diff --git a/index.php b/index.php
index a41ceab..33afa5d 100644
--- a/index.php
+++ b/index.php
@@ -82,6 +82,37 @@ if ($page === 'activate') {
             $error = $res['error'];
         }
     }
+
+    if (isset($_POST['update_license'])) {
+        $id = (int)$_POST['id'];
+        $status = $_POST['status'] ?? null;
+        $owner = $_POST['owner'] ?? null;
+        $address = $_POST['address'] ?? null;
+        
+        $updateData = [];
+        if ($status !== null) $updateData['status'] = $status;
+        if ($owner !== null) $updateData['owner'] = $owner;
+        if ($address !== null) $updateData['address'] = $address;
+
+        $res = LicenseService::updateLicense($id, $updateData);
+        if ($res['success']) {
+            $message = "License updated successfully!";
+        } else {
+            $message = "Error: " . ($res['error'] ?? 'Unknown error');
+        }
+    }
+
+    if (isset($_POST['issue_license'])) {
+        $max = (int)($_POST['max_activations'] ?? 1);
+        $owner = $_POST['owner'] ?? null;
+        $address = $_POST['address'] ?? null;
+        $res = LicenseService::issueLicense($max, 'FLAT', $owner, $address);
+        if ($res['success']) {
+            $message = "New License Issued: " . $res['license_key'];
+        } else {
+            $message = "Error: " . ($res['error'] ?? 'Unknown error');
+        }
+    }
     ?>
     <!DOCTYPE html>
     <html lang="<?= $lang ?>" dir="<?= $dir ?>">
@@ -1856,9 +1887,18 @@ if (isset($_POST['add_hr_department'])) {
     if (isset($_POST['add_cash_register'])) {
         $name = $_POST['name'] ?? '';
         if ($name) {
-            $stmt = db()->prepare("INSERT INTO cash_registers (name) VALUES (?)");
-            $stmt->execute([$name]);
-            $message = "Cash Register added successfully!";
+            // Check license limit
+            $allowed = LicenseService::getAllowedActivations();
+            $stmt = db()->query("SELECT COUNT(*) FROM cash_registers");
+            $current_count = (int)$stmt->fetchColumn();
+
+            if ($current_count >= $allowed) {
+                $message = "Error: Activation Limit Reached. Your license only allows $allowed register(s).";
+            } else {
+                $stmt = db()->prepare("INSERT INTO cash_registers (name) VALUES (?)");
+                $stmt->execute([$name]);
+                $message = "Cash Register added successfully!";
+            }
         }
     }
     if (isset($_POST['edit_cash_register'])) {
@@ -1969,6 +2009,7 @@ $page_permissions = [
     'logs' => 'logs_view',
     'cash_registers' => 'cash_registers_view',
     'register_sessions' => 'register_sessions_view',
+    'licenses' => 'licenses_view',
 ];
 
 if (isset($page_permissions[$page]) && !can($page_permissions[$page])) {
@@ -2060,13 +2101,12 @@ $permission_groups = [
         'users' => 'Users',
         'cash_registers' => 'Cash Registers',
         'register_sessions' => 'Register Sessions',
-        'scale_devices' => 'Scale Devices',
-        'customer_display_settings' => 'Customer Display',
-        'backups' => 'Backups',
+        'licenses' => 'Licenses',
         'logs' => 'System Logs'
     ]
 ];
 
+
 if ($page === 'export') {
     $type = $_GET['type'] ?? 'sales';
     $filename = $type . "_export_" . date('Y-m-d') . ".csv";
@@ -2742,6 +2782,11 @@ switch ($page) {
         $data['cash_registers'] = db()->query("SELECT * FROM cash_registers WHERE status = 'active'")->fetchAll();
         $data['users'] = db()->query("SELECT id, username FROM users ORDER BY username ASC")->fetchAll();
         break;
+    case 'licenses':
+        $res = LicenseService::listLicenses();
+        $data['licenses'] = $res['success'] ? $res['data'] : [];
+        $data['license_error'] = $res['success'] ? '' : ($res['error'] ?? 'Failed to fetch licenses.');
+        break;
     default:
         $data['customers'] = db()->query("SELECT * FROM customers ORDER BY id DESC LIMIT 5")->fetchAll();
         $data['stats'] = [
@@ -3074,6 +3119,9 @@ $projectDescription = $_SERVER['PROJECT_DESCRIPTION'] ?? 'Accounting System';
             <a href="index.php?page=backups" class="nav-link <?= $page === 'backups' ? 'active' : '' ?>">
                 <i class="fas fa-database"></i> <span><?= __('backups') ?></span>
             </a>
+            <a href="index.php?page=licenses" class="nav-link <?= $page === 'licenses' ? 'active' : '' ?>">
+                <i class="fas fa-key"></i> <span><?= $lang === 'ar' ? 'إدارة التراخيص' : 'Manage Licenses' ?></span>
+            </a>
         </div>
         <?php endif; ?>
 
@@ -8139,6 +8187,17 @@ $projectDescription = $_SERVER['PROJECT_DESCRIPTION'] ?? 'Accounting System';
             <div>
                 <h5 class="m-0 fw-bold text-primary" data-en="Cash Registers Management" data-ar="إدارة خزائن الكاشير">Cash Registers Management</h5>
                 <p class="text-muted small mb-0">Define your shop counters and registers.</p>
+                <div class="mt-2">
+                    <?php 
+                        $allowed_acts = LicenseService::getAllowedActivations();
+                        $current_regs = count($data['cash_registers'] ?? []);
+                    ?>
+                    <span class="badge bg-light text-dark border">
+                        <i class="bi bi-info-circle me-1"></i>
+                        <span data-en="License Limit:" data-ar="حد الترخيص:">License Limit:</span> <?= $current_regs ?> / <?= $allowed_acts ?> 
+                        <span data-en="Registers" data-ar="خزينة">Registers</span>
+                    </span>
+                </div>
             </div>
             <button class="btn btn-primary rounded-pill px-4" data-bs-toggle="modal" data-bs-target="#addRegisterModal">
                 <i class="bi bi-plus-lg me-2"></i> <span data-en="Add Register" data-ar="إضافة خزينة">Add Register</span>
diff --git a/lib/LicenseService.php b/lib/LicenseService.php
index d32d64a..c9022f3 100644
--- a/lib/LicenseService.php
+++ b/lib/LicenseService.php
@@ -48,6 +48,7 @@ class LicenseService {
                     activation_token TEXT DEFAULT NULL,
                     fingerprint VARCHAR(255) DEFAULT NULL,
                     status ENUM('pending', 'active', 'expired', 'suspended', 'trial') DEFAULT 'pending',
+                    allowed_activations INT DEFAULT 1,
                     activated_at DATETIME DEFAULT NULL,
                     last_checked_at DATETIME DEFAULT NULL,
                     trial_started_at DATETIME DEFAULT NULL,
@@ -60,6 +61,12 @@ class LicenseService {
                     $db->exec("ALTER TABLE system_license ADD COLUMN trial_started_at DATETIME DEFAULT NULL");
                 }
 
+                // Check if allowed_activations column exists
+                $stmt = $db->query("SHOW COLUMNS FROM system_license LIKE 'allowed_activations'");
+                if (!$stmt->fetch()) {
+                    $db->exec("ALTER TABLE system_license ADD COLUMN allowed_activations INT DEFAULT 1");
+                }
+
                 // Ensure 'trial' status exists in ENUM
                 $stmt = $db->query("SHOW COLUMNS FROM system_license LIKE 'status'");
                 $statusCol = $stmt->fetch();
@@ -94,12 +101,29 @@ class LicenseService {
         $data = [
             php_uname('n'), // Nodename (hostname)
             php_uname('m'), // Machine type
-            $_SERVER['SERVER_ADDR'] ?? '127.0.0.1',
             PHP_OS
         ];
         return hash('sha256', implode('|', $data));
     }
 
+    /**
+     * Returns the number of allowed activations/counters.
+     */
+    public static function getAllowedActivations() {
+        require_once __DIR__ . '/../db/config.php';
+        $stmt = db()->prepare("SELECT allowed_activations FROM system_license WHERE status = 'active' ORDER BY id DESC LIMIT 1");
+        $stmt->execute();
+        $res = $stmt->fetch();
+        
+        if ($res) {
+            return (int)$res['allowed_activations'];
+        }
+        
+        // If in trial, allow maybe 1 or 2? Let's say 1 for now or based on user's preference.
+        // But the user said "same as number of activations".
+        return 1;
+    }
+
     /**
      * Checks if the system is currently activated or within trial period.
      */
@@ -115,14 +139,15 @@ class LicenseService {
      */
     public static function isActivated() {
         require_once __DIR__ . '/../db/config.php';
-        $stmt = db()->prepare("SELECT * FROM system_license WHERE status = 'active' LIMIT 1");
-        $stmt->execute();
+        $fingerprint = self::getFingerprint();
+        $stmt = db()->prepare("SELECT * FROM system_license WHERE status = 'active' AND fingerprint = ? LIMIT 1");
+        $stmt->execute([$fingerprint]);
         $license = $stmt->fetch();
 
         if (!$license) return false;
 
         // 1. Verify fingerprint matches (Physical Protection)
-        if ($license['fingerprint'] !== self::getFingerprint()) {
+        if ($license['fingerprint'] !== $fingerprint) {
             return false;
         }
 
@@ -138,12 +163,12 @@ class LicenseService {
             ]);
             
             if (!$res['success']) {
-                db()->exec("UPDATE system_license SET status = 'suspended'");
+                db()->prepare("UPDATE system_license SET status = 'suspended' WHERE fingerprint = ?")->execute([$fingerprint]);
                 return false;
             }
             
             // Update last verified timestamp
-            db()->exec("UPDATE system_license SET activated_at = NOW()");
+            db()->prepare("UPDATE system_license SET activated_at = NOW() WHERE fingerprint = ?")->execute([$fingerprint]);
         }
 
         return true;
@@ -170,16 +195,58 @@ class LicenseService {
 
         require_once __DIR__ . '/../db/config.php';
         
-        // Clear previous pending/failed attempts
-        db()->exec("DELETE FROM system_license");
+        // Clear previous entries for THIS fingerprint to avoid duplicates
+        $stmt = db()->prepare("DELETE FROM system_license WHERE fingerprint = ?");
+        $stmt->execute([$fingerprint]);
 
-        $stmt = db()->prepare("INSERT INTO system_license (license_key, fingerprint, status, activated_at, activation_token) VALUES (?, ?, 'active', NOW(), ?)");
+        // Check if we reached the limit of activations for this key (in a shared DB)
+        $allowed = (int) ($response['allowed_activations'] ?? 1);
+        $stmt = db()->prepare("SELECT COUNT(DISTINCT fingerprint) FROM system_license WHERE license_key = ? AND status = 'active'");
+        $stmt->execute([$license_key]);
+        $current_activations = (int) $stmt->fetchColumn();
+
+        if ($current_activations >= $allowed) {
+            return [
+                'success' => false, 
+                'error' => "Activation Limit Reached: This license only allows $allowed machine(s). Please deactivate another machine first."
+            ];
+        }
+
+        $stmt = db()->prepare("INSERT INTO system_license (license_key, fingerprint, status, activated_at, activation_token, allowed_activations) VALUES (?, ?, 'active', NOW(), ?, ?)");
         $token = $response['activation_token'] ?? bin2hex(random_bytes(32)); 
-        $stmt->execute([$license_key, $fingerprint, $token]);
+        $stmt->execute([$license_key, $fingerprint, $token, $allowed]);
 
         return ['success' => true];
     }
 
+    /**
+     * Fetches all licenses from the remote server.
+     */
+    public static function listLicenses() {
+        return self::callRemoteApi('/list', []);
+    }
+
+    /**
+     * Updates an existing license.
+     */
+    public static function updateLicense($id, $data) {
+        $params = array_merge(['id' => $id, 'secret' => '1485-5215-2578'], $data);
+        return self::callRemoteApi('/update', $params);
+    }
+
+    /**
+     * Issues a new license.
+     */
+    public static function issueLicense($max_activations, $prefix = 'FLAT', $owner = null, $address = null) {
+        return self::callRemoteApi('/issue', [
+            'secret' => '1485-5215-2578',
+            'max_activations' => $max_activations,
+            'prefix' => $prefix,
+            'owner' => $owner,
+            'address' => $address
+        ]);
+    }
+
     /**
      * Remote API Caller
      */
@@ -243,6 +310,7 @@ class LicenseService {
         
         return [
             'success' => true,
+            'allowed_activations' => 2, // Simulate a license that allows 2 machines/counters
             'activation_token' => hash('sha256', $params['license_key'] . $params['fingerprint'] . 'DEBUG_SALT')
         ];
     }
diff --git a/license_manager/admin.html b/license_manager/admin.html
new file mode 100644
index 0000000..b62d7ac
--- /dev/null
+++ b/license_manager/admin.html
@@ -0,0 +1,112 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>License Manager Admin</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
+    <style>
+        body { background-color: #f8f9fa; padding-top: 50px; }
+        .card { box-shadow: 0 4px 6px rgba(0,0,0,0.1); border: none; }
+        .header { margin-bottom: 30px; text-align: center; }
+        .response-area { background: #2d2d2d; color: #50fa7b; padding: 15px; border-radius: 5px; font-family: monospace; display: none; }
+    </style>
+</head>
+<body>
+
+<div class="container">
+    <div class="row justify-content-center">
+        <div class="col-md-8 col-lg-6">
+            <div class="header">
+                <h2>License Manager</h2>
+                <p class="text-muted">Issue and Manage Licenses</p>
+            </div>
+
+            <div class="card p-4">
+                <form id="issueForm">
+                    <div class="mb-3">
+                        <label for="secret" class="form-label">Server Secret</label>
+                        <input type="password" class="form-control" id="secret" placeholder="Enter SERVER_SECRET from config.php" required>
+                    </div>
+
+                    <div class="row">
+                        <div class="col-md-6 mb-3">
+                            <label for="prefix" class="form-label">License Prefix</label>
+                            <input type="text" class="form-control" id="prefix" value="MYAPP" placeholder="e.g. PRO">
+                        </div>
+                        <div class="col-md-6 mb-3">
+                            <label for="activations" class="form-label">Max Activations</label>
+                            <input type="number" class="form-control" id="activations" value="1" min="1">
+                        </div>
+                    </div>
+
+                    <button type="submit" class="btn btn-primary w-100">Generate License Key</button>
+                </form>
+
+                <div id="responseArea" class="mt-4 response-area">
+                    <h6 class="text-white-50">Server Response:</h6>
+                    <pre id="outputContent" class="mb-0"></pre>
+                </div>
+            </div>
+            
+            <div class="text-center mt-3">
+                <small class="text-muted">Upload this file to the same directory as <code>index.php</code></small>
+            </div>
+        </div>
+    </div>
+</div>
+
+<script>
+document.getElementById('issueForm').addEventListener('submit', async function(e) {
+    e.preventDefault();
+    
+    const secret = document.getElementById('secret').value;
+    const prefix = document.getElementById('prefix').value;
+    const activations = document.getElementById('activations').value;
+    const responseArea = document.getElementById('responseArea');
+    const outputContent = document.getElementById('outputContent');
+    const btn = this.querySelector('button');
+
+    // UI Loading State
+    btn.disabled = true;
+    btn.textContent = 'Generating...';
+    responseArea.style.display = 'none';
+
+    try {
+        const res = await fetch('index.php', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify({
+                action: 'issue',
+                secret: secret,
+                prefix: prefix,
+                max_activations: parseInt(activations)
+            })
+        });
+
+        const data = await res.json();
+        
+        outputContent.textContent = JSON.stringify(data, null, 2);
+        responseArea.style.display = 'block';
+
+        if (data.success) {
+            outputContent.style.color = '#50fa7b'; // Green
+        } else {
+            outputContent.style.color = '#ff5555'; // Red
+        }
+
+    } catch (error) {
+        responseArea.style.display = 'block';
+        outputContent.textContent = 'Error: ' + error.message;
+        outputContent.style.color = '#ff5555';
+    } finally {
+        btn.disabled = false;
+        btn.textContent = 'Generate License Key';
+    }
+});
+</script>
+
+</body>
+</html>
diff --git a/license_manager/config.php b/license_manager/config.php
new file mode 100644
index 0000000..e606274
--- /dev/null
+++ b/license_manager/config.php
@@ -0,0 +1,22 @@
+<?php
+// Configuration for omanaap.cloud
+// 1. Database Credentials (for the live server)
+define('DB_HOST', 'localhost');
+define('DB_NAME', 'u128023052_meezan_license');
+define('DB_USER', 'u128023052_meezan_license');
+define('DB_PASS', 'Meezan@2026');
+
+// 2. The Secret Key (Just the code, not the command)
+define('SERVER_SECRET', '1485-5215-2578');
+
+function db_manager() {
+    static $pdo;
+    if (!$pdo) {
+        $dsn = "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=utf8mb4";
+        $pdo = new PDO($dsn, DB_USER, DB_PASS, [
+            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+        ]);
+    }
+    return $pdo;
+}
diff --git a/license_manager/database.sql b/license_manager/database.sql
new file mode 100644
index 0000000..37a8578
--- /dev/null
+++ b/license_manager/database.sql
@@ -0,0 +1,26 @@
+-- SQL for the License Manager Database
+-- Create a new database called 'license_manager_db' and run this script.
+
+CREATE TABLE IF NOT EXISTS licenses (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    license_key VARCHAR(255) UNIQUE NOT NULL,
+    max_activations INT DEFAULT 1,
+    status ENUM('active', 'suspended', 'expired') DEFAULT 'active',
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+) ENGINE=InnoDB;
+
+CREATE TABLE IF NOT EXISTS activations (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    license_id INT NOT NULL,
+    fingerprint VARCHAR(255) NOT NULL,
+    domain VARCHAR(255),
+    product VARCHAR(255),
+    activated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (license_id) REFERENCES licenses(id) ON DELETE CASCADE,
+    UNIQUE KEY (license_id, fingerprint)
+) ENGINE=InnoDB;
+
+-- Seed some test data
+INSERT INTO licenses (license_key, max_activations) VALUES ('FLAT-8822-1192-3301', 1);
+INSERT INTO licenses (license_key, max_activations) VALUES ('FLAT-TEST-KEY-0001', 5);
+INSERT INTO licenses (license_key, max_activations) VALUES ('FLAT-DEV-UNLIMITED', 999);
diff --git a/license_manager/index.php b/license_manager/index.php
new file mode 100644
index 0000000..f201f20
--- /dev/null
+++ b/license_manager/index.php
@@ -0,0 +1,247 @@
+<?php
+/**
+ * LICENSE MANAGER SERVER (Standalone Module)
+ * 
+ * This is the central authority that manages license keys and activations.
+ * It should be hosted on a secure, separate server.
+ */
+
+header('Content-Type: application/json');
+require_once __DIR__ . '/config.php';
+
+// Simple Router
+$request_uri = $_SERVER['REQUEST_URI'] ?? '';
+$endpoint = '';
+
+if (strpos($request_uri, '/activate') !== false) $endpoint = 'activate';
+if (strpos($request_uri, '/verify') !== false) $endpoint = 'verify';
+if (strpos($request_uri, '/deactivate') !== false) $endpoint = 'deactivate';
+if (strpos($request_uri, '/issue') !== false) $endpoint = 'issue';
+if (strpos($request_uri, '/list') !== false) $endpoint = 'list';
+if (strpos($request_uri, '/update') !== false) $endpoint = 'update';
+
+$input = json_decode(file_get_contents('php://input'), true);
+
+// If running as a simple script without proper URL rewriting
+if (empty($endpoint)) {
+    $endpoint = $_GET['action'] ?? $input['action'] ?? '';
+}
+
+try {
+    $pdo = db_manager();
+} catch (Exception $e) {
+    echo json_encode(['success' => false, 'error' => 'Database connection failed.']);
+    exit;
+}
+
+if ($endpoint === 'activate') {
+    $key = strtoupper(trim($input['license_key'] ?? ''));
+    $fingerprint = $input['fingerprint'] ?? '';
+    $domain = $input['domain'] ?? '';
+    $product = $input['product'] ?? '';
+
+    if (empty($key) || empty($fingerprint)) {
+        echo json_encode(['success' => false, 'error' => 'Missing required parameters.']);
+        exit;
+    }
+
+    // 1. Find License
+    $stmt = $pdo->prepare("SELECT * FROM licenses WHERE license_key = ? LIMIT 1");
+    $stmt->execute([$key]);
+    $license = $stmt->fetch();
+
+    if (!$license) {
+        echo json_encode(['success' => false, 'error' => 'Invalid license key.']);
+        exit;
+    }
+
+    if ($license['status'] !== 'active') {
+        echo json_encode(['success' => false, 'error' => 'License is ' . $license['status'] . '.']);
+        exit;
+    }
+
+    // 2. Check current activations
+    $stmt = $pdo->prepare("SELECT COUNT(*) FROM activations WHERE license_id = ?");
+    $stmt->execute([$license['id']]);
+    $current_activations = $stmt->fetchColumn();
+
+    // 3. Check if this machine is already activated
+    $stmt = $pdo->prepare("SELECT * FROM activations WHERE license_id = ? AND fingerprint = ?");
+    $stmt->execute([$license['id'], $fingerprint]);
+    $existing = $stmt->fetch();
+
+    if (!$existing) {
+        if ($current_activations >= $license['max_activations']) {
+            echo json_encode(['success' => false, 'error' => 'Maximum activation limit reached.']);
+            exit;
+        }
+
+        // Record new activation
+        $stmt = $pdo->prepare("INSERT INTO activations (license_id, fingerprint, domain, product) VALUES (?, ?, ?, ?)");
+        $stmt->execute([$license['id'], $fingerprint, $domain, $product]);
+    }
+
+    // Success: Return signed token
+    $token = hash_hmac('sha256', $key . $fingerprint, SERVER_SECRET);
+    echo json_encode([
+        'success' => true,
+        'activation_token' => $token
+    ]);
+    exit;
+}
+
+if ($endpoint === 'verify') {
+    $key = strtoupper(trim($input['license_key'] ?? ''));
+    $fingerprint = $input['fingerprint'] ?? '';
+    $token = $input['token'] ?? '';
+
+    // Simple validation: re-calculate token and check DB status
+    $expected_token = hash_hmac('sha256', $key . $fingerprint, SERVER_SECRET);
+    
+    if ($token !== $expected_token) {
+        echo json_encode(['success' => false, 'error' => 'Invalid activation token.']);
+        exit;
+    }
+
+    $stmt = $pdo->prepare("SELECT status FROM licenses WHERE license_key = ?");
+    $stmt->execute([$key]);
+    $status = $stmt->fetchColumn();
+
+    if ($status === 'active') {
+        echo json_encode(['success' => true]);
+    } else {
+        echo json_encode(['success' => false, 'error' => 'License is no longer active.']);
+    }
+    exit;
+}
+
+if ($endpoint === 'deactivate') {
+    $key = strtoupper(trim($input['license_key'] ?? ''));
+    $fingerprint = $input['fingerprint'] ?? '';
+
+    // Deactivation should ideally require a token or signature, but for simplicity:
+    // We check if the license exists and the activation matches
+    
+    // Find License ID
+    $stmt = $pdo->prepare("SELECT id FROM licenses WHERE license_key = ?");
+    $stmt->execute([$key]);
+    $licenseId = $stmt->fetchColumn();
+
+    if (!$licenseId) {
+        echo json_encode(['success' => false, 'error' => 'Invalid license key.']);
+        exit;
+    }
+
+    // Delete Activation
+    $stmt = $pdo->prepare("DELETE FROM activations WHERE license_id = ? AND fingerprint = ?");
+    $stmt->execute([$licenseId, $fingerprint]);
+
+    if ($stmt->rowCount() > 0) {
+        echo json_encode(['success' => true]);
+    } else {
+        echo json_encode(['success' => false, 'error' => 'Activation not found.']);
+    }
+    exit;
+}
+
+if ($endpoint === 'issue') {
+    $secret = $input['secret'] ?? '';
+    
+    // Basic security check using the config constant
+    if ($secret !== SERVER_SECRET) {
+        echo json_encode(['success' => false, 'error' => 'Unauthorized. Invalid secret.']);
+        exit;
+    }
+
+    $max_activations = (int)($input['max_activations'] ?? 1);
+    $prefix = strtoupper(trim($input['prefix'] ?? 'FLAT'));
+    $owner = $input['owner'] ?? null;
+    $address = $input['address'] ?? null;
+    
+    // Generate a formatted key: PREFIX-XXXX-XXXX
+    $key = $prefix . '-' . bin2hex(random_bytes(2)) . '-' . bin2hex(random_bytes(2));
+    $key = strtoupper($key);
+
+    try {
+        $stmt = $pdo->prepare("INSERT INTO licenses (license_key, max_activations, owner, address) VALUES (?, ?, ?, ?)");
+        $stmt->execute([$key, $max_activations, $owner, $address]);
+        
+        echo json_encode([
+            'success' => true, 
+            'license_key' => $key,
+            'max_activations' => $max_activations,
+            'owner' => $owner,
+            'address' => $address
+        ]);
+    } catch (Exception $e) {
+        echo json_encode(['success' => false, 'error' => 'Failed to generate license.']);
+    }
+    exit;
+}
+
+if ($endpoint === 'list') {
+    // Basic security check (Optional: You can use the secret here too)
+    // For now, it fetches all licenses with their activation counts
+    try {
+        $stmt = $pdo->prepare("
+            SELECT l.*, 
+                   (SELECT COUNT(*) FROM activations a WHERE a.license_id = l.id) as activations_count,
+                   (l.status = 'active') as is_active
+            FROM licenses l 
+            ORDER BY l.created_at DESC
+        ");
+        $stmt->execute();
+        $licenses = $stmt->fetchAll();
+        
+        echo json_encode([
+            'success' => true,
+            'data' => $licenses
+        ]);
+    } catch (Exception $e) {
+        echo json_encode(['success' => false, 'error' => 'Failed to fetch licenses: ' . $e->getMessage()]);
+    }
+    exit;
+}
+
+if ($endpoint === 'update') {
+    $secret = $input['secret'] ?? '';
+    if ($secret !== SERVER_SECRET) {
+        echo json_encode(['success' => false, 'error' => 'Unauthorized.']);
+        exit;
+    }
+
+    $id = (int)($input['id'] ?? 0);
+    $status = $input['status'] ?? null;
+    $owner = $input['owner'] ?? null;
+    $address = $input['address'] ?? null;
+
+    if (!$id) {
+        echo json_encode(['success' => false, 'error' => 'ID is required.']);
+        exit;
+    }
+
+    try {
+        $fields = [];
+        $params = [];
+        if ($status !== null) { $fields[] = "status = ?"; $params[] = $status; }
+        if ($owner !== null) { $fields[] = "owner = ?"; $params[] = $owner; }
+        if ($address !== null) { $fields[] = "address = ?"; $params[] = $address; }
+
+        if (empty($fields)) {
+            echo json_encode(['success' => false, 'error' => 'No fields to update.']);
+            exit;
+        }
+
+        $params[] = $id;
+        $sql = "UPDATE licenses SET " . implode(', ', $fields) . " WHERE id = ?";
+        $stmt = $pdo->prepare($sql);
+        $stmt->execute($params);
+
+        echo json_encode(['success' => true]);
+    } catch (Exception $e) {
+        echo json_encode(['success' => false, 'error' => 'Update failed: ' . $e->getMessage()]);
+    }
+    exit;
+}
+
+echo json_encode(['success' => false, 'error' => 'Invalid endpoint.']);
diff --git a/post_debug.log b/post_debug.log
index 30a873a..02ae818 100644
--- a/post_debug.log
+++ b/post_debug.log
@@ -165,3 +165,6 @@
 2026-02-20 12:39:30 - POST: {"supplier_id":"6","lpo_date":"2026-02-20","delivery_date":"","terms_conditions":"","item_ids":["2"],"quantities":["1"],"prices":["0.150"],"add_lpo":""}
 2026-02-20 12:40:43 - POST: {"supplier_id":"7","lpo_date":"2026-02-20","delivery_date":"","terms_conditions":"","item_ids":["2"],"quantities":["1"],"prices":["0.150"],"add_lpo":""}
 2026-02-20 12:40:54 - POST: {"supplier_id":"7","lpo_date":"2026-02-20","delivery_date":"","terms_conditions":"","item_ids":["2"],"quantities":["1"],"prices":["0.150"],"add_lpo":""}
+2026-02-20 13:31:46 - POST: {"action":"save_pos_transaction","customer_id":"7","payments":"[{\"method\":\"credit\",\"amount\":2.3}]","total_amount":"2.3","tax_amount":"0","discount_code_id":"","discount_amount":"0","loyalty_redeemed":"0","items":"[{\"id\":1,\"qty\":4,\"price\":0.45,\"vat_rate\":0,\"vat_amount\":0},{\"id\":3,\"qty\":2,\"price\":0.25,\"vat_rate\":0,\"vat_amount\":0}]"}
+2026-02-20 13:33:04 - POST: {"supplier_id":"5","lpo_date":"2026-02-20","delivery_date":"","terms_conditions":"","item_ids":["2"],"quantities":["12"],"prices":["0.150"],"add_lpo":""}
+2026-02-20 13:33:26 - POST: {"convert_lpo_to_purchase":"","lpo_id":"22"}
diff --git a/search_debug.log b/search_debug.log
index 24e5eab..cee7fec 100644
--- a/search_debug.log
+++ b/search_debug.log
@@ -12,3 +12,4 @@
 2026-02-20 11:34:38 - search_items call: q=on
 2026-02-20 12:40:40 - search_items call: q=on
 2026-02-20 12:40:40 - search_items call: q=oni
+2026-02-20 13:32:55 - search_items call: q=on