html/api/opus-test-session-v94.php

<?php
// V94 TEST-ONLY endpoint for Opus/Blade E2E video scenario
// Creates an auth session for Selenium testing
// Restricted to localhost IPs only
$allowed = ['127.0.0.1', '::1', 'localhost'];
$ip = $_SERVER['REMOTE_ADDR'] ?? '';
$k = $_REQUEST['k'] ?? '';
if ($k !== 'WEVADS2026' || !in_array($ip, $allowed)) {
    http_response_code(403);
    die(json_encode(['error' => 'forbidden', 'ip' => $ip]));
}
session_set_cookie_params(["lifetime"=>3600,"path"=>"/","domain"=>".weval-consulting.com","secure"=>true,"httponly"=>true,"samesite"=>"Lax"]);
session_start();
$_SESSION['wu'] = 'opus_e2e_test';
$_SESSION['wa'] = 1;
$_SESSION['weval_auth'] = true;
$_SESSION['weval_authenticated'] = true; // V96 fix: actual key used by weval_check_auth
$_SESSION['weval_user'] = 'opus_e2e_test';
$_SESSION['sso'] = true;
$_SESSION['email'] = 'opus@test.local';
echo json_encode([
    'ok' => true,
    'session_id' => session_id(),
    'note' => 'V94 test session created for E2E video'
]);