From 86d7d3102489db9f592eea283161a3ed1c91ed76 Mon Sep 17 00:00:00 2001
From: ilotterytea <iltsu@alright.party>
Date: Thu, 21 Aug 2025 16:43:12 +0500
Subject: feat: access tokens

---
 login.php | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'login.php')

diff --git a/login.php b/login.php
index 76102e5..f9c0fbc 100644
--- a/login.php
+++ b/login.php
@@ -26,9 +26,29 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         exit(create_alert('/login.php', 401, 'Incorrect username or password.', null));
     }
 
+    $now = date('Y-m-d H:i:s', time());
+    $db->prepare('DELETE FROM tokens WHERE expires_at <= ? AND user_id = ?')
+        ->execute([$now, $user['id']]);
+
+    $data = $user;
+
+    if (IS_JSON_REQUEST) {
+        $expires_at = date('Y-m-d H:i:s', time() + 86400);
+
+        $token = bin2hex(random_bytes(16));
+
+        $db->prepare('INSERT INTO tokens(user_id, hash, expires_at) VALUES (?, ?, ?)')
+            ->execute([$user['id'], hash('sha256', $token), $expires_at]);
+
+        $data = [
+            'token' => $token,
+            'id' => $user['id']
+        ];
+    }
+
     $_SESSION['user'] = $user;
 
-    exit(create_alert('/', 200, null, $user));
+    exit(create_alert('/', 200, null, $data));
 }
 ?>
 <!DOCTYPE html>
-- 
cgit v1.2.3