function createAPIToken($user, $read_only, $temporary = false, $expires = false)
{
$user = mysql_real_escape_string($user);
$read_only = $read_only ? "on" : "";
$expires = $temporary ? date("Y-m-d- H:i:s", strtotime($expires)) : false;
// Generate a unique token
$token = mysql_real_escape_string(BigTree::randomString(255));
$r = sqlrows(sqlquery("SELECT * FROM bigtree_api_tokens WHERE token = '{$token}'"));
while ($r) {
$token = mysql_real_escape_string(BigTree::randomString(255));
$r = sqlrows(sqlquery("select * from bigtree_api_tokens where token = '{$token}'"));
}
if ($temporary) {
sqlquery("INSERT INTO bigtree_api_tokens (`token`,`user`,`read_only`,`temporary`,`expires`) VALUES ('{$token}','{$user}','{$read_only}','on','{$expires}')");
} else {
sqlquery("INSERT INTO bigtree_api_tokens (`token`,`user`,`read_only`) VALUES ('{$token}','{$user}','{$read_only}')");
}
return $token;
}