v1.2.0

Awilum · Awilum · commit 7b38d6035509 · 2018-07-05T15:27:20.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+# v1.2.0, 2018-07-05
+* openssl_random_pseudo_bytes removed
+
 # v1.1.0, 2018-04-05
 * PHP7 support added
 * Generate a new unique token with openssl_random_pseudo_bytes added
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # Token Component
-![version](https://img.shields.io/badge/version-1.1.0-brightgreen.svg?style=flat-square "Version")
+![version](https://img.shields.io/badge/version-1.2.0-brightgreen.svg?style=flat-square "Version")
 [![MIT License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](https://github.com/flextype-components/token/blob/master/LICENSE)
 
 The Token component generate and store a unique token which can be used to help prevent [CSRF](http://wikipedia.org/wiki/Cross_Site_Request_Forgery) attacks.   
diff --git a/Token.php b/Token.php
@@ -47,17 +47,7 @@ public static function generate(bool $new = false) : string
         if ($new === true OR ! $token) {
 
             // Generate a new unique token
-            if (function_exists('openssl_random_pseudo_bytes')) {
-
-                // Generate a random pseudo bytes token if openssl_random_pseudo_bytes is available
-                // This is more secure than uniqid, because uniqid relies on microtime, which is predictable
-                $token = base64_encode(openssl_random_pseudo_bytes(32));
-
-            } else {
-
-                // Otherwise, fall back to a hashed uniqid
-                $token = sha1(uniqid(null, true));
-            }
+            $token = sha1(uniqid(mt_rand(), true));
 
             // Store the new token
             Session::set(Token::$token_name, $token);
