note
Spidy
Someone I know was working on a problem like this, and used something along the lines of the tokens solution that you described. What they did is to use a user's unique user ID value, pass it through <c>crypt()</c>, and then embed that into their form as the token. That value would then be checked with the user ID inside the database, and if the two matched any other checks could then be run.
<!-- Node text goes above. Div tags should contain sig only -->
<div class="pmsig"><div class="pmsig-385891">
<hr>
<a href="http://www.girasquid.com">website</a>
</div></div>
606832
606832