From 2097562596fc95e8e537fe9c60d71d516c615af7 Mon Sep 17 00:00:00 2001
From: RalphORama <RalphORama@users.noreply.github.com>
Date: Tue, 24 Oct 2017 16:27:00 -0400
Subject: [PATCH] PHP version check for mcrypt_create_iv

Use `mcrypt_create_iv()` if PHP version is less than 7.1.0, otherwise use `random_bytes()` (introduced in PHP 7.1 to replace `mcrypt_create_iv()`)
---
 inc/mod/auth.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 6dcad3a1..6b4022c9 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -69,7 +69,13 @@ function test_password($password, $salt, $test) {
 }
 
 function generate_salt() {
-	// 128 bits of entropy
+	// mcrypt_create_iv() was deprecated in PHP 7.1.0, only use it if we're below that version number.
+	if (PHP_VERSION_ID < 701000) {
+		// 128 bits of entropy
+		return strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
+	}
+
+	// Otherwise, use random_bytes()
 	return strtr(base64_encode(random_bytes(16)), '+', '.');
 }