diff --git a/users/login.php b/users/login.php
index 41fbd214..2e4fecac 100644
--- a/users/login.php
+++ b/users/login.php
@@ -27,13 +27,16 @@
  */
 
 $rel_path = '../';
-define('POSTFIXADMIN_LOGOUT', 1);
+//define('POSTFIXADMIN_LOGOUT', 1);
 require_once("../common.php");
 
 check_db_version(); # check if the database layout is up to date (and error out if not)
 
 if ($_SERVER['REQUEST_METHOD'] == "POST")
 {
+
+   if (safepost('token') != $_SESSION['PFA_token']) die('Invalid token!');
+
    $lang = safepost('lang');
    $fUsername = trim(safepost('fUsername'));
    $fPassword = safepost('fPassword');
@@ -59,6 +62,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
    }
 }
 
+$_SESSION['PFA_token'] = md5(uniqid(rand(), true));
+
 $smarty->assign ('language_selector', language_selector(), false);
 $smarty->assign ('smarty_template', 'login');
 $smarty->assign ('logintype', 'user');