|
|
<?php |
|
|
session_start(); |
|
|
require_once '../../db.php'; |
|
|
|
|
|
if (!isset($_SESSION['user_id'])) { |
|
|
echo json_encode(['success' => false, 'message' => 'Not logged in']); |
|
|
exit; |
|
|
} |
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') { |
|
|
$user_id = $_SESSION['user_id']; |
|
|
$name = trim($_POST['name']); |
|
|
$permissions = isset($_POST['permissions']) ? implode(',', $_POST['permissions']) : ''; |
|
|
$expiry_days = (int) $_POST['expiry']; |
|
|
|
|
|
|
|
|
$token = 'mw_ak_' . bin2hex(random_bytes(16)); |
|
|
|
|
|
|
|
|
$expires_at = date('Y-m-d H:i:s', strtotime("+$expiry_days days")); |
|
|
|
|
|
$sql = "INSERT INTO access_tokens (user_id, name, token, permissions, expires_at) VALUES (?, ?, ?, ?, ?)"; |
|
|
$stmt = $conn->prepare($sql); |
|
|
$stmt->bind_param("issss", $user_id, $name, $token, $permissions, $expires_at); |
|
|
|
|
|
if ($stmt->execute()) { |
|
|
echo json_encode([ |
|
|
'success' => true, |
|
|
'token' => $token, |
|
|
'expires_at' => $expires_at |
|
|
]); |
|
|
} else { |
|
|
echo json_encode(['success' => false, 'message' => 'Database error']); |
|
|
} |
|
|
} |
|
|
|
