API security update

api/v2/authorization.php

@@ -48,6 +48,23 @@ if ($stmt->rowCount() == 1) {
 
         } else { //STANDARD LOGIN
             if (password_verify($password, $user_data['password'])) { 
+
+                //REFRESH USERKEY
+                if ($user_data['userkey'] != ''){
+                    $user_data['userkey'] = bin2hex(random_bytes(25));
+                    $sql_userkey = 'UPDATE users SET userkey = ? WHERE id = ?';
+                    $stmt_userkey = $pdo->prepare($sql_userkey);
+                    $stmt_userkey->execute([$user_data['userkey'], $user_data['id']]);
+                }
+
+                //REFRESH USERKEY
+                if ($user_data['service'] != ''){
+                    $user_data['service'] = bin2hex(random_bytes(25));
+                    $sql_service = 'UPDATE users SET service = ? WHERE id = ?';
+                    $stmt_service = $pdo->prepare($sql_service);
+                    $stmt_service->execute([$user_data['service'], $user_data['id']]);
+                }
+
                 $token = createCommunicationToken($user_data['userkey']);
 
                 //RETURN JWT AND CLIENTSECRET