replaced mt_rand method with more secure random_int

mebjas · web-flow · commit dec1e2fae3fd · 2017-03-13T02:37:55.000+05:30
as mentioned in #66 and suggestion here http://php.net/mt_rand, changed random generator method to a more cryptographically secure random generator.
diff --git a/libs/csrf/csrfprotector.php b/libs/csrf/csrfprotector.php
@@ -352,11 +352,11 @@ public static function generateAuthToken()
 			//#todo - if $length > 128 throw exception 
 
 			if (function_exists("hash_algos") && in_array("sha512", hash_algos())) {
-				$token = hash("sha512", mt_rand(0, mt_getrandmax()));
+				$token = hash("sha512", random_int(0, mt_getrandmax()));
 			} else {
 				$token = '';
 				for ($i = 0; $i < 128; ++$i) {
-					$r = mt_rand(0, 35);
+					$r = random_int(0, 35);
 					if ($r < 26) {
 						$c = chr(ord('a') + $r);
 					} else { 
