CSRF Token Validation

[sirnails]

CSRF Token Exposure The CSRF token is generated and stored in the session, which is good. You should ensure that all forms include the CSRF token and that it is validated for all POST requests.

Token Check Timing The CSRF token should be checked at the beginning of the POST request handling, not after checking other conditions.

[sirnails]

Add CSRF Token Checking to Forms and Controllers

• Added CSRF token generation in the index.php file to initialize a CSRF token in the session if not already set.
• Introduced a private method checkCSRFToken in QuoteController.php and UserController.php to validate CSRF tokens.
• Updated methods in QuoteController.php to validate CSRF tokens for create, add_item, edit_item, and edit_quote actions.
• Updated methods in UserController.php to validate CSRF tokens for register and login actions.
• Modified various view files (add_item.php, create.php, edit_item.php, edit_quote.php, show.php, login.php, register.php) to include CSRF tokens in their forms.
• Updated footer.php to reflect the changes made and the date of the update.