<?php
/**
 * SAMPLE LICENSE MANAGER SERVER
 * This would be hosted on your own server (e.g., https://licensing.your-domain.com/api/v1)
 */

header('Content-Type: application/json');

// 1. Mock Database of valid keys
$valid_keys = [
    'FLAT-8822-1192-3301' => ['status' => 'active', 'max_activations' => 1],
    'FLAT-TEST-KEY-0001' => ['status' => 'active', 'max_activations' => 3],
];

// 2. Mock Database of current activations (Key => Fingerprint)
$activations = [
    // 'FLAT-8822-1192-3301' => 'hash_from_client'
];

$input = json_decode(file_get_contents('php://input'), true);
$endpoint = $_SERVER['PATH_INFO'] ?? '';

if ($endpoint === '/activate') {
    $key = strtoupper(trim($input['license_key'] ?? ''));
    $fingerprint = $input['fingerprint'] ?? '';

    if (!isset($valid_keys[$key])) {
        echo json_encode(['success' => false, 'error' => 'Invalid license key.']);
        exit;
    }

    if ($valid_keys[$key]['status'] !== 'active') {
        echo json_encode(['success' => false, 'error' => 'License is expired or suspended.']);
        exit;
    }

    // Check if already activated on another machine
    if (isset($activations[$key]) && $activations[$key] !== $fingerprint) {
        echo json_encode(['success' => false, 'error' => 'License already in use on another server.']);
        exit;
    }

    // Success: Return a signed token
    echo json_encode([
        'success' => true,
        'activation_token' => hash_hmac('sha256', $key . $fingerprint, 'YOUR_SECRET_SERVER_SALT')
    ]);
}

if ($endpoint === '/verify') {
    // Similar logic to check if the token is still valid or if the key was revoked
    echo json_encode(['success' => true]);
}