From 67b1565ef88ea588dc98243418c1e9b930eb7ee1 Mon Sep 17 00:00:00 2001
From: RalphORama <RalphORama@users.noreply.github.com>
Date: Tue, 24 Oct 2017 16:16:25 -0400
Subject: [PATCH 1/3] Replace mcrypt_create_iv with random_bytes

`mcrypt_create_iv()` was deprecated in PHP 7.1.0.
---
 inc/mod/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 42f34196..6dcad3a1 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -70,7 +70,7 @@ function test_password($password, $salt, $test) {
 
 function generate_salt() {
 	// 128 bits of entropy
-	return strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
+	return strtr(base64_encode(random_bytes(16)), '+', '.');
 }
 
 function login($username, $password) {

From 2097562596fc95e8e537fe9c60d71d516c615af7 Mon Sep 17 00:00:00 2001
From: RalphORama <RalphORama@users.noreply.github.com>
Date: Tue, 24 Oct 2017 16:27:00 -0400
Subject: [PATCH 2/3] PHP version check for mcrypt_create_iv

Use `mcrypt_create_iv()` if PHP version is less than 7.1.0, otherwise use `random_bytes()` (introduced in PHP 7.1 to replace `mcrypt_create_iv()`)
---
 inc/mod/auth.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 6dcad3a1..6b4022c9 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -69,7 +69,13 @@ function test_password($password, $salt, $test) {
 }
 
 function generate_salt() {
-	// 128 bits of entropy
+	// mcrypt_create_iv() was deprecated in PHP 7.1.0, only use it if we're below that version number.
+	if (PHP_VERSION_ID < 701000) {
+		// 128 bits of entropy
+		return strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
+	}
+
+	// Otherwise, use random_bytes()
 	return strtr(base64_encode(random_bytes(16)), '+', '.');
 }
 

From c8765dede4573d58fed0c9b6d09464b74b5b5650 Mon Sep 17 00:00:00 2001
From: RalphORama <RalphORama@users.noreply.github.com>
Date: Tue, 24 Oct 2017 17:36:14 -0400
Subject: [PATCH 3/3] Update PHP version check

Removed trailing zero
---
 inc/mod/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 6b4022c9..16da26a2 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -70,7 +70,7 @@ function test_password($password, $salt, $test) {
 
 function generate_salt() {
 	// mcrypt_create_iv() was deprecated in PHP 7.1.0, only use it if we're below that version number.
-	if (PHP_VERSION_ID < 701000) {
+	if (PHP_VERSION_ID < 70100) {
 		// 128 bits of entropy
 		return strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
 	}