Php code to redirect invalid user

Redirecting invalid user is necessary because different pages of the website have different authority. Some pages should only be accessed by admin. If some invalid user tries to open them, then they should be redirected to another page.

php code redirect user


Okay! so let’s see the code first.

 DEFINE('BASE_URL','http://www.yourwebsite.com/');

function redirect_invalid_user($check = 'user_id', $destination = '')
{
    if(!isset($_SESSION[$check]))                       
    {
        $url = BASE_URL.$destination;           
        if(!headers_sent())                             
        {
            header("Location:$url");
        }
        exit();                                         
    }
}

You can use this function by checking if the certain $_SESSION key is set or not and act accordingly. For example, suppose you need to show the page only to the logged in users and when a user gets logged in, you are setting a $_SESSION key by the id of the block of database table where his/her information is stored.

This key will only be set for the users who have logged in to the system. Now for all the logged in users specific pages, we first run this function and then do other stuff in our code.

Using redirect invalid user function

redirect_invalid_user();

If in your code, you are setting user_id as a $_SESSION key for something and wish to check the authority over it as well as want to redirect the unauthorized user to the home page of your website, then you can simply use this function at the top of your PHP file.

redirect_invalid_user('another_key');

If, in your code, you want to check the authority over another $_SESSION key, like we have used here another_key as the desired key. You can replace it with what you wish to check the setting of. Here also you are redirecting the unauthorized user to the home page.

redirect_invalid_user('another_key', 'url_for_invalid_user.php');

Use this if you want to redirect the unauthorized user to some particular URL, instead of home page.

Code Explaination – Redirect Invalid User

DEFINE ( 'BASE_URL', 'http://www.yourwebsite.com/' ) ; 

Defining your base URL as a global variable is a good way of programming. Because it might be, that you are using HTTP today but later shift to secure https protocol. In that case, you just need to change this piece of code and it will get reflected everywhere in your application. To know more about DEFINE please go through this link.

function redirect_invalid_user ( $check = 'user_id', $destination = '' )

We need to use this function before sending any kind of data to the browser. Not even a blank space. Here you can replace the user_id with your most frequently used $_SESSION key for checking authority. Also, you can set the default value of $destination to be something where you are going to redirect invalid user in most cases.

if ( ! isset ( $_SESSION[ $check ] ) )

Here we are checking if our desired key is set or not. If it is not set then execute the inner code of if condition.

$url = BASE_URL . $destination;

Setting a variable which stores the URL where we wish to redirect users to.

if ( ! headers_sent() )

This condition is to prevent errors regarding headers. Actually, only one header could be sent on a web page. If some kind of text, intentionally or unintentionally, sent to the browser then along with that the appropriate headers are sent to. In that case sending the header for redirecting will raise errors. This condition will check if some kind of headers is already been sent then do not execute the code within it.

header ( "Location:$url" ) ;

This function sends the headers to redirect the invalid user to the URL defined by us. Since it is inside the above if condition, so it will only execute if no header is been sent already.

exit () ;

Since the data is meant only for authorized users, we will never be willing to show that to the invalid user in any condition whether they are redirected to our desired page or not. Data need to be secure. That’s why we are using the exit() function to stop the execution of the script in the middle. If no headers are been sent and the user is redirected, then it’s well and good. We will stop the script. But if some error occurred and header failed to redirect or some header is sent already, even then the script should stop the execution. In this case, the user will see the broken page but our sensitive information won’t reveal.
also check out best php ide and editors

Recommended :  A simple polymorphic relationship in laravel

About the author

akash mittal

Akash Mittal is a computer scientist and entrepreneur with core skills in web development. After creating several projects in the field of social networks, education, finance, pc games and virtual reality, he put his hands in IOT to create the most affordable smart switch of worth $1

Pin It on Pinterest

Shares