<?php
$user = 'rasmus';
$secret = 'foo';
$crumb = sha1($user.$secret);
?>
<script>
function sndReq(formName) {
YAHOO.util.Connect.setForm(formName);
YAHOO.util.Connect.asyncRequest('POST','api.php',callback);
}
</script>
<form name="myform" onsubmit="sndReq('myform'); return false;">
<input type="hidden" name="crumb" value="<?php echo $crumb?>"/>
<input type="text" name="foo"/>
</form>
<?php
$user = 'rasmus';
$secret = 'foo';
if($_POST['crumb'] != sha1($user.$secret)) {
echo json_encode(array("error"=>"XSRF Detected"));
exit;
}
// Perform Action
?>