class SecretKeyService
{
    public function validate(PDO $pdo, CryptoService $crypto, string $inputKey): ?int
    {
        $hash = $crypto->hash($inputKey);

        // 🔍 DEBUG LOG
        error_log("SECRET KEY ENTERED: [$inputKey]");
        error_log("SECRET KEY HASH (PHP): [$hash]");

        $stmt = $pdo->prepare("
            SELECT id, HEX(key_hash) AS db_hash
            FROM secret_keys
            WHERE is_active = 1
              AND valid_from <= UTC_TIMESTAMP()
              AND valid_to >= UTC_TIMESTAMP()
            LIMIT 1
        ");
        $stmt->execute();

        $row = $stmt->fetch(PDO::FETCH_ASSOC);

        if ($row) {
            error_log("SECRET KEY HASH (DB): [" . $row['db_hash'] . "]");
            return $row['id'];
        }

        error_log("NO MATCH FOUND");
        return null;
    }
}
<!DOCTYPE html>
<html>
<head>
<title>Access Form</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body class="bg-light">

<div class="container min-vh-100 d-flex align-items-center justify-content-center">
<div class="card p-4" style="max-width:420px;width:100%">

<h4 class="text-center mb-3">Paritosh</h4>


<form method="post">
  <div class="mb-3">
    <label>Secret Key</label>
    <input class="form-control" name="key" value="" required>
  </div>

  <div class="mb-3">
    <label>What is 8 + 5 ?</label>
    <input class="form-control" name="captcha_answer" required>
    <input type="hidden" name="captcha_id" value="0a6ed99a3214a9f8">
  </div>

  <button class="btn btn-primary w-100">Continue</button>
</form>

</div>
</div>
</body>
</html>