Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection

campsites.php

@@ -64,6 +64,7 @@ if (!empty($bannerImages)) {
 <div class="modal fade" id="addCampsiteModal" tabindex="-1">
                     <div class="modal-dialog">
                         <form id="addCampsiteForm" method="POST" action="add_campsite.php" enctype="multipart/form-data">
+                            <input type="hidden" name="csrf_token" value="<?php echo \Middleware\CsrfMiddleware::getToken(); ?>">
                             <div class="modal-content">
                                 <div class="modal-header">
                                     <h5 class="modal-title">Add Campsite</h5>