ทำ token เพื่อป้องกัน csrf

HTML

<form>
//...
<input type="hidden" name="token" value="<?php echo $token; ?>" />
//...
</form>

PHP

if (!isset($_SESSION['token'])) {
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
$_SESSION['token_time'] = time();
}
else
{
$token = $_SESSION['token'];
}

จาก: http://stackoverflow.com/questions/6287903/how-to-...