feat: complete photo gallery implementation with album management and lightbox viewer

- Added photo gallery carousel view (gallery.php) with all member albums
- Implemented album detail view with responsive photo grid and lightbox
- Created album creation/editing form with drag-and-drop photo uploads
- Added backend processors for album CRUD operations and photo management
- Implemented API endpoints for fetching and deleting photos
- Added database migration for photo_albums and photos tables
- Included comprehensive feature documentation with testing checklist
- Updated .htaccess with URL rewrite rules for gallery routes
- Added Gallery link to Members Area menu in header
- Created upload directory structure (/assets/uploads/gallery/)
- Implemented security: CSRF tokens, ownership verification, file validation
- Added transaction safety with rollback on errors and cleanup
- Features: Lightbox with keyboard navigation, drag-and-drop uploads, responsive design

src/processors/update_album.php

@@ -0,0 +1,153 @@
+<?php
+session_start();
+
+if (!isset($_SESSION['user_id']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(403);
+    exit('Forbidden');
+}
+
+// Validate CSRF token
+if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
+    http_response_code(400);
+    exit('Invalid request');
+}
+
+$rootPath = dirname(dirname(dirname(__DIR__)));
+require_once($rootPath . '/connection.php');
+require_once($rootPath . '/functions.php');
+
+$conn = openDatabaseConnection();
+
+$album_id = intval($_POST['album_id'] ?? 0);
+$title = trim($_POST['title'] ?? '');
+$description = trim($_POST['description'] ?? '');
+$user_id = $_SESSION['user_id'];
+
+if (!$album_id) {
+    $conn->close();
+    http_response_code(400);
+    echo json_encode(['error' => 'Album ID is required']);
+    exit;
+}
+
+// Verify ownership
+$ownerCheck = $conn->prepare("SELECT user_id FROM photo_albums WHERE album_id = ?");
+$ownerCheck->bind_param("i", $album_id);
+$ownerCheck->execute();
+$ownerResult = $ownerCheck->get_result();
+
+if ($ownerResult->num_rows === 0) {
+    $conn->close();
+    http_response_code(404);
+    echo json_encode(['error' => 'Album not found']);
+    exit;
+}
+
+$owner = $ownerResult->fetch_assoc();
+if ($owner['user_id'] !== $user_id) {
+    $conn->close();
+    http_response_code(403);
+    echo json_encode(['error' => 'You do not have permission to edit this album']);
+    exit;
+}
+$ownerCheck->close();
+
+// Validate inputs
+if (empty($title) || !validateName($title)) {
+    $conn->close();
+    http_response_code(400);
+    echo json_encode(['error' => 'Album title is required and must be valid']);
+    exit;
+}
+
+if (!empty($description) && strlen($description) > 500) {
+    $conn->close();
+    http_response_code(400);
+    echo json_encode(['error' => 'Description must be 500 characters or less']);
+    exit;
+}
+
+try {
+    // Start transaction
+    $conn->begin_transaction();
+
+    // Update album
+    $updateStmt = $conn->prepare("UPDATE photo_albums SET title = ?, description = ?, updated_at = NOW() WHERE album_id = ?");
+    $updateStmt->bind_param("ssi", $title, $description, $album_id);
+    $updateStmt->execute();
+    $updateStmt->close();
+
+    // Handle photo uploads if any
+    if (isset($_FILES['photos']) && $_FILES['photos']['error'][0] !== UPLOAD_ERR_NO_FILE) {
+        $allowedMimes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
+        $maxSize = 5 * 1024 * 1024; // 5MB
+
+        $albumDir = $rootPath . '/assets/uploads/gallery/' . $album_id;
+        
+        // Get current max display order
+        $orderStmt = $conn->prepare("SELECT MAX(display_order) as max_order FROM photos WHERE album_id = ?");
+        $orderStmt->bind_param("i", $album_id);
+        $orderStmt->execute();
+        $orderResult = $orderStmt->get_result();
+        $orderRow = $orderResult->fetch_assoc();
+        $displayOrder = ($orderRow['max_order'] ?? 0) + 1;
+        $orderStmt->close();
+
+        for ($i = 0; $i < count($_FILES['photos']['name']); $i++) {
+            if ($_FILES['photos']['error'][$i] !== UPLOAD_ERR_OK) {
+                continue;
+            }
+
+            $fileName = $_FILES['photos']['name'][$i];
+            $fileTmpName = $_FILES['photos']['tmp_name'][$i];
+            $fileSize = $_FILES['photos']['size'][$i];
+            $fileMime = mime_content_type($fileTmpName);
+
+            // Validate file
+            if (!in_array($fileMime, $allowedMimes)) {
+                throw new Exception('Invalid file type: ' . $fileName);
+            }
+
+            if ($fileSize > $maxSize) {
+                throw new Exception('File too large: ' . $fileName);
+            }
+
+            // Generate unique filename
+            $ext = pathinfo($fileName, PATHINFO_EXTENSION);
+            $newFileName = uniqid('photo_') . '.' . $ext;
+            $filePath = $albumDir . '/' . $newFileName;
+            $relativePath = '/assets/uploads/gallery/' . $album_id . '/' . $newFileName;
+
+            if (!move_uploaded_file($fileTmpName, $filePath)) {
+                throw new Exception('Failed to upload: ' . $fileName);
+            }
+
+            // Insert photo record
+            $caption = $fileName; // Default caption is filename
+            $photoStmt = $conn->prepare("INSERT INTO photos (album_id, file_path, caption, display_order, created_at) VALUES (?, ?, ?, ?, NOW())");
+            $photoStmt->bind_param("issi", $album_id, $relativePath, $caption, $displayOrder);
+            $photoStmt->execute();
+            $photoStmt->close();
+
+            $displayOrder++;
+        }
+    }
+
+    // Commit transaction
+    $conn->commit();
+    $conn->close();
+
+    // Redirect back to album view
+    header('Location: view_album?id=' . $album_id);
+    exit;
+
+} catch (Exception $e) {
+    // Rollback on error
+    $conn->rollback();
+    $conn->close();
+
+    http_response_code(400);
+    echo json_encode(['error' => $e->getMessage()]);
+    exit;
+}
+?>