Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection

2025-12-02 21:08:56 +02:00
parent 5985506001
commit a311e81a12
19 changed files with 190 additions and 0 deletions
--- a/campsite_booking.php
+++ b/campsite_booking.php
@@ -77,6 +77,7 @@ checkUserSession();
                <div class="widget widget-booking" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">
                    <h5 class="widget-title">Book your Campsite</h5>
                    <form action="process_camp_booking.php" method="POST">
+                        <input type="hidden" name="csrf_token" value="<?php echo \Middleware\CsrfMiddleware::getToken(); ?>">
                        <div class="date mb-25">
                            <b>From Date</b>
                            <input type="date" id="from_date" name="from_date">