🔒 use token-based csrf protection for admin login

meta.php

@@ -17,6 +17,7 @@
 	static::$ext[] = "url";
 	static::$ext[] = "id64";
 	static::$ext[] = "cookieaccept";
+	static::$ext[] = "csrf";
 	
 	
 	// ROUTES //

page/admin/login/index.php

@@ -10,6 +10,7 @@
 	use Flake\File;
 	use Flake\Project;
 	use Flake\Cookieaccept;
+	use Flake\Csrf;
 	
 	// CHECK AUTHENTICATION //
 	// redirect to start page when logged in
@@ -100,6 +101,8 @@
 							</div>
 						</div>
 						
+						<input type="hidden" name="csrf_token" value="<?= Csrf::token() ?>" />
+						
 						<button id="login-form-submit" class="button primary">
 							<span class="text">Login</span>
 							<span class="icon ti ti-chevron-right"></span>

page/admin/login/login_handler.php

@@ -2,8 +2,13 @@
 	declare(strict_types = 1);
 	namespace Kimendisch\Sbgg_Jetzt;
 	use Flake\Url_Redirect;
+	use Flake\Csrf;
 	
 	if(isset($_POST["token"])){
+		// VERIFY CSRF TOKEN //
+		Csrf::check();
+		
+		
 		// CHECK TOKEN //
 		// collect token from form submit
 		$token = $_POST["token"];