/** * Returns a valid (and available API key) to be used in the system. * * Border-line irrelevant note: There is a potential race-condition that you * could get this key and store it to the database at approximately the same time as someone who generated the same key * (prior to you storing) but that should be approximately a one in 16^40 chance (unless you seed the PRNG with * a timestamp or something patently wrong like that) so I'm not going to spend time preventing that at the moment. * * Takes NO parameters and is static so that the generation isn't affected by state at all... the * generation is supposed to be random and using any state from the user or registration object would * just reduce the entropy of the pseudo-random number generator. */ protected static function generateKey() { wfProfileIn(__METHOD__); do { $keyHash = sha1(mt_rand()); } while (ApiGate_Register::keyExists($keyHash)); wfProfileOut(__METHOD__); return $keyHash; }