diff --git a/includes/functions.php b/includes/functions.php
index 06ef2e0f..316665d3 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -82,6 +82,26 @@ function CSRFValidate()
     }
 }
 
+/**
+* Should the request be CSRF-validated?
+*/
+function csrfValidateRequest()
+{
+  $request_method = strtolower($_SERVER['REQUEST_METHOD']);
+  return in_array($request_method, [ "post", "put", "patch", "delete" ]);
+}
+
+/**
+* Handle invalid CSRF
+*/
+function handleInvalidCSRFToken()
+{
+    header('HTTP/1.1 500 Internal Server Error');
+    header('Content-Type: text/plain');
+    echo 'Invalid CSRF token';
+    exit;
+}
+
 /**
 * Test whether array is associative
 */
diff --git a/index.php b/index.php
index 8189e175..e8af838a 100755
--- a/index.php
+++ b/index.php
@@ -39,6 +39,10 @@ include_once('includes/about.php');
 $output = $return = 0;
 $page = $_GET['page'];
 
+if (csrfValidateRequest() && !CSRFValidate()) {
+  handleInvalidCSRFToken();
+}
+
 if (empty($_SESSION['csrf_token'])) {
     if (function_exists('mcrypt_create_iv')) {
         $_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));