mcrypt_create_iv is a deprecated function in PHP 7.

[halojoy]

In index.php line number 60, I suggest this change to avoid error in PHP 7:

// generate CSRF token if (empty($_SESSION['token'])) { $_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(32)); }

I should add that I run PHP 7.1.0 Info: https://wiki.php.net/rfc/mcrypt-viking-funeral

[crazy4chrissi]

Well, openssl_random_pseudo_bytes was introduced in PHP 5.3.0 and we still support 5.2.4, so we cannot rely on it solely. But maybe we switch the logic like this?

if (function_exists('openssl_random_pseudo_bytes'))
{
    $_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(32));
} else {
    $_SESSION['token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
}

This would not throw an exception in PHP 7, right?

Have not tried phpliteadmin with PHP 7 yet, so continue telling us whenever you find some problem ;)

[halojoy]

I have tried now PHP 7.1.0 with PLA. And this is the only issue so far. Because mcrypt will be removed in PHP 7.

It is true the suggestion you show here works well in PHP 7.1.0. So this can be a coding solution.

[Dygear]

I've been using PLA with PHP 7.0.0 or better when it came out. I also have been keeping up with the releases for PHP on my production servers. I've not had any issues.

Sent from my iPhone

On Dec 18, 2016, at 13:15, Stefan notifications@github.com wrote:

I have tried now PHP 7.1.0 with PLA. And this is the only issue so far. Because mcrypt will be removed in PHP 7.

It is true the suggestion you show here works well in PHP 7.1.0. So this can be a coding solution.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.