From 2c18abf8bee66bfa59b90103881e517dedd1a161 Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebastian@grewe.ca>
Date: Mon, 30 Dec 2013 12:15:36 +0100
Subject: [PATCH] [SECURITY] Better token generator

---
 public/include/classes/token.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/include/classes/token.class.php b/public/include/classes/token.class.php
index 0bd73196..dd0552f0 100644
--- a/public/include/classes/token.class.php
+++ b/public/include/classes/token.class.php
@@ -29,11 +29,11 @@ class Token Extends Base {
    * @return mixed Token string on success, false on failure
    **/
   public function createToken($strType, $account_id=NULL) {
-    $strToken = hash('sha256', $account_id.$strType.microtime());
     if (!$iToken_id = $this->tokentype->getTypeId($strType)) {
       $this->setErrorMessage('Invalid token type: ' . $strType);
       return false;
     }
+    $strToken = bin2hex(openssl_random_pseudo_bytes(32));
     $stmt = $this->mysqli->prepare("
       INSERT INTO $this->table (token, type, account_id)
       VALUES (?, ?, ?)