replace rand_int to openssl_random_pseudo_bytes

since random_int method is only php 7 supported, added openssl_random_pseudo_bytes as default method.

Author: mebjas

libs/csrf/csrfprotector.php

@@ -344,19 +344,24 @@ public static function refreshToken()
 		 */
 		public static function generateAuthToken()
 		{
+			// todo - make this a member method / configurable
+			$randLength = 32;
+			
 			//if config tokenLength value is 0 or some non int
 			if (intval(self::$config['tokenLength']) == 0) {
 				self::$config['tokenLength'] = 32;	//set as default
 			}
 
 			//#todo - if $length > 128 throw exception 
 
-			if (function_exists("hash_algos") && in_array("sha512", hash_algos())) {
-				$token = hash("sha512", random_int(0, mt_getrandmax()));
+			if (function_exists("hash_algos")
+			    && function_exists("openssl_random_pseudo_bytes")
+			    && in_array("sha512", hash_algos())) {
+				$token = hash("sha512", openssl_random_pseudo_bytes ($randLength));
 			} else {
 				$token = '';
 				for ($i = 0; $i < 128; ++$i) {
-					$r = random_int(0, 35);
+					$r = mt_rand (0, 35);
 					if ($r < 26) {
 						$c = chr(ord('a') + $r);
 					} else {