fix: improve text visibility on album header background

- Changed album title to white color
- Added text-shadow to album title for better contrast over images
- Changed album description to white color
- Added text-shadow to album description for readability
- Ensures text is visible regardless of cover image darkness

.htaccess

@@ -37,6 +37,7 @@ RewriteRule ^member_info$ src/pages/memberships/member_info.php [L]
 RewriteRule ^bookings$ src/pages/bookings/bookings.php [L]
 RewriteRule ^campsites$ src/pages/bookings/campsites.php [L]
 RewriteRule ^campsite_booking$ src/pages/bookings/campsite_booking.php [L]
+RewriteRule ^add_campsite$ src/pages/add_campsite.php [L]
 RewriteRule ^trips$ src/pages/bookings/trips.php [L]
 RewriteRule ^trip-details$ src/pages/bookings/trip-details.php [L]
 RewriteRule ^course_details$ src/pages/bookings/course_details.php [L]
@@ -50,6 +51,12 @@ RewriteRule ^payment_confirmation$ src/pages/shop/payment_confirmation.php [L]
 RewriteRule ^confirm$ src/pages/shop/confirm.php [L]
 RewriteRule ^confirm2$ src/pages/shop/confirm2.php [L]
 
+# === GALLERY PAGES ===
+RewriteRule ^gallery$ src/pages/gallery/gallery.php [L]
+RewriteRule ^create_album$ src/pages/gallery/create_album.php [L]
+RewriteRule ^edit_album$ src/pages/gallery/create_album.php [L]
+RewriteRule ^view_album$ src/pages/gallery/view_album.php [L]
+
 # === EVENTS & BLOG PAGES ===
 RewriteRule ^events$ src/pages/events/events.php [L]
 RewriteRule ^blog$ src/pages/events/blog.php [L]
@@ -76,13 +83,14 @@ RewriteRule ^view_indemnity$ src/pages/other/view_indemnity.php [L]
 RewriteRule ^admin_members$ src/admin/admin_members.php [L]
 RewriteRule ^admin_payments$ src/admin/admin_payments.php [L]
 RewriteRule ^admin_web_users$ src/admin/admin_web_users.php [L]
+RewriteRule ^admin_events$ src/admin/admin_events.php [L]
 RewriteRule ^admin_course_bookings$ src/admin/admin_course_bookings.php [L]
 RewriteRule ^admin_camp_bookings$ src/admin/admin_camp_bookings.php [L]
 RewriteRule ^admin_trip_bookings$ src/admin/admin_trip_bookings.php [L]
 RewriteRule ^admin_visitors$ src/admin/admin_visitors.php [L]
 RewriteRule ^admin_efts$ src/admin/admin_efts.php [L]
-RewriteRule ^add_campsite$ src/admin/add_campsite.php [L]
 RewriteRule ^admin_trips$ src/admin/admin_trips.php [L]
+RewriteRule ^manage_events$ src/admin/manage_events.php [L]
 RewriteRule ^manage_trips$ src/admin/manage_trips.php [L]
 
 # === API/AJAX ENDPOINTS ===
@@ -114,8 +122,16 @@ RewriteRule ^upload_profile_picture$ src/processors/upload_profile_picture.php [
 RewriteRule ^send_reset_link$ src/processors/send_reset_link.php [L]
 RewriteRule ^logout$ src/processors/logout.php [L]
 RewriteRule ^process_trip$ src/processors/process_trip.php [L]
+RewriteRule ^process_event$ src/admin/process_event.php [L]
 RewriteRule ^toggle_trip_published$ src/processors/toggle_trip_published.php [L]
+RewriteRule ^toggle_event_published$ src/admin/toggle_event_published.php [L]
 RewriteRule ^delete_trip$ src/processors/delete_trip.php [L]
+RewriteRule ^delete_event$ src/admin/delete_event.php [L]
+RewriteRule ^save_album$ src/processors/save_album.php [L]
+RewriteRule ^update_album$ src/processors/update_album.php [L]
+RewriteRule ^delete_album$ src/processors/delete_album.php [L]
+RewriteRule ^delete_photo$ src/processors/delete_photo.php [L]
+RewriteRule ^get_album_photos$ src/processors/get_album_photos.php [L]
 
 </IfModule>
 

docs/EVENTS_ADMIN_SYSTEM.md

@@ -0,0 +1,176 @@
+# Events Management Admin System
+
+## Overview
+A complete admin system for managing events on the 4WDCSA website, following the same patterns as the trip management system.
+
+## Files Created
+
+### 1. `/src/admin/manage_events.php`
+**Purpose**: Form for creating and editing events
+
+**Features**:
+- Create new events form
+- Edit existing events form
+- Fields:
+  - Event Name (required)
+  - Event Type (required) - e.g., Workshop, Training, Rally
+  - Location (required)
+  - Date (required)
+  - Time (required)
+  - Feature/Category (required) - e.g., Off-Road Training, Social Event
+  - Description (required) - Full text description
+  - Event Image (required for new, optional for updates)
+  - Promotional Image (optional) - Displayed when users click "View Promo"
+  - Published Status (checkbox) - Controls visibility on website
+
+**Technical Details**:
+- AJAX form submission to `process_event` endpoint
+- Image upload with validation
+- CSRF token protection
+- Responsive Bootstrap grid layout (col-md-6 fields)
+- Success/error message display with auto-redirect
+
+### 2. `/src/admin/process_event.php`
+**Purpose**: Backend endpoint for handling event CRUD operations
+
+**Endpoints**:
+- `POST /process_event` - Create/Update event
+- `GET /process_event?action=delete&event_id={id}` - Delete event
+
+**Features**:
+- Create new events with image uploads
+- Update existing events with optional image replacement
+- Delete events and associated image files
+- CSRF token validation
+- Image type validation (JPEG, PNG, GIF, WebP)
+- File organization in `/assets/images/events/`
+- Automatic timestamp management (created_at, updated_at)
+- User tracking (created_by stores admin user_id)
+
+**Image Handling**:
+- Main event image: Stored with unique ID prefix
+- Promo image: Stored with `_promo_` prefix
+- Both uploaded to `/assets/images/events/`
+
+### 3. `/src/admin/admin_events.php`
+**Purpose**: Admin dashboard for managing all events
+
+**Features**:
+- List all events with sortable columns
+- Real-time search/filter across all columns
+- Create new event button
+- Edit event link for each row
+- Delete event with confirmation dialog
+- Status badges (Published/Draft)
+- Responsive table with alternating row colors
+- Rounded corners on even rows
+
+**Sortable Columns**:
+- Event Name
+- Type
+- Location
+- Date
+- Status
+
+**Actions**:
+- Edit - Redirects to manage_events.php with event_id
+- Delete - Removes event and associated files
+
+## Database Schema Changes
+
+### Migration File: `/docs/migrations/001_add_events_tracking_columns.sql`
+
+**Columns Added to events table**:
+- `created_by` (int) - References user who created the event
+- `published` (tinyint(1)) - Boolean flag for publication status (default 0/false)
+- `created_at` (timestamp) - Automatic timestamp when event is created
+- `updated_at` (timestamp) - Automatic timestamp updated on modification
+
+**Indexes Added**:
+- `idx_date` - For sorting and filtering by date
+- `idx_published` - For filtering published/draft events
+- `idx_created_by` - For tracking who created events
+
+## Design Patterns
+
+### Follows Trip Management System Architecture
+- Same form layout and styling (`.comment-form.bgc-lighter`)
+- Same table styling with sortable headers and filters
+- Same image upload and validation patterns
+- AJAX submission with success/error messaging
+- Auto-redirect on successful operation
+
+### Image Organization
+```
+/assets/images/events/
+├── {unique_id}_{original_filename}.jpg (event images)
+└── {unique_id}_promo_{original_filename}.jpg (promo images)
+```
+
+### Front-end Integration
+The existing `/src/pages/events/events.php` displays published events:
+- Shows event image, name, location, date, time
+- Feature description and full description
+- "View Promo" button displays promotional image in modal
+
+## Usage Workflow
+
+### Creating an Event
+1. Navigate to `/src/admin/manage_events.php`
+2. Fill in all required fields
+3. Upload event image
+4. Optionally upload promotional image
+5. Check "Publish Event" if ready to display
+6. Submit form via AJAX
+7. Redirected to admin_events.php list view
+
+### Editing an Event
+1. Click "Edit" button on admin_events.php
+2. Modify any fields
+3. Image upload is optional - existing image retained if not changed
+4. Update timestamps and user tracking automatic
+5. Submit form
+6. Redirected back to list view
+
+### Deleting an Event
+1. Click "Delete" button on admin_events.php
+2. Confirm deletion in dialog
+3. Event and associated image files removed from server
+4. Page automatically refreshes
+
+### Publishing/Unpublishing
+- Toggle "Publish Event" checkbox before saving
+- Only published events appear on `/src/pages/events/events.php`
+- Draft events hidden from public view
+
+## Security Features
+
+1. **CSRF Token Protection**: All forms include CSRF token validation
+2. **Admin-only Access**: `checkAdmin()` function validates user permissions
+3. **File Validation**: Image type checking (JPEG, PNG, GIF, WebP)
+4. **SQL Injection Prevention**: Prepared statements with parameter binding
+5. **XSS Prevention**: `htmlspecialchars()` used for output escaping
+
+## Styling Classes
+
+**Form Container**: `.comment-form.bgc-lighter.z-1.rel.mb-30.rmb-55`
+**Action Buttons**: `.btn-edit`, `.btn-delete`
+**Status Badges**: `.badge.badge-published`, `.badge.badge-draft`
+**Tables**: Uses sortable header styling with visual sort indicators
+
+## Browser Compatibility
+
+- Modern browsers with AJAX/Fetch API support
+- JavaScript enabled required for filtering and sorting
+- File input accepts image MIME types
+
+## Future Enhancement Opportunities
+
+1. Bulk event operations (bulk delete, publish multiple)
+2. Event categories/tags system
+3. Event capacity limits with registrations
+4. Email notifications for published events
+5. Event calendar view
+6. Event image gallery (multiple images per event)
+7. Recurring events support
+8. Event attendee tracking

docs/MEMBERSHIP_DUPLICATE_PREVENTION.md

@@ -0,0 +1,86 @@
+# Membership Application Duplicate Prevention
+
+## Overview
+Implemented comprehensive validation to prevent users from submitting multiple membership applications or creating multiple membership fee records. Each user can have exactly one application and one membership fee record. Individual payments are tracked separately in the payments/efts table.
+
+## Architecture
+
+```
+User (1) ---> Membership Application (1) ---> Membership Fee (1) ---> Multiple Payments/EFTs
+```
+
+- **Membership Application**: Stores user details and application information (one per user)
+- **Membership Fee**: Stores the total fee amount and dates (one per user, linked to application)
+- **Payments/EFTs**: Tracks individual payment transactions for the membership fee (many per fee)
+
+## Changes Made
+
+### 1. Database Level Protection
+**File:** `docs/migrations/002_add_unique_constraints_membership.sql`
+
+- Added `UNIQUE` constraint on `membership_application.user_id` - ensures each user can only have one application
+- Added `UNIQUE` constraint on `membership_fees.user_id` - ensures each user can only have one membership fee record
+- Cleans up any duplicate records before adding constraints
+
+### 2. Application Level Validation
+**File:** `src/processors/process_application.php`
+
+Added pre-submission checks:
+- Check if user already has a membership application in the database
+- Check if user already has a membership fee record
+- Return clear error message if either check fails
+- Catch database constraint violations and provide user-friendly message
+
+**File:** `src/config/functions.php`
+
+- Improved `checkMembershipApplication()` to set session message before redirecting
+- Message displayed: "You have already submitted a membership application."
+
+### 3. Error Handling
+If a user somehow bypasses checks:
+- Server validates before processing
+- Returns HTTP 400 error with JSON response
+- User sees clear message directing them to support or check email
+- Database constraints prevent data corruption (duplicate key violation)
+
+## User Flow
+
+1. **First Visit to Application Page:**
+   - `checkMembershipApplication()` checks database
+   - If no application exists, shows form
+   - If application exists, redirects to `membership_details.php`
+
+2. **Form Submission:**
+   - Server checks for existing application
+   - Server checks for existing membership fee
+   - If checks pass, inserts application and fee in transaction
+   - On success, redirects to indemnity page
+   - On error, returns JSON error response
+
+3. **Payment Process:**
+   - Individual payment records are created in payments/efts table
+   - Multiple payments can be made against the single membership_fee record
+   - Payment status is tracked independently from application
+
+## Testing Recommendations
+
+1. Test creating a membership application - should succeed
+2. Try applying again - should be redirected to membership_details
+3. Try submitting the form multiple times rapidly - should fail on 2nd attempt
+4. Verify payments can be made against the single membership fee record
+5. Check database constraints: `SHOW INDEX FROM membership_application;` and `SHOW INDEX FROM membership_fees;`
+
+## Database Constraints
+
+```sql
+-- One application per user
+ALTER TABLE membership_application 
+ADD CONSTRAINT uk_membership_application_user_id UNIQUE (user_id);
+
+-- One membership fee record per user
+ALTER TABLE membership_fees 
+ADD CONSTRAINT uk_membership_fees_user_id UNIQUE (user_id);
+```
+
+## Backwards Compatibility
+The migration script cleans up any existing duplicate records before adding constraints, ensuring no data loss.

docs/PHOTO_GALLERY_IMPLEMENTATION.md

@@ -0,0 +1,494 @@
+# Photo Gallery Feature - Complete Implementation
+
+## Overview
+The Photo Gallery feature allows 4WDCSA members to create, manage, and view photo albums with a carousel interface for browsing and a lightbox viewer for detailed photo viewing.
+
+## Database Schema
+
+### photo_albums table
+```sql
+- album_id (INT, PK, AUTO_INCREMENT)
+- user_id (INT, FK to users)
+- title (VARCHAR 255, NOT NULL)
+- description (TEXT, nullable)
+- cover_image (VARCHAR 500, nullable - stores file path)
+- created_at (TIMESTAMP)
+- updated_at (TIMESTAMP)
+- UNIQUE INDEX on user_id (one album per user for now, can be modified)
+- INDEX on created_at for sorting
+```
+
+### photos table
+```sql
+- photo_id (INT, PK, AUTO_INCREMENT)
+- album_id (INT, FK to photo_albums, CASCADE DELETE)
+- file_path (VARCHAR 500, NOT NULL)
+- caption (VARCHAR 500, nullable)
+- display_order (INT, default 0)
+- created_at (TIMESTAMP)
+- INDEX on album_id for quick lookups
+- INDEX on display_order for sorting
+```
+
+## File Structure
+
+### Pages (Public-Facing)
+- `src/pages/gallery/gallery.php` - Main carousel view of all albums
+- `src/pages/gallery/view_album.php` - Detailed album view with photo grid and lightbox
+- `src/pages/gallery/create_album.php` - Form to create new albums and upload initial photos
+
+### Processors (Backend Logic)
+- `src/processors/save_album.php` - Creates new album and handles initial photo uploads
+- `src/processors/update_album.php` - Updates album metadata and handles additional photo uploads
+- `src/processors/delete_album.php` - Deletes entire album with all photos and files
+- `src/processors/delete_photo.php` - Deletes individual photos from album
+- `src/processors/get_album_photos.php` - API endpoint returning album photos as JSON
+
+### Styling
+All styling is embedded in each PHP file using `<style>` tags for consistency with existing pattern.
+
+## Features
+
+### Gallery View (gallery.php)
+**Purpose**: Display all photo albums in a carousel format
+
+**Features**:
+- Bootstrap carousel with Previous/Next buttons
+- Album cards showing:
+  - Cover image
+  - Album title
+  - Description
+  - Creator avatar and name
+  - Photo count
+  - "View Album" button
+- "Create Album" button (visible to all members)
+- Empty state message for members with no albums
+- Responsive design for mobile/tablet/desktop
+
+**Access Control**:
+- Members-only (redirects non-members to membership page)
+- Verified membership required
+
+### Album Detail View (view_album.php)
+**Purpose**: Display all photos from a single album with lightbox viewer
+
+**Features**:
+- Album header with:
+  - Creator information (avatar, name)
+  - Album title and description
+  - Photo count
+  - "Edit Album" button (visible only to album owner)
+- Responsive photo grid layout
+- Click any photo to open lightbox viewer
+- Lightbox features:
+  - Full-screen image display
+  - Previous/Next navigation buttons
+  - Caption display
+  - Keyboard navigation:
+    - Arrow Left: Previous photo
+    - Arrow Right: Next photo
+    - Escape: Close lightbox
+  - Close button (X)
+- Empty state message with "Add Photos" link for album owner
+- "Back to Gallery" button at bottom
+
+**Access Control**:
+- Public albums visible to all members
+- Edit button visible only to album owner
+
+### Create/Edit Album (create_album.php)
+**Purpose**: Create new albums or edit existing albums with photo uploads
+
+**Features**:
+- Album title input (required, validates with validateName())
+- Description textarea (optional, max 500 characters)
+- Drag-and-drop file upload area
+- File selection click-to-upload
+- Selected files list showing filename and size
+- Photo grid showing existing photos (edit mode only)
+- Delete button on each existing photo
+- Delete album button (edit mode only)
+- Submit and Cancel buttons
+
+**File Upload Validation**:
+- Allowed formats: JPG, PNG, GIF, WEBP
+- Max file size: 5MB per image
+- Validates MIME type and file size
+- Generates unique filenames with uniqid()
+- Stores in `/assets/uploads/gallery/{album_id}/`
+
+**Form Behavior**:
+- Create mode: Only allows setting album metadata and initial photos
+- Edit mode: Shows existing photos, allows adding new photos, allows editing metadata
+- First uploaded photo becomes cover image (auto-selected)
+- Photos can be deleted before submission (edit mode)
+- Form prepopulation on edit (title, description, existing photos)
+
+**Access Control**:
+- Members-only
+- Edit form checks album ownership before allowing edits
+- Redirect to gallery if not owner of album being edited
+
+## API Endpoints
+
+### GET /get_album_photos
+Returns JSON array of photos for an album
+
+**Parameters**:
+- `id`: Album ID (GET parameter)
+
+**Response**:
+```json
+[
+  {
+    "photo_id": 1,
+    "file_path": "/assets/uploads/gallery/1/photo_abc123.jpg",
+    "caption": "Sample photo",
+    "display_order": 1
+  }
+]
+```
+
+**Access Control**: Members-only, owner of album only
+
+### POST /delete_photo
+Deletes a photo and updates album cover if needed
+
+**Parameters**:
+- `photo_id`: Photo ID (POST)
+- `csrf_token`: CSRF token (POST)
+
+**Response**: 
+```json
+{ "success": true }
+```
+
+**Side Effects**:
+- Deletes photo file from disk
+- Removes photo from database
+- Updates album cover image if deleted photo was cover
+- Sets cover to first remaining photo or NULL if no photos left
+
+**Access Control**: Members-only, owner of album only
+
+## Workflow Examples
+
+### Creating an Album
+1. User clicks "Create Album" button on gallery page
+2. Navigates to create_album.php
+3. Enters album title (required) and description (optional)
+4. Drags and drops or selects multiple photo files
+5. Clicks "Create Album" button
+6. save_album.php:
+   - Creates album directory: `/assets/uploads/gallery/{album_id}/`
+   - Validates each photo (mime type, file size)
+   - Moves photos to album directory with unique names
+   - Sets first photo as cover_image
+   - Inserts album record and photo records in transaction
+   - Redirects to view_album page for newly created album
+
+### Editing an Album
+1. User clicks "Edit Album" button on album view page
+2. Navigates to create_album.php?id={album_id}
+3. Form prepopulates with current album data
+4. Existing photos displayed in grid with delete buttons
+5. Can add more photos by uploading new files
+6. Clicks "Update Album" button
+7. update_album.php:
+   - Verifies ownership
+   - Updates album metadata
+   - Validates and uploads any new photos
+   - Appends new photos to existing ones (doesn't overwrite)
+   - Redirects back to view_album
+
+### Deleting a Photo
+1. User clicks delete (X) button on photo in edit form
+2. JavaScript shows confirmation dialog
+3. Sends POST to delete_photo with photo_id and csrf_token
+4. delete_photo.php:
+   - Verifies ownership through album
+   - Deletes file from disk
+   - Removes from database
+   - Updates cover_image if needed
+   - Returns JSON success response
+5. Page reloads to show updated photo list
+
+### Deleting an Album
+1. User clicks "Delete Album" button in edit form
+2. JavaScript shows confirmation dialog
+3. Navigates to delete_album.php?id={album_id}
+4. delete_album.php:
+   - Verifies ownership
+   - Deletes all photo files from disk
+   - Deletes all photo records from database
+   - Deletes album directory
+   - Deletes album record
+   - Redirects to gallery page
+
+## URL Routing (.htaccess)
+
+```
+/gallery → src/pages/gallery/gallery.php
+/create_album → src/pages/gallery/create_album.php
+/edit_album → src/pages/gallery/create_album.php (id parameter determines mode)
+/view_album → src/pages/gallery/view_album.php
+/save_album → src/processors/save_album.php (POST only)
+/update_album → src/processors/update_album.php (POST only)
+/delete_album → src/processors/delete_album.php (GET with id parameter)
+/delete_photo → src/processors/delete_photo.php (POST only)
+/get_album_photos → src/processors/get_album_photos.php (GET with id parameter)
+```
+
+## Security Features
+
+### Authentication
+- All pages check for `$_SESSION['user_id']`
+- Non-members redirected to membership page
+- Non-authenticated users redirected to login
+
+### Authorization
+- Album ownership verified before allowing edits
+- Album ownership verified before allowing deletes
+- Only album owner can edit or delete photos
+- Only album owner can see edit buttons
+
+### Data Validation
+- Album title validated with validateName() function
+- Description length limited to 500 characters
+- File uploads validated for:
+  - MIME type (only image formats allowed)
+  - File size (max 5MB)
+  - File extension check
+- Filename sanitized with uniqid() to prevent conflicts
+
+### CSRF Protection
+- All forms include csrf_token
+- Processors validate CSRF token before processing
+- POST-only operations protected
+
+### Transaction Safety
+- Album creation uses transaction
+  - Creates directory
+  - Inserts album record
+  - Inserts photo records
+  - Commits all or rolls back all on error
+- Handles cleanup on failure:
+  - Deletes partial uploads
+  - Removes album directory
+  - Removes album record from database
+
+## Error Handling
+
+### Validation Errors
+- File too large: "File too large: {filename}"
+- Invalid file type: "Invalid file type: {filename}"
+- Missing album title: "Album title is required and must be valid"
+- Description too long: "Description must be 500 characters or less"
+
+### Permission Errors
+- Not authenticated: Redirects to login
+- Not a member: Redirects to membership page
+- Not album owner: Returns 403 Forbidden with error message
+- Album not found: Returns 404 with redirect to gallery
+
+### Upload Errors
+- Directory creation failure: "Failed to create album directory"
+- File move failure: "Failed to upload: {filename}"
+- Database insert failure: HTTP 400 with error message
+
+### Recovery
+- All upload errors trigger transaction rollback
+- Partial files cleaned up on failure
+- Album record deleted if transaction fails
+- Directory removed if transaction fails
+
+## Testing Checklist
+
+### Album Creation
+- [ ] Create album with title only
+- [ ] Create album with title and description
+- [ ] Upload single photo to new album
+- [ ] Upload multiple photos to new album
+- [ ] Verify first photo becomes cover
+- [ ] Verify files stored in correct directory
+- [ ] Verify album appears in carousel
+
+### Album Editing
+- [ ] Edit album title
+- [ ] Edit album description
+- [ ] Add photos to existing album
+- [ ] Add many photos at once (10+)
+- [ ] Delete photos from album
+- [ ] Delete last photo (cover updates to NULL)
+- [ ] Delete album cover, verify new cover assigned
+- [ ] Verify edit unavailable for non-owner
+
+### Album Viewing
+- [ ] View album as owner
+- [ ] View album as other member
+- [ ] View album with many photos
+- [ ] Photo grid responsive on mobile
+- [ ] Photo grid responsive on tablet
+- [ ] All photos display correct captions
+
+### Lightbox
+- [ ] Open lightbox from first photo
+- [ ] Open lightbox from middle photo
+- [ ] Open lightbox from last photo
+- [ ] Next button navigates forward
+- [ ] Previous button navigates backward
+- [ ] Next button wraps to first photo from last
+- [ ] Previous button wraps to last photo from first
+- [ ] Arrow key navigation works
+- [ ] Escape key closes lightbox
+- [ ] Click X button closes lightbox
+- [ ] Photo caption displays correctly
+
+### Gallery Page
+- [ ] Carousel displays all albums
+- [ ] Previous/Next buttons work
+- [ ] Album cards show cover image
+- [ ] Album cards show correct photo count
+- [ ] Create Album button visible
+- [ ] Create Album button navigates correctly
+- [ ] Edit button visible only to owner
+- [ ] Empty gallery state shows correct message
+- [ ] Empty gallery has Create Album link
+
+### Access Control
+- [ ] Non-members cannot access gallery
+- [ ] Non-members cannot create albums
+- [ ] Non-members cannot edit albums
+- [ ] Users cannot edit others' albums
+- [ ] Users cannot delete others' albums
+- [ ] Users cannot delete others' photos
+
+### File Uploads
+- [ ] JPG files accepted
+- [ ] PNG files accepted
+- [ ] GIF files accepted
+- [ ] WEBP files accepted
+- [ ] BMP files rejected
+- [ ] ZIP files rejected
+- [ ] Files over 5MB rejected
+- [ ] Files exactly 5MB accepted
+- [ ] Drag and drop upload works
+- [ ] Click-to-upload works
+
+### Database
+- [ ] Albums table has correct structure
+- [ ] Photos table has correct structure
+- [ ] Foreign keys work correctly
+- [ ] Cascade delete removes photos when album deleted
+- [ ] Unique constraint prevents duplicate user ownership
+- [ ] Indexes created for performance
+
+### Navigation
+- [ ] Gallery link appears in Members Area menu
+- [ ] Gallery link visible only for logged-in users
+- [ ] Gallery link locked (with icon) for non-members
+- [ ] "View Album" button navigates to album detail
+- [ ] "Edit Album" button navigates to edit form
+- [ ] "Back to Gallery" button returns to gallery
+- [ ] "Add Photos" link in empty album goes to edit form
+
+## Future Enhancements
+
+### Possible Features
+1. Multiple albums per user (modify UNIQUE constraint)
+2. Album visibility settings (private/members-only/public)
+3. Album categories/tags
+4. Photo ordering/reordering in album
+5. Photo batch operations (delete multiple, move between albums)
+6. Album sharing/collaboration
+7. Photo comments/ratings
+8. Admin gallery management
+9. Automatic image optimization/compression
+10. Photo metadata preservation (EXIF)
+11. Album archives/export
+12. Photo search across all albums
+
+### Schema Changes Required
+- Remove UNIQUE constraint on user_id to allow multiple albums per user
+- Add visibility enum field to photo_albums
+- Add category_id FK to photo_albums
+- Add user_id to photos for future permission model
+- Add updated_at timestamps to photos for tracking
+
+## Deployment Notes
+
+### Pre-Deployment
+1. Run migration 003 to create tables
+2. Create `/assets/uploads/gallery/` directory with proper permissions
+3. Ensure PHP can write to upload directory (755 or 777)
+4. Test file upload with valid and invalid files
+
+### Post-Deployment
+1. Verify gallery link appears in header menu
+2. Test creating first album in production
+3. Test file uploads with various image formats
+4. Monitor disk space usage for uploads
+5. Set up automated cleanup for orphaned files (if needed)
+
+### Permissions
+```
+/assets/uploads/gallery/
+  Permissions: 755 (rwxr-xr-x)
+  Owner: web server user
+  
+Individual album directories:
+  Permissions: 755 (rwxr-xr-x)
+  Created automatically by application
+  
+Photo files:
+  Permissions: 644 (rw-r--r--)
+  Created automatically by application
+```
+
+### Backups
+- Include `/assets/uploads/gallery/` in backup routine
+- Include `photo_albums` and `photos` tables in database backups
+- Consider separate backup for large image files
+
+## Known Limitations
+
+1. **One album per user**: Current schema design with UNIQUE constraint on user_id allows only one album per user. Can be modified if multiple albums per user needed.
+
+2. **No album visibility control**: All member albums are visible to all members. Could add privacy settings in future.
+
+3. **No photo ordering UI**: Photos ordered by display_order but no UI to reorder them. Captions show filename by default.
+
+4. **No album categories**: All albums mixed in one carousel. Could add filtering/categories.
+
+5. **Image optimization**: No automatic compression/optimization. Large images stored as-is.
+
+6. **No EXIF data**: Photo metadata stripped during upload. Could preserve orientation/metadata.
+
+## Troubleshooting
+
+### Photos not uploading
+- Check `/assets/uploads/gallery/` exists and is writable
+- Verify file sizes under 5MB
+- Confirm image MIME types are jpeg, png, gif, or webp
+- Check PHP error logs for upload errors
+
+### Album cover not updating
+- Verify cover_image field in database
+- Check if photo file path stored correctly
+- Confirm image file exists on disk
+
+### Lightbox not opening
+- Check browser console for JavaScript errors
+- Verify image paths are accessible
+- Confirm file URLs accessible directly
+
+### Permission denied errors
+- Check album owner verification logic
+- Verify CSRF tokens being passed correctly
+- Confirm user_id matches in session
+
+### Memory issues with large uploads
+- Reduce PHP memory_limit if needed
+- Split large batches of photos into smaller uploads
+- Consider image optimization/compression
+

docs/migrations/001_add_events_tracking_columns.sql

@@ -0,0 +1,14 @@
+-- Events Table Migration
+-- Add missing columns to events table for proper tracking and publishing control
+
+-- Add columns if they don't exist (using ALTER IGNORE for compatibility)
+ALTER TABLE `events` 
+ADD COLUMN `created_by` int DEFAULT NULL AFTER `promo`,
+ADD COLUMN `published` tinyint(1) DEFAULT 0 AFTER `created_by`,
+ADD COLUMN `created_at` timestamp DEFAULT CURRENT_TIMESTAMP AFTER `published`,
+ADD COLUMN `updated_at` timestamp DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP AFTER `created_at`;
+
+-- Add indexes for better query performance
+ALTER TABLE `events` ADD INDEX `idx_date` (`date`);
+ALTER TABLE `events` ADD INDEX `idx_published` (`published`);
+ALTER TABLE `events` ADD INDEX `idx_created_by` (`created_by`);

docs/migrations/002_add_unique_constraints_membership.sql

@@ -0,0 +1,37 @@
+-- Migration: Add UNIQUE constraints to prevent duplicate membership applications and fees
+-- Date: 2025-12-05
+-- Purpose: Ensure each user can only have one application and one membership fee record
+-- Note: Individual payments are tracked in the payments/efts table, not here
+
+-- Add UNIQUE constraint to membership_application table
+-- First, delete any duplicate applications keeping the most recent one
+DELETE FROM membership_application
+WHERE application_id NOT IN (
+    SELECT MAX(application_id) 
+    FROM (
+        SELECT application_id 
+        FROM membership_application
+    ) tmp
+    GROUP BY user_id
+);
+
+-- Add UNIQUE constraint on user_id in membership_application
+ALTER TABLE membership_application 
+ADD CONSTRAINT uk_membership_application_user_id UNIQUE (user_id);
+
+-- Add UNIQUE constraint to membership_fees table
+-- First, delete any duplicate fees keeping the most recent one
+DELETE FROM membership_fees
+WHERE fee_id NOT IN (
+    SELECT MAX(fee_id) 
+    FROM (
+        SELECT fee_id 
+        FROM membership_fees
+    ) tmp
+    GROUP BY user_id
+);
+
+-- Add UNIQUE constraint on user_id in membership_fees
+ALTER TABLE membership_fees 
+ADD CONSTRAINT uk_membership_fees_user_id UNIQUE (user_id);
+

docs/migrations/003_create_photo_gallery_tables.sql

@@ -0,0 +1,30 @@
+-- Migration: Create photo gallery tables for member photo albums
+-- Date: 2025-12-05
+-- Purpose: Allow members to create albums and upload photos to share with the community
+
+-- Create photo_albums table
+CREATE TABLE IF NOT EXISTS photo_albums (
+    album_id INT PRIMARY KEY AUTO_INCREMENT,
+    user_id INT NOT NULL,
+    title VARCHAR(255) NOT NULL,
+    description TEXT,
+    cover_image VARCHAR(255),
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    FOREIGN KEY (user_id) REFERENCES users(user_id) ON DELETE CASCADE,
+    INDEX idx_user_id (user_id),
+    INDEX idx_created_at (created_at)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+-- Create photos table
+CREATE TABLE IF NOT EXISTS photos (
+    photo_id INT PRIMARY KEY AUTO_INCREMENT,
+    album_id INT NOT NULL,
+    file_path VARCHAR(255) NOT NULL,
+    caption VARCHAR(255),
+    display_order INT DEFAULT 0,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (album_id) REFERENCES photo_albums(album_id) ON DELETE CASCADE,
+    INDEX idx_album_id (album_id),
+    INDEX idx_display_order (display_order)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;

header.php

@@ -283,6 +283,7 @@ if ($headerStyle === 'light') {
                                                 <ul>
                                                     <li><a href="admin_web_users">Website Users</a></li>
                                                     <li><a href="admin_members">4WDCSA Members</a></li>
+                                                    <li><a href="admin_events">Manage Events</a></li>
                                                     <li><a href="admin_trips">Manage Trips</a></li>
                                                     <li><a href="admin_trip_bookings">Trip Bookings</a></li>
                                                     <li><a href="admin_course_bookings">Course Bookings</a></li>
@@ -295,15 +296,23 @@ if ($headerStyle === 'light') {
                                             </li>
                                         <?php } ?>
                                         <li><a href="contact">Contact</a></li>
-                                        <?php if ($is_member) : ?>
+                                        <?php if ($is_logged_in) : ?>
                                             <li class="dropdown"><a href="#">Members Area</a>
                                                 <ul>
-                                                    <li><a href="#">Coming Soon!</a></li>
+                                                    <?php
+                                                    if (getUserMemberStatus($_SESSION['user_id'])) {
+                                                        echo "<li><a href=\"campsites\">Campsites Directory</a></li>";
+                                                        echo "<li><a href=\"gallery\">Photo Gallery</a></li>";
+                                                    } else { 
+                                                        echo "<li><a href=\"membership\">Campsites Directory</a><i class='fal fa-lock'></i></li>";
+                                                        echo "<li><a href=\"membership\">Photo Gallery</a><i class='fal fa-lock'></i></li>";
+                                                    } 
+                                                    ?>
                                                 </ul>
                                             </li>
-                                        <?php endif; ?>
                                         
-                                        <?php if ($is_logged_in) : ?>
+
+                                        
                                             <li class="dropdown"><a href="#">My Account</a>
                                                 <ul>
                                                     <li><a href="account_settings">Account Settings</a></li>

src/admin/admin_events.php

@@ -0,0 +1,361 @@
+<?php
+$headerStyle = 'light';
+$rootPath = dirname(dirname(__DIR__));
+include_once($rootPath . '/header.php');
+checkAdmin();
+
+// Fetch all events
+$events_query = "
+    SELECT 
+        event_id, name, type, location, date, published
+    FROM events
+    ORDER BY date DESC
+";
+
+$result = $conn->query($events_query);
+$events = [];
+if ($result && $result->num_rows > 0) {
+    while ($row = $result->fetch_assoc()) {
+        $events[] = $row;
+    }
+}
+?>
+
+<style>
+    table {
+        width: 100%;
+        border-collapse: separate;
+        border-spacing: 0;
+        margin: 10px 0;
+    }
+
+    thead th {
+        cursor: pointer;
+        text-align: left;
+        padding: 10px;
+        font-weight: bold;
+        position: relative;
+    }
+
+    thead th::after {
+        content: '\25B2';
+        /* Up arrow */
+        font-size: 0.8em;
+        position: absolute;
+        right: 10px;
+        opacity: 0;
+        transition: opacity 0.2s;
+    }
+
+    thead th.asc::after {
+        content: '\25B2';
+        /* Up arrow */
+        opacity: 1;
+    }
+
+    thead th.desc::after {
+        content: '\25BC';
+        /* Down arrow */
+        opacity: 1;
+    }
+
+    tbody tr:nth-child(odd) {
+        background-color: transparent;
+    }
+
+    tbody tr:nth-child(even) {
+        background-color: rgb(255, 255, 255);
+        border-radius: 10px;
+    }
+
+    tbody td {
+        padding: 10px;
+    }
+
+    tbody tr:nth-child(even) td:first-child {
+        border-top-left-radius: 10px;
+        border-bottom-left-radius: 10px;
+    }
+
+    tbody tr:nth-child(even) td:last-child {
+        border-top-right-radius: 10px;
+        border-bottom-right-radius: 10px;
+    }
+
+    .filter-input {
+        width: 100%;
+        padding: 10px;
+        font-size: 16px;
+        background-color: rgb(255, 255, 255);
+        border-radius: 25px;
+        margin-bottom: 15px;
+    }
+
+    .btn {
+        display: inline-block;
+        padding: 6px 12px;
+        margin: 2px;
+        font-size: 14px;
+        border-radius: 5px;
+        text-decoration: none;
+        border: none;
+        cursor: pointer;
+        transition: all 0.2s;
+    }
+
+    .btn-sm {
+        padding: 4px 8px;
+        font-size: 12px;
+    }
+
+    .btn-primary {
+        background-color: #007bff;
+        color: white;
+    }
+
+    .btn-primary:hover {
+        background-color: #0056b3;
+    }
+
+    .btn-success {
+        background-color: #28a745;
+        color: white;
+    }
+
+    .btn-success:hover {
+        background-color: #218838;
+    }
+
+    .btn-warning {
+        background-color: #ffc107;
+        color: black;
+    }
+
+    .btn-warning:hover {
+        background-color: #e0a800;
+    }
+
+    .btn-danger {
+        background-color: #dc3545;
+        color: white;
+    }
+
+    .btn-danger:hover {
+        background-color: #c82333;
+    }
+
+    .badge {
+        display: inline-block;
+        padding: 4px 8px;
+        border-radius: 4px;
+        font-size: 12px;
+        font-weight: bold;
+    }
+
+    .bg-success {
+        background-color: #28a745;
+        color: white;
+    }
+
+    .bg-warning {
+        background-color: #ffc107;
+        color: black;
+    }
+</style>
+
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
+<script>
+    $(document).ready(function() {
+        // Sorting functionality
+        const table = document.querySelector('table');
+        if (table) {
+            const headers = table.querySelectorAll('thead th');
+            const rows = Array.from(table.querySelectorAll('tbody tr'));
+
+            headers.forEach((header, index) => {
+                header.addEventListener('click', () => {
+                    const sortedRows = rows.sort((a, b) => {
+                        const aText = a.cells[index].textContent.trim().toLowerCase();
+                        const bText = b.cells[index].textContent.trim().toLowerCase();
+
+                        if (aText < bText) return -1;
+                        if (aText > bText) return 1;
+                        return 0;
+                    });
+
+                    if (header.classList.contains('asc')) {
+                        header.classList.remove('asc');
+                        header.classList.add('desc');
+                        sortedRows.reverse();
+                    } else {
+                        headers.forEach(h => h.classList.remove('asc', 'desc'));
+                        header.classList.add('asc');
+                    }
+
+                    const tbody = table.querySelector('tbody');
+                    tbody.innerHTML = '';
+                    sortedRows.forEach(row => tbody.appendChild(row));
+                });
+            });
+
+            // Filter functionality
+            const filterInput = document.querySelector('.filter-input');
+            if (filterInput) {
+                filterInput.addEventListener('input', function() {
+                    const filterValue = filterInput.value.trim().toLowerCase();
+                    rows.forEach(row => {
+                        const rowText = row.textContent.trim().toLowerCase();
+                        row.style.display = rowText.includes(filterValue) ? '' : 'none';
+                    });
+                });
+            }
+        }
+
+        // Publish/Unpublish toggle
+        $('.toggle-publish').on('click', function() {
+            var eventId = $(this).data('event-id');
+            var button = $(this);
+            var row = button.closest('tr');
+
+            $.ajax({
+                url: 'toggle_event_published',
+                type: 'POST',
+                data: {
+                    event_id: eventId
+                },
+                dataType: 'json',
+                complete: function(xhr, status) {
+                    // Handle all response codes
+                    try {
+                        var response = JSON.parse(xhr.responseText);
+                        
+                        if (response.status === 'success') {
+                            if (response.published == 1) {
+                                button.removeClass('btn-success').addClass('btn-warning');
+                                button.find('i').removeClass('fa-eye').addClass('fa-eye-slash');
+                                button.attr('title', 'Unpublish');
+                                row.find('td:nth-child(5)').html('<span class="badge bg-success">Published</span>');
+                            } else {
+                                button.removeClass('btn-warning').addClass('btn-success');
+                                button.find('i').removeClass('fa-eye-slash').addClass('fa-eye');
+                                button.attr('title', 'Publish');
+                                row.find('td:nth-child(5)').html('<span class="badge bg-warning">Draft</span>');
+                            }
+                        } else {
+                            alert('Error: ' + response.message);
+                        }
+                    } catch (e) {
+                        alert('Error updating event status. Response: ' + xhr.responseText);
+                    }
+                }
+            });
+        });
+
+        // Delete event
+        $('.delete-event').on('click', function() {
+            if (!confirm('Are you sure you want to delete this event? This action cannot be undone.')) {
+                return false;
+            }
+
+            var eventId = $(this).data('event-id');
+            var button = $(this);
+            var row = button.closest('tr');
+
+            $.ajax({
+                url: 'delete_event',
+                type: 'POST',
+                data: {
+                    event_id: eventId
+                },
+                dataType: 'json',
+                success: function(response) {
+                    if (response.status === 'success') {
+                        row.fadeOut(300, function() {
+                            $(this).remove();
+                        });
+                    } else {
+                        alert('Error: ' + response.message);
+                    }
+                },
+                error: function() {
+                    alert('Error deleting event');
+                }
+            });
+        });
+    });
+</script>
+
+<?php
+    $pageTitle = 'Manage Events';
+    $breadcrumbs = [['Home' => 'index'], [$pageTitle => '']];
+    require_once($rootPath . '/components/banner.php');
+?>
+
+<?php
+    $pageTitle = 'Manage Events';
+    $breadcrumbs = [['Home' => 'index'], [$pageTitle => '']];
+    require_once($rootPath . '/components/banner.php');
+?>
+
+<!-- Events Management Area start -->
+<section class="events-management-area py-100 rel z-1">
+    <div class="container">
+        <div class="row mb-30">
+            <div class="col-lg-12">
+                <a href="manage_events" class="theme-btn style-two">+ Create New Event</a>
+            </div>
+        </div>
+
+        <?php
+        if (!empty($events)) {
+            echo '<div class="row">
+                    <div class="col-lg-12">
+                        <div class="form-group mb-20">
+                            <input type="text" class="filter-input" placeholder="Search events...">
+                        </div>
+                        <table>
+                            <thead>
+                                <tr>
+                                    <th>Event Name</th>
+                                    <th>Type</th>
+                                    <th>Location</th>
+                                    <th>Date</th>
+                                    <th>Status</th>
+                                    <th>Actions</th>
+                                </tr>
+                            </thead>
+                            <tbody>';
+            foreach ($events as $event) {
+                $publishButtonText = $event['published'] == 1 ? 'Unpublish' : 'Publish';
+                $publishButtonClass = $event['published'] == 1 ? 'btn-warning' : 'btn-success';
+                echo '<tr>
+                        <td><strong>' . htmlspecialchars($event['name']) . '</strong></td>
+                        <td>' . htmlspecialchars($event['type']) . '</td>
+                        <td>' . htmlspecialchars($event['location']) . '</td>
+                        <td>' . convertDate($event['date']) . '</td>
+                        <td>' . ($event['published'] == 1 ? '<span class="badge bg-success">Published</span>' : '<span class="badge bg-warning">Draft</span>') . '</td>
+                        <td>
+                            <a href="manage_events?event_id=' . $event['event_id'] . '" class="btn btn-sm btn-primary" title="Edit">
+                                <i class="far fa-edit"></i>
+                            </a>
+                            <button class="btn btn-sm ' . $publishButtonClass . ' toggle-publish" data-event-id="' . $event['event_id'] . '" title="' . $publishButtonText . '">
+                                <i class="far fa-' . ($event['published'] == 1 ? 'eye-slash' : 'eye') . '"></i>
+                            </button>
+                            <button class="btn btn-sm btn-danger delete-event" data-event-id="' . $event['event_id'] . '" title="Delete">
+                                <i class="far fa-trash"></i>
+                            </button>
+                        </td>
+                    </tr>';
+            }
+            echo '</tbody></table>';
+            echo '</div>';
+            echo '</div>';
+        } else {
+            echo '<p>No events found. <a href="manage_events">Create one</a></p>';
+        }
+        ?>
+    </div>
+</section>
+<!-- Events Management Area end -->
+
+<?php include_once($rootPath . '/components/insta_footer.php'); ?>

src/admin/delete_event.php

@@ -0,0 +1,46 @@
+<?php
+$rootPath = dirname(dirname(__DIR__));
+include_once($rootPath . '/header.php');
+checkAdmin();
+
+header('Content-Type: application/json');
+
+$event_id = $_POST['event_id'] ?? null;
+
+if (!$event_id) {
+    echo json_encode(['status' => 'error', 'message' => 'Event ID is required']);
+    exit;
+}
+
+// Get event details to delete associated files
+$stmt = $conn->prepare("SELECT image, promo FROM events WHERE event_id = ?");
+$stmt->bind_param("i", $event_id);
+$stmt->execute();
+$result = $stmt->get_result();
+
+if ($result->num_rows > 0) {
+    $event = $result->fetch_assoc();
+    
+    // Delete image files
+    if ($event['image'] && file_exists($rootPath . '/' . $event['image'])) {
+        unlink($rootPath . '/' . $event['image']);
+    }
+    if ($event['promo'] && file_exists($rootPath . '/' . $event['promo'])) {
+        unlink($rootPath . '/' . $event['promo']);
+    }
+    
+    // Delete from database
+    $delete_stmt = $conn->prepare("DELETE FROM events WHERE event_id = ?");
+    $delete_stmt->bind_param("i", $event_id);
+    
+    if ($delete_stmt->execute()) {
+        echo json_encode(['status' => 'success', 'message' => 'Event deleted successfully']);
+    } else {
+        echo json_encode(['status' => 'error', 'message' => 'Failed to delete event']);
+    }
+    $delete_stmt->close();
+} else {
+    echo json_encode(['status' => 'error', 'message' => 'Event not found']);
+}
+
+$stmt->close();