diff --git a/gamecreate.php b/gamecreate.php
index a2cf7a987..5671c2a4f 100755
--- a/gamecreate.php
+++ b/gamecreate.php
@@ -42,6 +42,8 @@
 {
 	try
 	{
+		libAuth::formToken_Valid();
+		
 		$form = $_REQUEST['newGame']; // This makes $form look harmless when it is unsanitized; the parameters must all be sanitized
 
 		$input = array();
diff --git a/locales/English/gamecreate.php b/locales/English/gamecreate.php
index 5594879f1..5d8327b19 100755
--- a/locales/English/gamecreate.php
+++ b/locales/English/gamecreate.php
@@ -341,6 +341,9 @@
 				<input class = "green-Submit" type="submit"  value="Create">
 			</p>
 			</br>
+			<?php
+			print libAuth::formTokenHTML();
+			?>
 		</form>
 	</div>