static function token_login($user, $pwd) { list($label, self::$token_id) = explode("-", $user); if (!self::$token_id) { Error::http(400, "Missing or invalid token id."); } $sql = "SELECT tokens.user_id, users.name, tokens.login_provider, UNIX_TIMESTAMP(tokens.updated) as updated\n\t\t\tFROM tokens LEFT JOIN users ON tokens.user_id=users.user_id\n\t\t\tWHERE token_id=? AND ((token_val='0' AND otk=?) OR (token_val!=0 AND token_val=?))"; $rows = DBquery::get($sql, array(self::$token_id, $pwd, $pwd)); if (!$rows) { Error::http(401, "Invalid credentials for token ID='" . self::$token_id . "'."); } $updated = $rows[0]['updated']; //if ($updated AND time() - $updated > 86400) Error::http(401, "The login-enabled token#". self::$token_id ." for this user has expired (maximum 24-hours API session reached.)."); self::$user_id = $rows[0]['user_id']; self::$name = $rows[0]['name']; self::$otk = $pwd; self::$login_provider = $rows[0]['login_provider']; }