TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection

Browse Source
This commit is contained in:
twotalesanimation
2025-12-02 21:08:56 +02:00
parent 5985506001
commit a311e81a12
19 changed files with 190 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
process_booking.php
View File

@@ -3,6 +3,8 @@ require_once("env.php");
require_once("connection.php");
require_once("functions.php");
use Middleware\CsrfMiddleware;
// Start session to retrieve the logged-in user's ID
session_start();
@@ -11,6 +13,9 @@ $user_id = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : null;
// Check if the form has been submitted
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Validate CSRF token
CsrfMiddleware::requireToken($_POST);
// Get values from the form
$from_date = $_POST['from_date'];
$to_date = $_POST['to_date'];