diff --git a/login.php b/login.php
index 42acda0c..63cb29b7 100644
--- a/login.php
+++ b/login.php
@@ -23,10 +23,11 @@
  *
  *  fUsername
  *  fPassword
+ *  token
  *  lang
  */
 
-define('POSTFIXADMIN_LOGOUT', 1);
+//define('POSTFIXADMIN_LOGOUT', 1);
 require_once('common.php');
 
 if($CONF['configured'] !== true) {
@@ -38,6 +39,9 @@ check_db_version(); # check if the database layout is up to date (and error out
 
 if ($_SERVER['REQUEST_METHOD'] == "POST")
 {
+
+    if (safepost('token') != $_SESSION['PFA_token']) die('Invalid token!');
+
     $lang = safepost('lang');
     $fUsername = trim(safepost('fUsername'));
     $fPassword = safepost('fPassword');
@@ -82,6 +86,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
     }
 }
 
+$_SESSION['PFA_token'] = md5(uniqid(rand(), true));
+
 $smarty->assign ('language_selector', language_selector(), false);
 $smarty->assign ('smarty_template', 'login');
 $smarty->assign ('logintype', 'admin');