From f5786f77298c4cf51f77d7a16ca4c652fbe8fcc4 Mon Sep 17 00:00:00 2001
From: Jordan Dukart <jordan@discoverygarden.ca>
Date: Mon, 21 Apr 2014 10:53:43 +0000
Subject: [PATCH] Use drupal_random_bytes just to be careful.

---
 includes/authtokens.inc | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/includes/authtokens.inc b/includes/authtokens.inc
index 36e8689f..d5d98117 100644
--- a/includes/authtokens.inc
+++ b/includes/authtokens.inc
@@ -36,12 +36,7 @@ define('ISLANDORA_AUTHTOKEN_TOKEN_TIMEOUT', 300);
 function islandora_get_object_token($pid, $dsid, $uses = 1) {
   global $user;
   $time = time();
-  // The function mt_rand is not considered cryptographically secure
-  // and openssl_rando_pseudo_bytes() is only available in PHP > 5.3.
-  // We might be safe in this case because mt_rand should never be using
-  // the same seed, but this is still more secure.
-  $token = hash("sha256", mt_rand() . $time);
-
+  $token = bin2hex(drupal_random_bytes(32));
   $id = db_insert("islandora_authtokens")->fields(
     array(
       'token' => $token,