From a26751de514bd6e93a87bfecd2ab320285ce303f Mon Sep 17 00:00:00 2001
From: Dan Langille <dan@langille.org>
Date: Sun, 30 Jun 2024 21:38:01 +0000
Subject: [PATCH] Do a better job at being randomer

uniqid is not very random, and is deprecated.

https://wiki.php.net/rfc/deprecations_php_8_4#deprecate_uniqid

re: #574
---
 classes/user.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/user.php b/classes/user.php
index 642d2b3d..89385136 100644
--- a/classes/user.php
+++ b/classes/user.php
@@ -200,7 +200,7 @@ function IsTaskAllowed($task) {
 	}
 
 	function createUserToken() {
-		$token = hash('sha256', uniqid(random_int(0, getrandmax()), true));
+		$token = bin2hex(random_bytes(32));
 		return $token;
 	}