createElement( 'hidden', 'CSRFToken', [ 'ignore' => true, 'required' => true, 'value' => $token, 'validators' => ['Callback' => function ($token) use ($uniqueId, $hashAlgo) { if (strpos($token, '|') === false) { die('Invalid CSRF token provided'); } list($seed, $hash) = explode('|', $token); if ($hash !== hash($hashAlgo, $uniqueId . base64_decode($seed))) { die('Invalid CSRF token provided'); } return true; }] ] ); } }