random_bytes and php5

[klepek]

Hi,

PHP5 does not support random_bytes (used for public scrumpoker sessions)

[Tue Oct 02 10:45:51.674712 2018] [:error] [pid 677] [client 172.17.0.1:46542] PHP Fatal error: Call to undefined function random_bytes() in /var/www/scrumonline/src/controllers/session-controller.php on line 44, referer: http://xxxx/

it can be solved by using: "paragonie/random_compat": "<9.99" in composer.json, or by changes into docker image to change php5 to php7. What do you prefer?

[Toxantron]

Missed that one, thank you for the hint. I personally would suggest to only use php7.x from now on and will adjust the docker image accordingly.

Never the less there are probably still users of php5.6 and I doubt they would by happy if I drop support. I'm leaning towards a "less secure" random generator, since we are only talking about a session tokens for public sessions and not private data or banking transactions. It's only purpose is to prevent people from messing with a public session by overwriting the topic or removing members.

[Toxantron]

I fixed it for php5.6 for now. I will create a new docker file later, as I would like to update other things like web server and mysql version as well.