Fixes CSRF issue after login with 2fa code

app/includes/csrf_middleware.php

@@ -12,6 +12,14 @@ function applyCsrfMiddleware() {
         return true;
     }
 
+    // Skip CSRF check for initial login, registration, and 2FA verification attempts
+    if ($_SERVER['REQUEST_METHOD'] === 'POST' &&
+        isset($_GET['page']) && isset($_GET['action']) &&
+        $_GET['page'] === 'login' && $_GET['action'] === 'verify' &&
+        isset($_SESSION['2fa_pending_user_id'])) {
+        return true;
+    }
+
     // Skip CSRF check for initial login and registration attempts
     if ($_SERVER['REQUEST_METHOD'] === 'POST' &&
         isset($_GET['page']) &&