How to redirect browser to https (ssl) in php

Advertisement

Most of the e-commerce website uses payment gateway for online payment. And, those sites uses SSL (secure socket layer) connection to transfer data to and from the payment gateway.

In the common scenario, most of the sites uses “http” protocol and you can see “http” in the browser’s address bar. But in the above scenario,we need to redirect the browser to “https” which means that “Hypertext Transfer Protocol over Secure Socket Layer”.

Ok let’s see a real example, type “http://www.gmail.com” in browser after a while the “http” gets converted to “https” in address bar, which means this site is transferring the data over SSL protocal.

How to redirect the browser to https when site is using http protocal in PHP?

First of all, you should know that SSL must be installed in the server. To redirect the browser to “https” , we must know that the site is using SSL or not at the moment. And for this, there is a server variable in PHP called “HTTPS”. $_SERVER[‘HTTPS’] returns “on” values when the site is using SSL connection.

Function to redirect the browser to “https” in PHP

function redirectToHTTPS()
{
  if($_SERVER['HTTPS']!="on")
  {
     $redirect= "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
     header("Location:$redirect");
  }
}

Above function is quite simple, you can call the function in that page where you’ve to redirect the browser to “https” .This function will preserver you script file name and query string in browser.

Redirecting whole website to “https” using .htaccess

You can call the above function in each and every page to redirect the browser to “https”. But rather than doing so it will be better to write three line of code in .htaccess file to redirect the whole website to use SSL connection throughout the pages.

  RewriteEngine On
  RewriteCond %{HTTPS} !on
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Just copy and paste the above code in .htaccess file then the whole website will be redirected to “https” when the browser is opened in “http” mode. The browser just get redirected using url rewriting in .htaccess.

Enter your email address and get free tutorials, tips and tricks of PHP, Ajax, JavaScript and CSS directly delivered to you email inbox:

22 Comments on “How to redirect browser to https (ssl) in php”

  • Darrell wrote on 10 June, 2008, 15:17

    Thank you, Roshan, for this script. Saved me lots of hassle.

    I would only change:

    if($_SERVER[‘HTTPS’]!=”on”)

    to

    if(!_SERVER[‘HTTPS’] !== “on” ) // two equals signs

    :)

  • Darrell wrote on 10 June, 2008, 15:46

    Ahh! I mistyped my correction. S/B:

    if( $_SERVER[‘HTTPS’] !== “on” ) // two equals signs

  • Roshan wrote on 10 June, 2008, 16:31

    Oh yes Darrel, using identical comparison operator is better than normal equality checking comparison operator…

  • Chris wrote on 14 October, 2008, 3:12

    Your 3 line redirect for htaccess worked, but it broke my admin console in oscommerce. I’m trying to get a simple ecommerce website up. When I update anything using the admin console, it gives an error.

    Warning: Variable passed to each() is not an array or object in

    and then the particular path of my website. What gives?

    Sincerest Thanks!

  • Joe wrote on 19 January, 2009, 22:31

    Can someone give a example of how i need to do hide web page extension using this htaccess?

    Please explain like this:
    ===========================================================
    First create a folder called (name)
    Then paste this code into your web page between your
    rename the website name or project name in the code for yours.
    ===========================================================

    Can someone be more specific?
    Sorry guys this is my first time doing this,. Can someone help me with this?

    can someone give me something like this.

  • Asheesh Mahajan wrote on 17 February, 2009, 21:24

    This gae redirects works like a charm. My followup question is how to redirect back to http after the https work is done in a website. e.g. I have signed in and wanted to continue to browse the website in http mode and not the https mode.

  • Asheesh Mahajan wrote on 17 February, 2009, 21:27

    It works perefctly for a page. Just wanted to know how to redirect the page back to http from https. e.g. once I have logged in or accepted the credit card information wanted user to browse the website as http

  • Ritesh wrote on 25 February, 2009, 11:03

    hello everyone,
    I am having problem regarding redirect of http to https. I have checked $_SERVER[‘HTTPS’] but it return: “Notice: Undefined index: HTTPS”. How to solve this problem? I need to enable/set https or not?

    -ritesh

  • th3matr1x wrote on 10 March, 2009, 20:05

    @Chris,

    i’m sure that it is a bit late, but try to debug the code . that helps a lot for rapid prototyping.

  • Kinder wrote on 17 April, 2009, 21:14

    Great JOB!! I used it!

  • Bleak wrote on 24 August, 2009, 9:02

    How does this work for embedded content?

    i.e Images – CSS etc ?

  • Funwebix wrote on 9 December, 2009, 20:35

    Great post Roshan, small and precise.

  • Jeff wrote on 16 January, 2010, 13:26

    I’ve been using ‘if($_SERVER[‘HTTPS’]!=”on”)’ for a very long time with no issues.
    I just started noticing “PHP Notice: Undefined index: HTTPS…” in my error log.

    If I use ‘if( $_SERVER[‘HTTPS’] !== “on” )’, what should I change to stop the PHP notices? I tried addibng isset and !isset but it does not work.

    Thanks!

  • John wrote on 4 March, 2010, 17:57

    For some reason, checking for “on” wasn’t working for me. You may have to write the code as follows:

    if($_SERVER[‘HTTPS’] == false) {
    // redirect to secure site
    }

  • Andrew wrote on 11 March, 2010, 1:27

    Jeff, You can add an @ sign before $_SERVER[‘HTTPS’]. When your not using ssl HTTPS is not defined, which is why you are getting that error. The @ sign should suppress that error.

    if(@$_SERVER[‘HTTPS’] !== “on”)

  • Jeff wrote on 16 March, 2010, 4:28

    Thanks Andrew.

    I’ve been using:

    if(empty($_SERVER[“HTTPS”])) {

    That also works but I will try the @ sign too.

  • Falguni wrote on 17 March, 2010, 6:53

    This is really nice man..thanks a lotz for this script

  • faiza wrote on 1 February, 2011, 11:39

    nice script. but my question is i writel almot 13 urls 10 of them working fine but rest of then just vanish the images and my css and js is not working anymore. i thnk it may be path problem here is that rule
    RewriteRule ^edit-uni/(.*)$ inter/index.php?file=edituni&id=$1

  • David wrote on 2 February, 2011, 17:15

    Actually, come to think of it. You should use the 301 redirect syntax in your htaccess file as well:

    RewriteEngine On
    RewriteCond %{HTTPS} !on
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  • Eric D wrote on 4 February, 2011, 21:19

    Thank you! This is exactly what I was looking for. PERFECT! God you have to sift through so much crap to find useful stuff.

    Also, Thank you Darrell, Andrew and John for your additional improvements.

  • MULTIATOM wrote on 1 March, 2011, 2:24

    Thanks, Thanks, Thanks,

    Example: http://multiatom.com/TLS/conatct.php

  • Niranjan wrote on 5 August, 2011, 10:38

    Thanks Roshan it helped me, well

Write a Comment

 


Copyright © 2014 Roshan Bhattarai's Blog. All rights reserved.
Powered by WordPress.org, Custom Theme and ComFi.com Calling Card Company.