dans les formulaires
// Vérification: verifyCsrf($_POST['_csrf'])
// ─────────────────────────────────────────────────────────────
function csrfToken(): string {
    if (empty($_SESSION['csrf_token'])) {
        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
    }
    return $_SESSION['csrf_token'];
}

function csrfField(): string {
    return '<input type="hidden" name="_csrf" value="' . htmlspecialchars(csrfToken()) . '">';
}

function verifyCsrf(?string $token): bool {
    return isset($_SESSION['csrf_token'])
        && $token !== null
        && hash_equals($_SESSION['csrf_token'], $token);
}<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1,viewport-fit=cover">
<meta name="theme-color" content="#f0c040">
<title>Connexion – CashFlow</title>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Syne:wght@700;800&family=DM+Sans:opsz,wght@9..40,300;9..40,400;9..40,500&display=swap" rel="stylesheet">
<style>
*,*::before,*::after{margin:0;padding:0;box-sizing:border-box}
:root{--gold:#f0c040;--green:#00e096;--red:#ff5370;--bg:#070710;--card:#10101e;--card2:#13132a;--border2:rgba(255,255,255,.07);--text:#eef0f8;--muted:rgba(238,240,248,.45);--fd:'Syne',sans-serif;--fb:'DM Sans',sans-serif;}
html,body{min-height:100%;background:var(--bg);color:var(--text);font-family:var(--fb)}
body{display:flex;align-items:center;justify-content:center;min-height:100vh;padding:20px;position:relative;overflow-x:hidden}
.bg-fx{position:fixed;inset:0;z-index:0;pointer-events:none;overflow:hidden}
.orb{position:absolute;border-radius:50%;filter:blur(80px);opacity:.12}
.orb1{width:450px;height:450px;background:radial-gradient(#f0c040,transparent 70%);top:-80px;left:-80px}
.orb2{width:400px;height:400px;background:radial-gradient(#00e5ff,transparent 70%);bottom:-80px;right:-80px}
.bg-grid{position:fixed;inset:0;z-index:0;pointer-events:none;background-image:linear-gradient(rgba(240,192,64,.035) 1px,transparent 1px),linear-gradient(90deg,rgba(240,192,64,.035) 1px,transparent 1px);background-size:48px 48px}
.card{position:relative;z-index:1;width:100%;max-width:400px;background:var(--card);border:1px solid var(--border2);border-radius:28px;padding:34px 28px;box-shadow:0 40px 80px rgba(0,0,0,.4);animation:popIn .5s cubic-bezier(.34,1.56,.64,1) both}
.card::before{content:'';position:absolute;top:0;left:50%;transform:translateX(-50%);width:60%;height:1px;background:linear-gradient(90deg,transparent,var(--gold),transparent)}
@keyframes popIn{from{opacity:0;transform:scale(.92) translateY(20px)}to{opacity:1;transform:scale(1) translateY(0)}}
.logo-lnk{display:inline-flex;align-items:center;gap:8px;text-decoration:none;margin-bottom:22px}
.logo-ico{width:40px;height:40px;border-radius:12px;background:var(--gold);display:flex;align-items:center;justify-content:center}
.logo-ico svg{width:20px;height:20px;color:#070710}
.logo-nm{font-family:var(--fd);font-size:1.05rem;font-weight:800;color:var(--text)}
.logo-nm span{color:var(--gold)}
.card-hd{text-align:center;margin-bottom:26px}
.card-title{font-family:var(--fd);font-size:1.35rem;font-weight:800;letter-spacing:-.01em;margin-bottom:4px}
.card-sub{font-size:.8rem;color:var(--muted)}
.alert{display:flex;align-items:flex-start;gap:8px;padding:11px 13px;border-radius:12px;font-size:.81rem;margin-bottom:14px;line-height:1.5}
.ae{background:rgba(255,83,112,.1);border:1px solid rgba(255,83,112,.2);color:var(--red)}
.ae a{color:inherit;font-weight:600;text-decoration:underline}
.fg{margin-bottom:16px}
label{display:block;font-size:.74rem;font-weight:600;color:var(--muted);margin-bottom:6px;letter-spacing:.04em;text-transform:uppercase}
.iw{position:relative}
.iw>svg:first-child{position:absolute;left:13px;top:50%;transform:translateY(-50%);width:17px;height:17px;color:var(--muted);pointer-events:none}
input{width:100%;padding:13px 13px 13px 41px;border-radius:13px;background:var(--card2);border:1.5px solid var(--border2);color:var(--text);font-family:var(--fb);font-size:.9rem;outline:none;transition:border-color .2s,box-shadow .2s;-webkit-appearance:none}
input:focus{border-color:var(--gold);box-shadow:0 0 0 3px rgba(240,192,64,.1)}
input::placeholder{color:var(--muted)}
.pfx{position:absolute;left:41px;top:50%;transform:translateY(-50%);font-size:.87rem;color:rgba(238,240,248,.6);font-weight:600;pointer-events:none}
.has-pfx{padding-left:82px!important}
.pw-tog{position:absolute;right:12px;top:50%;transform:translateY(-50%);background:none;border:none;cursor:pointer;padding:4px;color:var(--muted);display:flex;align-items:center;transition:color .2s}
.pw-tog:hover{color:var(--text)}.pw-tog svg{width:18px;height:18px}
.forgot-lnk{display:block;text-align:right;font-size:.75rem;color:var(--gold);text-decoration:none;margin-top:6px}
.forgot-lnk:hover{text-decoration:underline}
.btn-sub{display:flex;align-items:center;justify-content:center;gap:8px;width:100%;padding:14px;border:none;border-radius:14px;background:var(--gold);color:#070710;font-family:var(--fd);font-size:.92rem;font-weight:800;cursor:pointer;transition:transform .2s,box-shadow .2s,opacity .2s;margin-top:6px;box-shadow:0 5px 22px rgba(240,192,64,.28)}
.btn-sub:hover:not(:disabled){transform:translateY(-1px);box-shadow:0 8px 28px rgba(240,192,64,.42)}
.btn-sub:disabled{opacity:.6;cursor:not-allowed}
.spin{width:18px;height:18px;border:2.5px solid rgba(7,7,16,.3);border-top-color:#070710;border-radius:50%;animation:sp .7s linear infinite;display:none}
.btn-sub.ld .spin{display:block}.btn-sub.ld .bt{display:none}
@keyframes sp{to{transform:rotate(360deg)}}
.div-sep{display:flex;align-items:center;gap:12px;margin:20px 0;color:var(--muted);font-size:.76rem}
.div-sep::before,.div-sep::after{content:'';flex:1;height:1px;background:var(--border2)}
.card-ft{text-align:center;margin-top:20px;font-size:.79rem;color:var(--muted)}
.card-ft a{color:var(--gold);text-decoration:none;font-weight:600}
.card-ft a:hover{text-decoration:underline}
</style>
</head>
<body>
<div class="bg-fx"><div class="orb orb1"></div><div class="orb orb2"></div></div>
<div class="bg-grid"></div>

<div class="card">
  <div class="card-hd">
    <a href="index.php" class="logo-lnk">
      <div class="logo-ico"><svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" stroke-linecap="round"><path d="M13 10V3L4 14h7v7l9-11h-7z"/></svg></div>
      <span class="logo-nm">Cash<span>Flow</span></span>
    </a>
    <h1 class="card-title">Bon retour 👋</h1>
    <p class="card-sub">Connectez-vous pour rejoindre les défis</p>
  </div>

  
  <form method="POST" id="lf">
    <br />
<b>Fatal error</b>:  Uncaught Error: Call to undefined function csrfField() in /home/u264396140/domains/defi.netcrafter.art/public_html/games/login.php:143
Stack trace:
#0 {main}
  thrown in <b>/home/u264396140/domains/defi.netcrafter.art/public_html/games/login.php</b> on line <b>143</b><br />