diff --git a/public/include/classes/csrftoken.class.php b/public/include/classes/csrftoken.class.php
index ca303c7b..2e8dc953 100644
--- a/public/include/classes/csrftoken.class.php
+++ b/public/include/classes/csrftoken.class.php
@@ -4,6 +4,7 @@
 if (!defined('SECURITY')) die('Hacking attempt');
 
 class CSRFToken Extends Base {
+  public $valid = 0;
   /**
    * Gets a basic csrf token
    * @param string $user user or IP/host address
diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php
index 9a465e77..1860f0b4 100644
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@@ -126,7 +126,7 @@ $config['twofactor']['options']['withdraw'] = true;
 $config['twofactor']['options']['changepw'] = true;
 
 /**
- * CSRF protection config
+ * CSRF protection
  *
  * Explanation:
  *   To help protect against CSRF, we can generate a hash that changes every minute
@@ -134,15 +134,11 @@ $config['twofactor']['options']['changepw'] = true;
  *   form is submitted.
  *
  * Options:
- *   enabled          =   Whether or not we will generate/check for valid CSRF tokens
- *   disabled_forms   =   Which forms you want to disable csrf protection on, if enabled
- *                         * Valid options  :  login, contact, accountedit, workers, notifications, invite, register, passreset, unlockaccount
+ *   enabled          =   Whether or not we will generate & check for valid CSRF tokens
  * Default:
  *   enabled          =   true
- *   disabled_forms   =   array();
  */
 $config['csrf']['enabled'] = true;
-$config['csrf']['disabled_forms'] = array();
 
 /**
  * Lock account after maximum failed logins
diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php
index c62e8d4d..ed058175 100644
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@@ -13,12 +13,6 @@ $oldtoken_cp = (isset($_POST['cp_token']) && $_POST['cp_token'] !== '') ? $_POST
 $oldtoken_wf = (isset($_POST['wf_token']) && $_POST['wf_token'] !== '') ? $_POST['wf_token'] : @$_GET['wf_token'];
 $updating = (@$_POST['do']) ? 1 : 0;
 
-// csrf stuff 
-$csrfenabled = ($config['csrf']['enabled'] && !in_array('accountedit', $config['csrf']['disabled_forms'])) ? 1 : 0;
-if ($csrfenabled) {
-  $nocsrf = ($csrftoken->checkBasic($user->getCurrentIP(), 'editaccount', @$_POST['ctoken'])) ? 1 : 0;
-}
-
 if ($user->isAuthenticated()) {
   if ($config['twofactor']['enabled']) {
     $popupmsg = 'E-mail confirmations are required for ';
@@ -70,7 +64,7 @@ if ($user->isAuthenticated()) {
   }
   
   if (isset($_POST['do']) && $_POST['do'] == 'genPin') {
-    if (!$csrfenabled || $csrfenabled && $nocsrf) {
+    if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
       if ($user->generatePin($_SESSION['USERDATA']['id'], $_POST['currentPassword'])) {
         $_SESSION['POPUP'][] = array('CONTENT' => 'Your PIN # has been sent to your email.', 'TYPE' => 'success');
       } else {
@@ -89,7 +83,7 @@ if ($user->isAuthenticated()) {
         $isvalid = in_array($_POST['utype'],$validtypes);
         if ($isvalid) {
           $ctype = strip_tags($_POST['utype']);
-          if (!$csrfenabled || $csrfenabled && $nocsrf) {
+          if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
             $send = $user->sendChangeConfigEmail($ctype, $_SESSION['USERDATA']['id']);
             if ($send) {
               $_SESSION['POPUP'][] = array('CONTENT' => 'A confirmation was sent to your e-mail, follow that link to continue', 'TYPE' => 'success');
@@ -110,7 +104,7 @@ if ($user->isAuthenticated()) {
         	  $dBalance = $aBalance['confirmed'];
         	  if ($dBalance > $config['txfee_manual']) {
         	    if (!$oPayout->isPayoutActive($_SESSION['USERDATA']['id'])) {
-        	      if (!$csrfenabled || $csrfenabled && $nocsrf) {
+        	      if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
         	        if ($iPayoutId = $oPayout->createPayout($_SESSION['USERDATA']['id'], $oldtoken_wf)) {
         	          $_SESSION['POPUP'][] = array('CONTENT' => 'Created new manual payout request with ID #' . $iPayoutId);
         	        } else {
@@ -129,7 +123,7 @@ if ($user->isAuthenticated()) {
         	break;
         
           case 'updateAccount':
-            if (!$csrfenabled || $csrfenabled && $nocsrf) {
+            if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
               if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'], $_POST['is_anonymous'], $oldtoken_ea)) {
             	$_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success');
               } else {
@@ -141,7 +135,7 @@ if ($user->isAuthenticated()) {
         	break;
         
           case 'updatePassword':
-            if (!$csrfenabled || $csrfenabled && $nocsrf) {
+            if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
               if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'], $oldtoken_cp)) {
                 $_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'success');
               } else {
@@ -185,8 +179,7 @@ if ($user->isAuthenticated() && $config['twofactor']['enabled']) {
   (!empty($cpprep_sent) && !empty($cpprep_edit)) ? $_SESSION['POPUP'][] = array('CONTENT' => $cpprep_sent, 'TYPE' => 'success'):"";
   (!empty($cpprep_sent) && empty($cpprep_edit)) ? $_SESSION['POPUP'][] = array('CONTENT' => $message_tokensent_invalid.$messages_tokensent_status['cp'], 'TYPE' => 'success'):"";
 }
-
-// csrf stuff
+// two-factor stuff
 $smarty->assign("CHANGEPASSUNLOCKED", $cp_editable);
 $smarty->assign("WITHDRAWUNLOCKED", $wf_editable);
 $smarty->assign("DETAILSUNLOCKED", $ea_editable);
@@ -194,10 +187,7 @@ $smarty->assign("CHANGEPASSSENT", $cp_sent);
 $smarty->assign("WITHDRAWSENT", $wf_sent);
 $smarty->assign("DETAILSSENT", $ea_sent);
 $smarty->assign("DONATE_THRESHOLD", $config['donate_threshold']);
-if ($csrfenabled && !in_array('accountedit', $config['csrf']['disabled_forms'])) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'editaccount');
-  $smarty->assign('CTOKEN', $token);
-}
+
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
 ?>
diff --git a/public/include/pages/account/invitations.inc.php b/public/include/pages/account/invitations.inc.php
index 10a85149..0ceb15a8 100644
--- a/public/include/pages/account/invitations.inc.php
+++ b/public/include/pages/account/invitations.inc.php
@@ -5,15 +5,10 @@ if (!defined('SECURITY')) die('Hacking attempt');
 
 if ($user->isAuthenticated()) {
   if (!$setting->getValue('disable_invitations')) {
-    // csrf stuff
-    $csrfenabled = ($config['csrf']['enabled'] && !in_array('invitations', $config['csrf']['disabled_forms'])) ? 1 : 0;
-    if ($csrfenabled) {
-      $nocsrf = ($csrftoken->checkBasic($user->getCurrentIP(), 'invitations', @$_POST['ctoken'])) ? 1 : 0;
-    }
     if ($invitation->getCountInvitations($_SESSION['USERDATA']['id']) >= $config['accounts']['invitations']['count']) {
       $_SESSION['POPUP'][] = array('CONTENT' => 'You have exceeded the allowed invitations of ' . $config['accounts']['invitations']['count'], 'TYPE' => 'errormsg');
     } else if (isset($_POST['do']) && $_POST['do'] == 'sendInvitation') {
-      if (!$csrfenabled || $csrfenabled && $nocsrf) {
+      if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
         if ($invitation->sendInvitation($_SESSION['USERDATA']['id'], $_POST['data'])) {
           $_SESSION['POPUP'][] = array('CONTENT' => 'Invitation sent', 'TYPE' => 'success');
         } else {
@@ -30,10 +25,5 @@ if ($user->isAuthenticated()) {
     $_SESSION['POPUP'][] = array('CONTENT' => 'Invitations are disabled', 'TYPE' => 'errormsg');
   }
 }
-// csrf token
-if ($csrfenabled && !in_array('invitations', $config['csrf']['disabled_forms'])) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'invitations');
-  $smarty->assign('CTOKEN', $token);
-}
 $smarty->assign('CONTENT', 'default.tpl');
 ?>
diff --git a/public/include/pages/account/notifications.inc.php b/public/include/pages/account/notifications.inc.php
index 8de15337..0d0fe7e4 100644
--- a/public/include/pages/account/notifications.inc.php
+++ b/public/include/pages/account/notifications.inc.php
@@ -7,14 +7,8 @@ if ($user->isAuthenticated()) {
     $_SESSION['POPUP'][] = array('CONTENT' => 'Notification system disabled by admin.', 'TYPE' => 'info');
     $smarty->assign('CONTENT', 'empty');
   } else {
-    // csrf stuff
-    $csrfenabled = ($config['csrf']['enabled'] && !in_array('notifications', $config['csrf']['disabled_forms'])) ? 1 : 0;
-    if ($csrfenabled) {
-      $nocsrf = ($csrftoken->checkBasic($user->getCurrentIP(), 'editnotifs', @$_POST['ctoken'])) ? 1 : 0;
-    }
-    
     if (@$_REQUEST['do'] == 'save') {
-      if (!$csrfenabled || $csrfenabled && $nocsrf) {
+      if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
         if ($notification->updateSettings($_SESSION['USERDATA']['id'], $_REQUEST['data'])) {
           $_SESSION['POPUP'][] = array('CONTENT' => 'Updated notification settings', 'TYPE' => 'success');
         } else {
@@ -31,15 +25,11 @@ if ($user->isAuthenticated()) {
 
     // Fetch user notification settings
     $aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']);
-
-    // csrf token
-    if ($csrfenabled && !in_array('notifications', $config['csrf']['disabled_forms'])) {
-      $token = $csrftoken->getBasic($user->getCurrentIP(), 'editnotifs');
-      $smarty->assign('CTOKEN', $token);
-    }
+    
     $smarty->assign('NOTIFICATIONS', $aNotifications);
     $smarty->assign('SETTINGS', $aSettings);
     $smarty->assign('CONTENT', 'default.tpl');
   }
 }
-?>
+
+?>
\ No newline at end of file
diff --git a/public/include/pages/account/unlock.inc.php b/public/include/pages/account/unlock.inc.php
index 9ab0551f..f31a272a 100644
--- a/public/include/pages/account/unlock.inc.php
+++ b/public/include/pages/account/unlock.inc.php
@@ -3,19 +3,13 @@
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 
-// csrf stuff
-$csrfenabled = ($config['csrf']['enabled'] && !in_array('unlockaccount', $config['csrf']['disabled_forms'])) ? 1 : 0;
-if ($csrfenabled) {
-  $nocsrf = ($csrftoken->checkBasic($user->getCurrentIP(), 'unlockaccount', @$_POST['ctoken'])) ? 1 : 0;
-}
-
 // Confirm an account by token
 if (!isset($_GET['token']) || empty($_GET['token'])) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Missing token', 'TYPE' => 'errormsg');
 } else if (!$aToken = $oToken->getToken($_GET['token'], 'account_unlock')) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to re-activate your account. Invalid token.', 'TYPE' => 'errormsg');
 } else {
-  if (!$csrfenabled || $csrfenabled && !$nocsrf) {
+  if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
     if ($user->setUserFailed($aToken['account_id'], 0) && $user->setUserPinFailed($aToken['account_id'], 0) && $user->changeLocked($aToken['account_id'])) {
       $oToken->deleteToken($aToken['token']);
       $_SESSION['POPUP'][] = array('CONTENT' => 'Account re-activated. Please login.');
@@ -26,10 +20,6 @@ if (!isset($_GET['token']) || empty($_GET['token'])) {
     $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
   }
 }
-// csrf token
-if ($csrfenabled && !in_array('unlockaccount', $config['csrf']['disabled_forms'])) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'unlockaccount');
-  $smarty->assign('CTOKEN', $token);
-}
 $smarty->assign('CONTENT', 'default.tpl');
-?>
+
+?>
\ No newline at end of file
diff --git a/public/include/pages/account/workers.inc.php b/public/include/pages/account/workers.inc.php
index 89dddf9f..ad266b2b 100644
--- a/public/include/pages/account/workers.inc.php
+++ b/public/include/pages/account/workers.inc.php
@@ -3,22 +3,21 @@
 if (!defined('SECURITY')) die('Hacking attempt');
 
 if ($user->isAuthenticated()) {
-  // csrf stuff
-  $csrfenabled = ($config['csrf']['enabled'] && !in_array('workers', $config['csrf']['disabled_forms'])) ? 1 : 0;
-  if ($csrfenabled) {
-    $nocsrf = ($csrftoken->checkBasic($user->getCurrentIP(), 'workers', @$_POST['ctoken'])) ? 1 : 0;
-  }
-  
   switch (@$_REQUEST['do']) {
   case 'delete':
-    if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
-      $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'success');
+    if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
+      if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
+        $_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed', 'TYPE' => 'success');
+      } else {
+        $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
+      }
     } else {
-      $_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
+      $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
     }
     break;
+    
   case 'add':
-    if (!$csrfenabled || $csrfenabled && $nocsrf) {
+    if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
       if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) {
         $_SESSION['POPUP'][] = array('CONTENT' => 'Worker added', 'TYPE' => 'success');
       } else {
@@ -28,8 +27,9 @@ if ($user->isAuthenticated()) {
       $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
     }
     break;
+    
   case 'update':
-    if (!$csrfenabled || $csrfenabled && $nocsrf) {
+    if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
       if ($worker->updateWorkers($_SESSION['USERDATA']['id'], @$_POST['data'])) {
         $_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated', 'TYPE' => 'success');
       } else {
@@ -46,10 +46,6 @@ if ($user->isAuthenticated()) {
 
   $smarty->assign('WORKERS', $aWorkers);
 }
-// csrf token
-if ($csrfenabled && !in_array('workers', $config['csrf']['disabled_forms'])) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'workers');
-  $smarty->assign('CTOKEN', $token);
-}
 $smarty->assign('CONTENT', 'default.tpl');
-?>
+
+?>
\ No newline at end of file
diff --git a/public/include/pages/contactform.inc.php b/public/include/pages/contactform.inc.php
index 821f1a77..b961cfb2 100644
--- a/public/include/pages/contactform.inc.php
+++ b/public/include/pages/contactform.inc.php
@@ -14,11 +14,6 @@ if ($setting->getValue('disable_contactform')) {
     require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
     $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key')));
   }
-  // csrf token
-  if ($config['csrf']['enabled'] && !in_array('contact', $config['csrf']['disabled_forms'])) {
-    $token = $csrftoken->getBasic($user->getCurrentIP(), 'contact');
-    $smarty->assign('CTOKEN', $token);
-  }
   // Tempalte specifics
   $smarty->assign("CONTENT", "default.tpl");
 }
diff --git a/public/include/pages/contactform/contactform.inc.php b/public/include/pages/contactform/contactform.inc.php
index d734874e..19916321 100644
--- a/public/include/pages/contactform/contactform.inc.php
+++ b/public/include/pages/contactform/contactform.inc.php
@@ -14,12 +14,6 @@ if ($setting->getValue('recaptcha_enabled')) {
   );
 }
 
-// csrf if enabled
-$csrfenabled = ($config['csrf']['enabled'] && !in_array('contact', $config['csrf']['disabled_forms'])) ? 1 : 0;
-if ($csrfenabled) {
-  $nocsrf = ($csrftoken->checkBasic($user->getCurrentIP(), 'contact', @$_POST['ctoken'])) ? 1 : 0;
-}
-
 if ($setting->getValue('disable_contactform')) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Contactform is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
 } else if ($setting->getValue('disable_contactform') && !$user->isAuthenticated(false)) {
@@ -29,7 +23,7 @@ if ($setting->getValue('disable_contactform')) {
     // Check if recaptcha is enabled, process form data if valid
     if ($rsp->is_valid) {
       // Check if csrf is enabled and fail if token is invalid
-      if (!$nocsrf && $csrfenabled) {
+      if ($config['csrf']['enabled'] && $csrftoken->valid) {
         $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
       } else {
         $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key')));
@@ -50,7 +44,7 @@ if ($setting->getValue('disable_contactform')) {
     // Captcha disabled
   } else {
     // Check if csrf is enabled and fail if token is invalid
-    if (!$nocsrf && $csrfenabled) {
+    if ($config['csrf']['enabled'] && !$csrftoken->valid) {
       $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
     } else if ($mail->contactform($_POST['senderName'], $_POST['senderEmail'], $_POST['senderSubject'], $_POST['senderMessage'])) {
       $_SESSION['POPUP'][] = array('CONTENT' => 'Thanks for sending your message! We will get back to you shortly');
@@ -60,11 +54,7 @@ if ($setting->getValue('disable_contactform')) {
   }
 }
 
-// csrf token
-if ($config['csrf']['enabled'] && !in_array('contact', $config['csrf']['disabled_forms'])) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'contact');
-  $smarty->assign('CTOKEN', $token);
-}
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
-?>
+
+?>
\ No newline at end of file
diff --git a/public/include/pages/home.inc.php b/public/include/pages/home.inc.php
index 3033c160..99c01c04 100644
--- a/public/include/pages/home.inc.php
+++ b/public/include/pages/home.inc.php
@@ -22,11 +22,6 @@ if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
 } else {
   $debug->append('Using cached page', 3);
 }
-// csrf token
-if ($config['csrf']['enabled'] && !in_array('login', $config['csrf']['disabled_forms'])) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
-  $smarty->assign('CTOKEN', $token);
-}
 // Load news entries for Desktop site and unauthenticated users
 $smarty->assign("CONTENT", "default.tpl");
 ?>
diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php
index 30f3b832..4d44b338 100644
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@@ -3,12 +3,6 @@
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 
-// csrf if enabled
-$csrfenabled = ($config['csrf']['enabled'] && !in_array('login', $config['csrf']['disabled_forms'])) ? 1 : 0;
-if ($csrfenabled) {
-  $nocsrf = ($csrftoken->checkBasic($user->getCurrentIP(), 'login', @$_POST['ctoken'])) ? 1 : 0;
-}
-
 // ReCaptcha handling if enabled
 if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_logins')) {
   require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
@@ -31,7 +25,7 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserIdByEmail
 } else if (!empty($_POST['username']) && !empty($_POST['password'])) {
   // Check if recaptcha is enabled, process form data if valid
   if (!$setting->getValue('recaptcha_enabled') || !$setting->getValue('recaptcha_enabled_logins') || ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_enabled_logins') && $rsp->is_valid)) {
-    if (!$csrfenabled || $csrfenabled && $nocsrf) {
+    if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
       if ($user->checkLogin(@$_POST['username'], @$_POST['password']) ) {
         empty($_POST['to']) ? $to = $_SERVER['SCRIPT_NAME'] : $to = $_POST['to'];
         $port = ($_SERVER["SERVER_PORT"] == "80" or $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
@@ -48,11 +42,7 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserIdByEmail
     $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again.', 'TYPE' => 'errormsg');
   }
 }
-// csrf token
-if ($csrfenabled && !in_array('login', $config['csrf']['disabled_forms'])) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
-  $smarty->assign('CTOKEN', $token);
-}
+
 // Load login template
 $smarty->assign('CONTENT', 'default.tpl');
 ?>
diff --git a/public/include/pages/password.inc.php b/public/include/pages/password.inc.php
index adc1047a..d9fe34ce 100644
--- a/public/include/pages/password.inc.php
+++ b/public/include/pages/password.inc.php
@@ -4,11 +4,7 @@
 if (!defined('SECURITY'))
     die('Hacking attempt');
 
-// csrf token
-if ($config['csrf']['enabled'] && !in_array('passreset', $config['csrf']['disabled_forms'])) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'resetpass');
-  $smarty->assign('CTOKEN', $token);
-}
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
-?>
+
+?>
\ No newline at end of file
diff --git a/public/include/pages/password/change.inc.php b/public/include/pages/password/change.inc.php
index d99ac744..f622363b 100644
--- a/public/include/pages/password/change.inc.php
+++ b/public/include/pages/password/change.inc.php
@@ -4,14 +4,7 @@
 if (!defined('SECURITY'))
   die('Hacking attempt');
 
-// csrf stuff
-$csrfenabled = ($config['csrf']['enabled'] && !in_array('passreset', $config['csrf']['disabled_forms'])) ? 1 : 0;
-if ($csrfenabled) {
-  // we have to use editaccount token because this that's where we'll get pushed here from
-  $nocsrf = ($csrftoken->checkBasic($user->getCurrentIP(), 'editaccount', @$_POST['ctoken'])) ? 1 : 0;
-}
-
-if (!$csrfenabled || $csrfenabled && $nocsrf) {
+if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
   if (isset($_POST['do']) && $_POST['do'] == 'resetPassword') {
     if ($user->resetPassword($_POST['token'], $_POST['newPassword'], $_POST['newPassword2'])) {
       $_SESSION['POPUP'][] = array('CONTENT' => 'Password reset complete! Please login.', 'TYPE' => 'success');
@@ -23,13 +16,7 @@ if (!$csrfenabled || $csrfenabled && $nocsrf) {
   $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
 }
 
-// csrf token
-if ($config['csrf']['enabled'] && !in_array('passreset', $config['csrf']['disabled_forms'])) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'editaccount');
-  $smarty->assign('CTOKEN', $token);
-}
-
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
 
-?>
+?>
\ No newline at end of file
diff --git a/public/include/pages/password/reset.inc.php b/public/include/pages/password/reset.inc.php
index 4e9c18b2..0fa2303d 100644
--- a/public/include/pages/password/reset.inc.php
+++ b/public/include/pages/password/reset.inc.php
@@ -3,14 +3,8 @@
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 
-// csrf stuff
-$csrfenabled = ($config['csrf']['enabled'] && !in_array('passreset', $config['csrf']['disabled_forms'])) ? 1 : 0;
-if ($csrfenabled) {
-  $nocsrf = ($csrftoken->checkBasic($user->getCurrentIP(), 'resetpass', @$_POST['ctoken'])) ? 1 : 0;
-}
-
 // Process password reset request
-if (!$csrfenabled || $csrfenabled && $nocsrf) {
+if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
   if ($user->initResetPassword($_POST['username'], $smarty)) {
     $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mail account to finish your password reset', 'TYPE' => 'success');
   } else {
@@ -20,11 +14,6 @@ if (!$csrfenabled || $csrfenabled && $nocsrf) {
   $_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
 }
 
-// csrf token
-if ($config['csrf']['enabled'] && !in_array('passreset', $config['csrf']['disabled_forms'])) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'resetpass');
-  $smarty->assign('CTOKEN', $token);
-}
 // Tempalte specifics, user default template by parent page
 $smarty->assign("CONTENT", "../default.tpl");
 ?>
diff --git a/public/include/pages/register.inc.php b/public/include/pages/register.inc.php
index 487e67cb..15d077fe 100644
--- a/public/include/pages/register.inc.php
+++ b/public/include/pages/register.inc.php
@@ -14,11 +14,6 @@ if ($setting->getValue('lock_registration') && $setting->getValue('disable_invit
     require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
     $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
   }
-  // csrf token
-  if ($config['csrf']['enabled'] && !in_array('register', $config['csrf']['disabled_forms'])) {
-    $token = $csrftoken->getBasic($user->getCurrentIP(), 'register');
-    $smarty->assign('CTOKEN', $token);
-  }
   // Load news entries for Desktop site and unauthenticated users
   $smarty->assign("CONTENT", "default.tpl");
 }
diff --git a/public/include/pages/register/register.inc.php b/public/include/pages/register/register.inc.php
index d4149181..9f2ad8b6 100644
--- a/public/include/pages/register/register.inc.php
+++ b/public/include/pages/register/register.inc.php
@@ -17,19 +17,13 @@ if ($setting->getValue('recaptcha_enabled') && $setting->getValue('recaptcha_ena
   $recaptcha = ($rsp->is_valid) ? 1 : 0;
 }
 
-// csrf if enabled
-$csrfenabled = ($config['csrf']['enabled'] && !in_array('register', $config['csrf']['disabled_forms'])) ? 1 : 0;
-if ($csrfenabled) {
-  $nocsrf = ($csrftoken->checkBasic($user->getCurrentIP(), 'register', @$_POST['ctoken'])) ? 1 : 0;
-}
-
 if ($setting->getValue('disable_invitations') && $setting->getValue('lock_registration')) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
 } else if ($setting->getValue('lock_registration') && !$setting->getValue('disable_invitations') && !isset($_POST['token'])) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Only invited users are allowed to register.', 'TYPE' => 'errormsg');
 } else {
   // Check if csrf is enabled and fail if token is invalid
-  if (!$csrfenabled || $csrfenabled && $nocsrf) {
+  if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
     if ($setting->getValue('recaptcha_enabled') != 1 || $setting->getValue('recaptcha_enabled_registrations') != 1 || $rsp->is_valid) {
       // Check if recaptcha is enabled, process form data if valid or disabled
       isset($_POST['token']) ? $token = $_POST['token'] : $token = '';
@@ -46,9 +40,5 @@ if ($setting->getValue('disable_invitations') && $setting->getValue('lock_regist
 
 // We load the default registration template instead of an action specific one
 $smarty->assign("CONTENT", "../default.tpl");
-// csrf token
-if ($config['csrf']['enabled'] && !in_array('register', $config['csrf']['disabled_forms'])) {
-  $token = $csrftoken->getBasic($user->getCurrentIP(), 'register');
-  $smarty->assign('CTOKEN', $token);
-}
+
 ?>
diff --git a/public/index.php b/public/index.php
index 76ed9b72..0c1fbd09 100644
--- a/public/index.php
+++ b/public/index.php
@@ -36,27 +36,26 @@ $master_template = 'master.tpl';
 
 // Start a session
 session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
-if (!@session_start()) {
-	$user->logoutUser();
-	if (!@session_regenerate_id(true)) {
-		$user->logoutUser();
-	}
-	if(!@setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly'])) {
-		@setcookie(session_name(),session_id(), time()-$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']); 
-	}
+$session_start = @session_start();
+if (!$session_start) {
+  session_destroy();
+  session_regenerate_id(true);
+  session_start();
 }
+@setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
+
 // Load Classes, they name defines the $ variable used
 // We include all needed files here, even though our templates could load them themself
 require_once(INCLUDE_DIR . '/autoloader.inc.php');
 
 // Create our pages array from existing files
 if (is_dir(INCLUDE_DIR . '/pages/')) {
-    foreach (glob(INCLUDE_DIR . '/pages/*.inc.php') as $filepath) {
-        $filename = basename($filepath);
-        $pagename = substr($filename, 0, strlen($filename) - 8);
-        $arrPages[$pagename] = $filename;
-        $debug->append("Adding $pagename as " . $filename . " to accessible pages", 4);
-    }
+  foreach (glob(INCLUDE_DIR . '/pages/*.inc.php') as $filepath) {
+    $filename = basename($filepath);
+    $pagename = substr($filename, 0, strlen($filename) - 8);
+    $arrPages[$pagename] = $filename;
+    $debug->append("Adding $pagename as " . $filename . " to accessible pages", 4);
+  }
 }
 
 // Set a default action here if no page has been requested
@@ -71,23 +70,31 @@ if (isset($_REQUEST['page']) && isset($arrPages[$_REQUEST['page']])) {
 
 // Create our pages array from existing files
 if (is_dir(INCLUDE_DIR . '/pages/' . $page)) {
-    foreach (glob(INCLUDE_DIR . '/pages/' . $page . '/*.inc.php') as $filepath) {
-        $filename = basename($filepath);
-        $pagename = substr($filename, 0, strlen($filename) - 8);
-        $arrActions[$pagename] = $filename;
-        $debug->append("Adding $pagename as " . $filename . ".inc.php to accessible actions", 4);
-    }
+  foreach (glob(INCLUDE_DIR . '/pages/' . $page . '/*.inc.php') as $filepath) {
+    $filename = basename($filepath);
+    $pagename = substr($filename, 0, strlen($filename) - 8);
+    $arrActions[$pagename] = $filename;
+    $debug->append("Adding $pagename as " . $filename . ".inc.php to accessible actions", 4);
+  }
 }
 // Default to empty (nothing) if nothing set or not known
 $action = (isset($_REQUEST['action']) && !is_array($_REQUEST['action'])) && isset($arrActions[$_REQUEST['action']]) ? $_REQUEST['action'] : "";
 
+// Check csrf token validity if necessary
+if ($config['csrf']['enabled'] && isset($_POST['ctoken']) && !empty($_POST['ctoken']) && !is_array($_POST['ctoken'])) {
+  $csrftoken->valid = ($csrftoken->checkBasic($user->getCurrentIP(), $arrPages[$page], $_POST['ctoken'])) ? 1 : 0;
+} else if ($config['csrf']['enabled'] && (!@$_POST['ctoken'] || empty($_POST['ctoken']) || is_array($_POST['ctoken']))) {
+  $csrftoken->valid = 0;
+}
+if ($config['csrf']['enabled']) $smarty->assign('CTOKEN', $csrftoken->getBasic($user->getCurrentIP(), $arrPages[$page]));
+
 // Load the page code setting the content for the page OR the page action instead if set
 if (!empty($action)) {
-    $debug->append('Loading Action: ' . $action . ' -> ' . $arrActions[$action], 1);
-    require_once(PAGES_DIR . '/' . $page . '/' . $arrActions[$action]);
+  $debug->append('Loading Action: ' . $action . ' -> ' . $arrActions[$action], 1);
+  require_once(PAGES_DIR . '/' . $page . '/' . $arrActions[$action]);
 } else {
-    $debug->append('Loading Page: ' . $page . ' -> ' . $arrPages[$page], 1);
-    require_once(PAGES_DIR . '/' . $arrPages[$page]);
+  $debug->append('Loading Page: ' . $page . ' -> ' . $arrPages[$page], 1);
+  require_once(PAGES_DIR . '/' . $arrPages[$page]);
 }
 
 define('PAGE', $page);
@@ -110,4 +117,5 @@ if (!@$supress_master) $smarty->display($master_template, $smarty_cache_key);
 
 // Unset any temporary values here
 unset($_SESSION['POPUP']);
-?>
+
+?>
\ No newline at end of file
diff --git a/public/templates/mobile/login/default.tpl b/public/templates/mobile/login/default.tpl
index f1331892..42df1902 100644
--- a/public/templates/mobile/login/default.tpl
+++ b/public/templates/mobile/login/default.tpl
@@ -1,6 +1,6 @@
       <form action="{$smarty.server.SCRIPT_NAME}?page=login" method="post" id="loginForm" data-ajax="false">
         <input type="hidden" name="to" value="{($smarty.request.to|default:"{$smarty.server.SCRIPT_NAME}?page=dashboard")|escape}" />
-        {if $GLOBAL.csrf.enabled && !"login"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+        <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
         <p><label for="userForm">Email</label><input type="text" name="username" value="" id="userForm"></p>
         <p><label for="passForm">Password</label><input type="password" name="password" value="" id="passForm"></p>
         <center>{nocache}{$RECAPTCHA|default:"" nofilter}{/nocache}</center>
diff --git a/public/templates/mobile/password/change/default.tpl b/public/templates/mobile/password/change/default.tpl
index c547b759..30d5119d 100644
--- a/public/templates/mobile/password/change/default.tpl
+++ b/public/templates/mobile/password/change/default.tpl
@@ -2,7 +2,7 @@
       <input type="hidden" name="token" value="{$smarty.request.token|escape}">
       <input type="hidden" name="page" value="{$smarty.request.page|escape}">
       <input type="hidden" name="action" value="{$smarty.request.action|escape}">
-      {if $GLOBAL.csrf.enabled && !"editaccount"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+      <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
       <input type="hidden" name="do" value="useToken">
       <table>
         <tr><td>New Password: </td><td><input type="password" name="newPassword"></td></tr>
diff --git a/public/templates/mobile/password/default.tpl b/public/templates/mobile/password/default.tpl
index 8e436b24..9b7128ac 100644
--- a/public/templates/mobile/password/default.tpl
+++ b/public/templates/mobile/password/default.tpl
@@ -1,7 +1,7 @@
 <form action="" method="POST">
 <input type="hidden" name="page" value="password">
 <input type="hidden" name="action" value="reset">
-{if $GLOBAL.csrf.enabled && !"passreset"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+<input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
   <p>If you have an email set for your account, enter your username to get your password reset</p>
   <p><input type="text" value="{$smarty.post.username|escape|default:""}" name="username" required><input class="submit small" type="submit" value="Reset"></p>
 </form>
diff --git a/public/templates/mpos/account/edit/default.tpl b/public/templates/mpos/account/edit/default.tpl
index 8b2b1dfc..4b7053f5 100644
--- a/public/templates/mpos/account/edit/default.tpl
+++ b/public/templates/mpos/account/edit/default.tpl
@@ -56,7 +56,7 @@
     <footer>
       <div class="submit_link">
       {nocache}
-        {if $GLOBAL.csrf.enabled && !"accountedit"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+        <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
         <input type="hidden" name="ea_token" value="{$smarty.request.ea_token|escape|default:""}">
         <input type="hidden" name="utype" value="account_edit">
         {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.details}
@@ -106,7 +106,7 @@
       <div class="submit_link">
       {nocache}
         <input type="hidden" name="wf_token" value="{$smarty.request.wf_token|escape|default:""}">
-        {if $GLOBAL.csrf.enabled && !"accountedit"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+        <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
         <input type="hidden" name="utype" value="withdraw_funds">
         {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.withdraw}
           {if $WITHDRAWSENT == 1 && $WITHDRAWUNLOCKED == 1}
@@ -161,7 +161,7 @@
       <div class="submit_link">
       {nocache}
         <input type="hidden" name="cp_token" value="{$smarty.request.cp_token|escape|default:""}">
-        {if $GLOBAL.csrf.enabled && !"accountedit"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+        <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
         <input type="hidden" name="utype" value="change_pw">
         {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw}
           {if $CHANGEPASSSENT == 1 && $CHANGEPASSUNLOCKED == 1}
@@ -185,7 +185,7 @@
   <input type="hidden" name="page" value="{$smarty.request.page|escape}">
   <input type="hidden" name="action" value="{$smarty.request.action|escape}">
   <input type="hidden" name="do" value="genPin">
-  {if $GLOBAL.csrf.enabled && !"editaccount"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+  <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
 	<article class="module width_half">
 	  <header>
 		  <h3>Reset PIN</h3>
diff --git a/public/templates/mpos/account/invitations/default.tpl b/public/templates/mpos/account/invitations/default.tpl
index 81465ec2..1497021d 100644
--- a/public/templates/mpos/account/invitations/default.tpl
+++ b/public/templates/mpos/account/invitations/default.tpl
@@ -2,7 +2,7 @@
   <input type="hidden" name="page" value="{$smarty.request.page|escape}">
   <input type="hidden" name="action" value="{$smarty.request.action|escape}">
   <input type="hidden" name="do" value="sendInvitation">
-  {if $GLOBAL.csrf.enabled && !"invite"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+  <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
   <article class="module width_quarter">
     <header><h3>Invitation</h3></header>
     <div class="module_content">
diff --git a/public/templates/mpos/account/notifications/default.tpl b/public/templates/mpos/account/notifications/default.tpl
index 9c8888b9..a8fb4b59 100644
--- a/public/templates/mpos/account/notifications/default.tpl
+++ b/public/templates/mpos/account/notifications/default.tpl
@@ -2,7 +2,7 @@
   <input type="hidden" name="page" value="{$smarty.request.page|escape}">
   <input type="hidden" name="action" value="{$smarty.request.action|escape}">
   <input type="hidden" name="do" value="save">
-  {if $GLOBAL.csrf.enabled && !"notifications"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+  <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
   <article class="module width_quarter">
     <header>
       <h3>Notification Settings</h3>
diff --git a/public/templates/mpos/account/workers/default.tpl b/public/templates/mpos/account/workers/default.tpl
index b921f769..fba19f28 100644
--- a/public/templates/mpos/account/workers/default.tpl
+++ b/public/templates/mpos/account/workers/default.tpl
@@ -4,7 +4,7 @@
     <input type="hidden" name="page" value="{$smarty.request.page|escape}">
     <input type="hidden" name="action" value="{$smarty.request.action|escape}">
     <input type="hidden" name="do" value="add">
-    {if $GLOBAL.csrf.enabled && !"workers"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+    <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
     <div class="module_content">
       <fieldset>
         <label>Worker Name</label>
@@ -30,7 +30,7 @@
     <input type="hidden" name="page" value="{$smarty.request.page|escape}">
     <input type="hidden" name="action" value="{$smarty.request.action|escape}">
     <input type="hidden" name="do" value="update">
-    {if $GLOBAL.csrf.enabled && !"workers"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+    <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
     <table class="tablesorter" cellspacing="0">
       <thead>
         <tr>
diff --git a/public/templates/mpos/contactform/contactform/default.tpl b/public/templates/mpos/contactform/contactform/default.tpl
index 65928029..97397b74 100644
--- a/public/templates/mpos/contactform/contactform/default.tpl
+++ b/public/templates/mpos/contactform/contactform/default.tpl
@@ -1,7 +1,7 @@
 <form action="{$smarty.server.SCRIPT_NAME}" method="post">
   <input type="hidden" name="page" value="{$smarty.request.page|escape}">
   <input type="hidden" name="action" value="contactform">
-  {if $GLOBAL.csrf.enabled && !"contact"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+  <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
     <article class="module width_3_quarter">
     <header><h3>Contact Us</h3></header>
     <div class="module_content">
diff --git a/public/templates/mpos/contactform/default.tpl b/public/templates/mpos/contactform/default.tpl
index 46669896..39aa3277 100644
--- a/public/templates/mpos/contactform/default.tpl
+++ b/public/templates/mpos/contactform/default.tpl
@@ -1,7 +1,7 @@
 <form action="{$smarty.server.SCRIPT_NAME}" method="post">
   <input type="hidden" name="page" value="{$smarty.request.page|escape}">
   <input type="hidden" name="action" value="contactform">
-  {if $GLOBAL.csrf.enabled && !"contact"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+  <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
     <article class="module width_3_quarter">
     <header><h3>Contact Us</h3></header>
     <div class="module_content">
diff --git a/public/templates/mpos/login/default.tpl b/public/templates/mpos/login/default.tpl
index 7af2ef48..b9c8ef56 100644
--- a/public/templates/mpos/login/default.tpl
+++ b/public/templates/mpos/login/default.tpl
@@ -1,7 +1,7 @@
 <article class="module width_half">
   <form action="{$smarty.server.SCRIPT_NAME}?page=login" method="post" id="loginForm">
     <input type="hidden" name="to" value="{($smarty.request.to|default:"{$smarty.server.SCRIPT_NAME}?page=dashboard")|escape}" />
-    {if $GLOBAL.csrf.enabled && !"login"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+    <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
     <header><h3>Login with existing account</h3></header>
     <div class="module_content">
         <fieldset>
diff --git a/public/templates/mpos/login/small.tpl b/public/templates/mpos/login/small.tpl
index 105b83cb..7ed9b55c 100644
--- a/public/templates/mpos/login/small.tpl
+++ b/public/templates/mpos/login/small.tpl
@@ -2,7 +2,7 @@
 <div class="login_small">
   <form action="{$smarty.server.SCRIPT_NAME}" method="post" id="loginForm">
     <input type="hidden" name="page" value="login" />
-    {if $GLOBAL.csrf.enabled && $GLOBAL.csrf.forms.login}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+    <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
     <input type="hidden" name="to" value="{$smarty.server.SCRIPT_NAME}?page=dashboard" />
     <fieldset2 class="small">
       <label>Username</label>
diff --git a/public/templates/mpos/password/change/default.tpl b/public/templates/mpos/password/change/default.tpl
index f567b441..544d00c2 100644
--- a/public/templates/mpos/password/change/default.tpl
+++ b/public/templates/mpos/password/change/default.tpl
@@ -3,7 +3,7 @@
     <input type="hidden" name="token" value="{$smarty.request.token|escape}">
     <input type="hidden" name="page" value="{$smarty.request.page|escape}">
     <input type="hidden" name="action" value="{$smarty.request.action|escape}">
-    {if $GLOBAL.csrf.enabled && !"passreset"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+    <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
     
     <input type="hidden" name="do" value="resetPassword">
     <header><h3>Password reset</h3></header>
@@ -21,7 +21,6 @@
     <footer>
       {nocache}
         <input type="hidden" name="cp_token" value="{$smarty.request.cp_token|escape|default:""}">
-        {if $GLOBAL.csrf.enabled && !"passreset"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
         <input type="hidden" name="utype" value="change_pw">
         {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw}
           {if $CHANGEPASSSENT == 1 && $CHANGEPASSUNLOCKED == 1}
diff --git a/public/templates/mpos/password/default.tpl b/public/templates/mpos/password/default.tpl
index 5227292b..85ad3704 100644
--- a/public/templates/mpos/password/default.tpl
+++ b/public/templates/mpos/password/default.tpl
@@ -2,7 +2,7 @@
   <form action="" method="POST">
     <input type="hidden" name="page" value="password">
     <input type="hidden" name="action" value="reset">
-    {if $GLOBAL.csrf.enabled && !"passreset"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+    <input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
     <header><h3>Password reset</h3></header>
     <div class="module_content">
       <p>If you have an email set for your account, enter your username to get your password reset</p>
diff --git a/public/templates/mpos/register/default.tpl b/public/templates/mpos/register/default.tpl
index eabec47f..431fade3 100644
--- a/public/templates/mpos/register/default.tpl
+++ b/public/templates/mpos/register/default.tpl
@@ -7,7 +7,7 @@
 {if $smarty.request.token|default:""}
     <input type="hidden" name="token" value="{$smarty.request.token|escape}" />
 {/if}
-{if $GLOBAL.csrf.enabled && !"register"|in_array:$GLOBAL.csrf.disabled_forms}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
+	<input type="hidden" name="ctoken" value="{$CTOKEN|escape|default:""}" />
     <input type="hidden" name="action" value="register">
     <fieldset>
       <label>Username</label>