Merge pull request #102 from KiTTYsh/master

Use random_bytes() to generate IV where available (PHP 7.x)
7 years ago · 7c8f857c3b
1 changed files with 5 additions and 1 deletions
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@ -70,8 +70,12 @@ function test_password($password, $salt, $test) {

 function generate_salt() {
 	// 128 bits of entropy
+	if (function_exists('random_bytes')) {
+		return strtr(base64_encode(random_bytes(16)), '+', '.');
+	} else {
 		return strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
 	}
+}

 function login($username, $password) {
 	global $mod, $config;