Revert "Patch insecure CSRF token crypto vulnerability"

web/inc/main.php

@@ -59,10 +59,10 @@ if ((!isset($_SESSION['user'])) && (!defined('NO_AUTH_REQUIRED'))) {
     exit;
 }
 
-// Generate CSRF token
 if (isset($_SESSION['user'])) {
     if(!isset($_SESSION['token'])){
-        $_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(16));
+        $token = uniqid(mt_rand(), true);
+        $_SESSION['token'] = $token;
     }
 }
 

web/login/index.php

@@ -126,7 +126,7 @@ if (empty($_SESSION['language'])) {
 }
 
 // Generate CSRF token
-$_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(16)); // generate 32-character cryptographically secure token
+$_SESSION['token'] = md5(uniqid(mt_rand(), true));
 
 require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
 require_once('../templates/header.html');