$token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));if(Yii::app()->user->

1. $token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));
2. if(Yii::app()->user->hasFlash('error')){
3. ?>
4. <div class="flashMessage">
5. <?php echo Yii::app()->user->getFlash('error') ?>
6. </div>
7. <?php
8. }
9. ?>
10.  
11. <input type="hidden" name="token" value="<?php echo $token ?>"/>
12. //Rest of the form
13.  
14. // collect user input data
15. if(isset($_POST['LoginForm'])){
16.  
17. //Check if the token matches
18. if($_POST['token'] == $_SESSION['token']){
19.  
20. $model->attributes=$_POST['LoginForm'];
21. // validate user input and redirect to the previous page if valid
22. if($model->validate() && $model->login())
23. $this->redirect(Yii::app()->user->returnUrl);
24. }
25. }