Php code to redirect invalid user

Redirecting invalid user is necessary because different pages of the website have different authority. Some pages should only be accessed by admin. If some invalid user tries to open them, then they should be redirected to another page.

Okay! so let’s see the code first.


function redirect_invalid_user($check = 'user_id', $destination = '')
        $url = BASE_URL.$destination;           

You can use this function by checking if the certain $_SESSION key is set or not and act accordingly. For example, suppose you need to show the page only to the logged in users and when a user gets logged in, you are setting a $_SESSION key by the id of the block of database table where his/her information is stored.

This key will only be set for the users who have logged in to the system. Now for all the logged in users specific pages, we first run this function and then do other stuff in our code.

Using redirect invalid user function


If in your code, you are setting user_id as a $_SESSION key for something and wish to check the authority over it as well as want to redirect the unauthorized user to the home page of your website, then you can simply use this function at the top of your PHP file.


If, in your code, you want to check the authority over another $_SESSION key, like we have used here another_key as the desired key. You can replace it with what you wish to check the setting of. Here also you are redirecting the unauthorized user to the home page.

redirect_invalid_user('another_key', 'url_for_invalid_user.php');

Use this if you want to redirect the unauthorized user to some particular URL, instead of home page.

Code Explaination – Redirect Invalid User

DEFINE ( 'BASE_URL', '' ) ; 

Defining your base URL as a global variable is a good way of programming. Because it might be, that you are using HTTP today but later shift to secure https protocol. In that case, you just need to change this piece of code and it will get reflected everywhere in your application. To know more about DEFINE please go through this link.

function redirect_invalid_user ( $check = 'user_id', $destination = '' )

We need to use this function before sending any kind of data to the browser. Not even a blank space. Here you can replace the user_id with your most frequently used $_SESSION key for checking authority. Also, you can set the default value of $destination to be something where you are going to redirect invalid user in most cases.

if ( ! isset ( $_SESSION[ $check ] ) )

Here we are checking if our desired key is set or not. If it is not set then execute the inner code of if condition.

$url = BASE_URL . $destination;

Setting a variable which stores the URL where we wish to redirect users to.

if ( ! headers_sent() )

This condition is to prevent errors regarding headers. Actually, only one header could be sent on a web page. If some kind of text, intentionally or unintentionally, sent to the browser then along with that the appropriate headers are sent to. In that case sending the header for redirecting will raise errors. This condition will check if some kind of headers is already been sent then do not execute the code within it.

header ( "Location:$url" ) ;

This function sends the headers to redirect the invalid user to the URL defined by us. Since it is inside the above if condition, so it will only execute if no header is been sent already.

exit () ;

Since the data is meant only for authorized users, we will never be willing to show that to the invalid user in any condition whether they are redirected to our desired page or not. Data need to be secure. That’s why we are using the exit() function to stop the execution of the script in the middle. If no headers are been sent and the user is redirected, then it’s well and good. We will stop the script. But if some error occurred and header failed to redirect or some header is sent already, even then the script should stop the execution. In this case, the user will see the broken page but our sensitive information won’t reveal.
also check out best php ide and editors

Brian Fernandes

Director of Customer Engagement at Genuitec - Loves technology and almost everything related to computing. Wants to help you write better software. Follow at @brianfernandes.

Published by
Brian Fernandes

Recent Posts

Are There any Similarities Between Web Design and Art?

You may be surprised at how many of the same skills are involved!  Let’s get…

1 day ago

Tips on Increasing your organic traffic on WordPress

Introduction  As more and more people are using online services nowadays, most of the business…

2 days ago

Five Reasons You Should Start a Social Media Campaign

Small businesses need all the advertisements they can get. Traditional avenues for advertising, such as…

3 days ago

Top 10 SEO Writing Tips for Beginners 2021

Search Engine Optimization. It’s complicated, to say the least. Search engines, like Google, are constantly…

2 weeks ago

Should you become a freelancer in 2021? Pros and Cons

Freelancing and working from home was long considered idyllic by many, but the global pandemic…

2 weeks ago

The Leading Renewable Energy Trends in 2021

The past year saw slowdowns in the ongoing shift toward renewable energy in many countries…

2 weeks ago