https://packagist.org/packages/volnix/csrf
composer require volnix/csrf
<form action="index.php" method="post">
<input type="hidden" name="<?= \Volnix\CSRF\CSRF::TOKEN_NAME ?>" value="<?= \Volnix\CSRF\CSRF::getToken() ?>"/>
<input type="text" name="action" placeholder="Enter an action."/>
<input type="submit" value="Submit" name="sub"/>
</form>
// generic POST data
if ( CSRF::validate($_POST) ) {
// good token
} else {
// bad token
}