feat: Inject CSRF tokens in TicketView and CreateTicketView

Add CSRF token injection to the remaining view files:
- views/TicketView.php - Added CSRF token before ticket data script
- views/CreateTicketView.php - Added CSRF token in head section

All view files now expose window.CSRF_TOKEN for JavaScript fetch calls.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

views/CreateTicketView.php

@@ -11,6 +11,13 @@
     <link rel="stylesheet" href="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/css/dashboard.css">
     <link rel="stylesheet" href="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/css/ticket.css">
     <script src="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/js/dashboard.js"></script>
+    <script>
+    // CSRF Token for AJAX requests
+    window.CSRF_TOKEN = '<?php
+        require_once __DIR__ . '/../middleware/CsrfMiddleware.php';
+        echo CsrfMiddleware::getToken();
+    ?>';
+    </script>
 </head>
 <body>
     <div class="user-header">

views/TicketView.php

@@ -53,6 +53,13 @@ function formatDetails($details, $actionType) {
     <script src="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/js/dashboard.js"></script>
     <script src="<?php echo $GLOBALS['config']['ASSETS_URL']; ?>/js/ticket.js"></script>
     <script>
+    // CSRF Token for AJAX requests
+    window.CSRF_TOKEN = '<?php
+        require_once __DIR__ . '/../middleware/CsrfMiddleware.php';
+        echo CsrfMiddleware::getToken();
+    ?>';
+    </script>
+    <script>
     // Store ticket data in a global variable
     window.ticketData = {
         ticket_id: "<?php echo $ticket['ticket_id']; ?>",