diff --git a/client.inc.php b/client.inc.php
index 1908eaa1b5d5172fffaccfbee69f6f17e4871d1e..91956c0d7dfc36e5ffb374f0812cea2f9693c6b9 100644
--- a/client.inc.php
+++ b/client.inc.php
@@ -51,8 +51,17 @@ if($_SESSION['_client']['userID'] && $_SESSION['_client']['key'])
 if($thisclient && $thisclient->getId() && $thisclient->isValid()){
      $thisclient->refreshSession();
 }
+
+/******* CSRF Protectin *************/
+// Enforce CSRF protection for POSTS
+if ($_POST  && !$ost->checkCSRFToken()) {
+    @header('Location: index.php');
+    //just incase redirect fails
+    die('Action denied (400)!');
+}
+
 /* Client specific defaults */
-define('PAGE_LIMIT',DEFAULT_PAGE_LIMIT);
+define('PAGE_LIMIT', DEFAULT_PAGE_LIMIT);
 
 $nav = new UserNav($thisclient, 'home');
 ?>
diff --git a/include/client/login.inc.php b/include/client/login.inc.php
index 0ff10e3f41ea37e5f956b1b7add8877548e3f6b5..e1e52e9d454e7a1a4f62fdfec39c5625e496c5d2 100644
--- a/include/client/login.inc.php
+++ b/include/client/login.inc.php
@@ -7,6 +7,7 @@ $ticketid=Format::input($_POST['lticket']?$_POST['lticket']:$_GET['t']);
 <h1>Check Ticket Status</h1>
 <p>To view the status of a ticket, provide us with the login details below.</p>
 <form action="login.php" method="post" id="clientLogin">
+    <?php csrf_token(); ?>
     <strong>Authentication Required</strong>
     <div>
         <label for="email">E-Mail Address:</label>
diff --git a/include/client/open.inc.php b/include/client/open.inc.php
index 9c2a82b4706e1fc83253471eea8224e47cd7b382..b85c1e337eac2894c2246a94c623cea6717b42d2 100644
--- a/include/client/open.inc.php
+++ b/include/client/open.inc.php
@@ -13,6 +13,7 @@ $info=($_POST && $errors)?Format::htmlchars($_POST):$info;
 <h1>Open a New Ticket</h1>
 <p>Please fill in the form below to open a new ticket.</p>
 <form id="ticketForm" method="post" action="open.php" enctype="multipart/form-data">
+    <?php csrf_token(); ?>
     <input type="hidden" name="a" value="open">
     <div>
         <label for="name" class="required">Full Name:</label>
diff --git a/include/client/view.inc.php b/include/client/view.inc.php
index debddc4ed4713aeb3dec50b48e1fcb5bfe2f9ccc..5aba461fc8f8a129138ed406d1319bb66d1ca9cb 100644
--- a/include/client/view.inc.php
+++ b/include/client/view.inc.php
@@ -91,6 +91,7 @@ if($ticket->getThreadCount() && ($thread=$ticket->getClientThread())) {
     <div id="msg_warning"><?php echo $warn; ?></div>
 <?php } ?>
 <form id="reply" action="tickets.php?id=<?php echo $ticket->getExtId(); ?>#reply" name="reply" method="post" enctype="multipart/form-data">
+    <?php csrf_token(); ?>
     <h2>Post a Reply</h2>
     <input type="hidden" name="id" value="<?php echo $ticket->getExtId(); ?>">
     <input type="hidden" name="a" value="reply">