Force A Secure Page Using PHP

By  on  

Many pages, most often pages with forms or pages that serve personal information, require the need to be served over a secure connection. Even recreational internet users have gotten accustomed to looking for "lock" icon within their browser before inputting data into a web form. For the benefit of the business and its website visitors, it's important to ensure that a form page be secured.

To ensure that you page is served over a secure connection, you must first acquire a security certificate. Popular SSL certificate providers include Verisign, Thawte, and GoDaddy (whom I prefer). Once your SSL certificate has been installed on the server, you may add the following code snipped at the top of any page you would like secured:

The PHP Code

//force redirect to secure page
if($_SERVER['SERVER_PORT'] != '443') { header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); exit(); }

The above code forces the script to run on secure port 443 as opposed to port 80. Thus, the page is served securely.

Recent Features

  • By
    How I Stopped WordPress Comment Spam

    I love almost every part of being a tech blogger:  learning, preaching, bantering, researching.  The one part about blogging that I absolutely loathe:  dealing with SPAM comments.  For the past two years, my blog has registered 8,000+ SPAM comments per day.  PER DAY.  Bloating my database...

  • By
    Interview with a Pornhub Web Developer

    Regardless of your stance on pornography, it would be impossible to deny the massive impact the adult website industry has had on pushing the web forward. From pushing the browser's video limits to pushing ads through WebSocket so ad blockers don't detect them, you have...

Incredible Demos

  • By
    MooTools ContextMenu Plugin

    ContextMenu is a highly customizable, compact context menu script written with CSS, XHTML, and the MooTools JavaScript framework. ContextMenu allows you to offer stylish, functional context menus on your website. The XHTML Menu Use a list of menu items with one link per item. The...

  • By
    Control Element Outline Position with outline-offset

    I was recently working on a project which featured tables that were keyboard navigable so obviously using cell outlining via traditional tabIndex=0 and element outlines was a big part of allowing the user navigate quickly and intelligently. Unfortunately I ran into a Firefox 3.6 bug...

Discussion

  1. niaomi

    This doesn’t work :-(

    Do the webpage need to be php? The page I need secure is html.

    Please help. Thanks!

  2. april

    Works just fine for me. Thanks!

  3. pete

    niaomi, the code is php so yeah it will need to be run on a php page!!

  4. @niaomi: yes niaomi, it must be PHP

  5. Mikey

    Didn’t work for me. Got error message “Warning: Cannot modify header information – headers already sent”.

    Probably has something to do with my hosting company….who knows.

    • Check your session_start(); I had an issue like his before, I had to silence it with ob_start();

  6. alex

    but how to get back to normal http page from https?

  7. rohan bagchi

    @Mikey on June 1, 2011 @ 10:53 am
    Didn’t work for me. Got error message “Warning: Cannot modify header information – headers already sent”.
    Probably has something to do with my hosting company….who knows.
    ……………..
    you cannot use header in a page that has any output before it.
    html is an output.so you use header after html data,and you get the error you did.

  8. Brandon

    Didn’t work for me either. Am I supposed to add the tags around the code you shows above? I am also getting the cannot modify header information error and I don’t understand your reply above.

  9. Brandon

    That should have said the php tags around the code you show above.

  10. brandon,it will work just fine.
    do this.
    opn d php file and at the beginning of the file before u start any code,do this:

  11. Worked beautifully for me right out of the box. Those having problems, here is what you need to do.

    Place this at the tippety-top of your PHP web page:
    Once you’ve done that, and saved it as “whatever.php”, it should work like a charm.

  12. Hi,

    its working great for me but as Alex asked, how do you get back to non ssl when you navigate away from that page?… it seems to make everything after SSL protected.

    Thanks in advance!

  13. Using it the opposite way:

    if($_SERVER['SERVER_PORT']!='80'){header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);exit();}
    

    and yes, wrap in PHP tags: on a PHP page.

  14. Ross

    This works as described except that when I navigate back to other pages on the site, they are loading as https:// which I would prefer not happen… can you offer an adjustment to correct this? Many thanks, Ross.

  15. Mark

    Another way could be:

    if(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") {
    	header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); exit();
    }
    
  16. James

    This might not work in all cases though. I use CloudFlare SSL which is SSL between the browser and the CDN. Checking the server settings for HTTPS won’t actually work as they’re not set for SSL.

    Correct?

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!