Replace salt function with a more modern, cryptographically secure pseudo-random method

Set minimum PHP version to 7.0.0 for random_bytes

INSTALL.md

@@ -5,7 +5,7 @@ For install instructions in non-English languages, see the wiki:
 
   phpLDAPadmin requires the following:
       a. A web server (Apache, IIS, etc).
-      b. PHP 5.5.0 or newer (with LDAP support)
+      b. PHP 7.0.0 or newer (with LDAP support)
 
 * To install
 

lib/config_default.php

@@ -8,7 +8,7 @@
  */
 
 /** The minimum version of PHP required to run phpLDAPadmin. */
-define('REQUIRED_PHP_VERSION','5.5.0');
+define('REQUIRED_PHP_VERSION','7.0.0');
 
 /**
  * The config class contains all our configuration settings for a session.

lib/functions.php

@@ -1828,15 +1828,9 @@ function random_salt($length) {
 	if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
 
-	$possible = '0123456789'.
-		'abcdefghijklmnopqrstuvwxyz'.
-		'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.
-		'./';
-	$str = '';
-	mt_srand((double)microtime() * 1000000);
-
-	while (strlen($str) < $length)
-		$str .= substr($possible,(rand()%strlen($possible)),1);
+	$str = bin2hex(random_bytes(ceil($length/2)));
+	if ($length % 2 == 1)
+		return substr($str, 0, -1);
 
 	return $str;
 }