Backend code for login and XSRF prevention ]]> insert($_REQUEST); $record = $people->load($id); echo json_encode(array('people'=>$record)); break; case 'modify': auth_check(); $people->modify($_REQUEST); echo json_encode(array('status'=>'Modified')); break; case 'login': if(!empty($users[$_POST['id']]) && $users[$_POST['id']]==sha1($_POST['pwd'])) { $auth = sha1($server_secret.$_POST['id']); $xsrf_token = sha1($auth.rand()); echo json_encode(array('status'=>1, 'id'=>$_POST['id'], 'auth'=>$auth, 'token'=>$xsrf_token)); } else { echo json_encode(array('status'=>0)); } break; ?>]]>