Use OpenSSL random method before attempting Mcrypt's. (#773)

src/OAuth2/ResponseType/AccessToken.php

@@ -114,14 +114,14 @@ public function createAccessToken($client_id, $user_id, $scope = null, $includeR
      */
     protected function generateAccessToken()
     {
-        if (function_exists('mcrypt_create_iv')) {
-            $randomData = mcrypt_create_iv(20, MCRYPT_DEV_URANDOM);
+        if (function_exists('openssl_random_pseudo_bytes')) {
+            $randomData = openssl_random_pseudo_bytes(20);
             if ($randomData !== false && strlen($randomData) === 20) {
                 return bin2hex($randomData);
             }
         }
-        if (function_exists('openssl_random_pseudo_bytes')) {
-            $randomData = openssl_random_pseudo_bytes(20);
+        if (function_exists('mcrypt_create_iv')) {
+            $randomData = mcrypt_create_iv(20, MCRYPT_DEV_URANDOM);
             if ($randomData !== false && strlen($randomData) === 20) {
                 return bin2hex($randomData);
             }

src/OAuth2/ResponseType/AuthorizationCode.php

@@ -85,10 +85,10 @@ public function enforceRedirect()
     protected function generateAuthorizationCode()
     {
         $tokenLen = 40;
-        if (function_exists('mcrypt_create_iv')) {
-            $randomData = mcrypt_create_iv(100, MCRYPT_DEV_URANDOM);
-        } elseif (function_exists('openssl_random_pseudo_bytes')) {
+        if (function_exists('openssl_random_pseudo_bytes')) {
             $randomData = openssl_random_pseudo_bytes(100);
+        } elseif (function_exists('mcrypt_create_iv')) {
+            $randomData = mcrypt_create_iv(100, MCRYPT_DEV_URANDOM);
         } elseif (@file_exists('/dev/urandom')) { // Get 100 bytes of random data
             $randomData = file_get_contents('/dev/urandom', false, null, 0, 100) . uniqid(mt_rand(), true);
         } else {