Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection

process_course_booking.php

@@ -2,6 +2,9 @@
 require_once("env.php");
 require_once("connection.php");
 require_once("functions.php");
+
+use Middleware\CsrfMiddleware;
+
 session_start();
 
 
@@ -18,6 +21,8 @@ $pending_member = getUserMemberStatusPending($user_id);
 
 // Check if the form has been submitted
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    // Validate CSRF token
+    CsrfMiddleware::requireToken($_POST);
     // Input variables from the form (use default values if not provided)
     $additional_members = isset($_POST['members']) ? intval($_POST['members']) : 0; // Default to 1 vehicle
     $num_adults = isset($_POST['non-members']) ? intval($_POST['non-members']) : 0; // Default to 1 adult