static function createAuthToken($app, $userId) { $token = array(); $token['apiKey'] = hash('sha512', uniqid()); $token['apiToken'] = hash('sha512', uniqid()); $token['sessionLifeHours'] = self::login_getSessionExpirationInHours($app->request->post()); // Congrats - you're logged in! $saved = AuthData::insertAuthToken(array(':user_id' => $userId, ':identifier' => $token['apiKey'], ':token' => password_hash($token['apiToken'], PASSWORD_DEFAULT), ':ip_address' => $app->request->getIp(), ':user_agent' => $app->request->getUserAgent(), ':expires' => date('Y-m-d H:i:s', time() + $token['sessionLifeHours'] * 60 * 60))); AuthData::insertLoginLocation(array(':user_id' => $userId, ':ip_address' => $app->request->getIp(), ':user_agent' => $app->request->getUserAgent())); return $saved ? $token : false; }