// receive_token.php - improved version
$secret_key = 'ghdknncjvknmdff987bbxbbkkjgvc';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $received_secret = $_POST['secret'] ?? '';
    $token           = $_POST['token'] ?? '';
    $timestamp       = $_POST['timestamp'] ?? 0;

    $log = date('Y-m-d H:i:s') . " | IP: " . ($_SERVER['REMOTE_ADDR'] ?? 'unknown') . 
           " | Secret match: " . ($received_secret === $secret_key ? 'YES' : 'NO') . "\n";
    file_put_contents('receive_log.txt', $log, FILE_APPEND);

    if ($received_secret !== $secret_key) {
        http_response_code(403);
        die("Unauthorized: Invalid secret key");
    }

    if (empty($token)) {
        http_response_code(400);
        die("Missing token");
    }

    $data = [
        'token'       => $token,
        'received_at' => time(),
        'timestamp'   => (int)$timestamp
    ];

    $saved = file_put_contents('token.json', json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES));

    if ($saved !== false) {
        http_response_code(200);
        echo "Token received and saved successfully";
    } else {
        http_response_code(500);
        echo "Failed to save token to disk";
    }
} else {
    http_response_code(405);
    echo "Method not allowed";
}