Commit ed033665 authored by Arnolds's avatar Arnolds
Browse files

Updated secret-api.php: reused `$utcNow` for consistent timestamp comparisons,... 

Updated secret-api.php: reused `$utcNow` for consistent timestamp comparisons, fixed missing `$id` check in retrieval validation, and refined metadata initialization logic.
parent d29f5715

secret-api.php

+4 −3
Original line number Diff line number Diff line
@@ -90,8 +90,9 @@ if ($method === 'POST' && isset($data['secret'])) { 


    $displayToken = Uuid::uuid4()->toString();



    $utcNow = utcNow();

    $doc = $collection->findOne(['_id' => $id]);

    if (!$doc || !empty($doc['deleted']) || ($doc['expiresAt'] ?? null) < utcNow()) {

    if (!$doc || !empty($doc['deleted']) || ($doc['expiresAt'] ?? null) < $utcNow) {

        http_response_code(200);

        echo json_encode([

            'secret' => null,
@@ -101,7 +102,7 @@ if ($method === 'POST' && isset($data['secret'])) { 
        exit;

    }



    $lastRetrievedAt = utcNow();

    $lastRetrievedAt = $utcNow;

    $firstRetrievedAt = $doc['firstRetrievedAt'] ?? $lastRetrievedAt;

    $retrievedCount = (int)($doc['retrievedCount'] ?? 0) + 1;
@@ -130,7 +131,7 @@ if ($method === 'POST' && isset($data['secret'])) { 
    $id = $_GET['id'] ?? null;

    $displayToken = $data['displayToken'] ?? null;



    if (!$displayToken) {

    if (!$id || !$displayToken) {

        http_response_code(200);

        exit;

    }