making sure your form is submitted from your page! Could also be adapted to url, by additing &token to the query string and checking this against session data(or what ever array you like) with $_GET, not that this string is randomly generated and stored. If you like you could build your own array to store the generated string if you dont want to use $_SESSION, say you could make yours like $tokens = array(), and in your easysecure class you store all the stuff in that array!
<?php
class easysecure {
    
    var $curr_user;
    var $curr_permission;
    var $curr_task;
    var $validpermission;
    var $error;
    
    
    function &setVar( $name, $value=null ) {
        if (!is_null( $value )) {
            $this->$name = $value;
        }
        return $this->$name;
    }
    function maketoken($formname, $id){
        
        $token = md5(uniqid(rand(), true));
        
        $_SESSION[$formname.$id] = $token;
        
        return $token;
    }
    
    function checktoken($token, $formname, $id){
        if(!$token){
            $this->setVar('validpermission', 0);
            $this->setVar('error', 'no token found, security bridgedetected');
            return false;
        }
        
        $key = $_SESSION[$formname.$id];
        if($key !== $token ){
            $this->setVar('validpermission', 0);
            $this->setVar('error', 'invalid token');
            return false;
        }
        
        if($this->validpermission !==1){
              echo 'invalid Permissions to run this script';
              return false;    
        }else{
            return true;
        }
    }
    
}
?>
<?php $userid = *** ?>
<form name="newform" action="http://nl3.php.net/index.php" method="post">
<input type="text" name="potentialeveilfield" value="" size 30 />
<input type="hidden" name="token" value="<?php echo maketoken(newform, $userid); ?>" />
<input type="submit" />
</form>
Now when processing the form... check the value of your token
<?php
if(!checktoken($_POST['token'], 'newform', $userid))
{ exit(); }
?>