=== DEBUG DE AUTENTICAÇÃO === 1. Verificando configuração: Tokens configurados: 3 Token 0: ergo_upload_2025_xyz... Token 1: ergo_admin_2025_uvw4... Token 2: ergo_api_2025_ijk123... 2. Verificando função getallheaders: ✅ Função getallheaders() existe Headers disponíveis: 4 accept: */* user-agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) accept-encoding: gzip, br, zstd, deflate host: xmls.ergonerp.com 3. Verificando $_SERVER: Headers HTTP em $_SERVER: 4 ACCEPT: */* USER-AGENT: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) ACCEPT-ENCODING: gzip, br, zstd, deflate HOST: xmls.ergonerp.com 4. Testando validação com token válido: Resultado: ✅ VÁLIDO 5. Testando sem token: Resultado: ✅ REJEITOU (correto) 6. Testando token inválido: Resultado: ✅ REJEITOU (correto) 7. Verificando logs de segurança: ✅ Arquivo de log existe: /var/www/html/security.log Últimas 10 linhas do log: [2025-12-12 10:00:29] [INFO] [req_693be7bd375445.73715529] [216.73.216.54] [Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)] Header Authorization | Data: {"auth_header":"Bearer ergo_upload_2025_xyz789abc456def123ghi890jkl567mno234pqr"} [2025-12-12 10:00:29] [INFO] [req_693be7bd3823b8.72610486] [216.73.216.54] [Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)] Token extraído | Data: {"token_length":56,"token_start":"ergo_uploa..."} [2025-12-12 10:00:29] [INFO] [req_693be7bd382ec3.78010817] [216.73.216.54] [Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)] Validação de token | Data: {"is_valid":true,"token_found":"SIM","total_tokens":3,"token_comparison":[{"matches":true,"length_diff":0},{"matches":false,"length_diff":-1},{"matches":false,"length_diff":0}]} [2025-12-12 10:00:29] [INFO] [req_693be7bd390096.65521454] [216.73.216.54] [Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)] Headers recebidos | Data: {"ACCEPT":"*\/*","USER-AGENT":"Mozilla\/5.0 AppleWebKit\/537.36 (KHTML, like Gecko; compatible; ClaudeBot\/1.0; +claudebot@anthropic.com)","ACCEPT-ENCODING":"gzip, br, zstd, deflate","HOST":"xmls.ergonerp.com"} [2025-12-12 10:00:29] [INFO] [req_693be7bd3908d3.47073217] [216.73.216.54] [Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)] Header Authorization | Data: {"auth_header":""} [2025-12-12 10:00:29] [WARNING] [req_693be7bd390fa3.35163373] [216.73.216.54] [Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)] Header Authorization vazio [2025-12-12 10:00:29] [INFO] [req_693be7bd391811.00173341] [216.73.216.54] [Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)] Header Authorization | Data: {"auth_header":"Bearer token-invalido-123"} [2025-12-12 10:00:29] [INFO] [req_693be7bd391e64.10439318] [216.73.216.54] [Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)] Token extraído | Data: {"token_length":18,"token_start":"token-inva..."} [2025-12-12 10:00:29] [WARNING] [req_693be7bd392417.16448673] [216.73.216.54] [Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)] Token com tamanho inválido | Data: {"token_length":18} 8. Verificando permissões: Diretório atual: /var/www/html Permissões: 0755 Writable: ✅ SIM Log file writable: ✅ SIM 9. Informações do servidor: PHP Version: 8.3.6 Server Software: Apache/2.4.58 (Ubuntu) Request Method: GET Content Type: N/A === FIM DO DEBUG === Para ver os logs em tempo real, execute: tail -f /var/www/html/security.log