Introduction

PHP doesn't have any function or mechanism for CSRF vulnerabilities. Developers must implement their own functions to defend against this vulnerability. So, I have coded a small one-time-token library.

Some features of secureToken :

• Provides strong entropy for brute-force attacks
• Provides reliable uniqueness
• Guarantees one time usage of issued token
• Provides distinction between sessions.
• Provides timeout restrictions

Usage & Wiki Links

• Download : http://www.webguvenligi.org/software/anticsurf/secureTokenv0.2.1.rar
  
• Installation & Usage Instructions : SetupandUsage
  
• Use AntiCSurf on your HTMLForms : UsageHTMLForms
  
• Use AntiCSurf on your links : UsageOnHrefLinks
  
• Check the validity of tokens : UsageOnTokenChecking
  

What is CSRF ?

According to the Wikipedia description :

Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.

Check out OWASP and CGISecurity's pages for detailed descriptions. There is a Turkish tutorial named "CSRF Klavuzu" for developers to understand and defend their code for CSRF vulnerabilities.