My server host had php version 5.2.17. I am using a random token and used openssl_random_pseudo_bytes in my function.
mt_rand, rand or uniqid
$token = md5(uniqid(rand(), true));
$thetoken = $token.$user_id;
I am using 5.6 but have also been looking for ways to create secure and unique tokens as I am unable to get the openssl_random_pseudo_bytes function to work. I have run across paragonie's random_compat at github which should allow you to use random_bytes() and random_int() (both only available with PHP7). They do say it should be able to be used with older 5.x versions of PHP in theory, though they do suggest updating to a current stable version of php. https://github.com/paragonie/random_compat
Here is a link to another stack overflow answer that suggests using random_bytes() as $token = bin2hex(random_bytes($length));
And also the link i found suggesting paragonie's random_compat https://akrabat.com/random_bytes-in-php-5-6-and-5-5/ https://paragonie.com/blog/2015/07/how-safely-generate-random-strings-and-integers-in-php