Adds proper logging to CSRF middleware

app/classes/component.php

@@ -70,7 +70,7 @@ class Component {
             }
 
             $stmt = $this->db->prepare($sql);
-            
+
             // Bind parameters only if they're not default values
             if ($jitsi_component !== 'jitsi_component') {
                 $stmt->bindValue(':jitsi_component', trim($jitsi_component, "'"));
@@ -92,7 +92,7 @@ class Component {
 
             $stmt->execute();
             $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
-            
+
             if (!empty($result)) {
                 $logObject->insertLog(0, "Retrieved " . count($result) . " Jitsi component events");
             }

app/includes/csrf_middleware.php

@@ -3,6 +3,7 @@
 require_once __DIR__ . '/../helpers/security.php';
 
 function applyCsrfMiddleware() {
+    global $dbWeb, $logObject;
     $security = SecurityHelper::getInstance();
 
     // Skip CSRF check for GET requests
@@ -22,9 +23,13 @@ function applyCsrfMiddleware() {
         $token = $_POST['csrf_token'] ?? '';
         if (!$security->verifyCsrfToken($token)) {
             // Log CSRF attempt
-            error_log("CSRF attempt detected from IP: " . $_SERVER['REMOTE_ADDR']);
+            $logMessage = sprintf(
-//FIXME log class not loaded
+                "CSRF attempt detected - IP: %s, Page: %s, User: %s",
-//            $logObject->insertLog(0, "CSRF attempt detected from IP: " . $_SERVER['REMOTE_ADDR'], 'system');
+                $_SERVER['REMOTE_ADDR'],
+                $_GET['page'] ?? 'unknown',
+                $_SESSION['username'] ?? 'anonymous'
+            );
+            $logObject->insertLog(0, $logMessage);
 
             // Return error message
             http_response_code(403);