Introduction

PHP doesn't have any function or mechanism for CSRF vulnerabilities. Developers must implement their own functions to defend against this vulnerability. So, I have coded a small one-time-token library.

Some features of secureToken :

• Provides strong entropy for brute-force attacks
• Provides reliable uniqueness
• Guarantees one time usage of issued token
• Provides distinction between sessions.
• Provides timeout restrictions

Usage & Wiki Links

• Download : http://www.webguvenligi.org/software/anticsurf/secureTokenv0.2.1.rar
  

• Installation & Usage Instructions : SetupandUsage
  
• Use AntiCSurf on your HTMLForms : UsageHTMLForms
  
• Use AntiCSurf on your links : UsageOnHrefLinks
  
• Check the validity of tokens : UsageOnTokenChecking
  

  ---

  What is CSRF ?

According to the http://en.wikipedia.org/wiki/Cross-site_request_forgery'>Wikipedia description :

Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.

Check out http://www.owasp.org/index.php/Cross-Site_Request_Forgery'>OWASP and http://www.cgisecurity.com/csrf-faq.html'>CGISecurity's pages for detailed descriptions.
There is a Turkish tutorial named http://docs.google.com/Doc?id=dgqzqj5d_53gfnrg66m'>"CSRF Klavuzu" for developers to understand and defend their code for CSRF vulnerabilities.