diff --git a/include/class.csrf.php b/include/class.csrf.php
index 633828d9d7d5acdcca5eab4e4a6706a38cc04a84..bfa792901167b58892e88e805728e9d72a337df7 100644
--- a/include/class.csrf.php
+++ b/include/class.csrf.php
@@ -58,6 +58,7 @@ Class CSRF {
         if(!$this->csrf['token'] || $this->isExpired()) {
 
             $len = $len>8?$len:32;
+            $r = '';
             for ($i = 0; $i <= $len; $i++)
                 $r .= chr(mt_rand(0, 255));