site is secure at all pages. This is because if a user goes to the URL bar and types in the absolute URL containing http instead of https, he or she can be guided to a regular page instead of a secure page.

To prevent this from happening, you can include a PHP script at the top of every page that automatically performs a redirect from a regular page (http) to a secure page (https).

The PHP code to perform an automatic redirect from a regular page (http) to a secure page (https) is shown below.

So the code above checks to see if the current page is a secure page by checking the URL of the page. If the page begins with https, then it is secure. If not, it is not secure. And if it is not secure, the $_SERVER['HTTPS'] has not been set and the if statement executes the lines in between the brackets.

In the if statement, we create a variable named $url. This variable $url will contain the absolute path to the secure connection to the current page.

The variable $url first begins with 'https://'. After this, we append the $_SERVER['HTTP_HOST'] global variable, which retrieves the domain name of the URL. We then append the $_SERVER['REQUEST_URI'] superglobal variable, which is the pathway to the file. Thus, we get the full absolute URL, now beginning with https (a secure connection).

We then call the header location function to bring us to this URL. This way, we can transferred to the secure page. This way, we ensure that a page is always on a secure connection.

This code protects the users of your site, because the user won't be able to be on any regular pages, which is much more prone to interception from hackers. Therefore, the user won't transmit sensitive information on regular pages. If the user types in the URL of a regular page, he or she will automatically be redirect to a secure connection.

This can prevent cyberattacks on user information.

Know, though, that the above code may not always work with every server. Since the data that is stored in the $_SERVER array is set by the web server, there's no guarantee that every web server will set this dat athe same. This code does work for most versions of the Apache web server but not all. And it may not work on web servers like IIS. If it does not work, then it needs modification to work correctly for the web server in use.

Related Resources

How to Find Out if a Page is Secure Using PHP

HTML Comment Box is loading comments...