Task 9: Add CSRF tokens to form templates and backend processors

Updated forms with hidden CSRF token fields:
- comment_box.php - Comment form
- course_details.php - Course booking form
- campsites.php - Campsite addition modal form
- bar_tabs.php - Bar tab creation modal form
- membership_application.php - Membership application form

Updated backend processors with CSRF validation:
- create_bar_tab.php - Bar tab AJAX processor
- add_campsite.php - Campsite form processor
- submit_order.php - Order submission processor

All forms now require validated CSRF tokens before processing, preventing cross-site request forgery attacks.

create_bar_tab.php

@@ -3,6 +3,13 @@ require_once("session.php");
 require_once("connection.php");
 require_once("functions.php");
 
+// CSRF Token Validation
+if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
+    http_response_code(403);
+    echo json_encode(['status' => 'error', 'message' => 'Security token validation failed.']);
+    exit();
+}
+
 // Check if user_id is set in the POST request
 if (isset($_POST['user_id']) && !empty($_POST['user_id'])) {
     // Sanitize the input to prevent SQL injection