Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection

trip-details.php

@@ -434,6 +434,7 @@ $conn->close();
                     <div class="widget widget-booking" data-aos="fade-up" data-aos-duration="1500" data-aos-offset="50">
                         <h5 class="widget-title">Book your Trip</h5>
                         <form action="process_trip_booking.php" method="POST">
+                            <input type="hidden" name="csrf_token" value="<?php echo \Middleware\CsrfMiddleware::getToken(); ?>">
                             <input type="hidden" name="trip_id" id="trip_id" value="<?php echo $trip_id; ?>">
                             <ul class="radio-filter pt-5">
                                 <li>