fixing some security issues and harderning service

app-code/api/auth/check_auth_key.php

@@ -2,14 +2,14 @@
 header('Content-Type: application/json');
 include "../../config/config.php";
 $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
+$now=time();
 $sql="DELETE FROM auth_tokens WHERE valid_until < ?;";
 $stmt = mysqli_prepare($conn, $sql);
 mysqli_stmt_bind_param($stmt, 'i',$now);
 mysqli_stmt_execute($stmt);
 mysqli_stmt_close($stmt);
 
-$auth_key=$_GET["auth_token"];
-$now=time();
+$auth_key=$_GET["auth_token"] ?? "";
 $sql="SELECT user_id FROM auth_tokens WHERE auth_token = ? AND valid_until > ?;";
 $stmt = mysqli_prepare($conn, $sql);
 mysqli_stmt_bind_param($stmt, 'si', $auth_key,$now);
@@ -54,8 +54,7 @@ if(mysqli_stmt_num_rows($stmt) == 1){
 }else{
 	$data=[
 		'status' => 'failure',
-		'msg'=>'invalid auth key',
-		'auth_key'=>$auth_key
+		'msg'=>'invalid auth key'
 	];
 	echo(json_encode($data));
 }