verifyCsrfToken($token)) { // Log CSRF attempt $ipAddress = $user_IP; $logMessage = sprintf( "CSRF attempt detected - IP: %s, Page: %s, User: %s", $ipAddress, $_GET['page'] ?? 'unknown', $_SESSION['username'] ?? 'anonymous' ); $logObject->log('error', $logMessage, ['user_id' => null, 'scope' => 'system']); // Return error message http_response_code(403); die('Invalid CSRF token. Please try again.'); } } return true; }