Redirect to https (SSL) in php

Hello Friends !!

Today I found some new things. This post is show you how to redirect to https(SSL) in PHP.

First, What is SSL ? Let me Explained :

SSL meand Secure Socket Layer. It is developed by Netscape to transmit private data via Internet.

SSL uses a cryptographic system that uses two keys to encrypt data – a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:

Most of e-commerce sites uses payment gateway for online payment.And those sites use SSL connection to transfer data to and from the payment gateway.

Most of the sites use http protocol. But in above case wehave to redirect browser to https.
If you want to see example, write “http://www.gmail.com” in browser, it automatically redirects to https.It means site transfer to SSL protocol.

First of all, you should know that SSL must be installed in the server. To redirect the browser to “https” , we must know that the site is using SSL or not at the moment. And for this, there is a server variable in PHP called “HTTPS”. $_SERVER[‘HTTPS’] returns “on” values when the site is using SSL connection.


PHP function to redirect browser to “https”

<?
function redirectTohttps()
{
if($_SERVER[‘HTTPS’]!=”on”)
{
$redirect= “https://”.$_SERVER[‘HTTP_HOST’].$_SERVER[‘REQUEST_URI’];
header(“Location:$redirect”);
}
}
?>

you can call the function in that page where you have to redirect the browser to “https”.

Redirect website to “https” using .HTACCESS

You have to call above function in each and every page if you want to redirect whole sote. But rather than doing so it will be better to write code in .htaccess file to redirect the whole website to use SSL connection throughout the pages.Here is the .htaccess code :

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Just copy this code in yuor .htaccess file and place it in your root directory. Whole site will be redirected to “https” when browser will open with “http”.

If you have any query or any question then please comment on this post.

Thanks in Advance….

  • Simon Paarlberg

    Hi good explanation. I have some real world experience to add;

    When using PHP to redirect to the secure connection, it’s a bad idea to redirect the payload (ex. ?password=something_secret) directly to the script. The reason for this is, that you or your users will usually not know that the information has been passed through an unsecure connection.
    In this case you should make sure that everybody knows that an embarrassing error has been made, so it motivates you to correct the flaw. Otherwise such a mistake, can exist for years without you knowing it and thus render the SSL tunnel less secure. Remember all it takes is the session-id and someone evil can gain access to you session.

    I always send the user back to the login prompt while giving them a new session-id. Then all should be OK 🙂

  • Simon Paarlberg

    Hi good explanation. I have some real world experience to add;

    When using PHP to redirect to the secure connection, it’s a bad idea to redirect the payload (ex. ?password=something_secret) directly to the script. The reason for this is, that you or your users will usually not know that the information has been passed through an unsecure connection.
    In this case you should make sure that everybody knows that an embarrassing error has been made, so it motivates you to correct the flaw. Otherwise such a mistake, can exist for years without you knowing it and thus render the SSL tunnel less secure. Remember all it takes is the session-id and someone evil can gain access to you session.

    I always send the user back to the login prompt while giving them a new session-id. Then all should be OK 🙂

  • http://www.surplustechparts.com/index.php Geoff

    Thank you! I have been trying to find a simple way to do this.

  • http://www.surplustechparts.com/index.php Geoff

    Thank you! I have been trying to find a simple way to do this.

  • Mailtoitkarthi

    Very Very Thanks…. it is very useful..

  • Niranjan

     Many many thanks it helped me

  • Arnab Bhattacharjee

    Nice code. It is changing the entire site to https. But how could I exclude cgi-bin folder from this effect. There are some cgi scripts kept in this folder, and they are calling by cronjob.

    If the entire site follows the https protocol the scripts are not working properly.

  • Chiegel

    Your function saved the day for me.  THANK YOU

  • Pidrawalsh

    Why do I always get this: Parse error: syntax error, unexpected ‘:’ in D:hosting9100429htmlintranetfunctions.php on line 11

  • Php Inaun

    I get the same error. 

  • Php Inaun

    Found reason…M$ crapola.  If copy/paste from this page using IE, you may end up with not-so “smart quotes”.  Need to change them to standard quotes.

  • Sdf

    Thanks

  • Rob

    Works perfectly, thanks!

  • jitendra

    I have website with SSL but not redirect proerly
    When i redirect domain from cpanel then error msg of not redirect properly ar showns
    this is my .htaccess

    # BEGIN WEBSITEVALUE

    #

    #RewriteEngine On

    #RewriteRule ^index/(.*)$ ./index.php?type=$1 [L]

    #RewriteRule ^page/(.*)$ ./redirect_page.php?permalink=$1 [L]

    #RewriteRule ^contact$ ./redirect_contact.php [L]

    #RewriteRule ^contact$ ./redirect_contact.php [L]

    #RewriteRule ^contact/(.*)$ ./redirect_contact.php?permalink=$1 [L]

    #ErrorDocument 404 /404.php

    #

    # END WEBSITEVALUE

    Can you please suggest how i redirect http to https