PHP doesn't send Authorization header

Question

This is my code

 // create curl resource 
        $ch = curl_init($serviceURL); 

        // set url 
        curl_setopt($ch, CURLOPT_POST, true); 

        // set body
        curl_setopt( $ch, CURLOPT_POSTFIELDS, $post_data);

        //return the transfer as a string 
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 


        $usernamePassword64Encoded = 'username,password';
        $usernamePassword64Encoded = base64_encode ( $usernamePassword64Encoded );

        //make the request content type as json
        $headers = array(
            'Content-type: application/json', 
            'Authorization:Basic '+$usernamePassword64Encoded,
        );
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

in the server, i read the content type header, it is okay, but when i read the authorisation header, it is null

why? am i passing them wrong? (if i do, how can the content type is being read in the server? )

Update

adding this code

curl_setopt($ch, CURLOPT_USERPWD, "Basic "+$usernamePassword64Encoded);

let the server receives the Authorization field, but the received value is:

Basic MDo=

it is not correct, I send different value

Update 2

the current code

$ch = curl_init($serviceURL); 

        // set url 
        curl_setopt($ch, CURLOPT_POST, true); 

        // set body
        curl_setopt( $ch, CURLOPT_POSTFIELDS, $post_data);

        //return the transfer as a string 
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 


        $usernamePassword64Encoded = 'blabla,blabla';


        //make the request content type as json
        $headers = array(
            'Content-type: application/json', 
        );
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        curl_setopt($ch, CURLOPT_USERPWD, $usernamePassword64Encoded);

        // $output contains the output string 
        $output = curl_exec($ch);

my problem now is that i send blabla,blabla but i receive blabla,blabla:

notice the extra double dot at the end of the received value

Some browsers handle the headers differently. Have you tried it with multiple browsers? — J. Allan, Sep 05 '16 at 23:54
@JefréN. no i tried it with just google chrome, but i don't know which one my client will use, so i prefer to solve it for all browsers, right? — Marco Dinatsoli, Sep 05 '16 at 23:55
Nothing wrong with your Code, maybe its because you read authorisation instead of authorization? — MoeinPorkamel, Sep 06 '16 at 00:01
Why not use `curl_setopt($ch, CURLOPT_USERPWD, "$login:$password")` over building your own auth header? [Here](http://stackoverflow.com/a/32272006/4982088) is a simple example. — Xorifelse, Sep 06 '16 at 00:01
Check [this out](http://php.net/manual/en/features.http-auth.php) for what I mean about the header having to be *just right.* — J. Allan, Sep 06 '16 at 00:03
This is literally the third EXACT same question regarding CURLOPT_HTTPHEADER within 2 days, all questions have no answers either. Your code is perfectly fine. `CURLOPT_HTTPHEADER` only accepts an array — zanderwar, Sep 06 '16 at 00:03
@Xorifelse you would find that this is for an API that OP doesn't have control over, and this is a specific requirement of that API — zanderwar, Sep 06 '16 at 00:06
http://stackoverflow.com/questions/39289474/php-curl-http-post-request-set-custom-header-with-nested-key-value-pairs/39289582 just like this guy — zanderwar, Sep 06 '16 at 00:07
@MoeinPorkamel no i ready Authorization , it was a type made by auto complete — Marco Dinatsoli, Sep 06 '16 at 00:11
@Xorifelse i want to send in the Authorization header, that is why the server understands, please help — Marco Dinatsoli, Sep 06 '16 at 00:13
@Zanderwar: I *totally* did not get the point of that last comment... ? — J. Allan, Sep 06 '16 at 00:23
@MarcoDinatsoli are you **certain** `$usernamePassword64Encoded` is correct, "MDo=" decodes to `0` — zanderwar, Sep 06 '16 at 00:25
i found the solution, i shouldn't send the Basic word, even though it is the standard in the http protocol, but the PHP library add it automatically — Marco Dinatsoli, Sep 06 '16 at 00:25
The translated message of `MDo=` = `0:` so now it is receiving something. However, you are encoding your username and password in the same string, split them apart, encode and merge them like so: `"$encodeduser:$encodedpass"` removing the `"Basic"` string. — Xorifelse, Sep 06 '16 at 00:26
@Xorifelse no no , i shouldn't encode them, the library does that itself and it adds the required *Basic * + the space itself, now everything is working — Marco Dinatsoli, Sep 06 '16 at 00:29
@Xorifelse last thing please, i send username, password, but receive them (after decoding) the exact same as i sent but with extra **:** (double dot) at the end, why? — Marco Dinatsoli, Sep 06 '16 at 00:31
@MarcoDinatsoli Can you post the full code after your update in the OP? — Xorifelse, Sep 06 '16 at 00:33
@MarcoDinatsoli Change the `,` to a `:` in `$usernamePassword64Encoded` — Xorifelse, Sep 06 '16 at 00:38
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/122705/discussion-between-xorifelse-and-marco-dinatsoli). — Xorifelse, Sep 06 '16 at 00:40

Xorifelse · Accepted Answer · 2016-09-06T00:52:01.947

I would suggest using:

$usr = 'user';
$pwd = 'pass';
curl_setopt($ch, CURLOPT_USERPWD, "$usr:$pwd");

And remove the Authorization header from the array. This way, curl sets up its own auth header which should be fully complaint by most if not all browsers.

However, if the username or more likely the password contains a : character it would break, encoding should be used here.

$pwd = urlencode( 'my:complex:pass');

And obviously decoded at the other end.

PHP doesn't send Authorization header

Update

Update 2

1 Answers1