How to update my record and prevent csrf attacks?

Hello every body !

I want create a Private Messaging, but I have a problem !

my script is :


 <?php


public function actionAdmin()

	{       //from punBB

		if (!preg_match('#^'.preg_quote(str_replace('www.', '', Yii::app()->params['mainUrl'].Yii::app()->request->baseUrl), '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))

			exit('Une erreure est survenue');

			

		if (Yii::app()->request->isPostRequest)

		{

			 // mark mp as read 

			 if( isset($_POST['action']) && $_POST['action'] == 'read' )

			 {

				 

				 foreach ($_POST['selected_messages'] as $id)

				 {       //for update $read 

					 $model = message::model()->findByPk( intval($id) );

					 $model->read = true;

					 $model->save();

				}

					 

			 }

			 

			 //mark mp as unread

			 else if( isset($_POST['action']) && $_POST['action'] == 'unread' )

			 {

				 foreach ($_POST['selected_messages'] as $id)

				 {       //for update read

					 $model = message::model()->findByPk( intval($id) ) ;

					 $model->read = false;

					 $model->save()or die('Une erreur est apparue');

					

				}

				exit('condition ok');

			 }

			 

			 //delete mp 

			 else if( isset($_POST['action']) && $_POST['action'] == 'delete' )

			 {

				 foreach ($_POST['selected_messages'] as $id)

				 {       // for delete

					 $model = message::model()->findByPk( intval($id) );

					 $model->delete();

					

				}

			 }

			 		

		}



I am aware that there must be more optimized to execute this kind of operation but I do not know!

I think there must be another method to prevent such csrf attacks that:




//isue from punBB

if (!preg_match('#^'.preg_quote(str_replace('www.', '', Yii::app()->params['mainUrl'].Yii::app()->request->baseUrl), '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))

			exit('Une erreure est survenue');

but I do not know

Can you help me ?

http://www.yiiframework.com/doc/guide/topics.security

In your view make the form via CHTML::form and enable the csrf in config

There is no cookbook available for use as be an example?