// php7
// bin2hex(random_bytes($length))
$token = bin2hex(random_bytes(64));

// fallback
$token = bin2hex(openssl_random_pseudo_bytes($length));