The token system is a type of two factor authentication system for forms.
When a form is generated on screen a token is generated and stored
in a session variable. It is then sent in via post with the rest of the form
Token::check makes sure those 2 tokens match. If they do not, it is assumed
that some sort of manipulation happened with the form.
Token generate can only be used once per page. If you have multiple forms
create a variable
<?php $token = Token::generate(); ?>
and put that variable as a hidden form field
<input type="hidden" name="csrf" value="<?=$token?>">