Implement token refresh logic and add refreshkey to user management

index.php

@@ -41,6 +41,42 @@ include dirname(__FILE__).'/assets/functions.php';
 include dirname(__FILE__).'/settings/settings_redirector.php';
 include_once dirname(__FILE__).'/settings/countries.php';
 
+//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+//TOKEN REFRESH LOGIC
+//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+// Token refresh buffer: refresh token 5 minutes (300 seconds) before expiry
+$token_refresh_buffer = 300;
+
+// Check if API token exists and is still valid
+if (!isset($_SESSION['authorization']['userkey']) ||
+    !isset($_SESSION['authorization']['token_valid']) ||
+    time() >= (strtotime($_SESSION['authorization']['token_valid']) - $token_refresh_buffer)) {
+
+    // Token missing, expired, or about to expire - get new token
+    if (isset($_SESSION['authorization']['refreshkey'])) {
+        $api_url = '/v2/token_refresh?refreshkey='.$_SESSION['authorization']['refreshkey'];
+        $responses = ioServer($api_url, '');
+
+        //Decode Payload
+        if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}
+
+        if (isset($responses['userkey']) && isset($responses['token_valid'])) {
+            // Update session with complete response (same as login.php)
+            $_SESSION['authorization'] = $responses;
+        } else {
+            // Token refresh failed - redirect to login
+            session_destroy();
+            header('location: login.php?error=session_expired');
+            die();
+        }
+    } else {
+        // No refreshkey available - redirect to login
+        session_destroy();
+        header('location: login.php?error=session_expired');
+        die();
+    }
+}
+
 //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 //GET USER PERMISSION ASSIGNED
 //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++