php superglobal function ($GLOBALS[‘headers’][‘Authorization’]) in never set. why?

  authorization, oauth-2.0, php, superglobals, token

I have php function that is supposed to verify if there is a token, and if so, search my table for a company name that matches. The function works fine when I use xampp in localhost. When I do it in prod on the server, it gives me a ‘token undefined’ error, What could possibly be causing the error?
my php function

    public function findCompany(){
        echo "global var= ";
//        var_dump($GLOBALS['headers']['Authorization']);
//        var_dump($GLOBALS);
        var_dump($_SERVER['REMOTE_ADDR']);

        if (isset($GLOBALS['headers']['Authorization'])) {
            if ($id = $this->VerifyUserToken($GLOBALS['headers']['Authorization'], $_SERVER['REMOTE_ADDR'])) {
        $data = [
            'company_name' => $_POST['company_name']
        ];

        $companies = $this->currentModel->findCompany($data);

        if($companies){
            echo json_encode($companies);
        } else {
            echo json_encode(['success' => false]);
        }
    }
            else {
                echo json_encode(['success' => false, 'error' => "invalid token"]);
            }

        } else {
            echo json_encode(['success' => false, 'error' => "token undefined"]);

        }

    }
}

the verifyUserToken function

public function verifyUserToken($token, $ip) {
        $db = new Database();

        $db->query('SELECT * FROM auth WHERE token = :token AND expiry >now()');

        $db->bind(':token', $token);
        //check database if token exists and is not expired
        if($res = $db->single()) {
            // checks if token matches to ip address
            // returns user or contact id if verified else returns false
            if($res->token === $token && $res->ip === $ip) {
                $this->cleanTokens();
                if($res->user_id >0) {
                    return $res->user_id;
                }
//              
            } else {
                return false;
            }
        } else {
            return false;
        }

    }

I checked the database, and the token is clearly there. anyway, it’s not giving me an invalid token message. it looks like the token isn’t being sent.
It works fine when I do it in localhost on my machine.

IN order to debug, I used var_dump to see what gets sent. I don’t have much experience with PHP, but it looks like my headers authorizations never gets set. what could be the solution

see the images and code below for what I get in the console when I try. I truncated some of the paths for security purposes

        echo "global var= ";
and
        var_dump($GLOBALS);
you get
   ["GLOBALS"]=>
    *RECURSION*
    ["headers"]=>
    array(13) {
      ["Host"]=>
      string(20) "globalplantbased.com"
      ["Connection"]=>
      string(10) "keep-alive"
      ["Content-Length"]=>
      string(2) "15"
      ["Pragma"]=>
      string(8) "no-cache"
      ["Cache-Control"]=>
      string(8) "no-cache"
      ["Accept"]=>
      string(33) "application/json, text/plain, */*"
      ["User-Agent"]=>
      string(115) "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36"
      ["Content-Type"]=>
      string(33) "application/x-www-form-urlencoded"
      ["Origin"]=>
      string(27) "http://globalplantbased.com"
      ["Referer"]=>
      string(59) "http://globalplantbased.com"
      ["Accept-Encoding"]=>
      string(13) "gzip, deflate"
      ["Accept-Language"]=>
      string(14) "en-US,en;q=0.9"
      ["Cookie"]=>
      string(31) "_ga=GA1.2.1321601484.1609694939"

or
echo "global var= ";
and
var_dump($GLOBALS[‘headers’][‘Authorization’]);

or
echo "global var= ";
and
var_dump($_SERVER[‘REMOTE_ADDR’]);

[![($GLOBALS[‘headers’][‘Authorization’])2]2
($_SERVER['REMOTE_ADDR'])

Source: Ask PHP

LEAVE A COMMENT