adding enhanced csrf protection

app-code/account/manage_users.php

@@ -1,3 +1,11 @@
+<?php
+include "../api/utils/security.php";
+secure_session_start();
+if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_admin_session()) {
+    header("LOCATION:/?send_to=/account/");
+    exit();
+}
+?>
 <!DOCTYPE html>
 <html lang="en" data-bs-theme="dark">
 <head>
@@ -6,6 +14,7 @@
     <title>User Management</title>
     <?php
       include "../assets/components.php";
+      print_csrf_script();
     ?>
 </head>
 <body>
@@ -58,7 +67,12 @@
         if (!confirm('Are you sure you want to delete this user?')) return;
 
         try {
-            const response = await fetch(`/api/manage/delete_user.php?id=${userId}`, { method: 'DELETE' });
+            const response = await fetch(`/api/manage/delete_user.php?id=${userId}`, {
+                method: 'DELETE',
+                headers: {
+                    'X-CSRF-Token': window.csrfToken
+                }
+            });
             const data = await response.json();
 
             if (data.success) {