if ($csrf) { ?> CSRF successfully validated <?php } else { ?> CSRF didn't validate - data probably have been tampered with! <?php } ?> </p> <?php } ?> <form method="post" action=""> <p> <label for="secretcode">Very confidential data:</label><br /> <input type="text" name="secretcode" id="secretcode" /> <?php echo $SimpleUsers->getToken(); ?> </p> <p> <input type="submit" name="submit" value="Send sensitive data" /> </p> </form> </body> </html>