From 77ccd9cd3d462843f19c0d9dfd7b3129dd9abb44 Mon Sep 17 00:00:00 2001
From: Dao Hoang Son <daohoangson@gmail.com>
Date: Sun, 16 Oct 2016 19:31:49 +0700
Subject: [PATCH] Use OpenSSL random method before attempting Mcrypt's.

OpenSSL is faster and libmcrypt has been abandoned since 2003 and is now deprecated in PHP 7.1 anyway.
---
 src/OAuth2/ResponseType/AccessToken.php       | 8 ++++----
 src/OAuth2/ResponseType/AuthorizationCode.php | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/OAuth2/ResponseType/AccessToken.php b/src/OAuth2/ResponseType/AccessToken.php
index 98cf41cc1..e68311e0d 100644
--- a/src/OAuth2/ResponseType/AccessToken.php
+++ b/src/OAuth2/ResponseType/AccessToken.php
@@ -114,14 +114,14 @@ public function createAccessToken($client_id, $user_id, $scope = null, $includeR
      */
     protected function generateAccessToken()
     {
-        if (function_exists('mcrypt_create_iv')) {
-            $randomData = mcrypt_create_iv(20, MCRYPT_DEV_URANDOM);
+        if (function_exists('openssl_random_pseudo_bytes')) {
+            $randomData = openssl_random_pseudo_bytes(20);
             if ($randomData !== false && strlen($randomData) === 20) {
                 return bin2hex($randomData);
             }
         }
-        if (function_exists('openssl_random_pseudo_bytes')) {
-            $randomData = openssl_random_pseudo_bytes(20);
+        if (function_exists('mcrypt_create_iv')) {
+            $randomData = mcrypt_create_iv(20, MCRYPT_DEV_URANDOM);
             if ($randomData !== false && strlen($randomData) === 20) {
                 return bin2hex($randomData);
             }
diff --git a/src/OAuth2/ResponseType/AuthorizationCode.php b/src/OAuth2/ResponseType/AuthorizationCode.php
index 6a305fd75..52aeb4be5 100644
--- a/src/OAuth2/ResponseType/AuthorizationCode.php
+++ b/src/OAuth2/ResponseType/AuthorizationCode.php
@@ -85,10 +85,10 @@ public function enforceRedirect()
     protected function generateAuthorizationCode()
     {
         $tokenLen = 40;
-        if (function_exists('mcrypt_create_iv')) {
-            $randomData = mcrypt_create_iv(100, MCRYPT_DEV_URANDOM);
-        } elseif (function_exists('openssl_random_pseudo_bytes')) {
+        if (function_exists('openssl_random_pseudo_bytes')) {
             $randomData = openssl_random_pseudo_bytes(100);
+        } elseif (function_exists('mcrypt_create_iv')) {
+            $randomData = mcrypt_create_iv(100, MCRYPT_DEV_URANDOM);
         } elseif (@file_exists('/dev/urandom')) { // Get 100 bytes of random data
             $randomData = file_get_contents('/dev/urandom', false, null, 0, 100) . uniqid(mt_rand(), true);
         } else {