| <?php |
| session_start(); |
| require_once '../../db.php'; |
|
|
| if (!isset($_SESSION['user_id'])) { |
| echo json_encode(['success' => false, 'message' => 'Not logged in']); |
| exit; |
| } |
|
|
| if ($_SERVER['REQUEST_METHOD'] === 'POST') { |
| $user_id = $_SESSION['user_id']; |
| $name = trim($_POST['name']); |
| $permissions = isset($_POST['permissions']) ? implode(',', $_POST['permissions']) : ''; |
| $expiry_days = (int) $_POST['expiry']; |
|
|
| |
| $token = 'mw_ak_' . bin2hex(random_bytes(16)); |
|
|
| |
| $expires_at = date('Y-m-d H:i:s', strtotime("+$expiry_days days")); |
|
|
| $sql = "INSERT INTO access_tokens (user_id, name, token, permissions, expires_at) VALUES (?, ?, ?, ?, ?)"; |
| $stmt = $conn->prepare($sql); |
| $stmt->bind_param("issss", $user_id, $name, $token, $permissions, $expires_at); |
|
|
| if ($stmt->execute()) { |
| echo json_encode([ |
| 'success' => true, |
| 'token' => $token, |
| 'expires_at' => $expires_at |
| ]); |
| } else { |
| echo json_encode(['success' => false, 'message' => 'Database error']); |
| } |
| } |
|
|
