adding enhanced csrf protection

app-code/login/pw.php

@@ -10,6 +10,7 @@ secure_session_start();
   <title>Jakach Login</title>
   <?php
 	include "../assets/components.php";
+	print_csrf_script();
   ?>
 </head>
 <body>
@@ -81,7 +82,12 @@ secure_session_start();
 <script>
 	//pw reset:
 	function reset_pw(){
-		fetch("/api/login/send_reset_link.php");
+		fetch("/api/login/send_reset_link.php", {
+			method: "POST",
+			headers: {
+				"X-CSRF-Token": window.csrfToken
+			}
+		});
 		var resetModal = new bootstrap.Modal(document.getElementById('resetModal'));
 		resetModal.show();
 	}
@@ -108,6 +114,7 @@ secure_session_start();
 	        method: 'POST',
 	        headers: {
 	            'Content-Type': 'application/x-www-form-urlencoded', // Form-like data
+	            'X-CSRF-Token': window.csrfToken,
 	        },
 	        body: new URLSearchParams({
 	            password: password, // Send password as form data