protected function generateRandomSecret() { if (function_exists('openssl_random_pseudo_bytes')) { return hash('sha1', openssl_random_pseudo_bytes(23)); } return hash('sha1', uniqid(mt_rand(), true)); }