Fix for "Broken or Risky Cryptographic Algorithm"

web/inc/main.php

@@ -58,9 +58,10 @@ if ((!isset($_SESSION['user'])) && (!defined('NO_AUTH_REQUIRED'))) {
     exit;
 }
 
+// Generate CSRF Token
 if (isset($_SESSION['user'])) {
-    if(!isset($_SESSION['token'])){
-        $token = uniqid(mt_rand(), true);
+        if (!isset($_SESSION['token'])){
+        $token = bin2hex(file_get_contents('/dev/urandom', false, null, 0, 16));
         $_SESSION['token'] = $token;
     }
 }