I have this in my script, to add a "token" to my forms...
Code: Select all
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;Code: Select all
<input type = "hidden" name = "formID" value = "'.$token.'">Code: Select all
if($_POST['formID'] != $_SESSION['token'])
{
unset($_SESSION['token']);
exit('You are attempting to exploit the site, your IP address has been logged.'');
}Regards