Task 9: Add CSRF tokens to form templates and backend processors

Updated forms with hidden CSRF token fields:
- comment_box.php - Comment form
- course_details.php - Course booking form
- campsites.php - Campsite addition modal form
- bar_tabs.php - Bar tab creation modal form
- membership_application.php - Membership application form

Updated backend processors with CSRF validation:
- create_bar_tab.php - Bar tab AJAX processor
- add_campsite.php - Campsite form processor
- submit_order.php - Order submission processor

All forms now require validated CSRF tokens before processing, preventing cross-site request forgery attacks.

campsites.php

@@ -64,6 +64,7 @@ if (!empty($bannerImages)) {
 <div class="modal fade" id="addCampsiteModal" tabindex="-1">
                     <div class="modal-dialog">
                         <form id="addCampsiteForm" method="POST" action="add_campsite.php" enctype="multipart/form-data">
+                            <input type="hidden" name="csrf_token" value="<?php echo generateCSRFToken(); ?>">
                             <div class="modal-content">
                                 <div class="modal-header">
                                     <h5 class="modal-title">Add Campsite</h5>