Embeded image in some hacker website.
# Cross Site Request Forgery 
# If it happend that you are logged on ...
# and you browse ...
# you'll make a purchase, even if you don't want to!

<img src="">

Token method

The token method involves the use of a randomly generated token.

    # The token is stored in the user's session ...
    # when the user accesses the form page


    if (isset($_POST['btn_submit'])) {
        if (isset($_SESSION['token']) &&
            isset($_POST['token']) &&
                  $_POST['token'] == $_SESSION['token']) { # Look Here
           echo 'Accepted';
        } else {
            echo 'Denied';

    $token = md5(uniqid(rand(), TRUE));
    $_SESSION['token'] = $token;

<form method="POST">
    <input type="hidden" name="token" value="<?= $token; ?>"/>
    <input type="submit" name="btn_submit"/>

  Last update: 207 days ago