PHP

How to secure a script with an authorization token?

I have a website whose database records active tokens after authentication. The database contains information :
Token ID Token
key
Active token or not ( 0 or 1 ) .
----------------------
And I also have a PHP script on the same domain that works by itself. I would like to make this PHP script available only to authorized users from the main site.
Unfortunately, I cannot link my script to the site.
I imagine it this way. When accessing my PHP script
1) A session is created.
2) I make a sql query to the database of the main site to the table with authentication tokens.
2) I compare the IP in the database with $_SERVER['REMOTE_ADDR'] and if matches are found I assign the ID token to the session variable.

I now have this code, it only compares the IP address:

session_start();
$ref = $_SERVER['REMOTE_ADDR'];
require'conn.php';
$query = "SELECT * from  token where ip '%$ref%' AND active Like '1'  ";
    $result = mysqli_query($conn,$query); 
    $user = mysqli_fetch_assoc($result);
    
    if (!empty($user)) {
$_SESSION['nim'] = true;
}
if (isset($_SESSION['nim']) && $_SESSION['nim'] === true) : ?>

Please help to understand the issue or give advice on how to securely protect the script from unauthorized narrators from the main site. My task is to prevent the script from working for an unauthorized user from the main site.