diff --git a/code/edit_post.php b/code/edit_post.php
index b2c751a67d8b2a95d56b9020d24e6a0571df7c15..42dea77f9ead70600686b6f814eebf9f8693c019 100644
--- a/code/edit_post.php
+++ b/code/edit_post.php
@@ -3,6 +3,9 @@
 
   if (isset($_SESSION["isLogin"])){
 
+    if (! isset($_SESSION['csrf_token'])) {
+        $_SESSION['csrf_token'] = base64_encode(openssl_random_pseudo_bytes(32));
+    }
 
     include 'mainviewer.php';
     $con = phpsqlconnection();
@@ -74,6 +77,7 @@
                 echo 
                     "<form method=\"post\" action=\"edit_post_action.php?postid=".$postid."\" enctype=\"multipart/form-data\">";
                  ?>
+                    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>" />
                     <label for="Judul">Judul:</label>
                     <?php 
                         echo 
diff --git a/code/edit_post_action.php b/code/edit_post_action.php
index 9e06496d05574cd2a63fa8fcdce603f6ae9d99a2..ea788d56244b08d1f1944a01812bcf3c0b051504 100644
--- a/code/edit_post_action.php
+++ b/code/edit_post_action.php
@@ -1,6 +1,6 @@
 <?php 
 session_start();
-if (isset($_SESSION["isLogin"])){
+if (isset($_SESSION["isLogin"]) && (isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token'])){
 	include 'mainviewer.php';
 	$Judul = $_POST['Judul'];
 	$Tanggal = $_POST['Tanggal'];
diff --git a/code/new_post.php b/code/new_post.php
index a3535afacaaaa56c9c56ec950ceb7a86190c18ea..67c624036ec3046bddb85bbc04a6ff9d0c618124 100644
--- a/code/new_post.php
+++ b/code/new_post.php
@@ -1,5 +1,9 @@
 <?php 
   session_start();
+  if (! isset($_SESSION['csrf_token'])) {
+    $_SESSION['csrf_token'] = base64_encode(openssl_random_pseudo_bytes(32));
+  }
+
   if (isset($_SESSION["isLogin"])){
  ?>
 
@@ -59,6 +63,7 @@
             <h2 style="margin-top: 24px;">Tambah Post</h2>
             <div id="contact-area">
                  <form name="PostForm" method="post" onSubmit="return validateDate()" action="new_post_action.php" enctype="multipart/form-data">
+                    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>" />
                     <label for="Judul">Judul:</label>
                     <input type="text" name="Judul" id="Judul" required>
 
diff --git a/code/new_post_action.php b/code/new_post_action.php
index fb51146f087ac47c15b23b52989a8d4098033b4c..10f0b66f8ee8a6de8e6dc5e50d236d613c6ac157 100644
--- a/code/new_post_action.php
+++ b/code/new_post_action.php
@@ -1,7 +1,6 @@
 <?php 
-error_reporting(E_ALL);
 session_start();
-if (isset($_SESSION["isLogin"])){
+if (isset($_SESSION["isLogin"]) && (isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token'])){
 	include 'mainviewer.php';
 	$Judul = $_POST['Judul'];
 	$Tanggal = $_POST['Tanggal'];