/**
* Returns a valid (and available API key) to be used in the system.
*
* Border-line irrelevant note: There is a potential race-condition that you
* could get this key and store it to the database at approximately the same time as someone who generated the same key
* (prior to you storing) but that should be approximately a one in 16^40 chance (unless you seed the PRNG with
* a timestamp or something patently wrong like that) so I'm not going to spend time preventing that at the moment.
*
* Takes NO parameters and is static so that the generation isn't affected by state at all... the
* generation is supposed to be random and using any state from the user or registration object would
* just reduce the entropy of the pseudo-random number generator.
*/
protected static function generateKey()
{
wfProfileIn(__METHOD__);
do {
$keyHash = sha1(mt_rand());
} while (ApiGate_Register::keyExists($keyHash));
wfProfileOut(__METHOD__);
return $keyHash;
}
