- Created new track-map page with aerial image and SVG overlay
- Implemented custom rotated square markers with obstacle numbers
- Added admin edit mode for placing and repositioning markers
- Database migration for track_obstacles table
- Modal form for adding new obstacles (replaces browser alerts)
- Drag-to-reposition functionality with auto-save
- Color-coded markers (green/red/black/split) for difficulty levels
- Clickable popups showing obstacle details
- Added track-map to navigation menu and sitemap
- URL rewrite rule for clean /track-map URL
- Move process_event.php from src/admin to src/processors
- Move toggle_event_published.php from src/admin to src/processors
- Move delete_event.php from src/admin to src/processors
- Update .htaccess rewrite rules to point event processors to correct location
- Keep admin_events.php and manage_events.php in admin (display pages only)
Previously, linked membership checks only occurred if there was no membership
application record. Now linked memberships are checked as fallback at every
stage of the direct membership validation:
- No membership application check linked
- Indemnity not accepted check linked
- No membership fees record check linked
- Direct membership not active/expired check linked
This ensures linked members see themselves as active across all member areas,
detail pages, and booking forms (trips, courses, campsites, driver training,
bush mechanics, rescue & recovery).
The linkUserForm was nested inside the infoForm, causing the 'Link Account' button
to trigger the parent form's update_application submission instead of the AJAX
membership linking request. Moved the entire Linked Accounts section and form to
come after the infoForm closes, making it a separate form.
- Fixed CSRF token selector to be form-specific instead of page-global
- Added console.log statements for debugging AJAX requests
- Improved error handling with better error messages showing HTTP status
- Better error message when linking fails (shows actual error from server)
- Add form submission handler for linkUserForm
- Validates form input and sends email + relationship to /link_membership_user
- Displays success message and reloads page on successful link
- Shows error messages with proper styling
- Add unlink button click handlers
- Confirms deletion before removing linked account
- Sends link_id to /unlink_membership_user processor
- Reloads page on successful removal
- Integrate CSRF token validation
- Form includes CSRF token generation
- JavaScript captures and includes token in AJAX requests
The membership linking UI is now fully functional. Secondary users can be linked
to primary memberships and removed as needed.
- Created membership_links table to associate secondary users with primary memberships
- Created membership_permissions table for granular permission control
- Added linkSecondaryUserToMembership() function to create links with validation
- Added getUserMembershipLink() to check access via secondary links
- Added getLinkedSecondaryUsers() to list all secondary users for a primary member
- Added unlinkSecondaryUser() to remove links
- Updated getUserMemberStatus() to check both direct and linked memberships
- Created link_membership_user processor to handle linking via API
- Created unlink_membership_user processor to handle unlinking via API
- Added .htaccess routes for linking endpoints
- Grants default permissions: access_member_areas, member_pricing, book_campsites, book_courses, book_trips
- Includes transaction safety with rollback on errors
- Includes comprehensive documentation with usage examples
- Validates primary user has active membership before allowing links
- Prevents duplicate links and self-linking
- Changed album title to white color
- Added text-shadow to album title for better contrast over images
- Changed album description to white color
- Added text-shadow to album description for readability
- Ensures text is visible regardless of cover image darkness
- Fetch cover_image in album query
- Set album-header background-image with cover image
- Add dark overlay (50% opacity) over cover for text readability
- Increased padding for better header spacing with cover image
- Improved visual design using cover image as backdrop
- Fallback to overlay-only design if no cover image exists
- Enhanced header layout with proper z-index for content layering
- Added dedicated cover image upload field in create_album.php form
- Display current cover image preview when editing
- Drag-and-drop support for cover image with real-time preview
- Shows filename and file size after selection
- Updated save_album.php to handle cover image upload
- Updated update_album.php to handle cover image replacement
- Deletes old cover image when updating
- Cover image optional - first photo in album used as fallback
- Recommended cover dimensions: 500x500px or larger (square)
- File validation: max 5MB, supports JPG, PNG, GIF, WEBP
- All cover image changes included in transaction with rollback on error
- Changed gallery from carousel to responsive grid layout (similar to about page)
- Shows album cover images with titles, creator info, and photo count
- Improved visual design with hover effects and better spacing
- Edit buttons now only visible to album owners (uses current_user_id variable)
- Added proper ownership verification in all album edit/delete operations
- Enhanced styling for mobile/tablet/desktop responsiveness
- Simplified layout makes it easier to browse multiple albums at once
- Fix rootPath calculation in all album processors (was going up too many levels)
- Use global \ from connection.php instead of calling openDatabaseConnection()
- Fix cleanup code in save_album.php to use existing \
- Update all processors to use proper config file includes (env.php, session.php, connection.php, functions.php)
- Ensures validateCSRFToken() and other functions are properly available
- Added photo gallery carousel view (gallery.php) with all member albums
- Implemented album detail view with responsive photo grid and lightbox
- Created album creation/editing form with drag-and-drop photo uploads
- Added backend processors for album CRUD operations and photo management
- Implemented API endpoints for fetching and deleting photos
- Added database migration for photo_albums and photos tables
- Included comprehensive feature documentation with testing checklist
- Updated .htaccess with URL rewrite rules for gallery routes
- Added Gallery link to Members Area menu in header
- Created upload directory structure (/assets/uploads/gallery/)
- Implemented security: CSRF tokens, ownership verification, file validation
- Added transaction safety with rollback on errors and cleanup
- Features: Lightbox with keyboard navigation, drag-and-drop uploads, responsive design
- Add UNIQUE constraint on membership_application.user_id (one app per user)
- Add UNIQUE constraint on membership_fees.user_id (one fee record per user)
- Add validation checks in process_application.php before inserting
- Improve error messages for duplicate submission attempts
- Add migration script to clean up existing duplicates before constraints
- Update checkMembershipApplication to set session message on redirect
- Add comprehensive documentation of duplicate prevention architecture
Individual payments/EFTs are tracked separately in payments table
- Replace 'Coming Soon!' with 'Campsites' link in Members Area dropdown
- Add membership verification check to campsites.php
- Redirect non-logged-in users to login page
- Redirect non-members to index page
- Only active members can access campsites feature
- Add proper error handling to toggle_event_published.php with HTTP status codes
- Add try-catch block for database operations in toggle endpoint
- Update events.php query to only show published events (added published = 1 filter)
- Add updated_at timestamp update when toggling publish status
- Improve error messages for better debugging
- Remove checkbox from manage_events.php form (publish via admin table instead)
- Redesign admin_events.php to match admin_trips.php layout exactly
- Add table-based actions with icon buttons (Edit, Publish/Unpublish, Delete)
- Change button styling to match trips (btn classes with colors)
- Add publish/unpublish toggle button with eye icon
- Create toggle_event_published.php endpoint for publish status switching
- Create delete_event.php endpoint for event deletion
- Add AJAX functionality for instant publish/delete without page reload
- Update .htaccess with new endpoint rewrite rules
- Badge styling updated to match trips (bg-success, bg-warning)
- Consistent sorting and filtering functionality
- Add manage_events.php form for creating/editing events
- Add process_event.php endpoint for CRUD operations with image uploads
- Add admin_events.php list view with sorting, filtering, and delete functionality
- Add database migration to add created_by, published, created_at, updated_at columns to events table
- Add event images directory structure
- All features follow same patterns as trip management system
- Updated sendPOP() function to read recipient emails from POP_NOTIFICATION_EMAILS env variable
- Supports comma-separated email list for flexibility
- Allows dev and live servers to have different notification recipients
- Falls back to info@4wdcsa.co.za if no env variable configured
- Move header() call to before any includes that might output
- Start output buffering at the beginning
- Clean output buffer before sending JSON response
- Add dataType: 'json' to AJAX call to properly parse JSON response
- Add Content-Type header to upload_profile_picture.php
- Add error callback with console logging for debugging
- Remove manual JSON parsing since jQuery handles it with dataType
- upload_profile_picture.php: Use absolute path for profile picture uploads, store relative path in DB
- submit_pop.php: Use absolute path for proof of payment uploads
- process_signature.php: Use absolute path for signature uploads, store relative path in DB
