From a147343365175e3899424135fe31f5289d07982f Mon Sep 17 00:00:00 2001
From: Camil Staps
Date: Tue, 12 May 2015 23:24:35 +0200
Subject: Fixed security issue: safer random token generator using openssl

---
 src/controllers/UserTokenController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/controllers/UserTokenController.php')

diff --git a/src/controllers/UserTokenController.php b/src/controllers/UserTokenController.php
index 99272ec..5a6099b 100644
--- a/src/controllers/UserTokenController.php
+++ b/src/controllers/UserTokenController.php
@@ -31,7 +31,7 @@ class UserTokenController extends BaseController {
      */
     public function store() {
         $this->userToken->userId = Auth::user()->id;
-        $this->userToken->token = sha1(mt_rand());
+        $this->userToken->token = base64_encode(openssl_random_pseudo_bytes(64));
 
         if ($this->userToken->save()) {
             // Remove the token field from the hidden fields
-- 
cgit v1.2.3