Open alipha opened 8 years ago
You create CSRF tokens using random_string which uses mt_rand and this is not secure--the output of mt_rand can be predicted with enough input bytes. Instead of:
https://github.com/joepie91/cphp/blob/feature/formhandler/include.csrf.php#L20
Use:
$key = bin2hex(openssl_random_pseudo_bytes(16)); $token = bin2hex(openssl_random_pseudo_bytes(16));
Pretty sure this code isn't maintained anymore.
You create CSRF tokens using random_string which uses mt_rand and this is not secure--the output of mt_rand can be predicted with enough input bytes. Instead of:
https://github.com/joepie91/cphp/blob/feature/formhandler/include.csrf.php#L20
Use:
$key = bin2hex(openssl_random_pseudo_bytes(16)); $token = bin2hex(openssl_random_pseudo_bytes(16));