How can I pass a token generated on one PHP form to a form that processes it? -

i'm trying secure forms csrf attacks generating unique token on each one. have hidden field on form generates unique token so:

public static function generatetoken() {         return $_session['token'] = md5(uniqid(mt_rand(), true)); } 

i know md5 depreciated , should not used because isn't random like:

base64_encode(openssl_random_psuedo_bytes(32)); 

but don't have ssl installed , take care of this. main question is, after generation of token stored session user in so:

$_session['token'] = $_post['token']; 

it grabs value of field has generated token in it. have token stored session, need figure out away send processing file. have lot of fields on form bit weird check every single thing in 1 if() statement. guess i'm trying is, how can check token on form processes data , if token isn't same token generated on form, can reject data? use die() kill processing script?

i'm wondering if need - i've read on csrf suppose worst change of information being sent processing, why i'm wanting pass tokens check , reject data happens.

<form name="form1" action="processing.php" method="post" enctype="multipart/form-data"> 

this mean other file. php isn't in 1 place, on processing script through $_post method.

1. generate , save token in server side (sql or others..)
2. create cookie token (client side)
3. when form submit, retrieve token cookie
4. if cookie same saved token, thats ok

generate token:

$formname = "signin"; // name of form  $ip       = get_ip(); // create function ip of user $salt     = "8077_(-(àyhvboyr(à"; // uniq secret salt $token    = md5(sha1($salt.$ip).sha1($salt.$formname)); ...  if(empty($_cookie['token'])){ // if(empty($_session['token'])){       setcookie("token",$token, time()+3600*1); // use cookie // time()+3600*1 = + 1 hour     $_session['token'] = $token; // or use session  }else{      // when form submit regenerate token , compare request token     if($_cookie['token'] == $token){ // or if($_session['token'] == $token){        // request server - ok        // ...     }else{         // bad request         setcookie("token",0); // destruct cookie         $_session['token'] = "";  // or destruct session         // redirect @ first form     } }   <form>     // if want use token directly in form, add :     <input type="hidden" name="token" value="<?php echo $token ?>" /> </form>