php - safest way to process POST actions -

this way i'm handling post submit actions:

<form action="process.php" method="post"> //several form fields  <input type="submit" name="ok" value="save" /> 

then on processing page have this:

if(isset($_post['ok']) && $_post['ok']=="save") {     //process action, , possibly save database } 

now i'm fearing malicious person might this(from script on website)

<form action="http://www.mysite.com/process.php" method="post"> //he can "view source" on site, view fields i'm having , put them //then put submit button <input type="submit" name="ok" value="save" /> 

of course see in hot soup. can do, or safest way of handling , processing post submit actions?

there 2 potential problems here.

stopping mallory making malicious requests bob's website

1. authenticate user (with oauth, username , password, or whatever)
2. check authenticated user authorised whatever request asking before proceeding it

stopping mallory tricking alice making malicious request bob's website

this csrf attack. defend against nonse.