diff --git a/admin/ad_edit.php b/admin/ad_edit.php
deleted file mode 100644
index 6bb518f..0000000
--- a/admin/ad_edit.php
+++ /dev/null
@@ -1,164 +0,0 @@
-<?php
-require_once __DIR__ . '/../db/config.php';
-$pdo = db();
-
-$id = isset($_GET['id']) ? (int)$_GET['id'] : null;
-$ad = null;
-$message = '';
-$isEdit = false;
-
-if ($id) {
-    $stmt = $pdo->prepare("SELECT * FROM ads_images WHERE id = ?");
-    $stmt->execute([$id]);
-    $ad = $stmt->fetch();
-    if ($ad) {
-        $isEdit = true;
-    } else {
-        header("Location: ads.php");
-        exit;
-    }
-}
-
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $title = trim($_POST['title']);
-    $sort_order = (int)$_POST['sort_order'];
-    $is_active = isset($_POST['is_active']) ? 1 : 0;
-    $display_layout = $_POST['display_layout'] ?? 'both';
-    $image_path = $isEdit ? $ad['image_path'] : null;
-
-    if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
-        $uploadDir = __DIR__ . '/../assets/images/ads/';
-        if (!is_dir($uploadDir)) {
-            mkdir($uploadDir, 0755, true);
-        }
-
-        $fileInfo = pathinfo($_FILES['image']['name']);
-        $fileExt = strtolower($fileInfo['extension']);
-        $allowedExts = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
-
-        if (in_array($fileExt, $allowedExts)) {
-            $fileName = uniqid('ad_') . '.' . $fileExt;
-            $targetFile = $uploadDir . $fileName;
-
-            if (move_uploaded_file($_FILES['image']['tmp_name'], $targetFile)) {
-                $image_path = 'assets/images/ads/' . $fileName;
-            } else {
-                $message = '<div class="alert alert-danger">Failed to upload image.</div>';
-            }
-        } else {
-            $message = '<div class="alert alert-danger">Invalid file type. Allowed: jpg, png, gif, webp.</div>';
-        }
-    }
-
-    if (empty($image_path) && !$isEdit) {
-        $message = '<div class="alert alert-danger">Image is required for new advertisements.</div>';
-    }
-
-    if (empty($message)) {
-        try {
-            if ($isEdit) {
-                $stmt = $pdo->prepare("UPDATE ads_images SET title = ?, sort_order = ?, is_active = ?, display_layout = ?, image_path = ? WHERE id = ?");
-                $stmt->execute([$title, $sort_order, $is_active, $display_layout, $image_path, $id]);
-                header("Location: ads.php?success=updated");
-                exit;
-            } else {
-                $stmt = $pdo->prepare("INSERT INTO ads_images (title, sort_order, is_active, display_layout, image_path) VALUES (?, ?, ?, ?, ?)");
-                $stmt->execute([$title, $sort_order, $is_active, $display_layout, $image_path]);
-                header("Location: ads.php?success=created");
-                exit;
-            }
-        } catch (PDOException $e) {
-            $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
-        }
-    }
-}
-
-if (!$isEdit) {
-    $ad = [
-        'title' => $_POST['title'] ?? '',
-        'sort_order' => $_POST['sort_order'] ?? 0,
-        'is_active' => 1,
-        'display_layout' => 'both',
-        'image_path' => ''
-    ];
-}
-
-include 'includes/header.php';
-?>
-
-<div class="mb-4">
-    <a href="ads.php" class="text-decoration-none text-muted mb-2 d-inline-block"><i class="bi bi-arrow-left"></i> Back to Ads Management</a>
-    <h2 class="fw-bold mb-0"><?= $isEdit ? 'Edit Advertisement' : 'Add New Advertisement' ?></h2>
-</div>
-
-<?= $message ?>
-
-<div class="card border-0 shadow-sm">
-    <div class="card-body">
-        <form method="POST" enctype="multipart/form-data">
-            <div class="row">
-                <div class="col-md-8">
-                    <div class="mb-3">
-                        <label class="form-label">Title / Caption</label>
-                        <input type="text" name="title" class="form-control" value="<?= htmlspecialchars($ad['title'] ?? '') ?>" placeholder="e.g. Special Offer 50% Off">
-                        <div class="form-text">This will be shown as a caption on the image.</div>
-                    </div>
-                    <div class="mb-3">
-                        <label class="form-label">Sort Order</label>
-                        <input type="number" name="sort_order" class="form-control" value="<?= htmlspecialchars($ad['sort_order'] ?? 0) ?>">
-                        <div class="form-text">Lower numbers appear first in the slider.</div>
-                    </div>
-                    
-                    <div class="mb-3">
-                        <label class="form-label d-block">Display Layout Preference</label>
-                        <div class="btn-group w-100" role="group">
-                            <input type="radio" class="btn-check" name="display_layout" id="layout_both" value="both" <?= ($ad['display_layout'] ?? 'both') === 'both' ? 'checked' : '' ?>>
-                            <label class="btn btn-outline-primary" for="layout_both">Both Layouts</label>
-
-                            <input type="radio" class="btn-check" name="display_layout" id="layout_split" value="split" <?= ($ad['display_layout'] ?? 'both') === 'split' ? 'checked' : '' ?>>
-                            <label class="btn btn-outline-primary" for="layout_split">Split View Only</label>
-
-                            <input type="radio" class="btn-check" name="display_layout" id="layout_fullscreen" value="fullscreen" <?= ($ad['display_layout'] ?? 'both') === 'fullscreen' ? 'checked' : '' ?>>
-                            <label class="btn btn-outline-primary" for="layout_fullscreen">Fullscreen Only</label>
-                        </div>
-                        <div class="form-text mt-2">Choose where this advertisement should be visible.</div>
-                    </div>
-
-                    <div class="mb-3">
-                        <div class="form-check form-switch">
-                            <input class="form-check-input" type="checkbox" name="is_active" id="isActiveSwitch" <?= ($ad['is_active'] ?? 1) ? 'checked' : '' ?>>
-                            <label class="form-check-label" for="isActiveSwitch">Active (Show in Slider)</label>
-                        </div>
-                    </div>
-                </div>
-                <div class="col-md-4">
-                    <div class="mb-3">
-                        <label class="form-label">Advertisement Image <span class="text-danger">*</span></label>
-                        <?php if (!empty($ad['image_path'])): ?>
-                            <div class="mb-2">
-                                <img src="../<?= htmlspecialchars($ad['image_path']) ?>" 
-                                     class="img-fluid rounded border shadow-sm" 
-                                     style="max-height: 250px; width: 100%; object-fit: cover;" 
-                                     alt="Ad Image">
-                            </div>
-                        <?php else: ?>
-                            <div class="mb-2 p-5 bg-light text-center border rounded text-muted">
-                                <i class="bi bi-images fs-1"></i><br>No Image Selected
-                            </div>
-                        <?php endif; ?>
-                        
-                        <input type="file" name="image" class="form-control" accept="image/*" <?= !$isEdit ? 'required' : '' ?>>
-                        <div class="form-text">Recommended size: 1920x1080 (HD) or 16:9 aspect ratio.</div>
-                    </div>
-                </div>
-            </div>
-            <hr>
-            <div class="d-flex justify-content-end gap-2">
-                <a href="ads.php" class="btn btn-secondary">Cancel</a>
-                <button type="submit" class="btn btn-primary"><?= $isEdit ? 'Save Changes' : 'Upload Image' ?></button>
-            </div>
-        </form>
-    </div>
-</div>
-
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/ads.php b/admin/ads.php
index 35c3641..895236c 100644
--- a/admin/ads.php
+++ b/admin/ads.php
@@ -1,82 +1,121 @@
 <?php
 require_once __DIR__ . "/../includes/functions.php";
-require_permission("ads_view");
+require_permission("ads");
 require_once __DIR__ . '/../db/config.php';
 $pdo = db();
 
 $message = '';
 
-// Ensure the table exists (idempotent)
-$pdo->exec("CREATE TABLE IF NOT EXISTS ads_images (
-    id INT AUTO_INCREMENT PRIMARY KEY,
-    image_path VARCHAR(255) NOT NULL,
-    title VARCHAR(255) DEFAULT NULL,
-    sort_order INT DEFAULT 0,
-    is_active TINYINT(1) DEFAULT 1,
-    display_layout ENUM('both', 'split', 'fullscreen') DEFAULT 'both',
-    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-)");
+// Handle Add/Edit Promo
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
+    $action = $_POST['action'];
+    $title = trim($_POST['title']);
+    $sort_order = (int)$_POST['sort_order'];
+    $is_active = isset($_POST['is_active']) ? 1 : 0;
+    $display_layout = $_POST['display_layout'] ?? 'both';
+    $id = isset($_POST['id']) ? (int)$_POST['id'] : null;
 
-// Ensure display_layout column exists (for older installations)
-$pdo->exec("ALTER TABLE ads_images ADD COLUMN IF NOT EXISTS display_layout ENUM('both', 'split', 'fullscreen') DEFAULT 'both' AFTER is_active");
-
-if (isset($_GET['delete'])) {
-    if (!has_permission('ads_del')) {
-        $message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to delete advertisements.</div>';
-    } else {
-        $id = $_GET['delete'];
-        
-        // Get image path to delete file
+    $image_path = null;
+    if ($id) {
         $stmt = $pdo->prepare("SELECT image_path FROM ads_images WHERE id = ?");
         $stmt->execute([$id]);
-        $ad = $stmt->fetch();
-        
-        if ($ad) {
-            $fullPath = __DIR__ . '/../' . $ad['image_path'];
-            if (file_exists($fullPath) && is_file($fullPath)) {
-                unlink($fullPath);
+        $image_path = $stmt->fetchColumn();
+    }
+
+    if (isset($_FILES['image']) && $_FILES['image']['error'] !== UPLOAD_ERR_NO_FILE) {
+        if ($_FILES['image']['error'] === UPLOAD_ERR_OK) {
+            $uploadDir = __DIR__ . '/../assets/images/ads/';
+            if (!is_dir($uploadDir)) mkdir($uploadDir, 0755, true);
+            
+            $file_ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
+            if (in_array($file_ext, ['jpg', 'jpeg', 'png', 'gif', 'webp'])) {
+                $new_file_name = uniqid('promo_') . '.' . $file_ext;
+                if (move_uploaded_file($_FILES['image']['tmp_name'], $uploadDir . $new_file_name)) {
+                    $image_path = 'assets/images/ads/' . $new_file_name;
+                } else {
+                    $message = '<div class="alert alert-danger">Failed to move uploaded file.</div>';
+                }
+            } else {
+                $message = '<div class="alert alert-danger">Invalid file type.</div>';
             }
+        } else {
+            $message = '<div class="alert alert-danger">File upload error.</div>';
+        }
+    }
+
+    if (empty($image_path) && $action === 'add_promo' && empty($message)) {
+        $message = '<div class="alert alert-danger">Image is required for new advertisements.</div>';
+    }
+
+    if (empty($message)) {
+        try {
+            if ($action === 'edit_promo' && $id) {
+                if (!has_permission('ads')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("UPDATE ads_images SET title = ?, sort_order = ?, is_active = ?, display_layout = ?, image_path = ? WHERE id = ?");
+                    $stmt->execute([$title, $sort_order, $is_active, $display_layout, $image_path, $id]);
+                    $message = '<div class="alert alert-success">Advertisement updated successfully!</div>';
+                }
+            } elseif ($action === 'add_promo') {
+                if (!has_permission('ads')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("INSERT INTO ads_images (title, sort_order, is_active, display_layout, image_path) VALUES (?, ?, ?, ?, ?)");
+                    $stmt->execute([$title, $sort_order, $is_active, $display_layout, $image_path]);
+                    $message = '<div class="alert alert-success">Advertisement created successfully!</div>';
+                }
+            }
+        } catch (PDOException $e) {
+            $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
+        }
+    }
+}
+
+if (isset($_GET['delete'])) {
+    if (!has_permission('ads')) {
+        $message = '<div class="alert alert-danger">Access Denied.</div>';
+    } else {
+        $id = $_GET['delete'];
+        $stmt = $pdo->prepare("SELECT image_path FROM ads_images WHERE id = ?");
+        $stmt->execute([$id]);
+        $promo = $stmt->fetch();
+        if ($promo) {
+            $fullPath = __DIR__ . '/../' . $promo['image_path'];
+            if (file_exists($fullPath) && is_file($fullPath)) unlink($fullPath);
             $pdo->prepare("DELETE FROM ads_images WHERE id = ?")->execute([$id]);
         }
-        
         header("Location: ads.php");
         exit;
     }
 }
 
 $query = "SELECT * FROM ads_images ORDER BY sort_order ASC, created_at DESC";
-$ads_pagination = paginate_query($pdo, $query);
-$ads = $ads_pagination['data'];
+$promos_pagination = paginate_query($pdo, $query);
+$promos = $promos_pagination['data'];
 
 include 'includes/header.php';
 ?>
 
 <div class="d-flex justify-content-between align-items-center mb-4">
     <div>
-        <h2 class="fw-bold mb-0">Advertisement Slider</h2>
-        <p class="text-muted mb-0">Manage pictures for the public ads display page.</p>
+        <h2 class="fw-bold mb-0 text-dark">Advertisement Slider</h2>
+        <p class="text-muted mb-0">Manage pictures for the public display page.</p>
     </div>
-    <?php if (has_permission('ads_add')): ?>
-    <a href="ad_edit.php" class="btn btn-primary">
-        <i class="bi bi-plus-lg"></i> Add Image
-    </a>
+    <?php if (has_permission('ads')): ?>
+    <button class="btn btn-primary btn-lg shadow-sm px-4" data-bs-toggle="modal" data-bs-target="#promoModal" onclick="preparePromoAddForm()" style="border-radius: 10px;">
+        <i class="bi bi-plus-lg me-1"></i> Add Image
+    </button>
     <?php endif; ?>
 </div>
 
 <?= $message ?>
 
-<div class="alert alert-info border-0 shadow-sm d-flex align-items-center">
-    <i class="bi bi-info-circle-fill me-3 fs-4"></i>
-    <div>
-        These images will be displayed in a slider on the <strong><a href="../ads.php" target="_blank" class="alert-link">ads.php</a></strong> page.
-        You can now choose to show specific images in <strong>Split View</strong> or <strong>Fullscreen</strong> layout.
-    </div>
-</div>
-
-<div class="card border-0 shadow-sm">
+<div class="card border-0 shadow-sm rounded-4 overflow-hidden">
     <div class="card-body p-0">
-        <div class="p-3 border-bottom bg-light">
-             <?php render_pagination_controls($ads_pagination); ?>
+        <div class="p-3 border-bottom bg-light d-flex justify-content-between align-items-center">
+             <h6 class="mb-0 fw-bold">Items List</h6>
+             <?php render_pagination_controls($promos_pagination); ?>
         </div>
         <div class="table-responsive">
             <table class="table table-hover align-middle mb-0">
@@ -91,66 +130,152 @@ include 'includes/header.php';
                     </tr>
                 </thead>
                 <tbody>
-                    <?php foreach ($ads as $ad): ?>
+                    <?php foreach ($promos as $promo): ?>
                     <tr>
-                        <td class="ps-4 fw-medium"><?= $ad['sort_order'] ?></td>
+                        <td class="ps-4 fw-medium text-dark"><?= $promo['sort_order'] ?></td>
                         <td>
-                            <img src="../<?= htmlspecialchars($ad['image_path']) ?>" 
+                            <?php if (!empty($promo['image_path'])): ?>
+                            <img src="../<?= htmlspecialchars($promo['image_path']) ?>" 
                                  class="rounded object-fit-cover border shadow-sm" 
-                                 width="120" height="70" 
-                                 alt="<?= htmlspecialchars($ad['title'] ?? '') ?>">
+                                 width="120" height="70">
+                            <?php else: ?>
+                            <div class="bg-light rounded border d-flex align-items-center justify-content-center text-muted" style="width: 120px; height: 70px;">No Image</div>
+                            <?php endif; ?>
                         </td>
                         <td>
-                            <div class="fw-bold"><?= htmlspecialchars($ad['title'] ?: 'No title') ?></div>
-                            <small class="text-muted"><?= htmlspecialchars($ad['image_path']) ?></small>
+                            <div class="fw-bold text-dark"><?= htmlspecialchars($promo['title'] ?: 'No title') ?></div>
                         </td>
                         <td>
                             <?php
                             $layoutLabel = 'Both';
                             $layoutClass = 'bg-primary-subtle text-primary';
-                            if ($ad['display_layout'] === 'split') {
-                                $layoutLabel = 'Split Only';
-                                $layoutClass = 'bg-info-subtle text-info';
-                            } elseif ($ad['display_layout'] === 'fullscreen') {
-                                $layoutLabel = 'Fullscreen Only';
-                                $layoutClass = 'bg-warning-subtle text-warning';
+                            if (isset($promo['display_layout'])) {
+                                if ($promo['display_layout'] === 'split') {
+                                    $layoutLabel = 'Split Only';
+                                    $layoutClass = 'bg-info-subtle text-info';
+                                } elseif ($promo['display_layout'] === 'fullscreen') {
+                                    $layoutLabel = 'Fullscreen Only';
+                                    $layoutClass = 'bg-warning-subtle text-warning';
+                                }
                             }
                             ?>
                             <span class="badge <?= $layoutClass ?> px-3"><?= $layoutLabel ?></span>
                         </td>
                         <td>
-                            <?php if ($ad['is_active']): ?>
+                            <?php if (isset($promo['is_active']) && $promo['is_active']): ?>
                                 <span class="badge bg-success-subtle text-success px-3">Active</span>
                             <?php else: ?>
                                 <span class="badge bg-secondary-subtle text-secondary px-3">Inactive</span>
                             <?php endif; ?>
                         </td>
                         <td class="text-end pe-4">
-                            <?php if (has_permission('ads_add')): ?>
-                            <a href="ad_edit.php?id=<?= $ad['id'] ?>" class="btn btn-sm btn-outline-primary me-1"><i class="bi bi-pencil"></i></a>
-                            <?php endif; ?>
-                            
-                            <?php if (has_permission('ads_del')): ?>
-                            <a href="?delete=<?= $ad['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this image?')"><i class="bi bi-trash"></i></a>
+                            <?php if (has_permission('ads')): ?>
+                            <button type="button" class="btn btn-sm btn-outline-primary rounded-pill px-3 me-1" 
+                                    data-bs-toggle="modal" data-bs-target="#promoModal"
+                                    onclick='preparePromoEditForm(<?= htmlspecialchars(json_encode($promo), ENT_QUOTES, "UTF-8") ?>)'>
+                                    <i class="bi bi-pencil me-1"></i> Edit
+                            </button>
+                            <a href="?delete=<?= $promo['id'] ?>" class="btn btn-sm btn-outline-danger rounded-pill px-3" onclick="return confirm('Are you sure?')"><i class="bi bi-trash me-1"></i> Delete</a>
                             <?php endif; ?>
                         </td>
                     </tr>
                     <?php endforeach; ?>
-                    <?php if (empty($ads)): ?>
-                        <tr>
-                            <td colspan="6" class="text-center py-5 text-muted">
-                                <i class="bi bi-images fs-1 d-block mb-3"></i>
-                                No advertisement images found. Click "Add Image" to get started.
-                            </td>
-                        </tr>
-                    <?php endif; ?>
                 </tbody>
             </table>
         </div>
         <div class="p-3 border-top bg-light">
-             <?php render_pagination_controls($ads_pagination); ?>
+             <?php render_pagination_controls($promos_pagination); ?>
         </div>
     </div>
 </div>
 
+<!-- Promo Modal -->
+<?php if (has_permission('ads')): ?>
+<div class="modal fade" id="promoModal" tabindex="-1" aria-hidden="true">
+    <div class="modal-dialog modal-dialog-centered">
+        <div class="modal-content border-0 shadow-lg rounded-4">
+            <div class="modal-header bg-primary text-white border-0">
+                <h5 class="modal-title fw-bold" id="promoModalTitle">Add New Item</h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
+            </div>
+            <form method="POST" id="promoForm" enctype="multipart/form-data">
+                <div class="modal-body p-4">
+                    <input type="hidden" name="action" id="promoAction" value="add_promo">
+                    <input type="hidden" name="id" id="promoId">
+                    
+                    <div class="mb-4 text-center" id="promoImagePreviewContainer" style="display: none;">
+                        <img src="" id="promoImagePreview" class="img-fluid rounded shadow-sm border" style="max-height: 200px;">
+                    </div>
+
+                    <div class="mb-3">
+                        <label class="form-label small fw-bold text-muted">TITLE / CAPTION</label>
+                        <input type="text" name="title" id="promoTitle" class="form-control" placeholder="e.g. Special Offer">
+                    </div>
+                    <div class="row g-3 mb-3">
+                        <div class="col-6">
+                            <label class="form-label small fw-bold text-muted">SORT ORDER</label>
+                            <input type="number" name="sort_order" id="promoSortOrder" class="form-control" value="0">
+                        </div>
+                        <div class="col-6">
+                            <label class="form-label small fw-bold text-muted">DISPLAY LAYOUT</label>
+                            <select name="display_layout" id="promoDisplayLayout" class="form-select">
+                                <option value="both">Both Layouts</option>
+                                <option value="split">Split Only</option>
+                                <option value="fullscreen">Fullscreen</option>
+                            </select>
+                        </div>
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label small fw-bold text-muted">IMAGE FILE</label>
+                        <input type="file" name="image" id="promoImageFile" class="form-control" accept="image/*">
+                        <small class="text-muted mt-1 d-block" id="promoImageHint">Required for new images.</small>
+                    </div>
+                    <div class="mb-0 form-check form-switch">
+                        <input class="form-check-input" type="checkbox" name="is_active" id="promoIsActive" value="1" checked>
+                        <label class="form-check-label fw-medium text-dark" for="promoIsActive">Active (Show in Slider)</label>
+                    </div>
+                </div>
+                <div class="modal-footer border-0 p-4 pt-0">
+                    <button type="button" class="btn btn-light rounded-pill px-4" data-bs-dismiss="modal">Cancel</button>
+                    <button type="submit" class="btn btn-primary rounded-pill px-4 fw-bold shadow-sm">Save Changes</button>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+
+<script>
+function preparePromoAddForm() {
+    document.getElementById('promoModalTitle').innerText = 'Add New Item';
+    document.getElementById('promoAction').value = 'add_promo';
+    document.getElementById('promoForm').reset();
+    document.getElementById('promoId').value = '';
+    document.getElementById('promoImagePreviewContainer').style.display = 'none';
+    document.getElementById('promoImageHint').innerText = 'Required for new images.';
+    document.getElementById('promoImageFile').required = true;
+}
+
+function preparePromoEditForm(data) {
+    if (!data) return;
+    document.getElementById('promoModalTitle').innerText = 'Edit Item';
+    document.getElementById('promoAction').value = 'edit_promo';
+    document.getElementById('promoId').value = data.id;
+    document.getElementById('promoTitle').value = data.title || '';
+    document.getElementById('promoSortOrder').value = data.sort_order || 0;
+    document.getElementById('promoDisplayLayout').value = data.display_layout || 'both';
+    document.getElementById('promoIsActive').checked = data.is_active == 1;
+    document.getElementById('promoImageHint').innerText = 'Leave empty to keep current image.';
+    document.getElementById('promoImageFile').required = false;
+    
+    if (data.image_path) {
+        const preview = document.getElementById('promoImagePreview');
+        preview.src = '../' + data.image_path;
+        document.getElementById('promoImagePreviewContainer').style.display = 'block';
+    } else {
+        document.getElementById('promoImagePreviewContainer').style.display = 'none';
+    }
+}
+</script>
+<?php endif; ?>
+
 <?php include 'includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/area_edit.php b/admin/area_edit.php
deleted file mode 100644
index fd089f9..0000000
--- a/admin/area_edit.php
+++ /dev/null
@@ -1,74 +0,0 @@
-<?php
-require_once __DIR__ . '/../db/config.php';
-$pdo = db();
-
-$id = $_GET['id'] ?? null;
-if (!$id) {
-    header('Location: areas.php');
-    exit;
-}
-
-// Handle Form Submission
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $name = $_POST['name'] ?? '';
-    $outlet_id = $_POST['outlet_id'] ?? '';
-
-    if ($name && $outlet_id) {
-        $stmt = $pdo->prepare("UPDATE areas SET name = ?, outlet_id = ? WHERE id = ?");
-        $stmt->execute([$name, $outlet_id, $id]);
-        header('Location: areas.php');
-        exit;
-    }
-}
-
-// Fetch Area Details
-$stmt = $pdo->prepare("SELECT * FROM areas WHERE id = ?");
-$stmt->execute([$id]);
-$area = $stmt->fetch();
-
-if (!$area) {
-    die("Area not found.");
-}
-
-// Fetch Outlets for Dropdown
-$outlets = $pdo->query("SELECT id, name FROM outlets ORDER BY name ASC")->fetchAll();
-
-include 'includes/header.php';
-?>
-
-<div class="d-flex justify-content-between align-items-center mb-4">
-    <h2 class="fw-bold mb-0">Edit Area</h2>
-    <a href="areas.php" class="btn btn-outline-secondary">
-        <i class="bi bi-arrow-left"></i> Back
-    </a>
-</div>
-
-<div class="card border-0 shadow-sm">
-    <div class="card-body">
-        <form method="POST">
-            <div class="mb-3">
-                <label class="form-label">Name</label>
-                <input type="text" name="name" class="form-control" value="<?= htmlspecialchars($area['name']) ?>" required>
-            </div>
-            
-            <div class="mb-3">
-                <label class="form-label">Outlet</label>
-                <select name="outlet_id" class="form-select" required>
-                    <option value="">Select Outlet</option>
-                    <?php foreach ($outlets as $outlet): ?>
-                    <option value="<?= $outlet['id'] ?>" <?= $outlet['id'] == $area['outlet_id'] ? 'selected' : '' ?>>
-                        <?= htmlspecialchars($outlet['name']) ?>
-                    </option>
-                    <?php endforeach; ?>
-                </select>
-            </div>
-
-            <div class="d-flex justify-content-end gap-2">
-                <a href="areas.php" class="btn btn-light">Cancel</a>
-                <button type="submit" class="btn btn-primary">Update Area</button>
-            </div>
-        </form>
-    </div>
-</div>
-
-<?php include 'includes/footer.php'; ?>
diff --git a/admin/areas.php b/admin/areas.php
index 76cd92c..cce2a30 100644
--- a/admin/areas.php
+++ b/admin/areas.php
@@ -6,46 +6,68 @@ $pdo = db();
 
 $message = '';
 
-if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_area') {
-    if (!has_permission('areas_add')) {
-        $message = '<div class="alert alert-danger">Access Denied: You do not have permission to add areas.</div>';
+// Handle Add/Edit Area
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
+    $action = $_POST['action'];
+    $name = trim($_POST['name']);
+    $outlet_id = (int)$_POST['outlet_id'];
+    $id = isset($_POST['id']) ? (int)$_POST['id'] : null;
+
+    if (empty($name)) {
+        $message = '<div class="alert alert-danger">Area name is required.</div>';
     } else {
-        $stmt = $pdo->prepare("INSERT INTO areas (outlet_id, name) VALUES (?, ?)");
-        $stmt->execute([$_POST['outlet_id'], $_POST['name']]);
-        header("Location: areas.php");
-        exit;
+        try {
+            if ($action === 'edit_area' && $id) {
+                if (!has_permission('areas_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("UPDATE areas SET name = ?, outlet_id = ? WHERE id = ?");
+                    $stmt->execute([$name, $outlet_id, $id]);
+                    $message = '<div class="alert alert-success">Area updated successfully!</div>';
+                }
+            } elseif ($action === 'add_area') {
+                if (!has_permission('areas_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("INSERT INTO areas (name, outlet_id) VALUES (?, ?)");
+                    $stmt->execute([$name, $outlet_id]);
+                    $message = '<div class="alert alert-success">Area created successfully!</div>';
+                }
+            }
+        } catch (PDOException $e) {
+            $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
+        }
     }
 }
 
+// Handle Delete
 if (isset($_GET['delete'])) {
     if (!has_permission('areas_del')) {
         $message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete areas.</div>';
     } else {
-        $pdo->prepare("DELETE FROM areas WHERE id = ?")->execute([$_GET['delete']]);
+        $id = $_GET['delete'];
+        $pdo->prepare("DELETE FROM areas WHERE id = ?")->execute([$id]);
         header("Location: areas.php");
         exit;
     }
 }
 
-// Fetch areas with outlet names
-$query = "SELECT areas.*, outlets.name as outlet_name 
-    FROM areas 
-    LEFT JOIN outlets ON areas.outlet_id = outlets.id 
-    ORDER BY areas.id DESC";
-    
+$outlets = $pdo->query("SELECT * FROM outlets ORDER BY name ASC")->fetchAll();
+
+$query = "SELECT a.*, o.name as outlet_name 
+          FROM areas a 
+          LEFT JOIN outlets o ON a.outlet_id = o.id 
+          ORDER BY a.id DESC";
 $areas_pagination = paginate_query($pdo, $query);
 $areas = $areas_pagination['data'];
 
-// Fetch outlets for dropdown
-$outlets = $pdo->query("SELECT id, name FROM outlets ORDER BY name ASC")->fetchAll();
-
 include 'includes/header.php';
 ?>
 
 <div class="d-flex justify-content-between align-items-center mb-4">
     <h2 class="fw-bold mb-0">Areas</h2>
     <?php if (has_permission('areas_add')): ?>
-    <button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#addAreaModal">
+    <button class="btn btn-primary" onclick="openAddModal()">
         <i class="bi bi-plus-lg"></i> Add Area
     </button>
     <?php endif; ?>
@@ -66,7 +88,7 @@ include 'includes/header.php';
                         <th class="ps-4">ID</th>
                         <th>Name</th>
                         <th>Outlet</th>
-                        <th>Actions</th>
+                        <th class="text-end pe-4">Actions</th>
                     </tr>
                 </thead>
                 <tbody>
@@ -74,22 +96,23 @@ include 'includes/header.php';
                     <tr>
                         <td class="ps-4 fw-medium">#<?= $area['id'] ?></td>
                         <td class="fw-bold"><?= htmlspecialchars($area['name']) ?></td>
-                        <td><span class="badge bg-info text-dark"><?= htmlspecialchars($area['outlet_name'] ?? 'N/A') ?></span></td>
-                        <td>
+                        <td><span class="badge bg-light text-dark border"><?= htmlspecialchars($area['outlet_name'] ?: 'None') ?></span></td>
+                        <td class="text-end pe-4">
                             <?php if (has_permission('areas_add')): ?>
-                            <a href="area_edit.php?id=<?= $area['id'] ?>" class="btn btn-sm btn-outline-primary me-1" title="Edit"><i class="bi bi-pencil"></i></a>
+                            <button type="button" class="btn btn-sm btn-outline-primary me-1" 
+                                    onclick='openEditModal(<?= htmlspecialchars(json_encode($area), ENT_QUOTES, "UTF-8") ?>)' title="Edit"><i class="bi bi-pencil"></i></button>
                             <?php endif; ?>
                             
                             <?php if (has_permission('areas_del')): ?>
-                            <a href="?delete=<?= $area['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this area?')" title="Delete"><i class="bi bi-trash"></i></a>
+                            <a href="?delete=<?= $area['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this area and all its tables?')"><i class="bi bi-trash"></i></a>
                             <?php endif; ?>
                         </td>
                     </tr>
                     <?php endforeach; ?>
                     <?php if (empty($areas)): ?>
-                    <tr>
-                        <td colspan="4" class="text-center py-4 text-muted">No areas found. Add one to get started.</td>
-                    </tr>
+                        <tr>
+                            <td colspan="4" class="text-center py-4 text-muted">No areas found.</td>
+                        </tr>
                     <?php endif; ?>
                 </tbody>
             </table>
@@ -101,28 +124,29 @@ include 'includes/header.php';
     </div>
 </div>
 
-<!-- Add Area Modal -->
+<!-- Area Modal -->
 <?php if (has_permission('areas_add')): ?>
-<div class="modal fade" id="addAreaModal" tabindex="-1">
+<div class="modal fade" id="areaModal" tabindex="-1" aria-hidden="true">
     <div class="modal-dialog">
         <div class="modal-content">
-            <div class="modal-header">
-                <h5 class="modal-title">Add Area</h5>
-                <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
+            <div class="modal-header bg-primary text-white">
+                <h5 class="modal-title" id="areaModalTitle">Add New Area</h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
             </div>
-            <form method="POST">
+            <form method="POST" id="areaForm">
                 <div class="modal-body">
-                    <input type="hidden" name="action" value="add_area">
+                    <input type="hidden" name="action" id="areaAction" value="add_area">
+                    <input type="hidden" name="id" id="areaId">
                     <div class="mb-3">
-                        <label class="form-label">Name</label>
-                        <input type="text" name="name" class="form-control" placeholder="e.g. Main Hall, Patio" required>
+                        <label class="form-label">Name <span class="text-danger">*</span></label>
+                        <input type="text" name="name" id="areaName" class="form-control" required>
                     </div>
                     <div class="mb-3">
-                        <label class="form-label">Outlet</label>
-                        <select name="outlet_id" class="form-select" required>
+                        <label class="form-label">Outlet <span class="text-danger">*</span></label>
+                        <select name="outlet_id" id="areaOutletId" class="form-select" required>
                             <option value="">Select Outlet</option>
                             <?php foreach ($outlets as $outlet): ?>
-                            <option value="<?= $outlet['id'] ?>"><?= htmlspecialchars($outlet['name']) ?></option>
+                                <option value="<?= $outlet['id'] ?>"><?= htmlspecialchars($outlet['name']) ?></option>
                             <?php endforeach; ?>
                         </select>
                     </div>
@@ -135,6 +159,39 @@ include 'includes/header.php';
         </div>
     </div>
 </div>
+
+<script>
+function getAreaModal() {
+    if (typeof bootstrap === 'undefined') return null;
+    const el = document.getElementById('areaModal');
+    return el ? bootstrap.Modal.getOrCreateInstance(el) : null;
+}
+
+function openAddModal() {
+    const modal = getAreaModal();
+    if (!modal) return;
+    
+    document.getElementById('areaModalTitle').innerText = 'Add New Area';
+    document.getElementById('areaAction').value = 'add_area';
+    document.getElementById('areaForm').reset();
+    document.getElementById('areaId').value = '';
+    modal.show();
+}
+
+function openEditModal(area) {
+    if (!area) return;
+    const modal = getAreaModal();
+    if (!modal) return;
+    
+    document.getElementById('areaModalTitle').innerText = 'Edit Area';
+    document.getElementById('areaAction').value = 'edit_area';
+    document.getElementById('areaId').value = area.id;
+    document.getElementById('areaName').value = area.name || '';
+    document.getElementById('areaOutletId').value = area.outlet_id || '';
+    
+    modal.show();
+}
+</script>
 <?php endif; ?>
 
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
+<?php include 'includes/footer.php'; ?>
diff --git a/admin/backup.php b/admin/backup.php
new file mode 100644
index 0000000..8d127e7
--- /dev/null
+++ b/admin/backup.php
@@ -0,0 +1,215 @@
+<?php
+require_once __DIR__ . "/../includes/functions.php";
+require_permission("settings_view");
+require_once __DIR__ . '/../db/config.php';
+$pdo = db();
+
+$backupDir = __DIR__ . '/../storage/backups/';
+if (!is_dir($backupDir)) {
+    mkdir($backupDir, 0777, true);
+}
+
+$message = '';
+
+// Retention policy: keep 5 copies
+function enforceRetention($dir) {
+    $files = glob($dir . '/*.sql');
+    if (count($files) > 5) {
+        usort($files, function($a, $b) {
+            return filemtime($a) - filemtime($b);
+        });
+        while (count($files) > 5) {
+            $oldest = array_shift($files);
+            unlink($oldest);
+        }
+    }
+}
+
+// Handle actions
+$action = $_GET['action'] ?? '';
+
+if ($action === 'backup') {
+    $filename = 'backup_' . date('Y-m-d_H-i-s') . '.sql';
+    $path = $backupDir . $filename;
+    
+    $command = sprintf(
+        'mysqldump -h %s -u %s -p%s %s > %s',
+        escapeshellarg(DB_HOST),
+        escapeshellarg(DB_USER),
+        escapeshellarg(DB_PASS),
+        escapeshellarg(DB_NAME),
+        escapeshellarg($path)
+    );
+    
+    exec($command, $output, $returnVar);
+    
+    if ($returnVar === 0) {
+        enforceRetention($backupDir);
+        $message = '<div class="alert alert-success">Backup created successfully: ' . $filename . '</div>';
+    } else {
+        $message = '<div class="alert alert-danger">Error creating backup.</div>';
+    }
+} elseif ($action === 'download' && isset($_GET['file'])) {
+    $file = basename($_GET['file']);
+    $path = $backupDir . $file;
+    if (file_exists($path)) {
+        header('Content-Description: File Transfer');
+        header('Content-Type: application/octet-stream');
+        header('Content-Disposition: attachment; filename="' . $file . '"');
+        header('Expires: 0');
+        header('Cache-Control: must-revalidate');
+        header('Pragma: public');
+        header('Content-Length: ' . filesize($path));
+        readfile($path);
+        exit;
+    }
+} elseif ($action === 'delete' && isset($_GET['file'])) {
+    $file = basename($_GET['file']);
+    $path = $backupDir . $file;
+    if (file_exists($path)) {
+        unlink($path);
+        $message = '<div class="alert alert-success">Backup deleted.</div>';
+    }
+} elseif ($action === 'restore' && isset($_GET['file'])) {
+    $file = basename($_GET['file']);
+    $path = $backupDir . $file;
+    if (file_exists($path)) {
+        $command = sprintf(
+            'mysql -h %s -u %s -p%s %s < %s',
+            escapeshellarg(DB_HOST),
+            escapeshellarg(DB_USER),
+            escapeshellarg(DB_PASS),
+            escapeshellarg(DB_NAME),
+            escapeshellarg($path)
+        );
+        exec($command, $output, $returnVar);
+        if ($returnVar === 0) {
+            $message = '<div class="alert alert-success">Database restored successfully from ' . $file . '</div>';
+        } else {
+            $message = '<div class="alert alert-danger">Error restoring database.</div>';
+        }
+    }
+} elseif ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['toggle_auto'])) {
+    $status = $_POST['auto_backup_enabled'] ? 1 : 0;
+    $stmt = $pdo->prepare("UPDATE company_settings SET auto_backup_enabled = ?, updated_at = NOW() LIMIT 1");
+    $stmt->execute([$status]);
+    $message = '<div class="alert alert-success">Auto backup settings updated.</div>';
+}
+
+$settings = get_company_settings();
+$backups = glob($backupDir . '*.sql');
+usort($backups, function($a, $b) {
+    return filemtime($b) - filemtime($a);
+});
+
+include 'includes/header.php';
+?>
+
+<div class="d-flex justify-content-between align-items-center mb-4">
+    <h2 class="fw-bold mb-0">Backup & Restore</h2>
+    <a href="?action=backup" class="btn btn-primary">
+        <i class="bi bi-cloud-arrow-up"></i> Create Manual Backup
+    </a>
+</div>
+
+<?= $message ?>
+
+<div class="row">
+    <div class="col-md-4 mb-4">
+        <div class="card border-0 shadow-sm h-100">
+            <div class="card-body">
+                <h5 class="card-title fw-bold mb-3">Settings</h5>
+                <form method="POST">
+                    <input type="hidden" name="toggle_auto" value="1">
+                    <div class="form-check form-switch mb-3">
+                        <input class="form-check-input" type="checkbox" name="auto_backup_enabled" id="autoBackupSwitch" <?= ($settings['auto_backup_enabled'] ?? 0) ? 'checked' : '' ?> onchange="this.form.submit()">
+                        <label class="form-check-label" for="autoBackupSwitch">Enable Auto Backup (Daily)</label>
+                    </div>
+                    <p class="text-muted small">
+                        Auto backup runs once a day when you access the admin panel. 
+                        It keeps exactly 5 latest copies.
+                    </p>
+                    <?php if ($settings['last_auto_backup']): ?>
+                    <div class="alert alert-info py-2 small mb-0">
+                        Last auto backup: <?= date('Y-m-d H:i', strtotime($settings['last_auto_backup'])) ?>
+                    </div>
+                    <?php endif; ?>
+                </form>
+            </div>
+        </div>
+    </div>
+    
+    <div class="col-md-8 mb-4">
+        <div class="card border-0 shadow-sm">
+            <div class="card-body">
+                <h5 class="card-title fw-bold mb-3">Available Backups (Max 5)</h5>
+                <div class="table-responsive">
+                    <table class="table table-hover align-middle">
+                        <thead class="table-light">
+                            <tr>
+                                <th>Filename</th>
+                                <th>Date</th>
+                                <th>Size</th>
+                                <th class="text-end">Actions</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <?php if (empty($backups)): ?>
+                            <tr>
+                                <td colspan="4" class="text-center py-4 text-muted">No backups found.</td>
+                            </tr>
+                            <?php else: ?>
+                                <?php foreach ($backups as $path): ?>
+                                <?php 
+                                    $file = basename($path);
+                                    $size = round(filesize($path) / 1024, 2) . ' KB';
+                                    $date = date('Y-m-d H:i:s', filemtime($path));
+                                ?>
+                                <tr>
+                                    <td><code class="text-primary"><?= $file ?></code></td>
+                                    <td><?= $date ?></td>
+                                    <td><?= $size ?></td>
+                                    <td class="text-end">
+                                        <div class="btn-group gap-1">
+                                            <a href="?action=download&file=<?= urlencode($file) ?>" class="btn btn-sm btn-outline-secondary rounded" title="Download">
+                                                <i class="bi bi-download"></i>
+                                            </a>
+                                            <button onclick="confirmRestore('<?= $file ?>')" class="btn btn-sm btn-outline-warning rounded" title="Restore">
+                                                <i class="bi bi-arrow-counterclockwise"></i>
+                                            </button>
+                                            <a href="?action=delete&file=<?= urlencode($file) ?>" class="btn btn-sm btn-outline-danger rounded" title="Delete" onclick="return confirm('Are you sure?')">
+                                                <i class="bi bi-trash"></i>
+                                            </a>
+                                        </div>
+                                    </td>
+                                </tr>
+                                <?php endforeach; ?>
+                            <?php endif; ?>
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<script>
+function confirmRestore(file) {
+    Swal.fire({
+        title: 'Restore Database?',
+        text: "This will overwrite your current database with the backup from " + file + ". This action cannot be undone!",
+        icon: 'warning',
+        showCancelButton: true,
+        confirmButtonColor: '#ffc107',
+        cancelButtonColor: '#6c757d',
+        confirmButtonText: 'Yes, Restore it!',
+        cancelButtonText: 'Cancel'
+    }).then((result) => {
+        if (result.isConfirmed) {
+            window.location.href = '?action=restore&file=' + encodeURIComponent(file);
+        }
+    });
+}
+</script>
+
+<?php include 'includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/categories.php b/admin/categories.php
index 7758e83..e58a544 100644
--- a/admin/categories.php
+++ b/admin/categories.php
@@ -1,15 +1,68 @@
 <?php
-require_once __DIR__ . "/../includes/functions.php";
-require_permission("categories_view");
 require_once __DIR__ . '/../db/config.php';
+require_once __DIR__ . '/../includes/functions.php';
+
 $pdo = db();
+require_permission('categories_view');
 
 $message = '';
 
+// Handle Add/Edit Category
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
+    $action = $_POST['action'];
+    $id = isset($_POST['id']) ? (int)$_POST['id'] : null;
+    $name = $_POST['name'];
+    $description = $_POST['description'];
+
+    $image_url = null;
+    if ($id) {
+        $stmt = $pdo->prepare("SELECT image_url FROM categories WHERE id = ?");
+        $stmt->execute([$id]);
+        $image_url = $stmt->fetchColumn();
+    } else {
+        $image_url = 'https://placehold.co/400x300?text=' . urlencode($name);
+    }
+
+    if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
+        $uploadDir = __DIR__ . '/../assets/images/categories/';
+        if (!is_dir($uploadDir)) mkdir($uploadDir, 0755, true);
+        
+        $file_ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
+        if (in_array($file_ext, ['jpg', 'jpeg', 'png', 'gif', 'webp'])) {
+            $fileName = uniqid('cat_') . '.' . $file_ext;
+            if (move_uploaded_file($_FILES['image']['tmp_name'], $uploadDir . $fileName)) {
+                $image_url = 'assets/images/categories/' . $fileName;
+            }
+        }
+    }
+
+    try {
+        if ($action === 'edit_category' && $id) {
+            if (!has_permission('categories_edit') && !has_permission('categories_add')) {
+                $message = '<div class="alert alert-danger">Access Denied: You do not have permission to edit categories.</div>';
+            } else {
+                $stmt = $pdo->prepare("UPDATE categories SET name = ?, description = ?, image_url = ? WHERE id = ?");
+                $stmt->execute([$name, $description, $image_url, $id]);
+                $message = '<div class="alert alert-success">Category updated successfully!</div>';
+            }
+        } elseif ($action === 'add_category') {
+            if (!has_permission('categories_add')) {
+                $message = '<div class="alert alert-danger">Access Denied: You do not have permission to add categories.</div>';
+            } else {
+                $stmt = $pdo->prepare("INSERT INTO categories (name, description, image_url) VALUES (?, ?, ?)");
+                $stmt->execute([$name, $description, $image_url]);
+                $message = '<div class="alert alert-success">Category created successfully!</div>';
+            }
+        }
+    } catch (PDOException $e) {
+        $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
+    }
+}
+
 // Handle Delete
 if (isset($_GET['delete'])) {
     if (!has_permission('categories_del')) {
-        $message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to delete categories.</div>';
+        $message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete categories.</div>';
     } else {
         $id = $_GET['delete'];
         $pdo->prepare("DELETE FROM categories WHERE id = ?")->execute([$id]);
@@ -18,7 +71,7 @@ if (isset($_GET['delete'])) {
     }
 }
 
-$query = "SELECT * FROM categories ORDER BY sort_order ASC, name ASC";
+$query = "SELECT * FROM categories ORDER BY name ASC";
 $categories_pagination = paginate_query($pdo, $query);
 $categories = $categories_pagination['data'];
 
@@ -26,75 +79,141 @@ include 'includes/header.php';
 ?>
 
 <div class="d-flex justify-content-between align-items-center mb-4">
-    <h2 class="fw-bold mb-0">Categories</h2>
+    <div>
+        <h2 class="fw-bold mb-1">Product Categories</h2>
+        <p class="text-muted mb-0">Organize your menu and inventory</p>
+    </div>
     <?php if (has_permission('categories_add')): ?>
-    <a href="category_edit.php" class="btn btn-primary">
-        <i class="bi bi-plus-lg"></i> Add Category
-    </a>
+    <button class="btn btn-primary btn-lg shadow-sm" data-bs-toggle="modal" data-bs-target="#categoryModal" onclick="prepareAddForm()" style="border-radius: 12px;">
+        <i class="bi bi-plus-lg me-1"></i> Add Category
+    </button>
     <?php endif; ?>
 </div>
 
 <?= $message ?>
 
-<div class="card border-0 shadow-sm">
-    <div class="card-body p-0">
-        <!-- Pagination Controls -->
-        <div class="p-3 border-bottom bg-light">
-             <?php render_pagination_controls($categories_pagination); ?>
-        </div>
+<?php if (empty($categories)): ?>
+    <div class="text-center py-5 bg-white rounded-4 shadow-sm">
+        <i class="bi bi-tags display-1 text-muted opacity-25 mb-3 d-block"></i>
+        <h4 class="text-dark">No categories found</h4>
+        <p class="text-muted">Start by adding your first category.</p>
+    </div>
+<?php else: ?>
+    <div class="card border-0 shadow-sm rounded-4 overflow-hidden">
         <div class="table-responsive">
             <table class="table table-hover align-middle mb-0">
                 <thead class="bg-light">
                     <tr>
-                        <th class="ps-4">ID</th>
-                        <th style="width: 80px;">Image</th>
-                        <th>Name</th>
-                        <th>Sort Order</th>
+                        <th class="ps-4">Category</th>
+                        <th>Description</th>
                         <th class="text-end pe-4">Actions</th>
                     </tr>
                 </thead>
                 <tbody>
                     <?php foreach ($categories as $cat): ?>
                     <tr>
-                        <td class="ps-4 fw-medium">#<?= $cat['id'] ?></td>
-                        <td>
-                            <?php if (!empty($cat['image_url'])): ?>
-                                <img src="<?= htmlspecialchars(strpos($cat['image_url'], 'http') === 0 ? $cat['image_url'] : '../' . $cat['image_url']) ?>" 
-                                     class="rounded object-fit-cover" 
-                                     width="50" height="50" 
-                                     alt="<?= htmlspecialchars($cat['name']) ?>">
-                            <?php else: ?>
-                                <div class="rounded bg-light d-flex align-items-center justify-content-center text-muted border" style="width: 50px; height: 50px;">
-                                    <i class="bi bi-image"></i>
-                                </div>
-                            <?php endif; ?>
+                        <td class="ps-4">
+                            <div class="d-flex align-items-center py-2">
+                                <img src="<?= htmlspecialchars(strpos($cat['image_url'], 'http') === 0 ? $cat['image_url'] : '../' . $cat['image_url']) ?>" alt="" class="rounded-3 me-3 border shadow-sm" style="width: 50px; height: 50px; object-fit: cover;">
+                                <div class="fw-bold text-dark fs-6"><?= htmlspecialchars($cat['name']) ?></div>
+                            </div>
+                        </td>
+                        <td>
+                            <div class="text-muted small text-truncate" style="max-width: 300px;"><?= htmlspecialchars($cat['description'] ?? 'No description') ?></div>
                         </td>
-                        <td><?= htmlspecialchars($cat['name']) ?></td>
-                        <td><?= $cat['sort_order'] ?></td>
                         <td class="text-end pe-4">
-                            <?php if (has_permission('categories_add')): ?>
-                            <a href="category_edit.php?id=<?= $cat['id'] ?>" class="btn btn-sm btn-outline-primary me-1"><i class="bi bi-pencil"></i></a>
-                            <?php endif; ?>
-                            
-                            <?php if (has_permission('categories_del')): ?>
-                            <a href="?delete=<?= $cat['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure? This might break products linked to this category.')"><i class="bi bi-trash"></i></a>
-                            <?php endif; ?>
+                            <div class="d-inline-flex gap-2">
+                                <?php if (has_permission('categories_edit') || has_permission('categories_add')): ?>
+                                <button type="button" class="btn btn-sm btn-outline-primary rounded-pill px-3" 
+                                        data-bs-toggle="modal" data-bs-target="#categoryModal"
+                                        onclick='prepareEditForm(<?= htmlspecialchars(json_encode($cat), ENT_QUOTES, "UTF-8") ?>)'>Edit</button>
+                                <?php endif; ?>
+                                
+                                <?php if (has_permission('categories_del')): ?>
+                                <a href="?delete=<?= $cat['id'] ?>" class="btn btn-sm btn-outline-danger rounded-pill px-3" onclick="return confirm('Delete category? Ensure no products are linked.')">Delete</a>
+                                <?php endif; ?>
+                            </div>
                         </td>
                     </tr>
                     <?php endforeach; ?>
-                    <?php if (empty($categories)): ?>
-                        <tr>
-                            <td colspan="5" class="text-center py-4 text-muted">No categories found.</td>
-                        </tr>
-                    <?php endif; ?>
                 </tbody>
             </table>
         </div>
-        <!-- Bottom Pagination -->
         <div class="p-3 border-top bg-light">
-             <?php render_pagination_controls($categories_pagination); ?>
+            <?php render_pagination_controls($categories_pagination); ?>
+        </div>
+    </div>
+<?php endif; ?>
+
+<!-- Category Modal -->
+<?php if (has_permission('categories_add') || has_permission('categories_edit')): ?>
+<div class="modal fade" id="categoryModal" tabindex="-1" aria-hidden="true">
+    <div class="modal-dialog">
+        <div class="modal-content border-0 shadow-lg rounded-4">
+            <div class="modal-header bg-primary text-white border-0 py-3">
+                <h5 class="modal-title fw-bold" id="categoryModalTitle">Add New Category</h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
+            </div>
+            <form method="POST" id="categoryForm" enctype="multipart/form-data">
+                <div class="modal-body p-4">
+                    <input type="hidden" name="action" id="categoryAction" value="add_category">
+                    <input type="hidden" name="id" id="categoryId">
+                    
+                    <div class="mb-3">
+                        <label class="form-label small fw-bold text-muted">CATEGORY NAME <span class="text-danger">*</span></label>
+                        <input type="text" name="name" id="categoryName" class="form-control rounded-3 border-0 bg-light" required>
+                    </div>
+
+                    <div class="mb-3">
+                        <label class="form-label small fw-bold text-muted">DESCRIPTION</label>
+                        <textarea name="description" id="categoryDescription" class="form-control rounded-3 border-0 bg-light" rows="3" placeholder="Optional category description..."></textarea>
+                    </div>
+
+                    <div class="mb-0">
+                        <label class="form-label small fw-bold text-muted">IMAGE</label>
+                        <div class="d-flex align-items-center gap-3 bg-light p-3 rounded-4 border border-dashed">
+                            <img src="" id="categoryImagePreview" class="rounded-3 border shadow-sm" style="width: 60px; height: 60px; object-fit: cover; display: none;">
+                            <div class="flex-grow-1">
+                                <input type="file" name="image" class="form-control border-0 bg-transparent" accept="image/*">
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <div class="modal-footer border-0 p-4 pt-0">
+                    <button type="button" class="btn btn-light rounded-pill px-4" data-bs-dismiss="modal">Cancel</button>
+                    <button type="submit" class="btn btn-primary rounded-pill px-4 fw-bold shadow-sm">Save Category</button>
+                </div>
+            </form>
         </div>
     </div>
 </div>
 
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
+<script>
+function prepareAddForm() {
+    document.getElementById('categoryModalTitle').innerText = 'Add New Category';
+    document.getElementById('categoryAction').value = 'add_category';
+    document.getElementById('categoryForm').reset();
+    document.getElementById('categoryId').value = '';
+    document.getElementById('categoryImagePreview').style.display = 'none';
+}
+
+function prepareEditForm(cat) {
+    if (!cat) return;
+    document.getElementById('categoryModalTitle').innerText = 'Edit Category: ' + cat.name;
+    document.getElementById('categoryAction').value = 'edit_category';
+    document.getElementById('categoryId').value = cat.id;
+    document.getElementById('categoryName').value = cat.name;
+    document.getElementById('categoryDescription').value = cat.description || '';
+    
+    if (cat.image_url) {
+        const preview = document.getElementById('categoryImagePreview');
+        preview.src = cat.image_url.startsWith('http') ? cat.image_url : '../' + cat.image_url;
+        preview.style.display = 'block';
+    } else {
+        document.getElementById('categoryImagePreview').style.display = 'none';
+    }
+}
+</script>
+<?php endif; ?>
+
+<?php include 'includes/footer.php'; ?>
diff --git a/admin/category_edit.php b/admin/category_edit.php
deleted file mode 100644
index c335d25..0000000
--- a/admin/category_edit.php
+++ /dev/null
@@ -1,150 +0,0 @@
-<?php
-require_once __DIR__ . '/../db/config.php';
-$pdo = db();
-
-$id = isset($_GET['id']) ? (int)$_GET['id'] : null;
-$category = null;
-$message = '';
-$isEdit = false;
-
-// If ID provided, fetch category for editing
-if ($id) {
-    $stmt = $pdo->prepare("SELECT * FROM categories WHERE id = ?");
-    $stmt->execute([$id]);
-    $category = $stmt->fetch();
-    if ($category) {
-        $isEdit = true;
-    } else {
-        // ID not found, redirect to list
-        header("Location: categories.php");
-        exit;
-    }
-}
-
-// Handle Form Submission
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $name = trim($_POST['name']);
-    $sort_order = (int)$_POST['sort_order'];
-    $image_url = $isEdit ? $category['image_url'] : null;
-
-    // Basic Validation
-    if (empty($name)) {
-        $message = '<div class="alert alert-danger">Category name is required.</div>';
-    } else {
-        // Image Upload Handling
-        if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
-            $uploadDir = __DIR__ . '/../assets/images/categories/';
-            if (!is_dir($uploadDir)) {
-                mkdir($uploadDir, 0755, true);
-            }
-
-            $fileInfo = pathinfo($_FILES['image']['name']);
-            $fileExt = strtolower($fileInfo['extension']);
-            $allowedExts = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
-
-            if (in_array($fileExt, $allowedExts)) {
-                $fileName = uniqid('cat_') . '.' . $fileExt;
-                $targetFile = $uploadDir . $fileName;
-
-                if (move_uploaded_file($_FILES['image']['tmp_name'], $targetFile)) {
-                    // Remove old image if exists and not default placeholder (optional, strict cleanup)
-                    if ($isEdit && !empty($category['image_url']) && file_exists(__DIR__ . '/../' . $category['image_url'])) {
-                        // unlink(__DIR__ . '/../' . $category['image_url']); // Uncomment to auto-delete old images
-                    }
-                    $image_url = 'assets/images/categories/' . $fileName;
-                } else {
-                    $message = '<div class="alert alert-danger">Failed to upload image. Check permissions.</div>';
-                }
-            } else {
-                $message = '<div class="alert alert-danger">Invalid file type. Allowed: jpg, png, gif, webp.</div>';
-            }
-        }
-
-        if (empty($message)) {
-            try {
-                if ($isEdit) {
-                    $stmt = $pdo->prepare("UPDATE categories SET name = ?, sort_order = ?, image_url = ? WHERE id = ?");
-                    $stmt->execute([$name, $sort_order, $image_url, $id]);
-                    $message = '<div class="alert alert-success">Category updated successfully!</div>';
-                    // Refresh data
-                    $stmt = $pdo->prepare("SELECT * FROM categories WHERE id = ?");
-                    $stmt->execute([$id]);
-                    $category = $stmt->fetch();
-                } else {
-                    $stmt = $pdo->prepare("INSERT INTO categories (name, sort_order, image_url) VALUES (?, ?, ?)");
-                    $stmt->execute([$name, $sort_order, $image_url]);
-                    header("Location: categories.php?success=created");
-                    exit;
-                }
-            } catch (PDOException $e) {
-                $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
-            }
-        }
-    }
-}
-
-// Defaults for Add Mode or Error State
-if (!$isEdit) {
-    $category = [
-        'name' => $_POST['name'] ?? '',
-        'sort_order' => $_POST['sort_order'] ?? 0,
-        'image_url' => ''
-    ];
-}
-
-include 'includes/header.php';
-?>
-
-<div class="mb-4">
-    <a href="categories.php" class="text-decoration-none text-muted mb-2 d-inline-block"><i class="bi bi-arrow-left"></i> Back to Categories</a>
-    <h2 class="fw-bold mb-0"><?= $isEdit ? 'Edit Category' : 'Add New Category' ?></h2>
-</div>
-
-<?= $message ?>
-
-<div class="card border-0 shadow-sm">
-    <div class="card-body">
-        <form method="POST" enctype="multipart/form-data">
-            <div class="row">
-                <div class="col-md-8">
-                    <div class="mb-3">
-                        <label class="form-label">Category Name <span class="text-danger">*</span></label>
-                        <input type="text" name="name" class="form-control" value="<?= htmlspecialchars($category['name']) ?>" required>
-                    </div>
-                    <div class="mb-3">
-                        <label class="form-label">Sort Order</label>
-                        <input type="number" name="sort_order" class="form-control" value="<?= htmlspecialchars($category['sort_order']) ?>">
-                        <div class="form-text">Lower numbers appear first. Default is 0.</div>
-                    </div>
-                </div>
-                <div class="col-md-4">
-                    <div class="mb-3">
-                        <label class="form-label">Category Image</label>
-                        <?php if (!empty($category['image_url'])): ?>
-                            <div class="mb-2">
-                                <img src="<?= htmlspecialchars(strpos($category['image_url'], 'http') === 0 ? $category['image_url'] : '../' . $category['image_url']) ?>" 
-                                     class="img-fluid rounded border" 
-                                     style="max-height: 200px; width: auto;" 
-                                     alt="Category Image">
-                            </div>
-                        <?php else: ?>
-                            <div class="mb-2 p-4 bg-light text-center border rounded text-muted">
-                                <i class="bi bi-image fs-1"></i><br>No Image
-                            </div>
-                        <?php endif; ?>
-                        
-                        <input type="file" name="image" class="form-control" accept="image/*">
-                        <div class="form-text">Allowed: JPG, PNG, GIF, WEBP. Leave empty to keep current.</div>
-                    </div>
-                </div>
-            </div>
-            <hr>
-            <div class="d-flex justify-content-end gap-2">
-                <a href="categories.php" class="btn btn-secondary">Cancel</a>
-                <button type="submit" class="btn btn-primary"><?= $isEdit ? 'Save Changes' : 'Create Category' ?></button>
-            </div>
-        </form>
-    </div>
-</div>
-
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/customers.php b/admin/customers.php
index b9baad8..ef3160d 100644
--- a/admin/customers.php
+++ b/admin/customers.php
@@ -1,45 +1,44 @@
 <?php
-require_once __DIR__ . "/../includes/functions.php";
-require_permission("customers_view");
 require_once __DIR__ . '/../db/config.php';
+require_once __DIR__ . '/../includes/functions.php';
+
 $pdo = db();
+require_permission('customers_view');
 
 $message = '';
 
 // Handle Add/Edit Customer
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
-    if ($_POST['action'] === 'add_customer') {
-        if (!has_permission('customers_add')) {
-            $message = '<div class="alert alert-danger">Access Denied: You do not have permission to add customers.</div>';
-        } else {
-            $name = $_POST['name'];
-            $email = $_POST['email'];
-            $phone = $_POST['phone'];
-            $address = $_POST['address'];
+    $action = $_POST['action'];
+    $id = isset($_POST['id']) ? (int)$_POST['id'] : null;
+    $name = trim($_POST['name']);
+    $email = trim($_POST['email']);
+    $phone = trim($_POST['phone']);
+    $address = trim($_POST['address'] ?? '');
 
-            $stmt = $pdo->prepare("INSERT INTO customers (name, email, phone, address) VALUES (?, ?, ?, ?)");
-            if ($stmt->execute([$name, $email, $phone, $address])) {
-                $message = '<div class="alert alert-success">Customer added successfully!</div>';
-            } else {
-                $message = '<div class="alert alert-danger">Error adding customer.</div>';
-            }
-        }
-    } elseif ($_POST['action'] === 'edit_customer') {
-        if (!has_permission('customers_add')) { // Use customers_add for editing as well
-            $message = '<div class="alert alert-danger">Access Denied: You do not have permission to edit customers.</div>';
-        } else {
-            $id = $_POST['id'];
-            $name = $_POST['name'];
-            $email = $_POST['email'];
-            $phone = $_POST['phone'];
-            $address = $_POST['address'];
-
-            $stmt = $pdo->prepare("UPDATE customers SET name = ?, email = ?, phone = ?, address = ? WHERE id = ?");
-            if ($stmt->execute([$name, $email, $phone, $address, $id])) {
-                $message = '<div class="alert alert-success">Customer updated successfully!</div>';
-            } else {
-                $message = '<div class="alert alert-danger">Error updating customer.</div>';
+    if (empty($name)) {
+        $message = '<div class="alert alert-danger">Customer name is required.</div>';
+    } else {
+        try {
+            if ($action === 'edit_customer' && $id) {
+                if (!has_permission('customers_edit') && !has_permission('customers_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied: You do not have permission to edit customers.</div>';
+                } else {
+                    $stmt = $pdo->prepare("UPDATE customers SET name = ?, email = ?, phone = ?, address = ? WHERE id = ?");
+                    $stmt->execute([$name, $email, $phone, $address, $id]);
+                    $message = '<div class="alert alert-success">Customer updated successfully!</div>';
+                }
+            } elseif ($action === 'add_customer') {
+                if (!has_permission('customers_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied: You do not have permission to add customers.</div>';
+                } else {
+                    $stmt = $pdo->prepare("INSERT INTO customers (name, email, phone, address) VALUES (?, ?, ?, ?)");
+                    $stmt->execute([$name, $email, $phone, $address]);
+                    $message = '<div class="alert alert-success">Customer created successfully!</div>';
+                }
             }
+        } catch (PDOException $e) {
+            $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
         }
     }
 }
@@ -56,118 +55,155 @@ if (isset($_GET['delete'])) {
     }
 }
 
-// Fetch Customers
-$query = "SELECT * FROM customers ORDER BY id DESC";
-$customers_pagination = paginate_query($pdo, $query);
+$search = $_GET['search'] ?? '';
+$params = [];
+$query = "SELECT * FROM customers";
+
+if ($search) {
+    $query .= " WHERE name LIKE ? OR phone LIKE ? OR email LIKE ?";
+    $params = ["%$search%", "%$search%", "%$search%"];
+}
+
+$query .= " ORDER BY id DESC";
+
+$customers_pagination = paginate_query($pdo, $query, $params);
 $customers = $customers_pagination['data'];
 
 include 'includes/header.php';
 ?>
 
 <div class="d-flex justify-content-between align-items-center mb-4">
-    <h2 class="fw-bold mb-0">Customers</h2>
+    <div>
+        <h2 class="fw-bold mb-1">Customer Relationship</h2>
+        <p class="text-muted mb-0">Manage your customer database and contact info</p>
+    </div>
     <?php if (has_permission('customers_add')): ?>
-    <button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#customerModal" onclick="openAddModal()">
-        <i class="bi bi-plus-lg"></i> Add Customer
+    <button class="btn btn-primary btn-lg shadow-sm" data-bs-toggle="modal" data-bs-target="#customerModal" onclick="prepareAddForm()" style="border-radius: 12px;">
+        <i class="bi bi-person-plus me-1"></i> Add Customer
     </button>
     <?php endif; ?>
 </div>
 
 <?= $message ?>
 
-<div class="card border-0 shadow-sm">
-    <div class="card-body p-0">
-        <!-- Pagination Controls -->
-        <div class="p-3 border-bottom bg-light">
-             <?php render_pagination_controls($customers_pagination); ?>
-        </div>
+<div class="card border-0 shadow-sm mb-4 rounded-4">
+    <div class="card-body p-4">
+        <form method="GET" class="row g-3 align-items-center">
+            <div class="col-md-9">
+                <div class="input-group">
+                    <span class="input-group-text bg-light border-0 text-muted"><i class="bi bi-search"></i></span>
+                    <input type="text" name="search" class="form-control border-0 bg-light rounded-3" placeholder="Search by name, phone or email..." value="<?= htmlspecialchars($search) ?>" style="border-radius: 0 10px 10px 0;">
+                </div>
+            </div>
+            <div class="col-md-3">
+                <button type="submit" class="btn btn-primary px-4 w-100 rounded-pill fw-bold shadow-sm">Search Records</button>
+            </div>
+        </form>
+    </div>
+</div>
+
+<?php if (empty($customers)): ?>
+    <div class="text-center py-5 bg-white rounded-4 shadow-sm">
+        <i class="bi bi-people display-1 text-muted opacity-25 mb-3 d-block"></i>
+        <h4 class="text-dark">No customers found</h4>
+        <p class="text-muted">No results matching your search criteria.</p>
+    </div>
+<?php else: ?>
+    <div class="card border-0 shadow-sm rounded-4 overflow-hidden">
         <div class="table-responsive">
             <table class="table table-hover align-middle mb-0">
                 <thead class="bg-light">
                     <tr>
-                        <th class="ps-4">Name</th>
-                        <th>Email</th>
-                        <th>Phone</th>
+                        <th class="ps-4">Customer</th>
+                        <th>Contact Info</th>
                         <th>Address</th>
-                        <th class="text-center">Redemptions</th>
-                        <th>Actions</th>
+                        <th>Points</th>
+                        <th class="text-end pe-4">Actions</th>
                     </tr>
                 </thead>
                 <tbody>
                     <?php foreach ($customers as $customer): ?>
                     <tr>
-                        <td class="ps-4 fw-bold"><?= htmlspecialchars($customer['name']) ?></td>
-                        <td><?= htmlspecialchars($customer['email']) ?></td>
-                        <td><?= htmlspecialchars($customer['phone']) ?></td>
-                        <td><?= htmlspecialchars(substr($customer['address'] ?? '', 0, 30)) ?>...</td>
-                        <td class="text-center">
-                            <span class="badge bg-info text-dark"><?= intval($customer['loyalty_redemptions_count'] ?? 0) ?></span>
+                        <td class="ps-4">
+                            <div class="d-flex align-items-center py-2">
+                                <div class="bg-primary-subtle text-primary rounded-circle d-flex align-items-center justify-content-center fw-bold me-3" style="width: 42px; height: 42px;">
+                                    <?= strtoupper(substr($customer['name'], 0, 1)) ?>
+                                </div>
+                                <div class="fw-bold text-dark fs-6"><?= htmlspecialchars($customer['name']) ?></div>
+                            </div>
                         </td>
                         <td>
-                            <div class="btn-group">
-                                <?php if (has_permission('customers_add')): ?>
-                                <button type="button" class="btn btn-sm btn-outline-primary" 
-                                        data-bs-toggle="modal" 
-                                        data-bs-target="#customerModal" 
-                                        onclick="openEditModal(<?= htmlspecialchars(json_encode($customer)) ?>)" 
-                                        title="Edit Customer"><i class="bi bi-pencil"></i></button>
+                            <div class="small fw-bold text-dark mb-1"><i class="bi bi-phone me-1 text-muted"></i><?= htmlspecialchars($customer['phone'] ?: '-') ?></div>
+                            <div class="small text-muted"><i class="bi bi-envelope me-1"></i><?= htmlspecialchars($customer['email'] ?: '-') ?></div>
+                        </td>
+                        <td>
+                            <div class="small text-muted text-truncate" style="max-width: 200px;"><?= htmlspecialchars($customer['address'] ?: '-') ?></div>
+                        </td>
+                        <td>
+                            <span class="badge bg-info-subtle text-info border border-info rounded-pill px-3"><?= number_format($customer['loyalty_points'] ?? 0) ?> pts</span>
+                        </td>
+                        <td class="text-end pe-4">
+                            <div class="d-inline-flex gap-2">
+                                <?php if (has_permission('customers_edit') || has_permission('customers_add')): ?>
+                                <button type="button" class="btn btn-sm btn-outline-primary rounded-pill px-3" 
+                                        data-bs-toggle="modal" data-bs-target="#customerModal"
+                                        onclick='prepareEditForm(<?= htmlspecialchars(json_encode($customer), ENT_QUOTES, "UTF-8") ?>)'>Edit</button>
                                 <?php endif; ?>
                                 
                                 <?php if (has_permission('customers_del')): ?>
-                                <a href="?delete=<?= $customer['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure?')" title="Delete"><i class="bi bi-trash"></i></a>
+                                <a href="?delete=<?= $customer['id'] ?>" class="btn btn-sm btn-outline-danger rounded-pill px-3" onclick="return confirm('Delete customer? This will remove their loyalty history.')">Delete</a>
                                 <?php endif; ?>
                             </div>
                         </td>
                     </tr>
                     <?php endforeach; ?>
-                    <?php if (empty($customers)): ?>
-                    <tr>
-                        <td colspan="6" class="text-center py-4 text-muted">No customers found.</td>
-                    </tr>
-                    <?php endif; ?>
                 </tbody>
             </table>
         </div>
-        <!-- Bottom Pagination -->
         <div class="p-3 border-top bg-light">
-             <?php render_pagination_controls($customers_pagination); ?>
+            <?php render_pagination_controls($customers_pagination); ?>
         </div>
     </div>
-</div>
+<?php endif; ?>
 
 <!-- Customer Modal -->
-<?php if (has_permission('customers_add')): ?>
-<div class="modal fade" id="customerModal" tabindex="-1">
+<?php if (has_permission('customers_add') || has_permission('customers_edit')): ?>
+<div class="modal fade" id="customerModal" tabindex="-1" aria-hidden="true">
     <div class="modal-dialog">
-        <div class="modal-content">
-            <div class="modal-header">
-                <h5 class="modal-title" id="customerModalTitle">Add New Customer</h5>
-                <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
+        <div class="modal-content border-0 shadow-lg rounded-4">
+            <div class="modal-header bg-primary text-white border-0 py-3">
+                <h5 class="modal-title fw-bold" id="customerModalTitle">Add New Customer</h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
             </div>
             <form method="POST" id="customerForm">
-                <div class="modal-body">
+                <div class="modal-body p-4">
                     <input type="hidden" name="action" id="customerAction" value="add_customer">
                     <input type="hidden" name="id" id="customerId">
+                    
                     <div class="mb-3">
-                        <label class="form-label">Name</label>
-                        <input type="text" name="name" id="customerName" class="form-control" required>
+                        <label class="form-label small fw-bold text-muted">FULL NAME <span class="text-danger">*</span></label>
+                        <input type="text" name="name" id="customerName" class="form-control rounded-3 border-0 bg-light" required>
                     </div>
-                    <div class="mb-3">
-                        <label class="form-label">Email</label>
-                        <input type="email" name="email" id="customerEmail" class="form-control">
+
+                    <div class="row g-3 mb-3">
+                        <div class="col-md-6">
+                            <label class="form-label small fw-bold text-muted">PHONE NUMBER</label>
+                            <input type="text" name="phone" id="customerPhone" class="form-control rounded-3 border-0 bg-light">
+                        </div>
+                        <div class="col-md-6">
+                            <label class="form-label small fw-bold text-muted">EMAIL ADDRESS</label>
+                            <input type="email" name="email" id="customerEmail" class="form-control rounded-3 border-0 bg-light">
+                        </div>
                     </div>
-                    <div class="mb-3">
-                        <label class="form-label">Phone</label>
-                        <input type="text" name="phone" id="customerPhone" class="form-control">
-                    </div>
-                    <div class="mb-3">
-                        <label class="form-label">Address</label>
-                        <textarea name="address" id="customerAddress" class="form-control" rows="3"></textarea>
+
+                    <div class="mb-0">
+                        <label class="form-label small fw-bold text-muted">ADDRESS</label>
+                        <textarea name="address" id="customerAddress" class="form-control rounded-3 border-0 bg-light" rows="3" placeholder="Street, City, State..."></textarea>
                     </div>
                 </div>
-                <div class="modal-footer">
-                    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
-                    <button type="submit" class="btn btn-primary">Save Customer</button>
+                <div class="modal-footer border-0 p-4 pt-0">
+                    <button type="button" class="btn btn-light rounded-pill px-4" data-bs-dismiss="modal">Cancel</button>
+                    <button type="submit" class="btn btn-primary rounded-pill px-4 fw-bold shadow-sm">Save Customer Profile</button>
                 </div>
             </form>
         </div>
@@ -175,20 +211,21 @@ include 'includes/header.php';
 </div>
 
 <script>
-function openAddModal() {
+function prepareAddForm() {
     document.getElementById('customerModalTitle').innerText = 'Add New Customer';
     document.getElementById('customerAction').value = 'add_customer';
     document.getElementById('customerForm').reset();
     document.getElementById('customerId').value = '';
 }
 
-function openEditModal(customer) {
-    document.getElementById('customerModalTitle').innerText = 'Edit Customer';
+function prepareEditForm(customer) {
+    if (!customer) return;
+    document.getElementById('customerModalTitle').innerText = 'Edit Customer Profile';
     document.getElementById('customerAction').value = 'edit_customer';
     document.getElementById('customerId').value = customer.id;
-    document.getElementById('customerName').value = customer.name;
-    document.getElementById('customerEmail').value = customer.email || '';
+    document.getElementById('customerName').value = customer.name || '';
     document.getElementById('customerPhone').value = customer.phone || '';
+    document.getElementById('customerEmail').value = customer.email || '';
     document.getElementById('customerAddress').value = customer.address || '';
 }
 </script>
diff --git a/admin/expense_categories.php b/admin/expense_categories.php
index 71e1968..11011d5 100644
--- a/admin/expense_categories.php
+++ b/admin/expense_categories.php
@@ -6,26 +6,55 @@ $pdo = db();
 
 $message = '';
 
+// Handle Add/Edit Expense Category
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
+    $action = $_POST['action'];
+    $name = trim($_POST['name']);
+    $description = trim($_POST['description']);
+    $id = isset($_POST['id']) ? (int)$_POST['id'] : null;
+
+    if (empty($name)) {
+        $message = '<div class="alert alert-danger">Category name is required.</div>';
+    } else {
+        try {
+            if ($action === 'edit_expense_category' && $id) {
+                if (!has_permission('expense_categories_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("UPDATE expense_categories SET name = ?, description = ? WHERE id = ?");
+                    $stmt->execute([$name, $description, $id]);
+                    $message = '<div class="alert alert-success">Expense category updated successfully!</div>';
+                }
+            } elseif ($action === 'add_expense_category') {
+                if (!has_permission('expense_categories_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("INSERT INTO expense_categories (name, description) VALUES (?, ?)");
+                    $stmt->execute([$name, $description]);
+                    $message = '<div class="alert alert-success">Expense category created successfully!</div>';
+                }
+            }
+        } catch (PDOException $e) {
+            $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
+        }
+    }
+}
+
+// Handle Delete
 if (isset($_GET['delete'])) {
     if (!has_permission('expense_categories_del')) {
         $message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete expense categories.</div>';
     } else {
         $id = $_GET['delete'];
-        // Check if there are expenses linked to this category
-        $stmt = $pdo->prepare("SELECT COUNT(*) FROM expenses WHERE category_id = ?");
-        $stmt->execute([$id]);
-        if ($stmt->fetchColumn() > 0) {
-            $message = '<div class="alert alert-danger">Cannot delete category as it has linked expenses.</div>';
-        } else {
-            $pdo->prepare("DELETE FROM expense_categories WHERE id = ?")->execute([$id]);
-            $message = '<div class="alert alert-success">Category deleted successfully.</div>';
-        }
+        $pdo->prepare("DELETE FROM expense_categories WHERE id = ?")->execute([$id]);
+        header("Location: expense_categories.php");
+        exit;
     }
 }
 
 $query = "SELECT * FROM expense_categories ORDER BY name ASC";
-$categories_pagination = paginate_query($pdo, $query);
-$categories = $categories_pagination['data'];
+$expense_categories_pagination = paginate_query($pdo, $query);
+$expense_categories = $expense_categories_pagination['data'];
 
 include 'includes/header.php';
 ?>
@@ -33,9 +62,9 @@ include 'includes/header.php';
 <div class="d-flex justify-content-between align-items-center mb-4">
     <h2 class="fw-bold mb-0">Expense Categories</h2>
     <?php if (has_permission('expense_categories_add')): ?>
-    <a href="expense_category_edit.php" class="btn btn-primary">
+    <button class="btn btn-primary" onclick="openAddModal()">
         <i class="bi bi-plus-lg"></i> Add Category
-    </a>
+    </button>
     <?php endif; ?>
 </div>
 
@@ -43,8 +72,9 @@ include 'includes/header.php';
 
 <div class="card border-0 shadow-sm">
     <div class="card-body p-0">
+        <!-- Pagination Controls -->
         <div class="p-3 border-bottom bg-light">
-             <?php render_pagination_controls($categories_pagination); ?>
+             <?php render_pagination_controls($expense_categories_pagination); ?>
         </div>
         <div class="table-responsive">
             <table class="table table-hover align-middle mb-0">
@@ -57,34 +87,101 @@ include 'includes/header.php';
                     </tr>
                 </thead>
                 <tbody>
-                    <?php foreach ($categories as $cat): ?>
+                    <?php foreach ($expense_categories as $cat): ?>
                     <tr>
                         <td class="ps-4 fw-medium">#<?= $cat['id'] ?></td>
-                        <td><?= htmlspecialchars($cat['name']) ?></td>
-                        <td><?= htmlspecialchars($cat['description'] ?? '') ?></td>
+                        <td class="fw-bold"><?= htmlspecialchars($cat['name']) ?></td>
+                        <td><small class="text-muted"><?= htmlspecialchars($cat['description'] ?: '-') ?></small></td>
                         <td class="text-end pe-4">
                             <?php if (has_permission('expense_categories_add')): ?>
-                            <a href="expense_category_edit.php?id=<?= $cat['id'] ?>" class="btn btn-sm btn-outline-primary me-1"><i class="bi bi-pencil"></i></a>
+                            <button type="button" class="btn btn-sm btn-outline-primary me-1" 
+                                    onclick='openEditModal(<?= htmlspecialchars(json_encode($cat), ENT_QUOTES, "UTF-8") ?>)' title="Edit"><i class="bi bi-pencil"></i></button>
                             <?php endif; ?>
                             
                             <?php if (has_permission('expense_categories_del')): ?>
-                            <a href="?delete=<?= $cat['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure?')"><i class="bi bi-trash"></i></a>
+                            <a href="?delete=<?= $cat['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this expense category?')"><i class="bi bi-trash"></i></a>
                             <?php endif; ?>
                         </td>
                     </tr>
                     <?php endforeach; ?>
-                    <?php if (empty($categories)): ?>
+                    <?php if (empty($expense_categories)): ?>
                         <tr>
-                            <td colspan="4" class="text-center py-4 text-muted">No categories found.</td>
+                            <td colspan="4" class="text-center py-4 text-muted">No expense categories found.</td>
                         </tr>
                     <?php endif; ?>
                 </tbody>
             </table>
         </div>
+        <!-- Bottom Pagination -->
         <div class="p-3 border-top bg-light">
-             <?php render_pagination_controls($categories_pagination); ?>
+             <?php render_pagination_controls($expense_categories_pagination); ?>
         </div>
     </div>
 </div>
 
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
+<!-- Expense Category Modal -->
+<?php if (has_permission('expense_categories_add')): ?>
+<div class="modal fade" id="expenseCategoryModal" tabindex="-1" aria-hidden="true">
+    <div class="modal-dialog">
+        <div class="modal-content">
+            <div class="modal-header bg-primary text-white">
+                <h5 class="modal-title" id="expenseCategoryModalTitle">Add New Category</h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
+            </div>
+            <form method="POST" id="expenseCategoryForm">
+                <div class="modal-body">
+                    <input type="hidden" name="action" id="expenseCategoryAction" value="add_expense_category">
+                    <input type="hidden" name="id" id="expenseCategoryId">
+                    <div class="mb-3">
+                        <label class="form-label">Category Name <span class="text-danger">*</span></label>
+                        <input type="text" name="name" id="expenseCategoryName" class="form-control" required>
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label">Description</label>
+                        <textarea name="description" id="expenseCategoryDescription" class="form-control" rows="3"></textarea>
+                    </div>
+                </div>
+                <div class="modal-footer">
+                    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
+                    <button type="submit" class="btn btn-primary">Save Category</button>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+
+<script>
+function getExpenseCategoryModal() {
+    if (typeof bootstrap === 'undefined') return null;
+    const el = document.getElementById('expenseCategoryModal');
+    return el ? bootstrap.Modal.getOrCreateInstance(el) : null;
+}
+
+function openAddModal() {
+    const modal = getExpenseCategoryModal();
+    if (!modal) return;
+    
+    document.getElementById('expenseCategoryModalTitle').innerText = 'Add New Category';
+    document.getElementById('expenseCategoryAction').value = 'add_expense_category';
+    document.getElementById('expenseCategoryForm').reset();
+    document.getElementById('expenseCategoryId').value = '';
+    modal.show();
+}
+
+function openEditModal(cat) {
+    if (!cat) return;
+    const modal = getExpenseCategoryModal();
+    if (!modal) return;
+    
+    document.getElementById('expenseCategoryModalTitle').innerText = 'Edit Category';
+    document.getElementById('expenseCategoryAction').value = 'edit_expense_category';
+    document.getElementById('expenseCategoryId').value = cat.id;
+    document.getElementById('expenseCategoryName').value = cat.name || '';
+    document.getElementById('expenseCategoryDescription').value = cat.description || '';
+    
+    modal.show();
+}
+</script>
+<?php endif; ?>
+
+<?php include 'includes/footer.php'; ?>
diff --git a/admin/expense_category_edit.php b/admin/expense_category_edit.php
deleted file mode 100644
index 702a662..0000000
--- a/admin/expense_category_edit.php
+++ /dev/null
@@ -1,88 +0,0 @@
-<?php
-require_once __DIR__ . "/../includes/functions.php";
-require_permission("expense_categories_edit");
-require_once __DIR__ . '/../db/config.php';
-$pdo = db();
-
-$id = isset($_GET['id']) ? (int)$_GET['id'] : null;
-$category = null;
-$message = '';
-$isEdit = false;
-
-if ($id) {
-    $stmt = $pdo->prepare("SELECT * FROM expense_categories WHERE id = ?");
-    $stmt->execute([$id]);
-    $category = $stmt->fetch();
-    if ($category) {
-        $isEdit = true;
-    } else {
-        header("Location: expense_categories.php");
-        exit;
-    }
-}
-
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $name = trim($_POST['name']);
-    $description = trim($_POST['description']);
-
-    if (empty($name)) {
-        $message = '<div class="alert alert-danger">Category name is required.</div>';
-    } else {
-        try {
-            if ($isEdit) {
-                $stmt = $pdo->prepare("UPDATE expense_categories SET name = ?, description = ? WHERE id = ?");
-                $stmt->execute([$name, $description, $id]);
-                $message = '<div class="alert alert-success">Category updated successfully!</div>';
-                $stmt = $pdo->prepare("SELECT * FROM expense_categories WHERE id = ?");
-                $stmt->execute([$id]);
-                $category = $stmt->fetch();
-            } else {
-                $stmt = $pdo->prepare("INSERT INTO expense_categories (name, description) VALUES (?, ?)");
-                $stmt->execute([$name, $description]);
-                header("Location: expense_categories.php?success=created");
-                exit;
-            }
-        } catch (PDOException $e) {
-            $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
-        }
-    }
-}
-
-if (!$isEdit) {
-    $category = [
-        'name' => $_POST['name'] ?? '',
-        'description' => $_POST['description'] ?? ''
-    ];
-}
-
-include 'includes/header.php';
-?>
-
-<div class="mb-4">
-    <a href="expense_categories.php" class="text-decoration-none text-muted mb-2 d-inline-block"><i class="bi bi-arrow-left"></i> Back to Categories</a>
-    <h2 class="fw-bold mb-0"><?= $isEdit ? 'Edit Category' : 'Add New Category' ?></h2>
-</div>
-
-<?= $message ?>
-
-<div class="card border-0 shadow-sm">
-    <div class="card-body">
-        <form method="POST">
-            <div class="mb-3">
-                <label class="form-label">Category Name <span class="text-danger">*</span></label>
-                <input type="text" name="name" class="form-control" value="<?= htmlspecialchars($category['name']) ?>" required>
-            </div>
-            <div class="mb-3">
-                <label class="form-label">Description</label>
-                <textarea name="description" class="form-control" rows="3"><?= htmlspecialchars($category['description'] ?? '') ?></textarea>
-            </div>
-            <hr>
-            <div class="d-flex justify-content-end gap-2">
-                <a href="expense_categories.php" class="btn btn-secondary">Cancel</a>
-                <button type="submit" class="btn btn-primary"><?= $isEdit ? 'Save Changes' : 'Create Category' ?></button>
-            </div>
-        </form>
-    </div>
-</div>
-
-<?php include 'includes/footer.php'; ?>
diff --git a/admin/includes/header.php b/admin/includes/header.php
index cf4234c..cb8e907 100644
--- a/admin/includes/header.php
+++ b/admin/includes/header.php
@@ -16,6 +16,11 @@ if (function_exists('require_login')) {
     require_login();
 }
 
+// Trigger auto backup if needed
+if (function_exists('trigger_auto_backup')) {
+    trigger_auto_backup();
+}
+
 $currentUser = function_exists('get_logged_user') ? get_logged_user() : null;
 $userName = $currentUser['full_name'] ?? ($currentUser['username'] ?? 'Admin');
 $userGroup = $currentUser['group_name'] ?? 'System';
@@ -48,7 +53,7 @@ function getGroupToggleClass($pages) {
 // Permission helper for sidebar
 function can_view($module) {
     if (!function_exists('has_permission')) return true;
-    return has_permission($module . '_view');
+    return has_permission($module . '_view') || has_permission($module);
 }
 ?>
 <!doctype html>
@@ -499,7 +504,7 @@ function can_view($module) {
         <?php endif; ?>
 
         <?php 
-        $settingsGroup = ['payment_types.php', 'payment_type_edit.php', 'integrations.php', 'company.php']; 
+        $settingsGroup = ['payment_types.php', 'payment_type_edit.php', 'integrations.php', 'company.php', 'backup.php']; 
         $canViewSettingsGroup = can_view('payment_types') || can_view('settings');
         if ($canViewSettingsGroup):
         ?>
@@ -529,6 +534,11 @@ function can_view($module) {
                             <i class="bi bi-building me-2"></i> Company
                         </a>
                     </li>
+                    <li class="nav-item">
+                        <a class="nav-link <?= isActive('backup.php') ?>" href="backup.php">
+                            <i class="bi bi-cloud-arrow-down me-2"></i> Backup & Restore
+                        </a>
+                    </li>
                     <?php endif; ?>
 
                      <li class="nav-item border-top mt-2 pt-2">
@@ -583,4 +593,4 @@ function can_view($module) {
                 </ul>
             </div>
         </div>
-    </header>
+    </header>
\ No newline at end of file
diff --git a/admin/order_view.php b/admin/order_view.php
index 0536942..7f4655b 100644
--- a/admin/order_view.php
+++ b/admin/order_view.php
@@ -45,6 +45,8 @@ $subtotal = 0;
 foreach ($items as $item) {
     $subtotal += $item['unit_price'] * $item['quantity'];
 }
+
+$vat_or_discount = (float)$order['discount'];
 ?>
 
 <div class="d-flex justify-content-between align-items-center mb-4">
@@ -105,18 +107,18 @@ foreach ($items as $item) {
                             <tr>
                                 <td colspan="3" class="text-end py-3 ps-4">
                                     <div class="text-muted mb-1">Subtotal</div>
-                                    <?php if ($order['discount'] > 0): ?>
-                                        <div class="text-muted mb-1">Discount</div>
+                                    <?php if ($vat_or_discount != 0): ?>
+                                        <div class="text-muted mb-1"><?= $vat_or_discount > 0 ? 'VAT' : 'Discount' ?></div>
                                     <?php endif; ?>
-                                    <div class="text-muted mb-1">VAT / Tax</div>
                                     <h5 class="fw-bold mb-0 text-dark">Total Amount</h5>
                                 </td>
                                 <td class="text-end py-3 pe-4">
                                     <div class="mb-1"><?= format_currency($subtotal) ?></div>
-                                    <?php if ($order['discount'] > 0): ?>
-                                        <div class="mb-1 text-danger">-<?= format_currency($order['discount']) ?></div>
+                                    <?php if ($vat_or_discount != 0): ?>
+                                        <div class="mb-1 <?= $vat_or_discount < 0 ? 'text-danger' : 'text-primary' ?>">
+                                            <?= ($vat_or_discount > 0 ? '+' : '') . format_currency($vat_or_discount) ?>
+                                        </div>
                                     <?php endif; ?>
-                                    <div class="mb-1"><?= format_currency(0) ?></div>
                                     <h5 class="fw-bold mb-0 text-primary"><?= format_currency($order['total_amount']) ?></h5>
                                 </td>
                             </tr>
@@ -234,7 +236,7 @@ const BASE_URL = '<?= get_base_url() ?>';
 function formatCurrency(amount) {
     const symbol = COMPANY_SETTINGS.currency_symbol || '$';
     const decimals = parseInt(COMPANY_SETTINGS.currency_decimals || 2);
-    return symbol + parseFloat(amount).toFixed(decimals);
+    return symbol + parseFloat(Math.abs(amount)).toFixed(decimals);
 }
 
 function printThermalReceipt() {
@@ -250,12 +252,12 @@ function printThermalReceipt() {
             ];
         }, $items)) ?>,
         total: <?= (float)$order['total_amount'] ?>,
-        discount: <?= (float)$order['discount'] ?>,
+        vat: <?= (float)$order['discount'] ?>,
         orderType: '<?= $order['order_type'] ?>',
         tableNumber: '<?= $order['table_number'] ?>',
         date: '<?= date('M d, Y H:i', strtotime($order['created_at'])) ?>',
         paymentMethod: '<?= $order['payment_type_name'] ?? 'Unpaid' ?>',
-        loyaltyRedeemed: <?= ($order['discount'] >= $subtotal && $order['discount'] > 0) ? 'true' : 'false' ?>
+        loyaltyRedeemed: <?= ($order['discount'] < 0) ? 'true' : 'false' ?>
     };
 
     const width = 400;
@@ -275,8 +277,7 @@ function printThermalReceipt() {
         'ITEM': 'الصنف',
         'TOTAL': 'المجموع',
         'Subtotal': 'المجموع الفرعي',
-        'Discount': 'الخصم',
-        'Tax Included': 'شامل الضريبة',
+        'VAT': 'ضريبة القيمة المضافة',
         'THANK YOU FOR YOUR VISIT!': 'شكراً لزيارتكم!',
         'Please come again.': 'يرجى زيارتنا مرة أخرى.',
         'Customer Details': 'تفاصيل العميل',
@@ -326,10 +327,7 @@ function printThermalReceipt() {
 
     const loyaltyHtml = data.loyaltyRedeemed ? `<div style="color: #d63384; font-weight: bold; margin: 5px 0; text-align: center;">* Loyalty Reward Applied *</div>` : '';
     
-    const vatRate = parseFloat(COMPANY_SETTINGS.vat_rate) || 0;
-    const subtotal = data.total + data.discount;
-    const vatAmount = vatRate > 0 ? (data.total * (vatRate / (100 + vatRate))) : 0;
-
+    const subtotal = data.total - data.vat;
     const logoHtml = COMPANY_SETTINGS.logo_url ? `<img src="${BASE_URL}${COMPANY_SETTINGS.logo_url}" style="max-height: 80px; max-width: 150px; margin-bottom: 10px;">` : '';
 
     const html = `
@@ -425,15 +423,10 @@ function printThermalReceipt() {
                         <td>Subtotal / ${tr['Subtotal']}</td>
                         <td style="text-align: right">${formatCurrency(subtotal)}</td>
                     </tr>
-                    ${data.discount > 0 ? `
+                    ${Math.abs(data.vat) > 0 ? `
                     <tr>
-                        <td>Discount / ${tr['Discount']}</td>
-                        <td style="text-align: right">-${formatCurrency(data.discount)}</td>
-                    </tr>` : ''}
-                    ${vatRate > 0 ? `
-                    <tr>
-                        <td style="font-size: 11px;">Tax Incl. (${vatRate}%) / ${tr['Tax Included']}</td>
-                        <td style="text-align: right">${formatCurrency(vatAmount)}</td>
+                        <td>${data.vat < 0 ? 'Discount' : 'VAT'} / ${tr['VAT']}</td>
+                        <td style="text-align: right">${data.vat < 0 ? '-' : '+'}${formatCurrency(Math.abs(data.vat))}</td>
                     </tr>` : ''}
                     <tr style="font-weight: bold; font-size: 18px;">
                         <td style="padding-top: 10px;">TOTAL / ${tr['TOTAL']}</td>
@@ -450,7 +443,7 @@ function printThermalReceipt() {
                 <div>Please come again.</div>
                 <div class="rtl">${tr['Please come again.']}</div>
                 ${COMPANY_SETTINGS.email ? `<div style="margin-top: 5px; font-size: 10px;">${COMPANY_SETTINGS.email}</div>` : ''}
-                <div style="margin-top: 15px; font-size: 10px; color: #888;">Powered by Flatlogic POS</div>
+                <div style="margin-top: 15px; font-size: 10px; color: #888;">Powered by Abidarcafe</div>
             </div>
 
             <script>
diff --git a/admin/outlet_edit.php b/admin/outlet_edit.php
deleted file mode 100644
index f315a90..0000000
--- a/admin/outlet_edit.php
+++ /dev/null
@@ -1,75 +0,0 @@
-<?php
-require_once __DIR__ . '/../db/config.php';
-$pdo = db();
-
-if (!isset($_GET['id'])) {
-    header("Location: outlets.php");
-    exit;
-}
-
-$id = $_GET['id'];
-$message = '';
-
-// Fetch Outlet
-$stmt = $pdo->prepare("SELECT * FROM outlets WHERE id = ?");
-$stmt->execute([$id]);
-$outlet = $stmt->fetch();
-
-if (!$outlet) {
-    header("Location: outlets.php");
-    exit;
-}
-
-// Handle Update
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $name = $_POST['name'];
-    $address = $_POST['address'];
-
-    if (empty($name)) {
-        $message = '<div class="alert alert-danger">Name is required.</div>';
-    } else {
-        $stmt = $pdo->prepare("UPDATE outlets SET name = ?, address = ? WHERE id = ?");
-        if ($stmt->execute([$name, $address, $id])) {
-            $message = '<div class="alert alert-success">Outlet updated successfully!</div>';
-            // Refresh outlet data
-            $stmt = $pdo->prepare("SELECT * FROM outlets WHERE id = ?");
-            $stmt->execute([$id]);
-            $outlet = $stmt->fetch();
-        } else {
-            $message = '<div class="alert alert-danger">Error updating outlet.</div>';
-        }
-    }
-}
-
-include 'includes/header.php';
-?>
-
-<div class="mb-4">
-    <a href="outlets.php" class="text-decoration-none text-muted mb-2 d-inline-block"><i class="bi bi-arrow-left"></i> Back to Outlets</a>
-    <h2 class="fw-bold mb-0">Edit Outlet: <?= htmlspecialchars($outlet['name']) ?></h2>
-</div>
-
-<?= $message ?>
-
-<div class="card border-0 shadow-sm">
-    <div class="card-body">
-        <form method="POST">
-            <div class="mb-3">
-                <label class="form-label">Name</label>
-                <input type="text" name="name" class="form-control" value="<?= htmlspecialchars($outlet['name']) ?>" required>
-            </div>
-            <div class="mb-3">
-                <label class="form-label">Address</label>
-                <textarea name="address" class="form-control" rows="3"><?= htmlspecialchars($outlet['address']) ?></textarea>
-            </div>
-            
-            <hr>
-            <div class="d-flex justify-content-end gap-2">
-                <a href="outlets.php" class="btn btn-secondary">Cancel</a>
-                <button type="submit" class="btn btn-primary">Save Changes</button>
-            </div>
-        </form>
-    </div>
-</div>
-
-<?php include 'includes/footer.php'; ?>
diff --git a/admin/outlets.php b/admin/outlets.php
index 65f2f24..3ec4309 100644
--- a/admin/outlets.php
+++ b/admin/outlets.php
@@ -6,22 +6,47 @@ $pdo = db();
 
 $message = '';
 
-if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_outlet') {
-    if (!has_permission('outlets_add')) {
-        $message = '<div class="alert alert-danger">Access Denied: You do not have permission to add outlets.</div>';
+// Handle Add/Edit Outlet
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
+    $action = $_POST['action'];
+    $name = trim($_POST['name']);
+    $address = trim($_POST['address']);
+    $id = isset($_POST['id']) ? (int)$_POST['id'] : null;
+
+    if (empty($name)) {
+        $message = '<div class="alert alert-danger">Outlet name is required.</div>';
     } else {
-        $stmt = $pdo->prepare("INSERT INTO outlets (name, address) VALUES (?, ?)");
-        $stmt->execute([$_POST['name'], $_POST['address']]);
-        header("Location: outlets.php");
-        exit;
+        try {
+            if ($action === 'edit_outlet' && $id) {
+                if (!has_permission('outlets_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("UPDATE outlets SET name = ?, address = ? WHERE id = ?");
+                    $stmt->execute([$name, $address, $id]);
+                    $message = '<div class="alert alert-success">Outlet updated successfully!</div>';
+                }
+            } elseif ($action === 'add_outlet') {
+                if (!has_permission('outlets_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("INSERT INTO outlets (name, address) VALUES (?, ?)");
+                    $stmt->execute([$name, $address]);
+                    $message = '<div class="alert alert-success">Outlet created successfully!</div>';
+                }
+            }
+        } catch (PDOException $e) {
+            $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
+        }
     }
 }
 
+// Handle Delete
 if (isset($_GET['delete'])) {
     if (!has_permission('outlets_del')) {
         $message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete outlets.</div>';
     } else {
-        $pdo->prepare("DELETE FROM outlets WHERE id = ?")->execute([$_GET['delete']]);
+        $id = $_GET['delete'];
+        $pdo->prepare("DELETE FROM outlets WHERE id = ?")->execute([$id]);
         header("Location: outlets.php");
         exit;
     }
@@ -37,7 +62,7 @@ include 'includes/header.php';
 <div class="d-flex justify-content-between align-items-center mb-4">
     <h2 class="fw-bold mb-0">Outlets</h2>
     <?php if (has_permission('outlets_add')): ?>
-    <button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#addOutletModal">
+    <button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#outletModal" onclick="prepareAddForm()">
         <i class="bi bi-plus-lg"></i> Add Outlet
     </button>
     <?php endif; ?>
@@ -58,7 +83,7 @@ include 'includes/header.php';
                         <th class="ps-4">ID</th>
                         <th>Name</th>
                         <th>Address</th>
-                        <th>Actions</th>
+                        <th class="text-end pe-4">Actions</th>
                     </tr>
                 </thead>
                 <tbody>
@@ -67,9 +92,11 @@ include 'includes/header.php';
                         <td class="ps-4 fw-medium">#<?= $outlet['id'] ?></td>
                         <td class="fw-bold"><?= htmlspecialchars($outlet['name']) ?></td>
                         <td><small class="text-muted"><?= htmlspecialchars($outlet['address']) ?></small></td>
-                        <td>
+                        <td class="text-end pe-4">
                             <?php if (has_permission('outlets_add')): ?>
-                            <a href="outlet_edit.php?id=<?= $outlet['id'] ?>" class="btn btn-sm btn-outline-secondary me-1"><i class="bi bi-pencil"></i></a>
+                            <button type="button" class="btn btn-sm btn-outline-primary me-1" 
+                                    data-bs-toggle="modal" data-bs-target="#outletModal"
+                                    onclick='prepareEditForm(<?= htmlspecialchars(json_encode($outlet), ENT_QUOTES, "UTF-8") ?>)'><i class="bi bi-pencil"></i></button>
                             <?php endif; ?>
                             
                             <?php if (has_permission('outlets_del')): ?>
@@ -78,6 +105,11 @@ include 'includes/header.php';
                         </td>
                     </tr>
                     <?php endforeach; ?>
+                    <?php if (empty($outlets)): ?>
+                        <tr>
+                            <td colspan="4" class="text-center py-4 text-muted">No outlets found.</td>
+                        </tr>
+                    <?php endif; ?>
                 </tbody>
             </table>
         </div>
@@ -88,25 +120,26 @@ include 'includes/header.php';
     </div>
 </div>
 
-<!-- Add Outlet Modal -->
+<!-- Outlet Modal -->
 <?php if (has_permission('outlets_add')): ?>
-<div class="modal fade" id="addOutletModal" tabindex="-1">
+<div class="modal fade" id="outletModal" tabindex="-1" aria-hidden="true">
     <div class="modal-dialog">
         <div class="modal-content">
-            <div class="modal-header">
-                <h5 class="modal-title">Add Outlet</h5>
-                <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
+            <div class="modal-header bg-primary text-white">
+                <h5 class="modal-title" id="outletModalTitle">Add New Outlet</h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
             </div>
-            <form method="POST">
+            <form method="POST" id="outletForm">
                 <div class="modal-body">
-                    <input type="hidden" name="action" value="add_outlet">
+                    <input type="hidden" name="action" id="outletAction" value="add_outlet">
+                    <input type="hidden" name="id" id="outletId">
                     <div class="mb-3">
-                        <label class="form-label">Name</label>
-                        <input type="text" name="name" class="form-control" required>
+                        <label class="form-label">Name <span class="text-danger">*</span></label>
+                        <input type="text" name="name" id="outletName" class="form-control" required>
                     </div>
                     <div class="mb-3">
                         <label class="form-label">Address</label>
-                        <textarea name="address" class="form-control" rows="2"></textarea>
+                        <textarea name="address" id="outletAddress" class="form-control" rows="3"></textarea>
                     </div>
                 </div>
                 <div class="modal-footer">
@@ -117,6 +150,24 @@ include 'includes/header.php';
         </div>
     </div>
 </div>
+
+<script>
+function prepareAddForm() {
+    document.getElementById('outletModalTitle').innerText = 'Add New Outlet';
+    document.getElementById('outletAction').value = 'add_outlet';
+    document.getElementById('outletForm').reset();
+    document.getElementById('outletId').value = '';
+}
+
+function prepareEditForm(outlet) {
+    if (!outlet) return;
+    document.getElementById('outletModalTitle').innerText = 'Edit Outlet';
+    document.getElementById('outletAction').value = 'edit_outlet';
+    document.getElementById('outletId').value = outlet.id;
+    document.getElementById('outletName').value = outlet.name || '';
+    document.getElementById('outletAddress').value = outlet.address || '';
+}
+</script>
 <?php endif; ?>
 
 <?php include 'includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/payment_type_edit.php b/admin/payment_type_edit.php
deleted file mode 100644
index 542f2ad..0000000
--- a/admin/payment_type_edit.php
+++ /dev/null
@@ -1,85 +0,0 @@
-<?php
-require_once __DIR__ . '/../db/config.php';
-$pdo = db();
-
-$id = $_GET['id'] ?? null;
-$pt = [
-    'name' => '',
-    'type' => 'cash',
-    'api_provider' => '',
-    'is_active' => 1
-];
-
-if ($id) {
-    $stmt = $pdo->prepare("SELECT * FROM payment_types WHERE id = ?");
-    $stmt->execute([$id]);
-    $existing = $stmt->fetch(PDO::FETCH_ASSOC);
-    if ($existing) {
-        $pt = $existing;
-    } else {
-        header("Location: payment_types.php");
-        exit;
-    }
-}
-
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $name = $_POST['name'];
-    $type = $_POST['type'];
-    $api_provider = $_POST['api_provider'] ?: null;
-    $is_active = isset($_POST['is_active']) ? 1 : 0;
-
-    if ($id) {
-        $stmt = $pdo->prepare("UPDATE payment_types SET name = ?, type = ?, api_provider = ?, is_active = ? WHERE id = ?");
-        $stmt->execute([$name, $type, $api_provider, $is_active, $id]);
-    } else {
-        $stmt = $pdo->prepare("INSERT INTO payment_types (name, type, api_provider, is_active) VALUES (?, ?, ?, ?)");
-        $stmt->execute([$name, $type, $api_provider, $is_active]);
-    }
-
-    header("Location: payment_types.php?msg=saved");
-    exit;
-}
-
-require_once __DIR__ . '/includes/header.php';
-?>
-
-<div class="container-fluid">
-    <div class="d-flex justify-content-between align-items-center mb-4">
-        <h2 class="h3 mb-0 text-gray-800"><?= $id ? 'Edit' : 'Add' ?> Payment Type</h2>
-    </div>
-
-    <div class="card shadow mb-4">
-        <div class="card-body">
-            <form method="POST">
-                <div class="mb-3">
-                    <label for="name" class="form-label">Name</label>
-                    <input type="text" class="form-control" id="name" name="name" value="<?= htmlspecialchars($pt['name']) ?>" required>
-                </div>
-                <div class="mb-3">
-                    <label for="type" class="form-label">Type</label>
-                    <select class="form-select" id="type" name="type" required>
-                        <option value="cash" <?= $pt['type'] == 'cash' ? 'selected' : '' ?>>Cash</option>
-                        <option value="card" <?= $pt['type'] == 'card' ? 'selected' : '' ?>>Card</option>
-                        <option value="api" <?= $pt['type'] == 'api' ? 'selected' : '' ?>>API Integration</option>
-                    </select>
-                </div>
-                <div class="mb-3">
-                    <label for="api_provider" class="form-label">API Provider (if Type is API)</label>
-                    <select class="form-select" id="api_provider" name="api_provider">
-                        <option value="">None</option>
-                        <option value="thawani" <?= $pt['api_provider'] == 'thawani' ? 'selected' : '' ?>>Thawani</option>
-                        <option value="wablas" <?= $pt['api_provider'] == 'wablas' ? 'selected' : '' ?>>Wablas (WhatsApp)</option>
-                    </select>
-                </div>
-                <div class="mb-3 form-check">
-                    <input type="checkbox" class="form-check-input" id="is_active" name="is_active" <?= $pt['is_active'] ? 'checked' : '' ?>>
-                    <label class="form-check-label" for="is_active">Active</label>
-                </div>
-                <button type="submit" class="btn btn-primary">Save Changes</button>
-                <a href="payment_types.php" class="btn btn-secondary">Cancel</a>
-            </form>
-        </div>
-    </div>
-</div>
-
-<?php require_once __DIR__ . '/includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/payment_types.php b/admin/payment_types.php
index 8ac79ab..b04d81b 100644
--- a/admin/payment_types.php
+++ b/admin/payment_types.php
@@ -6,100 +6,200 @@ $pdo = db();
 
 $message = '';
 
-// Handle Delete
-if (isset($_GET['delete_id'])) {
-    if (!has_permission('payment_types_del')) {
-        $message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to delete payment types.</div>';
+// Handle Add/Edit Payment Type
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
+    $action = $_POST['action'];
+    $name = trim($_POST['name']);
+    $code = trim($_POST['code']);
+    $is_active = isset($_POST['is_active']) ? 1 : 0;
+    $id = isset($_POST['id']) ? (int)$_POST['id'] : null;
+
+    if (empty($name) || empty($code)) {
+        $message = '<div class="alert alert-danger">Name and code are required.</div>';
     } else {
-        $stmt = $pdo->prepare("DELETE FROM payment_types WHERE id = ?");
-        $stmt->execute([$_GET['delete_id']]);
-        header("Location: payment_types.php?msg=deleted");
+        try {
+            if ($action === 'edit_payment_type' && $id) {
+                if (!has_permission('payment_types_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("UPDATE payment_types SET name = ?, code = ?, is_active = ? WHERE id = ?");
+                    $stmt->execute([$name, $code, $is_active, $id]);
+                    $message = '<div class="alert alert-success">Payment type updated successfully!</div>';
+                }
+            } elseif ($action === 'add_payment_type') {
+                if (!has_permission('payment_types_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("INSERT INTO payment_types (name, code, is_active) VALUES (?, ?, ?)");
+                    $stmt->execute([$name, $code, $is_active]);
+                    $message = '<div class="alert alert-success">Payment type created successfully!</div>';
+                }
+            }
+        } catch (PDOException $e) {
+            if ($e->getCode() == 23000) {
+                $message = '<div class="alert alert-danger">Code already exists.</div>';
+            } else {
+                $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
+            }
+        }
+    }
+}
+
+// Handle Delete
+if (isset($_GET['delete'])) {
+    if (!has_permission('payment_types_del')) {
+        $message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete payment types.</div>';
+    } else {
+        $id = $_GET['delete'];
+        $pdo->prepare("DELETE FROM payment_types WHERE id = ?")->execute([$id]);
+        header("Location: payment_types.php");
         exit;
     }
 }
 
-// Fetch Payment Types
-$stmt = $pdo->query("SELECT * FROM payment_types ORDER BY id DESC");
-$paymentTypes = $stmt->fetchAll(PDO::FETCH_ASSOC);
+$query = "SELECT * FROM payment_types ORDER BY id ASC";
+$payments_pagination = paginate_query($pdo, $query);
+$payment_types = $payments_pagination['data'];
 
-require_once __DIR__ . '/includes/header.php';
+include 'includes/header.php';
 ?>
 
-<div class="container-fluid">
-    <div class="d-flex justify-content-between align-items-center mb-4">
-        <h2 class="h3 mb-0 text-gray-800">Payment Types</h2>
-        <?php if (has_permission('payment_types_add')): ?>
-        <a href="payment_type_edit.php" class="btn btn-primary">
-            <i class="bi bi-plus-lg me-2"></i>Add Payment Type
-        </a>
-        <?php endif; ?>
-    </div>
-
-    <?= $message ?>
-
-    <?php if (isset($_GET['msg']) && $_GET['msg'] == 'deleted'): ?>
-        <div class="alert alert-success alert-dismissible fade show" role="alert">
-            Payment Type deleted successfully.
-            <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
-        </div>
+<div class="d-flex justify-content-between align-items-center mb-4">
+    <h2 class="fw-bold mb-0">Payment Types</h2>
+    <?php if (has_permission('payment_types_add')): ?>
+    <button class="btn btn-primary" onclick="openAddModal()">
+        <i class="bi bi-plus-lg"></i> Add Payment Type
+    </button>
     <?php endif; ?>
+</div>
 
-    <div class="card shadow mb-4">
-        <div class="card-body">
-            <div class="table-responsive">
-                <table class="table table-hover align-middle">
-                    <thead class="table-light">
+<?= $message ?>
+
+<div class="card border-0 shadow-sm">
+    <div class="card-body p-0">
+        <!-- Pagination Controls -->
+        <div class="p-3 border-bottom bg-light">
+             <?php render_pagination_controls($payments_pagination); ?>
+        </div>
+        <div class="table-responsive">
+            <table class="table table-hover align-middle mb-0">
+                <thead class="bg-light">
+                    <tr>
+                        <th class="ps-4">ID</th>
+                        <th>Name</th>
+                        <th>Code</th>
+                        <th>Status</th>
+                        <th class="text-end pe-4">Actions</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php foreach ($payment_types as $type): ?>
+                    <tr>
+                        <td class="ps-4 fw-medium">#<?= $type['id'] ?></td>
+                        <td class="fw-bold"><?= htmlspecialchars($type['name']) ?></td>
+                        <td><code><?= htmlspecialchars($type['code']) ?></code></td>
+                        <td>
+                            <?php if ($type['is_active']): ?>
+                                <span class="badge bg-success-subtle text-success px-3">Active</span>
+                            <?php else: ?>
+                                <span class="badge bg-secondary-subtle text-secondary px-3">Inactive</span>
+                            <?php endif; ?>
+                        </td>
+                        <td class="text-end pe-4">
+                            <?php if (has_permission('payment_types_add')): ?>
+                            <button type="button" class="btn btn-sm btn-outline-primary me-1" 
+                                    onclick='openEditModal(<?= htmlspecialchars(json_encode($type), ENT_QUOTES, "UTF-8") ?>)' title="Edit"><i class="bi bi-pencil"></i></button>
+                            <?php endif; ?>
+                            
+                            <?php if (has_permission('payment_types_del')): ?>
+                            <a href="?delete=<?= $type['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this payment type?')"><i class="bi bi-trash"></i></a>
+                            <?php endif; ?>
+                        </td>
+                    </tr>
+                    <?php endforeach; ?>
+                    <?php if (empty($payment_types)): ?>
                         <tr>
-                            <th>ID</th>
-                            <th>Name</th>
-                            <th>Type</th>
-                            <th>Provider</th>
-                            <th>Status</th>
-                            <th class="text-end">Actions</th>
+                            <td colspan="5" class="text-center py-4 text-muted">No payment types found.</td>
                         </tr>
-                    </thead>
-                    <tbody>
-                        <?php if (empty($paymentTypes)): ?>
-                            <tr><td colspan="6" class="text-center py-4">No payment types found.</td></tr>
-                        <?php else: ?>
-                            <?php foreach ($paymentTypes as $pt): ?>
-                                <tr>
-                                    <td><?= $pt['id'] ?></td>
-                                    <td class="fw-medium"><?= htmlspecialchars($pt['name']) ?></td>
-                                    <td>
-                                        <span class="badge bg-secondary"><?= htmlspecialchars(ucfirst($pt['type'])) ?></span>
-                                    </td>
-                                    <td><?= htmlspecialchars($pt['api_provider'] ?? '-') ?></td>
-                                    <td>
-                                        <?php if ($pt['is_active']): ?>
-                                            <span class="badge bg-success">Active</span>
-                                        <?php else: ?>
-                                            <span class="badge bg-danger">Inactive</span>
-                                        <?php endif; ?>
-                                    </td>
-                                    <td class="text-end">
-                                        <?php if (has_permission('payment_types_add')): ?>
-                                        <a href="payment_type_edit.php?id=<?= $pt['id'] ?>" class="btn btn-sm btn-outline-primary me-1">
-                                            <i class="bi bi-pencil"></i>
-                                        </a>
-                                        <?php endif; ?>
-                                        
-                                        <?php if (has_permission('payment_types_del')): ?>
-                                        <a href="payment_types.php?delete_id=<?= $pt['id'] ?>" 
-                                           class="btn btn-sm btn-outline-danger"
-                                           onclick="return confirm('Are you sure you want to delete this payment type?');">
-                                            <i class="bi bi-trash"></i>
-                                        </a>
-                                        <?php endif; ?>
-                                    </td>
-                                </tr>
-                            <?php endforeach; ?>
-                        <?php endif; ?>
-                    </tbody>
-                </table>
-            </div>
+                    <?php endif; ?>
+                </tbody>
+            </table>
+        </div>
+        <!-- Bottom Pagination -->
+        <div class="p-3 border-top bg-light">
+             <?php render_pagination_controls($payments_pagination); ?>
         </div>
     </div>
 </div>
 
-<?php require_once __DIR__ . '/includes/footer.php'; ?>
\ No newline at end of file
+<!-- Payment Type Modal -->
+<?php if (has_permission('payment_types_add')): ?>
+<div class="modal fade" id="paymentTypeModal" tabindex="-1" aria-hidden="true">
+    <div class="modal-dialog">
+        <div class="modal-content">
+            <div class="modal-header bg-primary text-white">
+                <h5 class="modal-title" id="paymentTypeModalTitle">Add New Payment Type</h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
+            </div>
+            <form method="POST" id="paymentTypeForm">
+                <div class="modal-body">
+                    <input type="hidden" name="action" id="paymentTypeAction" value="add_payment_type">
+                    <input type="hidden" name="id" id="paymentTypeId">
+                    <div class="mb-3">
+                        <label class="form-label">Name <span class="text-danger">*</span></label>
+                        <input type="text" name="name" id="paymentTypeName" class="form-control" required placeholder="e.g. Cash, Credit Card">
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label">Code <span class="text-danger">*</span></label>
+                        <input type="text" name="code" id="paymentTypeCode" class="form-control" required placeholder="e.g. cash, card, loyalty">
+                    </div>
+                    <div class="mb-3 form-check form-switch">
+                        <input class="form-check-input" type="checkbox" name="is_active" id="paymentTypeIsActive" checked>
+                        <label class="form-check-label" for="paymentTypeIsActive">Is Active</label>
+                    </div>
+                </div>
+                <div class="modal-footer">
+                    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
+                    <button type="submit" class="btn btn-primary">Save Payment Type</button>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+
+<script>
+function getPaymentTypeModal() {
+    if (typeof bootstrap === 'undefined') return null;
+    const el = document.getElementById('paymentTypeModal');
+    return el ? bootstrap.Modal.getOrCreateInstance(el) : null;
+}
+
+function openAddModal() {
+    const modal = getPaymentTypeModal();
+    if (!modal) return;
+    
+    document.getElementById('paymentTypeModalTitle').innerText = 'Add New Payment Type';
+    document.getElementById('paymentTypeAction').value = 'add_payment_type';
+    document.getElementById('paymentTypeForm').reset();
+    document.getElementById('paymentTypeId').value = '';
+    modal.show();
+}
+
+function openEditModal(type) {
+    if (!type) return;
+    const modal = getPaymentTypeModal();
+    if (!modal) return;
+    
+    document.getElementById('paymentTypeModalTitle').innerText = 'Edit Payment Type';
+    document.getElementById('paymentTypeAction').value = 'edit_payment_type';
+    document.getElementById('paymentTypeId').value = type.id;
+    document.getElementById('paymentTypeName').value = type.name || '';
+    document.getElementById('paymentTypeCode').value = type.code || '';
+    document.getElementById('paymentTypeIsActive').checked = type.is_active == 1;
+    
+    modal.show();
+}
+</script>
+<?php endif; ?>
+
+<?php include 'includes/footer.php'; ?>
diff --git a/admin/product_edit.php b/admin/product_edit.php
deleted file mode 100644
index d19a4f6..0000000
--- a/admin/product_edit.php
+++ /dev/null
@@ -1,178 +0,0 @@
-<?php
-require_once __DIR__ . '/../db/config.php';
-require_once __DIR__ . '/../includes/functions.php';
-
-$pdo = db();
-require_permission('products_add'); // Assuming edit requires same permission as add
-
-if (!isset($_GET['id'])) {
-    header("Location: products.php");
-    exit;
-}
-
-$id = $_GET['id'];
-$message = '';
-
-// Fetch Product
-$stmt = $pdo->prepare("SELECT * FROM products WHERE id = ?");
-$stmt->execute([$id]);
-$product = $stmt->fetch();
-
-if (!$product) {
-    header("Location: products.php");
-    exit;
-}
-
-// Handle Update
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $name = $_POST['name'];
-    $category_id = $_POST['category_id'];
-    $price = $_POST['price'];
-    $cost_price = $_POST['cost_price'] ?: 0;
-    $stock_quantity = $_POST['stock_quantity'] ?: 0;
-    $description = $_POST['description'];
-    $image_url = $product['image_url']; // Default to existing
-    
-    // Promo fields
-    $promo_discount_percent = $_POST['promo_discount_percent'] !== '' ? $_POST['promo_discount_percent'] : null;
-    $promo_date_from = $_POST['promo_date_from'] !== '' ? $_POST['promo_date_from'] : null;
-    $promo_date_to = $_POST['promo_date_to'] !== '' ? $_POST['promo_date_to'] : null;
-
-    // Image handling
-    if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
-        $uploadDir = __DIR__ . '/../assets/images/products/';
-        if (!is_dir($uploadDir)) {
-            mkdir($uploadDir, 0755, true);
-        }
-        
-        $fileInfo = pathinfo($_FILES['image']['name']);
-        $fileExt = strtolower($fileInfo['extension']);
-        $allowedExts = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
-        
-        if (in_array($fileExt, $allowedExts)) {
-            $fileName = uniqid('prod_') . '.' . $fileExt;
-            $targetFile = $uploadDir . $fileName;
-            
-            if (move_uploaded_file($_FILES['image']['tmp_name'], $targetFile)) {
-                $image_url = 'assets/images/products/' . $fileName;
-            } else {
-                $message = '<div class="alert alert-danger">Failed to upload image.</div>';
-            }
-        } else {
-            $message = '<div class="alert alert-danger">Invalid file type. Allowed: jpg, png, gif, webp.</div>';
-        }
-    }
-
-    if (empty($message)) {
-        $stmt = $pdo->prepare("UPDATE products SET name = ?, category_id = ?, price = ?, cost_price = ?, stock_quantity = ?, description = ?, image_url = ?, promo_discount_percent = ?, promo_date_from = ?, promo_date_to = ? WHERE id = ?");
-        if ($stmt->execute([$name, $category_id, $price, $cost_price, $stock_quantity, $description, $image_url, $promo_discount_percent, $promo_date_from, $promo_date_to, $id])) {
-            $message = '<div class="alert alert-success">Product updated successfully!</div>';
-            // Refresh product data
-            $stmt = $pdo->prepare("SELECT * FROM products WHERE id = ?");
-            $stmt->execute([$id]);
-            $product = $stmt->fetch();
-        } else {
-            $message = '<div class="alert alert-danger">Error updating product.</div>';
-        }
-    }
-}
-
-// Fetch Categories
-$categories = $pdo->query("SELECT * FROM categories ORDER BY name")->fetchAll();
-
-include 'includes/header.php';
-?>
-
-<div class="mb-4">
-    <a href="products.php" class="text-decoration-none text-muted mb-2 d-inline-block"><i class="bi bi-arrow-left"></i> Back to Products</a>
-    <h2 class="fw-bold mb-0">Edit Product: <?= htmlspecialchars($product['name']) ?></h2>
-</div>
-
-<?= $message ?>
-
-<div class="card border-0 shadow-sm">
-    <div class="card-body">
-        <form method="POST" enctype="multipart/form-data">
-            <div class="row">
-                <div class="col-md-8">
-                    <div class="mb-3">
-                        <label class="form-label text-muted small fw-bold">PRODUCT NAME</label>
-                        <input type="text" name="name" class="form-control" value="<?= htmlspecialchars($product['name']) ?>" required>
-                    </div>
-                    <div class="row g-3">
-                        <div class="col-md-6 mb-3">
-                            <label class="form-label text-muted small fw-bold">CATEGORY</label>
-                            <select name="category_id" class="form-select" required>
-                                <?php foreach ($categories as $cat): ?>
-                                    <option value="<?= $cat['id'] ?>" <?= $cat['id'] == $product['category_id'] ? 'selected' : '' ?>>
-                                        <?= htmlspecialchars($cat['name']) ?>
-                                    </option>
-                                <?php endforeach; ?>
-                            </select>
-                        </div>
-                        <div class="col-md-6 mb-3">
-                            <label class="form-label text-muted small fw-bold">SELLING PRICE ($)</label>
-                            <input type="number" step="0.01" name="price" class="form-control" value="<?= htmlspecialchars($product['price']) ?>" required>
-                        </div>
-                    </div>
-                    <div class="row g-3">
-                        <div class="col-md-6 mb-3">
-                            <label class="form-label text-muted small fw-bold">COST PRICE ($)</label>
-                            <input type="number" step="0.01" name="cost_price" class="form-control" value="<?= htmlspecialchars($product['cost_price'] ?? '0.00') ?>">
-                        </div>
-                        <div class="col-md-6 mb-3">
-                            <label class="form-label text-muted small fw-bold">STOCK QUANTITY</label>
-                            <input type="number" name="stock_quantity" class="form-control" value="<?= htmlspecialchars($product['stock_quantity'] ?? '0') ?>">
-                        </div>
-                    </div>
-                    
-                    <div class="card bg-light border-0 mb-3">
-                        <div class="card-body">
-                            <h5 class="fw-bold mb-3"><i class="bi bi-tag-fill me-2 text-primary"></i>Promotion Settings</h5>
-                            <div class="row">
-                                <div class="col-md-4 mb-3">
-                                    <label class="form-label small fw-bold text-muted">DISCOUNT PERCENT (%)</label>
-                                    <input type="number" step="0.01" name="promo_discount_percent" class="form-control" value="<?= htmlspecialchars($product['promo_discount_percent'] ?? '') ?>" placeholder="e.g. 10.00">
-                                </div>
-                                <div class="col-md-4 mb-3">
-                                    <label class="form-label small fw-bold text-muted">START DATE</label>
-                                    <input type="date" name="promo_date_from" class="form-control" value="<?= htmlspecialchars($product['promo_date_from'] ?? '') ?>">
-                                </div>
-                                <div class="col-md-4 mb-3">
-                                    <label class="form-label small fw-bold text-muted">END DATE</label>
-                                    <input type="date" name="promo_date_to" class="form-control" value="<?= htmlspecialchars($product['promo_date_to'] ?? '') ?>">
-                                </div>
-                            </div>
-                            <div class="form-text mt-0">If active, this discount will be automatically applied to the regular price.</div>
-                        </div>
-                    </div>
-
-                    <div class="mb-3">
-                        <label class="form-label text-muted small fw-bold">DESCRIPTION</label>
-                        <textarea name="description" class="form-control" rows="5"><?= htmlspecialchars($product['description']) ?></textarea>
-                    </div>
-                </div>
-                <div class="col-md-4">
-                    <div class="mb-3">
-                        <label class="form-label text-muted small fw-bold">CURRENT IMAGE</label>
-                        <div class="mb-2">
-                            <img src="<?= htmlspecialchars(strpos($product['image_url'], 'http') === 0 ? $product['image_url'] : '../' . $product['image_url']) ?>" class="img-fluid rounded border" alt="Product Image">
-                        </div>
-                    </div>
-                    <div class="mb-3">
-                        <label class="form-label text-muted small fw-bold">UPLOAD NEW IMAGE</label>
-                        <input type="file" name="image" class="form-control" accept="image/*">
-                        <div class="form-text">Leave empty to keep current image.</div>
-                    </div>
-                </div>
-            </div>
-            <hr>
-            <div class="d-flex justify-content-end gap-2">
-                <a href="products.php" class="btn btn-secondary">Cancel</a>
-                <button type="submit" class="btn btn-primary">Save Changes</button>
-            </div>
-        </form>
-    </div>
-</div>
-
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/products.php b/admin/products.php
index 3a6e860..f73280a 100644
--- a/admin/products.php
+++ b/admin/products.php
@@ -7,58 +7,71 @@ require_permission('products_view');
 
 $message = '';
 
-// Handle Add Product
-if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_product') {
-    if (!has_permission('products_add')) {
-        $message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to add products.</div>';
+// Handle Add/Edit Product
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
+    $action = $_POST['action'];
+    $id = isset($_POST['id']) ? (int)$_POST['id'] : null;
+    $name = $_POST['name'];
+    $category_id = $_POST['category_id'];
+    $price = $_POST['price'];
+    $cost_price = $_POST['cost_price'] ?: 0;
+    $stock_quantity = $_POST['stock_quantity'] ?: 0;
+    $description = $_POST['description'];
+    
+    $promo_discount_percent = $_POST['promo_discount_percent'] !== '' ? $_POST['promo_discount_percent'] : null;
+    $promo_date_from = $_POST['promo_date_from'] !== '' ? $_POST['promo_date_from'] : null;
+    $promo_date_to = $_POST['promo_date_to'] !== '' ? $_POST['promo_date_to'] : null;
+
+    $image_url = null;
+    if ($id) {
+        $stmt = $pdo->prepare("SELECT image_url FROM products WHERE id = ?");
+        $stmt->execute([$id]);
+        $image_url = $stmt->fetchColumn();
     } else {
-        $name = $_POST['name'];
-        $category_id = $_POST['category_id'];
-        $price = $_POST['price'];
-        $cost_price = $_POST['cost_price'] ?: 0;
-        $stock_quantity = $_POST['stock_quantity'] ?: 0;
-        $description = $_POST['description'];
-        
-        $promo_discount_percent = $_POST['promo_discount_percent'] !== '' ? $_POST['promo_discount_percent'] : null;
-        $promo_date_from = $_POST['promo_date_from'] !== '' ? $_POST['promo_date_from'] : null;
-        $promo_date_to = $_POST['promo_date_to'] !== '' ? $_POST['promo_date_to'] : null;
-
-        // Image handling
         $image_url = 'https://placehold.co/400x300?text=' . urlencode($name);
-        
-        if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
-            $uploadDir = __DIR__ . '/../assets/images/products/';
-            if (!is_dir($uploadDir)) {
-                mkdir($uploadDir, 0755, true);
-            }
-            
-            $fileInfo = pathinfo($_FILES['image']['name']);
-            $fileExt = strtolower($fileInfo['extension']);
-            $allowedExts = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
-            
-            if (in_array($fileExt, $allowedExts)) {
-                $fileName = uniqid('prod_') . '.' . $fileExt;
-                $targetFile = $uploadDir . $fileName;
-                
-                if (move_uploaded_file($_FILES['image']['tmp_name'], $targetFile)) {
-                    $image_url = 'assets/images/products/' . $fileName;
-                }
-            }
-        }
+    }
 
-        $stmt = $pdo->prepare("INSERT INTO products (name, category_id, price, cost_price, stock_quantity, description, image_url, promo_discount_percent, promo_date_from, promo_date_to) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
-        if ($stmt->execute([$name, $category_id, $price, $cost_price, $stock_quantity, $description, $image_url, $promo_discount_percent, $promo_date_from, $promo_date_to])) {
-            $message = '<div class="alert alert-success border-0 shadow-sm rounded-3"><i class="bi bi-check-circle-fill me-2"></i>Product added successfully!</div>';
-        } else {
-            $message = '<div class="alert alert-danger border-0 shadow-sm rounded-3"><i class="bi bi-exclamation-triangle-fill me-2"></i>Error adding product.</div>';
+    if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
+        $uploadDir = __DIR__ . '/../assets/images/products/';
+        if (!is_dir($uploadDir)) mkdir($uploadDir, 0755, true);
+        
+        $file_ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
+        if (in_array($file_ext, ['jpg', 'jpeg', 'png', 'gif', 'webp'])) {
+            $fileName = uniqid('prod_') . '.' . $file_ext;
+            if (move_uploaded_file($_FILES['image']['tmp_name'], $uploadDir . $fileName)) {
+                $image_url = 'assets/images/products/' . $fileName;
+            }
         }
     }
+
+    try {
+        if ($action === 'edit_product' && $id) {
+            // Check for edit OR add (for backward compatibility)
+            if (!has_permission('products_edit') && !has_permission('products_add')) {
+                $message = '<div class="alert alert-danger">Access Denied: You do not have permission to edit products.</div>';
+            } else {
+                $stmt = $pdo->prepare("UPDATE products SET name = ?, category_id = ?, price = ?, cost_price = ?, stock_quantity = ?, description = ?, image_url = ?, promo_discount_percent = ?, promo_date_from = ?, promo_date_to = ? WHERE id = ?");
+                $stmt->execute([$name, $category_id, $price, $cost_price, $stock_quantity, $description, $image_url, $promo_discount_percent, $promo_date_from, $promo_date_to, $id]);
+                $message = '<div class="alert alert-success">Product updated successfully!</div>';
+            }
+        } elseif ($action === 'add_product') {
+            if (!has_permission('products_add')) {
+                $message = '<div class="alert alert-danger">Access Denied: You do not have permission to add products.</div>';
+            } else {
+                $stmt = $pdo->prepare("INSERT INTO products (name, category_id, price, cost_price, stock_quantity, description, image_url, promo_discount_percent, promo_date_from, promo_date_to) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
+                $stmt->execute([$name, $category_id, $price, $cost_price, $stock_quantity, $description, $image_url, $promo_discount_percent, $promo_date_from, $promo_date_to]);
+                $message = '<div class="alert alert-success">Product created successfully!</div>';
+            }
+        }
+    } catch (PDOException $e) {
+        $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
+    }
 }
 
 // Handle Delete
 if (isset($_GET['delete'])) {
     if (!has_permission('products_del')) {
-        $message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to delete products.</div>';
+        $message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete products.</div>';
     } else {
         $id = $_GET['delete'];
         $pdo->prepare("DELETE FROM products WHERE id = ?")->execute([$id]);
@@ -67,13 +80,10 @@ if (isset($_GET['delete'])) {
     }
 }
 
-// Fetch Categories for Dropdown (moved up for filter usage)
 $categories = $pdo->query("SELECT * FROM categories ORDER BY name")->fetchAll();
 
-// Handle Search and Filter
 $search = $_GET['search'] ?? '';
 $category_filter = $_GET['category_filter'] ?? '';
-
 $params = [];
 $where = [];
 
@@ -92,10 +102,7 @@ if ($category_filter) {
     $params[] = $category_filter;
 }
 
-if (!empty($where)) {
-    $query .= " WHERE " . implode(" AND ", $where);
-}
-
+if (!empty($where)) $query .= " WHERE " . implode(" AND ", $where);
 $query .= " ORDER BY p.id DESC";
     
 $products_pagination = paginate_query($pdo, $query, $params);
@@ -106,11 +113,11 @@ include 'includes/header.php';
 
 <div class="d-flex justify-content-between align-items-center mb-4">
     <div>
-        <h2 class="fw-bold mb-1 text-dark">Products</h2>
-        <p class="text-muted mb-0">Manage your catalog</p>
+        <h2 class="fw-bold mb-1">Products Catalog</h2>
+        <p class="text-muted mb-0">Manage items, stock, and pricing</p>
     </div>
     <?php if (has_permission('products_add')): ?>
-    <button class="btn btn-primary btn-lg shadow-sm" data-bs-toggle="modal" data-bs-target="#addProductModal" style="border-radius: 10px; padding: 0.6rem 1.2rem;">
+    <button class="btn btn-primary btn-lg shadow-sm" data-bs-toggle="modal" data-bs-target="#productModal" onclick="prepareAddForm()" style="border-radius: 12px;">
         <i class="bi bi-plus-lg me-1"></i> Add Product
     </button>
     <?php endif; ?>
@@ -118,229 +125,240 @@ include 'includes/header.php';
 
 <?= $message ?>
 
-<!-- Filter & Search Bar -->
-<div class="filter-bar">
+<div class="filter-bar mb-4 p-3 bg-white rounded-4 shadow-sm">
     <form method="GET" class="row g-3 align-items-center">
         <div class="col-md-5">
             <div class="input-group">
-                <span class="input-group-text bg-white border-end-0 text-muted ps-3" style="border-radius: 10px 0 0 10px;"><i class="bi bi-search"></i></span>
-                <input type="text" name="search" class="form-control border-start-0 ps-0" placeholder="Search by name, description..." value="<?= htmlspecialchars($search) ?>" style="border-radius: 0 10px 10px 0;">
+                <span class="input-group-text bg-light border-0 text-muted"><i class="bi bi-search"></i></span>
+                <input type="text" name="search" class="form-control border-0 bg-light" placeholder="Search products..." value="<?= htmlspecialchars($search) ?>" style="border-radius: 0 10px 10px 0;">
             </div>
         </div>
         <div class="col-md-3">
-            <select name="category_filter" class="form-select" onchange="this.form.submit()" style="border-radius: 10px;">
+            <select name="category_filter" class="form-select border-0 bg-light rounded-3" onchange="this.form.submit()">
                 <option value="">All Categories</option>
                 <?php foreach ($categories as $cat): ?>
                     <option value="<?= $cat['id'] ?>" <?= $category_filter == $cat['id'] ? 'selected' : '' ?>><?= htmlspecialchars($cat['name']) ?></option>
                 <?php endforeach; ?>
             </select>
         </div>
-        <div class="col-md-4 text-md-end">
-            <?php if ($search || $category_filter): ?>
-                <a href="products.php" class="btn btn-light text-muted" style="border-radius: 10px;"><i class="bi bi-x-circle me-1"></i> Clear Filters</a>
-            <?php endif; ?>
-        </div>
     </form>
 </div>
 
-<!-- Friendly Product List -->
 <?php if (empty($products)): ?>
-    <div class="text-center py-5 bg-white rounded-3 shadow-sm">
-        <div class="mb-3 text-muted display-1"><i class="bi bi-box-seam"></i></div>
+    <div class="text-center py-5 bg-white rounded-4 shadow-sm">
+        <i class="bi bi-box-seam display-1 text-muted opacity-25 mb-3 d-block"></i>
         <h4 class="text-dark">No products found</h4>
-        <p class="text-muted">Try adjusting your search or filters.</p>
-        <?php if ($search || $category_filter): ?>
-            <a href="products.php" class="btn btn-outline-primary rounded-pill px-4">Clear All Filters</a>
-        <?php endif; ?>
+        <p class="text-muted">Try adjusting your filters or search terms.</p>
     </div>
 <?php else: ?>
-    <div class="table-responsive" style="overflow-x: visible;">
-        <table class="friendly-table">
-            <thead>
-                <tr>
-                    <th>Product</th>
-                    <th>Category</th>
-                    <th>Stock</th>
-                    <th>Cost Price</th>
-                    <th>Selling Price</th>
-                    <th>Promotion</th>
-                    <th class="text-end">Actions</th>
-                </tr>
-            </thead>
-            <tbody>
-                <?php 
-                $today = date('Y-m-d');
-                foreach ($products as $product): 
-                    $is_promo_active = !empty($product['promo_discount_percent']) && 
-                                      !empty($product['promo_date_from']) && 
-                                      !empty($product['promo_date_to']) && 
-                                      $today >= $product['promo_date_from'] && 
-                                      $today <= $product['promo_date_to'];
-                    $stock = intval($product['stock_quantity'] ?? 0);
-                    $stock_class = $stock <= 5 ? 'text-danger fw-bold' : ($stock <= 20 ? 'text-warning' : 'text-success');
-                ?>
-                <tr>
-                    <td class="ps-4">
-                        <div class="d-flex align-items-center">
-                            <img src="<?= htmlspecialchars(strpos($product['image_url'], 'http') === 0 ? $product['image_url'] : '../' . $product['image_url']) ?>" alt="" class="img-thumb-lg me-3">
-                            <div>
-                                <div class="fw-bold text-dark mb-1" style="font-size: 1.05rem;"><?= htmlspecialchars($product['name']) ?></div>
-                                <div class="text-muted small text-truncate" style="max-width: 250px;"><?= htmlspecialchars($product['description'] ?? '') ?></div>
+    <div class="card border-0 shadow-sm rounded-4 overflow-hidden">
+        <div class="table-responsive">
+            <table class="table table-hover align-middle mb-0">
+                <thead class="bg-light">
+                    <tr>
+                        <th class="ps-4">Product</th>
+                        <th>Category</th>
+                        <th>Stock</th>
+                        <th>Price</th>
+                        <th>Promotion</th>
+                        <th class="text-end pe-4">Actions</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php 
+                    $today = date('Y-m-d');
+                    foreach ($products as $product): 
+                        $is_promo_active = !empty($product['promo_discount_percent']) && 
+                                          !empty($product['promo_date_from']) && 
+                                          !empty($product['promo_date_to']) && 
+                                          $today >= $product['promo_date_from'] && 
+                                          $today <= $product['promo_date_to'];
+                    ?>
+                    <tr>
+                        <td class="ps-4">
+                            <div class="d-flex align-items-center">
+                                <img src="<?= htmlspecialchars(strpos($product['image_url'], 'http') === 0 ? $product['image_url'] : '../' . $product['image_url']) ?>" alt="" class="rounded-3 me-3 border shadow-sm" style="width: 48px; height: 48px; object-fit: cover;">
+                                <div>
+                                    <div class="fw-bold text-dark"><?= htmlspecialchars($product['name']) ?></div>
+                                    <div class="text-muted small text-truncate" style="max-width: 180px;"><?= htmlspecialchars($product['description'] ?? '') ?></div>
+                                </div>
                             </div>
-                        </div>
-                    </td>
-                    <td>
-                        <span class="badge-soft"><?= htmlspecialchars($product['category_name'] ?? 'Uncategorized') ?></span>
-                    </td>
-                    <td>
-                        <span class="<?= $stock_class ?>"><?= $stock ?></span>
-                    </td>
-                    <td>
-                        <span class="text-muted"><?= format_currency($product['cost_price'] ?? 0) ?></span>
-                    </td>
-                    <td>
-                        <?php if ($is_promo_active): ?>
-                            <?php 
-                            $discounted_price = $product['price'] * (1 - ($product['promo_discount_percent'] / 100));
-                            ?>
-                            <div class="text-price fs-5"><?= format_currency($discounted_price) ?></div>
-                            <div class="text-muted small text-decoration-line-through"><?= format_currency($product['price']) ?></div>
-                        <?php else: ?>
-                            <span class="text-price fs-5"><?= format_currency($product['price']) ?></span>
-                        <?php endif; ?>
-                    </td>
-                    <td>
-                        <?php if ($is_promo_active): ?>
-                            <span class="badge bg-success rounded-pill">Active (-<?= floatval($product['promo_discount_percent']) ?>%)</span>
-                            <div class="small text-muted mt-1">Ends <?= $product['promo_date_to'] ?></div>
-                        <?php elseif (!empty($product['promo_discount_percent'])): ?>
-                            <?php if ($today < $product['promo_date_from']): ?>
-                                <span class="badge bg-info rounded-pill">Upcoming</span>
-                                <div class="small text-muted mt-1">Starts <?= $product['promo_date_from'] ?></div>
+                        </td>
+                        <td><span class="badge bg-light text-dark border px-2 py-1"><?= htmlspecialchars($product['category_name'] ?? 'Uncategorized') ?></span></td>
+                        <td>
+                            <?php $stock = (int)$product['stock_quantity']; ?>
+                            <span class="badge <?= $stock <= 5 ? 'bg-danger-subtle text-danger' : ($stock <= 20 ? 'bg-warning-subtle text-warning' : 'bg-success-subtle text-success') ?> px-2 py-1 border border-<?= $stock <= 5 ? 'danger' : ($stock <= 20 ? 'warning' : 'success') ?>">
+                                <?= $stock ?> in stock
+                            </span>
+                        </td>
+                        <td>
+                            <?php if ($is_promo_active): ?>
+                                <div class="fw-bold text-primary"><?= format_currency($product['price'] * (1 - ($product['promo_discount_percent'] / 100))) ?></div>
+                                <div class="text-muted small text-decoration-line-through"><?= format_currency($product['price']) ?></div>
                             <?php else: ?>
-                                <span class="badge bg-secondary rounded-pill">Expired</span>
+                                <div class="fw-bold text-dark"><?= format_currency($product['price']) ?></div>
                             <?php endif; ?>
-                        <?php else: ?>
-                            <span class="text-muted small">-</span>
-                        <?php endif; ?>
-                    </td>
-                    <td class="text-end pe-4">
-                        <div class="d-inline-flex gap-2">
-                            <?php if (has_permission('products_add')): ?>
-                            <a href="product_edit.php?id=<?= $product['id'] ?>" class="btn-icon-soft edit" title="Edit Product">
-                                <i class="bi bi-pencil-fill" style="font-size: 0.9rem;"></i>
-                            </a>
-                            <a href="product_variants.php?product_id=<?= $product['id'] ?>" class="btn-icon-soft" title="Manage Variants">
-                                <i class="bi bi-sliders" style="font-size: 0.9rem;"></i>
-                            </a>
+                        </td>
+                        <td>
+                            <?php if ($is_promo_active): ?>
+                                <span class="badge bg-success rounded-pill px-2">-<?= floatval($product['promo_discount_percent']) ?>%</span>
+                            <?php elseif (!empty($product['promo_discount_percent'])): ?>
+                                <span class="badge bg-secondary rounded-pill px-2">Inactive</span>
+                            <?php else: ?>
+                                <span class="text-muted small">-</span>
                             <?php endif; ?>
-                            
-                            <?php if (has_permission('products_del')): ?>
-                            <a href="?delete=<?= $product['id'] ?>" class="btn-icon-soft delete" onclick="return confirm('Are you sure you want to delete this product?')" title="Delete">
-                                <i class="bi bi-trash-fill" style="font-size: 0.9rem;"></i>
-                            </a>
-                            <?php endif; ?>
-                        </div>
-                    </td>
-                </tr>
-                <?php endforeach; ?>
-            </tbody>
-        </table>
-    </div>
-    
-    <!-- Pagination -->
-    <div class="mt-4">
-        <?php render_pagination_controls($products_pagination); ?>
+                        </td>
+                        <td class="text-end pe-4">
+                            <div class="d-inline-flex gap-2">
+                                <?php if (has_permission('products_edit') || has_permission('products_add')): ?>
+                                <button type="button" class="btn btn-sm btn-outline-primary rounded-pill px-3" 
+                                        data-bs-toggle="modal" data-bs-target="#productModal"
+                                        onclick='prepareEditForm(<?= htmlspecialchars(json_encode($product), ENT_QUOTES, "UTF-8") ?>)'>Edit</button>
+                                <?php endif; ?>
+                                
+                                <?php if (has_permission('products_del')): ?>
+                                <a href="?delete=<?= $product['id'] ?>" class="btn btn-sm btn-outline-danger rounded-pill px-3" onclick="return confirm('Delete this product? This action cannot be undone.')">Delete</a>
+                                <?php endif; ?>
+                            </div>
+                        </td>
+                    </tr>
+                    <?php endforeach; ?>
+                </tbody>
+            </table>
+        </div>
+        <div class="p-3 border-top bg-light">
+            <?php render_pagination_controls($products_pagination); ?>
+        </div>
     </div>
 <?php endif; ?>
 
-<!-- Add Product Modal -->
-<?php if (has_permission('products_add')): ?>
-<div class="modal fade" id="addProductModal" tabindex="-1">
-    <div class="modal-dialog modal-lg modal-dialog-centered">
-        <div class="modal-content border-0 shadow-lg" style="border-radius: 16px;">
-            <div class="modal-header border-bottom-0 pb-0">
-                <h5 class="modal-title fw-bold">Add New Product</h5>
-                <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
+<!-- Product Modal -->
+<?php if (has_permission('products_add') || has_permission('products_edit')): ?>
+<div class="modal fade" id="productModal" tabindex="-1" aria-hidden="true">
+    <div class="modal-dialog modal-lg">
+        <div class="modal-content border-0 shadow-lg rounded-4">
+            <div class="modal-header bg-primary text-white border-0 py-3">
+                <h5 class="modal-title fw-bold" id="productModalTitle">Add New Product</h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
             </div>
-            <form method="POST" enctype="multipart/form-data">
-                <div class="modal-body pt-4">
-                    <input type="hidden" name="action" value="add_product">
-                    <div class="row">
-                        <div class="col-md-7">
+            <form method="POST" id="productForm" enctype="multipart/form-data">
+                <div class="modal-body p-4">
+                    <input type="hidden" name="action" id="productAction" value="add_product">
+                    <input type="hidden" name="id" id="productId">
+                    
+                    <div class="row g-3 mb-4">
+                        <div class="col-md-8">
                             <div class="mb-3">
-                                <label class="form-label text-muted small fw-bold">PRODUCT NAME</label>
-                                <input type="text" name="name" class="form-control form-control-lg" placeholder="e.g. Cheese Burger" required style="border-radius: 10px;">
+                                <label class="form-label small fw-bold text-muted">PRODUCT NAME <span class="text-danger">*</span></label>
+                                <input type="text" name="name" id="productName" class="form-control rounded-3" required>
                             </div>
-                            <div class="row g-3 mb-3">
-                                <div class="col-md-6">
-                                    <label class="form-label text-muted small fw-bold">CATEGORY</label>
-                                    <select name="category_id" class="form-select" required style="border-radius: 10px;">
+                            <div class="row g-3">
+                                <div class="col-md-6 mb-3">
+                                    <label class="form-label small fw-bold text-muted">CATEGORY <span class="text-danger">*</span></label>
+                                    <select name="category_id" id="productCategoryId" class="form-select rounded-3" required>
                                         <?php foreach ($categories as $cat): ?>
                                             <option value="<?= $cat['id'] ?>"><?= htmlspecialchars($cat['name']) ?></option>
                                         <?php endforeach; ?>
                                     </select>
                                 </div>
-                                <div class="col-md-6">
-                                    <label class="form-label text-muted small fw-bold">SELLING PRICE ($)</label>
+                                <div class="col-md-6 mb-3">
+                                    <label class="form-label small fw-bold text-muted">SELLING PRICE <span class="text-danger">*</span></label>
                                     <div class="input-group">
-                                        <span class="input-group-text bg-light border-end-0" style="border-radius: 10px 0 0 10px;">$</span>
-                                        <input type="number" step="0.01" name="price" class="form-control border-start-0" placeholder="0.00" required style="border-radius: 0 10px 10px 0;">
+                                        <span class="input-group-text bg-light border-0"><?= get_company_settings()['currency_symbol'] ?></span>
+                                        <input type="number" step="0.01" name="price" id="productPrice" class="form-control rounded-3 border-0 bg-light" required>
                                     </div>
                                 </div>
                             </div>
-                            <div class="row g-3 mb-3">
-                                <div class="col-md-6">
-                                    <label class="form-label text-muted small fw-bold">COST PRICE ($)</label>
-                                    <div class="input-group">
-                                        <span class="input-group-text bg-light border-end-0" style="border-radius: 10px 0 0 10px;">$</span>
-                                        <input type="number" step="0.01" name="cost_price" class="form-control border-start-0" placeholder="0.00" style="border-radius: 0 10px 10px 0;">
-                                    </div>
+                            <div class="row g-3">
+                                <div class="col-md-6 mb-3">
+                                    <label class="form-label small fw-bold text-muted">COST PRICE</label>
+                                    <input type="number" step="0.01" name="cost_price" id="productCostPrice" class="form-control rounded-3 border-0 bg-light">
                                 </div>
-                                <div class="col-md-6">
-                                    <label class="form-label text-muted small fw-bold">INITIAL STOCK</label>
-                                    <input type="number" name="stock_quantity" class="form-control" placeholder="0" style="border-radius: 10px;">
+                                <div class="col-md-6 mb-3">
+                                    <label class="form-label small fw-bold text-muted">STOCK QUANTITY</label>
+                                    <input type="number" name="stock_quantity" id="productStockQuantity" class="form-control rounded-3 border-0 bg-light">
                                 </div>
                             </div>
-                            <div class="mb-3">
-                                <label class="form-label text-muted small fw-bold">DESCRIPTION</label>
-                                <textarea name="description" class="form-control" rows="3" placeholder="Brief description..." style="border-radius: 10px;"></textarea>
-                            </div>
                         </div>
-                        <div class="col-md-5">
-                            <div class="card bg-light border-0 h-100">
+                        <div class="col-md-4">
+                            <div class="card bg-light border-0 h-100 rounded-4">
                                 <div class="card-body">
-                                    <h6 class="fw-bold mb-3"><i class="bi bi-tag-fill me-2 text-primary"></i>Promotion</h6>
+                                    <h6 class="fw-bold mb-3"><i class="bi bi-percent me-2 text-primary"></i>Promotion</h6>
                                     <div class="mb-3">
-                                        <label class="form-label text-muted small fw-bold">DISCOUNT (%)</label>
-                                        <input type="number" step="0.01" name="promo_discount_percent" class="form-control" placeholder="0.00" style="border-radius: 10px;">
+                                        <label class="form-label small fw-bold text-muted">DISCOUNT (%)</label>
+                                        <input type="number" step="0.01" name="promo_discount_percent" id="productPromoDiscount" class="form-control border-0 rounded-3">
                                     </div>
-                                    <div class="mb-3">
-                                        <label class="form-label text-muted small fw-bold">START DATE</label>
-                                        <input type="date" name="promo_date_from" class="form-control" style="border-radius: 10px;">
+                                    <div class="mb-2">
+                                        <label class="form-label small fw-bold text-muted">START DATE</label>
+                                        <input type="date" name="promo_date_from" id="productPromoFrom" class="form-control border-0 rounded-3">
                                     </div>
-                                    <div class="mb-3">
-                                        <label class="form-label text-muted small fw-bold">END DATE</label>
-                                        <input type="date" name="promo_date_to" class="form-control" style="border-radius: 10px;">
+                                    <div class="mb-0">
+                                        <label class="form-label small fw-bold text-muted">END DATE</label>
+                                        <input type="date" name="promo_date_to" id="productPromoTo" class="form-control border-0 rounded-3">
                                     </div>
                                 </div>
                             </div>
                         </div>
                     </div>
-                    <div class="mb-3 mt-3">
-                        <label class="form-label text-muted small fw-bold">IMAGE</label>
-                        <input type="file" name="image" class="form-control" accept="image/*" style="border-radius: 10px;">
-                        <div class="form-text">Optional. Placeholder used if empty.</div>
+
+                    <div class="mb-4">
+                        <label class="form-label small fw-bold text-muted">DESCRIPTION</label>
+                        <textarea name="description" id="productDescription" class="form-control rounded-3" rows="3" placeholder="Describe your product..."></textarea>
+                    </div>
+
+                    <div class="mb-0">
+                        <label class="form-label small fw-bold text-muted">PRODUCT IMAGE</label>
+                        <div class="d-flex align-items-center gap-3 bg-light p-3 rounded-4 border border-dashed">
+                            <img src="" id="productImagePreview" class="rounded-3 border shadow-sm" style="width: 64px; height: 64px; object-fit: cover; display: none;">
+                            <div class="flex-grow-1">
+                                <input type="file" name="image" class="form-control border-0 bg-transparent" accept="image/*">
+                                <small class="text-muted">Recommended: Square image, max 2MB.</small>
+                            </div>
+                        </div>
                     </div>
                 </div>
-                <div class="modal-footer border-top-0 pt-0 pb-4 px-4">
+                <div class="modal-footer border-0 p-4 pt-0">
                     <button type="button" class="btn btn-light rounded-pill px-4" data-bs-dismiss="modal">Cancel</button>
-                    <button type="submit" class="btn btn-primary rounded-pill px-4">Save Product</button>
+                    <button type="submit" class="btn btn-primary rounded-pill px-4 fw-bold shadow-sm">Save Product</button>
                 </div>
             </form>
         </div>
     </div>
 </div>
+
+<script>
+function prepareAddForm() {
+    document.getElementById('productModalTitle').innerText = 'Add New Product';
+    document.getElementById('productAction').value = 'add_product';
+    document.getElementById('productForm').reset();
+    document.getElementById('productId').value = '';
+    document.getElementById('productImagePreview').style.display = 'none';
+}
+
+function prepareEditForm(prod) {
+    if (!prod) return;
+    document.getElementById('productModalTitle').innerText = 'Edit Product: ' + prod.name;
+    document.getElementById('productAction').value = 'edit_product';
+    document.getElementById('productId').value = prod.id;
+    document.getElementById('productName').value = prod.name;
+    document.getElementById('productCategoryId').value = prod.category_id;
+    document.getElementById('productPrice').value = prod.price;
+    document.getElementById('productCostPrice').value = prod.cost_price || '';
+    document.getElementById('productStockQuantity').value = prod.stock_quantity || '0';
+    document.getElementById('productDescription').value = prod.description || '';
+    document.getElementById('productPromoDiscount').value = prod.promo_discount_percent || '';
+    document.getElementById('productPromoFrom').value = prod.promo_date_from || '';
+    document.getElementById('productPromoTo').value = prod.promo_date_to || '';
+    
+    if (prod.image_url) {
+        const preview = document.getElementById('productImagePreview');
+        preview.src = prod.image_url.startsWith('http') ? prod.image_url : '../' + prod.image_url;
+        preview.style.display = 'block';
+    } else {
+        document.getElementById('productImagePreview').style.display = 'none';
+    }
+}
+</script>
 <?php endif; ?>
 
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
+<?php include 'includes/footer.php'; ?>
diff --git a/admin/purchases.php b/admin/purchases.php
index 3ad8183..0853222 100644
--- a/admin/purchases.php
+++ b/admin/purchases.php
@@ -59,29 +59,29 @@ include 'includes/header.php';
 
 <div class="d-flex justify-content-between align-items-center mb-4">
     <div>
-        <h2 class="fw-bold mb-1 text-dark">Purchases</h2>
-        <p class="text-muted mb-0">Manage inventory restocks and supplier invoices</p>
+        <h2 class="fw-bold mb-1 text-dark">Purchases Inventory</h2>
+        <p class="text-muted mb-0">Manage restocks, supplier invoices and inventory tracking</p>
     </div>
     <?php if (has_permission('purchases_add')): ?>
-    <a href="purchase_edit.php" class="btn btn-primary shadow-sm">
-        <i class="bi bi-plus-lg me-1"></i> New Purchase
+    <a href="purchase_edit.php" class="btn btn-primary btn-lg shadow-sm" style="border-radius: 12px;">
+        <i class="bi bi-plus-lg me-1"></i> New Purchase Order
     </a>
     <?php endif; ?>
 </div>
 
 <?= $message ?>
 
-<div class="card border-0 shadow-sm mb-4">
-    <div class="card-body">
+<div class="card border-0 shadow-sm mb-4 rounded-4">
+    <div class="card-body p-4">
         <form method="GET" class="row g-3 align-items-center">
             <div class="col-md-4">
                 <div class="input-group">
-                    <span class="input-group-text bg-white border-end-0 text-muted"><i class="bi bi-search"></i></span>
-                    <input type="text" name="search" class="form-control border-start-0" placeholder="Search notes..." value="<?= htmlspecialchars($search) ?>">
+                    <span class="input-group-text bg-light border-0 text-muted"><i class="bi bi-search"></i></span>
+                    <input type="text" name="search" class="form-control border-0 bg-light" placeholder="Search by notes..." value="<?= htmlspecialchars($search) ?>" style="border-radius: 0 10px 10px 0;">
                 </div>
             </div>
             <div class="col-md-3">
-                <select name="supplier_filter" class="form-select">
+                <select name="supplier_filter" class="form-select border-0 bg-light rounded-3">
                     <option value="">All Suppliers</option>
                     <?php foreach ($suppliers as $s): ?>
                         <option value="<?= $s['id'] ?>" <?= $supplier_filter == $s['id'] ? 'selected' : '' ?>><?= htmlspecialchars($s['name']) ?></option>
@@ -89,7 +89,7 @@ include 'includes/header.php';
                 </select>
             </div>
             <div class="col-md-2">
-                <select name="status_filter" class="form-select">
+                <select name="status_filter" class="form-select border-0 bg-light rounded-3">
                     <option value="">All Status</option>
                     <option value="pending" <?= $status_filter == 'pending' ? 'selected' : '' ?>>Pending</option>
                     <option value="completed" <?= $status_filter == 'completed' ? 'selected' : '' ?>>Completed</option>
@@ -97,22 +97,22 @@ include 'includes/header.php';
                 </select>
             </div>
             <div class="col-md-3 d-flex gap-2">
-                <button type="submit" class="btn btn-primary px-4 w-100">Filter</button>
+                <button type="submit" class="btn btn-primary px-4 w-100 rounded-pill fw-bold">Filter Results</button>
                 <?php if ($search || $supplier_filter || $status_filter): ?>
-                    <a href="purchases.php" class="btn btn-light text-muted px-3"><i class="bi bi-x-lg"></i></a>
+                    <a href="purchases.php" class="btn btn-light text-muted px-3 rounded-circle d-flex align-items-center justify-content-center"><i class="bi bi-x-lg"></i></a>
                 <?php endif; ?>
             </div>
         </form>
     </div>
 </div>
 
-<div class="card border-0 shadow-sm">
+<div class="card border-0 shadow-sm rounded-4 overflow-hidden">
     <div class="card-body p-0">
         <div class="table-responsive">
             <table class="table table-hover align-middle mb-0">
-                <thead class="table-light">
+                <thead class="bg-light">
                     <tr>
-                        <th class="ps-4">Date</th>
+                        <th class="ps-4 py-3">Purchase Details</th>
                         <th>Supplier</th>
                         <th>Status</th>
                         <th>Total Amount</th>
@@ -122,33 +122,33 @@ include 'includes/header.php';
                 <tbody>
                     <?php foreach ($purchases as $p): 
                         $status_badge = 'bg-secondary';
-                        if ($p['status'] === 'completed') $status_badge = 'bg-success';
-                        if ($p['status'] === 'pending') $status_badge = 'bg-warning text-dark';
-                        if ($p['status'] === 'cancelled') $status_badge = 'bg-danger';
+                        if ($p['status'] === 'completed') $status_badge = 'bg-success-subtle text-success border border-success';
+                        if ($p['status'] === 'pending') $status_badge = 'bg-warning-subtle text-warning border border-warning';
+                        if ($p['status'] === 'cancelled') $status_badge = 'bg-danger-subtle text-danger border border-danger';
                     ?>
                     <tr>
                         <td class="ps-4">
                             <div class="fw-bold text-dark"><?= date('M d, Y', strtotime($p['purchase_date'])) ?></div>
-                            <div class="small text-muted">ID: #<?= $p['id'] ?></div>
+                            <div class="small text-muted fw-medium">Ref: #INV-<?= str_pad($p['id'], 5, '0', STR_PAD_LEFT) ?></div>
                         </td>
                         <td>
-                            <div class="fw-medium text-dark"><?= htmlspecialchars($p['supplier_name'] ?? 'Direct Purchase') ?></div>
+                            <div class="fw-bold text-dark"><?= htmlspecialchars($p['supplier_name'] ?? 'Direct Purchase') ?></div>
                         </td>
                         <td>
-                            <span class="badge <?= $status_badge ?> rounded-pill px-3"><?= ucfirst($p['status']) ?></span>
+                            <span class="badge <?= $status_badge ?> rounded-pill px-3 py-2 small fw-bold text-uppercase" style="font-size: 0.7rem;"><?= ucfirst($p['status']) ?></span>
                         </td>
                         <td>
-                            <div class="fw-bold text-primary"><?= format_currency($p['total_amount']) ?></div>
+                            <div class="fw-bold text-primary fs-5"><?= format_currency($p['total_amount']) ?></div>
                         </td>
                         <td class="text-end pe-4">
                             <div class="d-inline-flex gap-2">
-                                <?php if (has_permission('purchases_add')): ?>
-                                <a href="purchase_edit.php?id=<?= $p['id'] ?>" class="btn btn-sm btn-outline-primary" title="Edit/View">
+                                <?php if (has_permission('purchases_edit') || has_permission('purchases_add')): ?>
+                                <a href="purchase_edit.php?id=<?= $p['id'] ?>" class="btn btn-sm btn-outline-primary rounded-pill px-3" title="Edit/View">
                                     <i class="bi bi-pencil-square me-1"></i> Edit
                                 </a>
                                 <?php endif; ?>
                                 <?php if (has_permission('purchases_del')): ?>
-                                <a href="?delete=<?= $p['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure you want to delete this purchase record?')" title="Delete">
+                                <a href="?delete=<?= $p['id'] ?>" class="btn btn-sm btn-outline-danger rounded-pill px-3" onclick="return confirm('Are you sure you want to delete this purchase record?')" title="Delete">
                                     <i class="bi bi-trash me-1"></i> Delete
                                 </a>
                                 <?php endif; ?>
@@ -159,8 +159,9 @@ include 'includes/header.php';
                     <?php if (empty($purchases)): ?>
                         <tr>
                             <td colspan="5" class="text-center py-5 text-muted">
-                                <div class="mb-2 display-6"><i class="bi bi-cart-x"></i></div>
-                                <div>No purchase records found.</div>
+                                <div class="mb-2 display-6 opacity-25"><i class="bi bi-cart-x"></i></div>
+                                <h5 class="fw-bold">No purchase records found.</h5>
+                                <p class="small">Try different search terms or start by adding a new purchase.</p>
                             </td>
                         </tr>
                     <?php endif; ?>
@@ -175,4 +176,4 @@ include 'includes/header.php';
     </div>
 </div>
 
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
+<?php include 'includes/footer.php'; ?>
diff --git a/admin/ratings.php b/admin/ratings.php
index 2e32b75..09c5505 100644
--- a/admin/ratings.php
+++ b/admin/ratings.php
@@ -1,286 +1,181 @@
 <?php
-require_once 'includes/header.php';
-
-// Check permission
-if (function_exists('require_permission')) {
-    require_permission('users_view'); // Reuse user view permission for ratings
-}
-
+require_once __DIR__ . "/../includes/functions.php";
+require_permission("ratings_view");
+require_once __DIR__ . '/../db/config.php';
 $pdo = db();
-$tab = $_GET['tab'] ?? 'staff';
-$date_from = $_GET['date_from'] ?? '';
-$date_to = $_GET['date_to'] ?? '';
 
-$params = [];
-$where_clauses = [];
+$message = '';
 
-if ($date_from) {
-    $where_clauses[] = "r.created_at >= :date_from";
-    $params['date_from'] = $date_from . ' 00:00:00';
-}
-if ($date_to) {
-    $where_clauses[] = "r.created_at <= :date_to";
-    $params['date_to'] = $date_to . ' 23:59:59';
+// Handle Add Rating (Manual)
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_rating') {
+    $user_id = (int)$_POST['user_id'];
+    $order_id = !empty($_POST['order_id']) ? (int)$_POST['order_id'] : null;
+    $rating = (int)$_POST['rating'];
+    $comment = trim($_POST['comment']);
+
+    try {
+        $stmt = $pdo->prepare("INSERT INTO staff_ratings (user_id, order_id, rating, comment) VALUES (?, ?, ?, ?)");
+        $stmt->execute([$user_id, $order_id, $rating, $comment]);
+        $message = '<div class="alert alert-success">Rating added successfully!</div>';
+    } catch (PDOException $e) {
+        $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
+    }
 }
 
-$where_sql = !empty($where_clauses) ? "WHERE " . implode(" AND ", $where_clauses) : "";
-
-// Fetch Staff summary stats
-$summaryQuery = "
-    SELECT u.id, u.full_name, u.username, u.profile_pic, 
-           AVG(r.rating) as avg_rating, COUNT(r.id) as total_ratings
-    FROM users u
-    JOIN staff_ratings r ON u.id = r.user_id
-    $where_sql
-    GROUP BY u.id
-    ORDER BY avg_rating DESC
-";
-$summaryStmt = $pdo->prepare($summaryQuery);
-$summaryStmt->execute($params);
-$summaries = $summaryStmt->fetchAll(PDO::FETCH_ASSOC);
-
-// Fetch Service summary stats
-$serviceWhereSql = str_replace('r.created_at', 'created_at', $where_sql);
-$serviceParams = $params;
-
-$serviceSummaryQuery = "SELECT AVG(rating) as avg_rating, COUNT(id) as total_ratings FROM service_ratings $serviceWhereSql";
-$serviceSummaryStmt = $pdo->prepare($serviceSummaryQuery);
-$serviceSummaryStmt->execute($serviceParams);
-$serviceSummary = $serviceSummaryStmt->fetch(PDO::FETCH_ASSOC);
-
-if ($tab === 'service') {
-    $query = "SELECT * FROM service_ratings $serviceWhereSql ORDER BY created_at DESC";
-    $list_params = $serviceParams;
-} else {
-    $query = "
-        SELECT r.*, u.full_name, u.username, u.profile_pic 
-        FROM staff_ratings r
-        JOIN users u ON r.user_id = u.id
-        $where_sql
-        ORDER BY r.created_at DESC
-    ";
-    $list_params = $params;
+// Handle Delete
+if (isset($_GET['delete'])) {
+    if (!has_permission('settings')) { // Use settings permission for deletion
+        $message = '<div class="alert alert-danger">Access Denied.</div>';
+    } else {
+        $id = $_GET['delete'];
+        $pdo->prepare("DELETE FROM staff_ratings WHERE id = ?")->execute([$id]);
+        header("Location: ratings.php");
+        exit;
+    }
 }
 
-$pagination = paginate_query($pdo, $query, $list_params);
-$ratings = $pagination['data'];
+$staff = $pdo->query("SELECT id, full_name, username FROM users WHERE is_ratable = 1 ORDER BY full_name ASC")->fetchAll();
+
+$query = "SELECT r.*, u.full_name as staff_name, u.username as staff_username 
+          FROM staff_ratings r 
+          JOIN users u ON r.user_id = u.id 
+          ORDER BY r.created_at DESC";
+$ratings_pagination = paginate_query($pdo, $query);
+$ratings = $ratings_pagination['data'];
+
+include 'includes/header.php';
 ?>
 
-<style>
-    .extra-small { font-size: 0.7rem; }
-    .table-ratings { font-size: 0.8rem; }
-    .table-ratings th { font-weight: 600; text-transform: uppercase; font-size: 0.7rem; letter-spacing: 0.03em; }
-</style>
-
 <div class="d-flex justify-content-between align-items-center mb-4">
-    <h2 class="h3 mb-0 text-gray-800">Ratings & Feedback</h2>
-    <div class="d-flex gap-2">
-        <button class="btn btn-warning btn-sm rounded-pill" onclick="showRatingQR()">
-            <i class="bi bi-qr-code"></i> Share Rating QR
-        </button>
-        <a href="../rate.php" target="_blank" class="btn btn-outline-primary btn-sm rounded-pill">
-            <i class="bi bi-box-arrow-up-right"></i> Open Public Rating Page
-        </a>
-    </div>
+    <h2 class="fw-bold mb-0">Staff Ratings</h2>
+    <button class="btn btn-primary" onclick="openAddModal()">
+        <i class="bi bi-star"></i> Add Manual Rating
+    </button>
 </div>
 
-<div class="card border-0 shadow-sm rounded-4 mb-4">
-    <div class="card-body py-3">
-        <form method="GET" class="row g-3 align-items-end">
-            <input type="hidden" name="tab" value="<?= htmlspecialchars($tab) ?>">
-            <div class="col-md-3">
-                <label class="form-label small fw-bold mb-1">From Date</label>
-                <input type="date" name="date_from" class="form-control form-control-sm" value="<?= htmlspecialchars($date_from) ?>">
-            </div>
-            <div class="col-md-3">
-                <label class="form-label small fw-bold mb-1">To Date</label>
-                <input type="date" name="date_to" class="form-control form-control-sm" value="<?= htmlspecialchars($date_to) ?>">
-            </div>
-            <div class="col-md-4">
-                <button type="submit" class="btn btn-primary btn-sm px-3">
-                    <i class="bi bi-filter"></i> Filter
-                </button>
-                <a href="ratings.php?tab=<?= htmlspecialchars($tab) ?>" class="btn btn-light btn-sm px-3 border">
-                    <i class="bi bi-arrow-clockwise"></i> Reset
-                </a>
-            </div>
-        </form>
-    </div>
-</div>
+<?= $message ?>
 
-<ul class="nav nav-pills mb-4 bg-white p-2 rounded-4 shadow-sm d-inline-flex">
-    <li class="nav-item">
-        <a class="nav-link rounded-pill <?= $tab === 'staff' ? 'active' : '' ?>" href="?tab=staff&date_from=<?= $date_from ?>&date_to=<?= $date_to ?>">
-            <i class="bi bi-people me-1"></i> Staff Performance
-        </a>
-    </li>
-    <li class="nav-item">
-        <a class="nav-link rounded-pill <?= $tab === 'service' ? 'active' : '' ?>" href="?tab=service&date_from=<?= $date_from ?>&date_to=<?= $date_to ?>">
-            <i class="bi bi-shop me-1"></i> Restaurant Service
-        </a>
-    </li>
-</ul>
-
-<?php if ($tab === 'staff'): ?>
-    <!-- Staff Summary Cards -->
-    <?php if (empty($summaries)): ?>
-        <div class="alert alert-info border-0 shadow-sm rounded-4 text-center py-4 mb-5">
-            <i class="bi bi-info-circle fs-2 mb-2"></i>
-            <p class="mb-0">No staff members have been rated yet for the selected period.</p>
+<div class="card border-0 shadow-sm">
+    <div class="card-body p-0">
+        <!-- Pagination Controls -->
+        <div class="p-3 border-bottom bg-light">
+             <?php render_pagination_controls($ratings_pagination); ?>
         </div>
-    <?php else: ?>
-    <div class="row g-4 mb-5">
-        <?php foreach ($summaries as $summary): ?>
-            <div class="col-md-3">
-                <div class="card border-0 shadow-sm rounded-4 h-100">
-                    <div class="card-body text-center">
-                        <?php if ($summary['profile_pic']): ?>
-                            <img src="../<?= htmlspecialchars($summary['profile_pic']) ?>" alt="Staff" class="rounded-circle mb-3" style="width: 56px; height: 56px; object-fit: cover;">
-                        <?php else: ?>
-                            <div class="rounded-circle bg-light d-inline-flex align-items-center justify-content-center mb-3" style="width: 56px; height: 56px;">
-                                <i class="bi bi-person fs-3 text-primary"></i>
-                            </div>
-                        <?php endif; ?>
-                        <h5 class="card-title mb-1 small fw-bold text-truncate" title="<?= htmlspecialchars($summary['full_name'] ?: $summary['username']) ?>">
-                            <?= htmlspecialchars($summary['full_name'] ?: $summary['username']) ?>
-                        </h5>
-                        <div class="text-warning mb-2" style="font-size: 0.8rem;">
-                            <?php 
-                            $avg = round($summary['avg_rating']);
-                            for ($i = 1; $i <= 5; $i++) {
-                                echo $i <= $avg ? '<i class="bi bi-star-fill"></i>' : '<i class="bi bi-star"></i>';
-                            }
-                            ?>
-                            <span class="text-muted ms-1 small">(<?= number_format($summary['avg_rating'], 1) ?>)</span>
-                        </div>
-                        <p class="text-muted extra-small mb-0"><?= $summary['total_ratings'] ?> ratings</p>
-                    </div>
-                </div>
-            </div>
-        <?php endforeach; ?>
-    </div>
-    <?php endif; ?>
-<?php else: ?>
-    <!-- Service Summary Card -->
-    <div class="row mb-5">
-        <div class="col-md-4">
-            <div class="card border-0 shadow-sm rounded-4 bg-primary text-white">
-                <div class="card-body text-center py-4">
-                    <i class="bi bi-shop fs-1 mb-3"></i>
-                    <h4 class="fw-bold mb-1">Overall Service</h4>
-                    <div class="fs-2 fw-bold mb-2">
-                        <?php if ($serviceSummary['total_ratings'] > 0): ?>
-                            <?= number_format($serviceSummary['avg_rating'], 1) ?> / 5.0
-                        <?php else: ?>
-                            N/A
-                        <?php endif; ?>
-                    </div>
-                    <div class="text-white-50 extra-small">
-                        Based on <?= $serviceSummary['total_ratings'] ?> reviews
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-<?php endif; ?>
-
-<!-- Detailed List -->
-<div class="card border-0 shadow-sm rounded-4">
-    <div class="card-header bg-white py-3 border-bottom-0">
-        <h5 class="card-title mb-0 small fw-bold"><?= $tab === 'service' ? 'Service Feedback' : 'Staff Feedback' ?></h5>
-    </div>
-    <div class="table-responsive">
-        <table class="table table-hover align-middle mb-0 table-ratings">
-            <thead class="bg-light">
-                <tr>
-                    <th class="ps-3">Date</th>
-                    <?php if ($tab === 'staff'): ?><th>Staff Member</th><?php endif; ?>
-                    <th>Rating</th>
-                    <th>Comment</th>
-                </tr>
-            </thead>
-            <tbody>
-                <?php if (empty($ratings)): ?>
+        <div class="table-responsive">
+            <table class="table table-hover align-middle mb-0">
+                <thead class="bg-light">
                     <tr>
-                        <td colspan="<?= $tab === 'staff' ? 4 : 3 ?>" class="text-center py-4 text-muted small">No ratings found yet.</td>
+                        <th class="ps-4">Date</th>
+                        <th>Staff Member</th>
+                        <th>Rating</th>
+                        <th>Comment</th>
+                        <th>Order ID</th>
+                        <th class="text-end pe-4">Actions</th>
                     </tr>
-                <?php else: ?>
-                    <?php foreach ($ratings as $rating): ?>
-                        <tr>
-                            <td class="ps-3 text-muted">
-                                <?= date('M d, Y H:i', strtotime($rating['created_at'])) ?>
-                            </td>
-                            <?php if ($tab === 'staff'): ?>
-                            <td>
-                                <div class="d-flex align-items-center">
-                                    <?php if ($rating['profile_pic']): ?>
-                                        <img src="../<?= htmlspecialchars($rating['profile_pic']) ?>" class="rounded-circle me-2 shadow-sm" style="width: 24px; height: 24px; object-fit: cover;">
-                                    <?php else: ?>
-                                        <div class="rounded-circle bg-light d-flex align-items-center justify-content-center me-2 shadow-sm" style="width: 24px; height: 24px;">
-                                            <i class="bi bi-person text-primary" style="font-size: 0.7rem;"></i>
-                                        </div>
-                                    <?php endif; ?>
-                                    <span class="fw-medium text-dark"><?= htmlspecialchars($rating['full_name'] ?: $rating['username']) ?></span>
-                                </div>
-                            </td>
+                </thead>
+                <tbody>
+                    <?php foreach ($ratings as $r): ?>
+                    <tr>
+                        <td class="ps-4">
+                            <div class="fw-bold"><?= date('M d, Y', strtotime($r['created_at'])) ?></div>
+                            <small class="text-muted"><?= date('H:i', strtotime($r['created_at'])) ?></small>
+                        </td>
+                        <td>
+                            <div class="fw-bold text-dark"><?= htmlspecialchars($r['staff_name'] ?: $r['staff_username']) ?></div>
+                        </td>
+                        <td>
+                            <div class="text-warning">
+                                <?php for($i=1; $i<=5; $i++): ?>
+                                    <i class="bi bi-star<?= $i <= $r['rating'] ? '-fill' : '' ?>"></i>
+                                <?php endfor; ?>
+                            </div>
+                        </td>
+                        <td><small><?= htmlspecialchars($r['comment'] ?: '-') ?></small></td>
+                        <td><?= $r['order_id'] ? '#' . $r['order_id'] : '-' ?></td>
+                        <td class="text-end pe-4">
+                            <?php if (has_permission('settings')): ?>
+                            <a href="?delete=<?= $r['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this rating?')"><i class="bi bi-trash"></i></a>
                             <?php endif; ?>
-                            <td>
-                                <div class="text-warning">
-                                    <?php 
-                                    for ($i = 1; $i <= 5; $i++) {
-                                        echo $i <= $rating['rating'] ? '<i class="bi bi-star-fill"></i>' : '<i class="bi bi-star text-muted" style="opacity: 0.3;"></i>';
-                                    }
-                                    ?>
-                                </div>
-                            </td>
-                            <td class="text-wrap" style="max-width: 300px;">
-                                <span class="text-muted italic"><?= htmlspecialchars($rating['comment'] ?: '-') ?></span>
-                            </td>
-                        </tr>
+                        </td>
+                    </tr>
                     <?php endforeach; ?>
-                <?php endif; ?>
-            </tbody>
-        </table>
-    </div>
-    <div class="card-footer bg-white py-3">
-        <?php render_pagination_controls($pagination, ['date_from' => $date_from, 'date_to' => $date_to]); ?>
+                    <?php if (empty($ratings)): ?>
+                        <tr>
+                            <td colspan="6" class="text-center py-4 text-muted">No ratings found.</td>
+                        </tr>
+                    <?php endif; ?>
+                </tbody>
+            </table>
+        </div>
+        <!-- Bottom Pagination -->
+        <div class="p-3 border-top bg-light">
+             <?php render_pagination_controls($ratings_pagination); ?>
+        </div>
     </div>
 </div>
 
-<!-- Rating QR Modal -->
-<div class="modal fade" id="ratingQRModal" tabindex="-1" aria-hidden="true">
-    <div class="modal-dialog modal-dialog-centered">
-      <div class="modal-content border-0 shadow-lg rounded-4">
-        <div class="modal-header bg-warning border-0">
-          <h5 class="modal-title fw-bold text-dark"><i class="bi bi-star-fill me-2"></i> Customer Rating QR</h5>
-          <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
-        </div>
-        <div class="modal-body text-center py-4">
-            <p class="text-muted mb-4 extra-small px-4">Show this QR code to the customer to rate our staff and service.</p>
-            <div class="mb-4">
-                <img id="rating-qr-img" src="" alt="Rating QR Code" class="img-fluid border p-3 bg-white shadow-sm rounded-3" style="max-width: 180px;">
+<!-- Rating Modal -->
+<div class="modal fade" id="ratingModal" tabindex="-1" aria-hidden="true">
+    <div class="modal-dialog">
+        <div class="modal-content">
+            <div class="modal-header bg-primary text-white">
+                <h5 class="modal-title">Add Manual Rating</h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
             </div>
-            <div class="alert alert-light border extra-small text-break text-center mx-4 mb-0" id="rating-url-text"></div>
+            <form method="POST" id="ratingForm">
+                <div class="modal-body">
+                    <input type="hidden" name="action" value="add_rating">
+                    <div class="mb-3">
+                        <label class="form-label">Staff Member <span class="text-danger">*</span></label>
+                        <select name="user_id" class="form-select" required>
+                            <option value="">Select Staff</option>
+                            <?php foreach ($staff as $s): ?>
+                                <option value="<?= $s['id'] ?>"><?= htmlspecialchars($s['full_name'] ?: $s['username']) ?></option>
+                            <?php endforeach; ?>
+                        </select>
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label">Order ID (Optional)</label>
+                        <input type="number" name="order_id" class="form-control" placeholder="e.g. 1024">
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label">Rating <span class="text-danger">*</span></label>
+                        <select name="rating" class="form-select" required>
+                            <option value="5">5 Stars - Excellent</option>
+                            <option value="4">4 Stars - Very Good</option>
+                            <option value="3" selected>3 Stars - Good</option>
+                            <option value="2">2 Stars - Fair</option>
+                            <option value="1">1 Star - Poor</option>
+                        </select>
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label">Comment</label>
+                        <textarea name="comment" class="form-control" rows="3"></textarea>
+                    </div>
+                </div>
+                <div class="modal-footer">
+                    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
+                    <button type="submit" class="btn btn-primary">Save Rating</button>
+                </div>
+            </form>
         </div>
-        <div class="modal-footer border-top-0 justify-content-center pb-4">
-            <button class="btn btn-primary px-4 fw-bold btn-sm rounded-pill" onclick="window.print()">
-                <i class="bi bi-printer me-2"></i> Print QR Code
-            </button>
-        </div>
-      </div>
     </div>
 </div>
 
 <script>
-    const BASE_URL = '<?= get_base_url() ?>';
+function getRatingModal() {
+    if (typeof bootstrap === 'undefined') return null;
+    const el = document.getElementById('ratingModal');
+    return el ? bootstrap.Modal.getOrCreateInstance(el) : null;
+}
 
-    function showRatingQR() {
-        const ratingUrl = BASE_URL + 'rate.php';
-        document.getElementById('rating-qr-img').src = 'https://api.qrserver.com/v1/create-qr-code/?size=300x300&data=' + encodeURIComponent(ratingUrl);
-        document.getElementById('rating-url-text').textContent = ratingUrl;
-        const modal = new bootstrap.Modal(document.getElementById('ratingQRModal'));
-        modal.show();
-    }
+function openAddModal() {
+    const modal = getRatingModal();
+    if (!modal) return;
+    
+    document.getElementById('ratingForm').reset();
+    modal.show();
+}
 </script>
 
-<?php require_once 'includes/footer.php'; ?>
\ No newline at end of file
+<?php include 'includes/footer.php'; ?>
diff --git a/admin/suppliers.php b/admin/suppliers.php
index 3604150..0a5e776 100644
--- a/admin/suppliers.php
+++ b/admin/suppliers.php
@@ -8,42 +8,37 @@ $message = '';
 
 // Handle Add/Edit Supplier
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
-    if ($_POST['action'] === 'add_supplier') {
-        if (!has_permission('suppliers_add')) {
-            $message = '<div class="alert alert-danger">Access Denied: You do not have permission to add suppliers.</div>';
-        } else {
-            $name = $_POST['name'];
-            $contact_person = $_POST['contact_person'];
-            $email = $_POST['email'];
-            $phone = $_POST['phone'];
-            $address = $_POST['address'];
-            $vat_no = $_POST['vat_no'];
+    $action = $_POST['action'];
+    $name = trim($_POST['name']);
+    $contact_person = trim($_POST['contact_person']);
+    $email = trim($_POST['email']);
+    $phone = trim($_POST['phone']);
+    $address = trim($_POST['address']);
+    $id = isset($_POST['id']) ? (int)$_POST['id'] : null;
 
-            $stmt = $pdo->prepare("INSERT INTO suppliers (name, contact_person, email, phone, address, vat_no) VALUES (?, ?, ?, ?, ?, ?)");
-            if ($stmt->execute([$name, $contact_person, $email, $phone, $address, $vat_no])) {
-                $message = '<div class="alert alert-success">Supplier added successfully!</div>';
-            } else {
-                $message = '<div class="alert alert-danger">Error adding supplier.</div>';
-            }
-        }
-    } elseif ($_POST['action'] === 'edit_supplier') {
-        if (!has_permission('suppliers_add')) {
-            $message = '<div class="alert alert-danger">Access Denied: You do not have permission to edit suppliers.</div>';
-        } else {
-            $id = $_POST['id'];
-            $name = $_POST['name'];
-            $contact_person = $_POST['contact_person'];
-            $email = $_POST['email'];
-            $phone = $_POST['phone'];
-            $address = $_POST['address'];
-            $vat_no = $_POST['vat_no'];
-
-            $stmt = $pdo->prepare("UPDATE suppliers SET name = ?, contact_person = ?, email = ?, phone = ?, address = ?, vat_no = ? WHERE id = ?");
-            if ($stmt->execute([$name, $contact_person, $email, $phone, $address, $vat_no, $id])) {
-                $message = '<div class="alert alert-success">Supplier updated successfully!</div>';
-            } else {
-                $message = '<div class="alert alert-danger">Error updating supplier.</div>';
+    if (empty($name)) {
+        $message = '<div class="alert alert-danger">Supplier name is required.</div>';
+    } else {
+        try {
+            if ($action === 'edit_supplier' && $id) {
+                if (!has_permission('suppliers_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("UPDATE suppliers SET name = ?, contact_person = ?, email = ?, phone = ?, address = ? WHERE id = ?");
+                    $stmt->execute([$name, $contact_person, $email, $phone, $address, $id]);
+                    $message = '<div class="alert alert-success">Supplier updated successfully!</div>';
+                }
+            } elseif ($action === 'add_supplier') {
+                if (!has_permission('suppliers_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("INSERT INTO suppliers (name, contact_person, email, phone, address) VALUES (?, ?, ?, ?, ?)");
+                    $stmt->execute([$name, $contact_person, $email, $phone, $address]);
+                    $message = '<div class="alert alert-success">Supplier created successfully!</div>';
+                }
             }
+        } catch (PDOException $e) {
+            $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
         }
     }
 }
@@ -60,8 +55,7 @@ if (isset($_GET['delete'])) {
     }
 }
 
-// Fetch Suppliers
-$query = "SELECT * FROM suppliers ORDER BY id DESC";
+$query = "SELECT * FROM suppliers ORDER BY name ASC";
 $suppliers_pagination = paginate_query($pdo, $query);
 $suppliers = $suppliers_pagination['data'];
 
@@ -71,7 +65,7 @@ include 'includes/header.php';
 <div class="d-flex justify-content-between align-items-center mb-4">
     <h2 class="fw-bold mb-0">Suppliers</h2>
     <?php if (has_permission('suppliers_add')): ?>
-    <button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#supplierModal" onclick="openAddModal()">
+    <button class="btn btn-primary" onclick="openAddModal()">
         <i class="bi bi-plus-lg"></i> Add Supplier
     </button>
     <?php endif; ?>
@@ -89,44 +83,41 @@ include 'includes/header.php';
             <table class="table table-hover align-middle mb-0">
                 <thead class="bg-light">
                     <tr>
-                        <th class="ps-4">Company Name</th>
+                        <th class="ps-4">ID</th>
+                        <th>Name</th>
                         <th>Contact Person</th>
                         <th>Email / Phone</th>
-                        <th>VAT No</th>
-                        <th>Actions</th>
+                        <th>Address</th>
+                        <th class="text-end pe-4">Actions</th>
                     </tr>
                 </thead>
                 <tbody>
                     <?php foreach ($suppliers as $supplier): ?>
                     <tr>
-                        <td class="ps-4 fw-bold"><?= htmlspecialchars($supplier['name']) ?></td>
-                        <td><?= htmlspecialchars($supplier['contact_person']) ?></td>
+                        <td class="ps-4 fw-medium">#<?= $supplier['id'] ?></td>
+                        <td class="fw-bold"><?= htmlspecialchars($supplier['name']) ?></td>
+                        <td><?= htmlspecialchars($supplier['contact_person'] ?: '-') ?></td>
                         <td>
-                            <div><?= htmlspecialchars($supplier['email']) ?></div>
-                            <small class="text-muted"><?= htmlspecialchars($supplier['phone']) ?></small>
+                            <div><?= htmlspecialchars($supplier['email'] ?: '-') ?></div>
+                            <small class="text-muted"><?= htmlspecialchars($supplier['phone'] ?: '-') ?></small>
                         </td>
-                        <td><span class="badge bg-light text-dark border"><?= htmlspecialchars($supplier['vat_no']) ?></span></td>
-                        <td>
-                            <div class="btn-group">
-                                <?php if (has_permission('suppliers_add')): ?>
-                                <button type="button" class="btn btn-sm btn-outline-primary" 
-                                        data-bs-toggle="modal" 
-                                        data-bs-target="#supplierModal" 
-                                        onclick="openEditModal(<?= htmlspecialchars(json_encode($supplier)) ?>)" 
-                                        title="Edit Supplier"><i class="bi bi-pencil"></i></button>
-                                <?php endif; ?>
-                                
-                                <?php if (has_permission('suppliers_del')): ?>
-                                <a href="?delete=<?= $supplier['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Are you sure?')" title="Delete"><i class="bi bi-trash"></i></a>
-                                <?php endif; ?>
-                            </div>
+                        <td><small class="text-muted"><?= htmlspecialchars($supplier['address'] ?: '-') ?></small></td>
+                        <td class="text-end pe-4">
+                            <?php if (has_permission('suppliers_add')): ?>
+                            <button type="button" class="btn btn-sm btn-outline-primary me-1" 
+                                    onclick='openEditModal(<?= htmlspecialchars(json_encode($supplier), ENT_QUOTES, "UTF-8") ?>)' title="Edit"><i class="bi bi-pencil"></i></button>
+                            <?php endif; ?>
+                            
+                            <?php if (has_permission('suppliers_del')): ?>
+                            <a href="?delete=<?= $supplier['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this supplier?')"><i class="bi bi-trash"></i></a>
+                            <?php endif; ?>
                         </td>
                     </tr>
                     <?php endforeach; ?>
                     <?php if (empty($suppliers)): ?>
-                    <tr>
-                        <td colspan="5" class="text-center py-4 text-muted">No suppliers found.</td>
-                    </tr>
+                        <tr>
+                            <td colspan="6" class="text-center py-4 text-muted">No suppliers found.</td>
+                        </tr>
                     <?php endif; ?>
                 </tbody>
             </table>
@@ -140,42 +131,36 @@ include 'includes/header.php';
 
 <!-- Supplier Modal -->
 <?php if (has_permission('suppliers_add')): ?>
-<div class="modal fade" id="supplierModal" tabindex="-1">
+<div class="modal fade" id="supplierModal" tabindex="-1" aria-hidden="true">
     <div class="modal-dialog">
         <div class="modal-content">
-            <div class="modal-header">
+            <div class="modal-header bg-primary text-white">
                 <h5 class="modal-title" id="supplierModalTitle">Add New Supplier</h5>
-                <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
             </div>
             <form method="POST" id="supplierForm">
                 <div class="modal-body">
                     <input type="hidden" name="action" id="supplierAction" value="add_supplier">
                     <input type="hidden" name="id" id="supplierId">
                     <div class="mb-3">
-                        <label class="form-label">Company Name</label>
+                        <label class="form-label">Supplier Name <span class="text-danger">*</span></label>
                         <input type="text" name="name" id="supplierName" class="form-control" required>
                     </div>
                     <div class="mb-3">
                         <label class="form-label">Contact Person</label>
                         <input type="text" name="contact_person" id="supplierContactPerson" class="form-control">
                     </div>
-                    <div class="row">
-                        <div class="col-md-6 mb-3">
-                            <label class="form-label">Email</label>
-                            <input type="email" name="email" id="supplierEmail" class="form-control">
-                        </div>
-                        <div class="col-md-6 mb-3">
-                            <label class="form-label">Phone</label>
-                            <input type="text" name="phone" id="supplierPhone" class="form-control">
-                        </div>
+                    <div class="mb-3">
+                        <label class="form-label">Email</label>
+                        <input type="email" name="email" id="supplierEmail" class="form-control">
                     </div>
                     <div class="mb-3">
-                        <label class="form-label">VAT No</label>
-                        <input type="text" name="vat_no" id="supplierVatNo" class="form-control" placeholder="e.g. GB123456789">
+                        <label class="form-label">Phone</label>
+                        <input type="text" name="phone" id="supplierPhone" class="form-control">
                     </div>
                     <div class="mb-3">
                         <label class="form-label">Address</label>
-                        <textarea name="address" id="supplierAddress" class="form-control" rows="3"></textarea>
+                        <textarea name="address" id="supplierAddress" class="form-control" rows="2"></textarea>
                     </div>
                 </div>
                 <div class="modal-footer">
@@ -188,23 +173,38 @@ include 'includes/header.php';
 </div>
 
 <script>
+function getSupplierModal() {
+    if (typeof bootstrap === 'undefined') return null;
+    const el = document.getElementById('supplierModal');
+    return el ? bootstrap.Modal.getOrCreateInstance(el) : null;
+}
+
 function openAddModal() {
+    const modal = getSupplierModal();
+    if (!modal) return;
+    
     document.getElementById('supplierModalTitle').innerText = 'Add New Supplier';
     document.getElementById('supplierAction').value = 'add_supplier';
     document.getElementById('supplierForm').reset();
     document.getElementById('supplierId').value = '';
+    modal.show();
 }
 
 function openEditModal(supplier) {
+    if (!supplier) return;
+    const modal = getSupplierModal();
+    if (!modal) return;
+    
     document.getElementById('supplierModalTitle').innerText = 'Edit Supplier';
     document.getElementById('supplierAction').value = 'edit_supplier';
     document.getElementById('supplierId').value = supplier.id;
-    document.getElementById('supplierName').value = supplier.name;
+    document.getElementById('supplierName').value = supplier.name || '';
     document.getElementById('supplierContactPerson').value = supplier.contact_person || '';
     document.getElementById('supplierEmail').value = supplier.email || '';
     document.getElementById('supplierPhone').value = supplier.phone || '';
-    document.getElementById('supplierVatNo').value = supplier.vat_no || '';
     document.getElementById('supplierAddress').value = supplier.address || '';
+    
+    modal.show();
 }
 </script>
 <?php endif; ?>
diff --git a/admin/table_edit.php b/admin/table_edit.php
deleted file mode 100644
index fb94237..0000000
--- a/admin/table_edit.php
+++ /dev/null
@@ -1,83 +0,0 @@
-<?php
-require_once __DIR__ . '/../db/config.php';
-$pdo = db();
-
-$id = $_GET['id'] ?? null;
-if (!$id) {
-    header('Location: tables.php');
-    exit;
-}
-
-// Handle Form Submission
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $name = $_POST['name'] ?? '';
-    $area_id = $_POST['area_id'] ?? '';
-    $capacity = $_POST['capacity'] ?? 4;
-
-    if ($name && $area_id) {
-        $stmt = $pdo->prepare("UPDATE tables SET name = ?, area_id = ?, capacity = ? WHERE id = ?");
-        $stmt->execute([$name, $area_id, $capacity, $id]);
-        header('Location: tables.php');
-        exit;
-    }
-}
-
-// Fetch Table Details
-$stmt = $pdo->prepare("SELECT * FROM tables WHERE id = ?");
-$stmt->execute([$id]);
-$table = $stmt->fetch();
-
-if (!$table) {
-    die("Table not found.");
-}
-
-// Fetch Areas for Dropdown (with outlet names)
-$areas = $pdo->query("SELECT areas.id, areas.name, outlets.name as outlet_name 
-    FROM areas 
-    JOIN outlets ON areas.outlet_id = outlets.id 
-    ORDER BY outlets.name ASC, areas.name ASC")->fetchAll();
-
-include 'includes/header.php';
-?>
-
-<div class="d-flex justify-content-between align-items-center mb-4">
-    <h2 class="fw-bold mb-0">Edit Table</h2>
-    <a href="tables.php" class="btn btn-outline-secondary">
-        <i class="bi bi-arrow-left"></i> Back
-    </a>
-</div>
-
-<div class="card border-0 shadow-sm">
-    <div class="card-body">
-        <form method="POST">
-            <div class="mb-3">
-                <label class="form-label">Table Name/Number</label>
-                <input type="text" name="name" class="form-control" value="<?= htmlspecialchars($table['name']) ?>" required>
-            </div>
-            
-            <div class="mb-3">
-                <label class="form-label">Area (Sorted by Outlet)</label>
-                <select name="area_id" class="form-select" required>
-                    <option value="">Select Area</option>
-                    <?php foreach ($areas as $area): ?>
-                    <option value="<?= $area['id'] ?>" <?= $area['id'] == $table['area_id'] ? 'selected' : '' ?>>
-                        <?= htmlspecialchars($area['outlet_name']) ?> &raquo; <?= htmlspecialchars($area['name']) ?>
-                    </option>
-                    <?php endforeach; ?>
-                </select>
-            </div>
-            
-            <div class="mb-3">
-                <label class="form-label">Capacity (Pax)</label>
-                <input type="number" name="capacity" class="form-control" value="<?= htmlspecialchars($table['capacity']) ?>" min="1" required>
-            </div>
-
-            <div class="d-flex justify-content-end gap-2">
-                <a href="tables.php" class="btn btn-light">Cancel</a>
-                <button type="submit" class="btn btn-primary">Update Table</button>
-            </div>
-        </form>
-    </div>
-</div>
-
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/tables.php b/admin/tables.php
index 0200a9a..c0d8083 100644
--- a/admin/tables.php
+++ b/admin/tables.php
@@ -6,59 +6,70 @@ $pdo = db();
 
 $message = '';
 
-if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_table') {
-    if (!has_permission('tables_add')) {
-        $message = '<div class="alert alert-danger">Access Denied: You do not have permission to add tables.</div>';
+// Handle Add/Edit Table
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
+    $action = $_POST['action'];
+    $table_number = trim($_POST['table_number']);
+    $capacity = (int)$_POST['capacity'];
+    $area_id = (int)$_POST['area_id'];
+    $status = $_POST['status'];
+    $id = isset($_POST['id']) ? (int)$_POST['id'] : null;
+
+    if (empty($table_number)) {
+        $message = '<div class="alert alert-danger">Table number is required.</div>';
     } else {
-        $stmt = $pdo->prepare("INSERT INTO tables (area_id, name, capacity) VALUES (?, ?, ?)");
-        $stmt->execute([$_POST['area_id'], $_POST['name'], $_POST['capacity']]);
-        header("Location: tables.php");
-        exit;
+        try {
+            if ($action === 'edit_table' && $id) {
+                if (!has_permission('tables_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("UPDATE tables SET table_number = ?, capacity = ?, area_id = ?, status = ? WHERE id = ?");
+                    $stmt->execute([$table_number, $capacity, $area_id, $status, $id]);
+                    $message = '<div class="alert alert-success">Table updated successfully!</div>';
+                }
+            } elseif ($action === 'add_table') {
+                if (!has_permission('tables_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied.</div>';
+                } else {
+                    $stmt = $pdo->prepare("INSERT INTO tables (table_number, capacity, area_id, status) VALUES (?, ?, ?, ?)");
+                    $stmt->execute([$table_number, $capacity, $area_id, $status]);
+                    $message = '<div class="alert alert-success">Table created successfully!</div>';
+                }
+            }
+        } catch (PDOException $e) {
+            $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
+        }
     }
 }
 
+// Handle Delete
 if (isset($_GET['delete'])) {
     if (!has_permission('tables_del')) {
         $message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete tables.</div>';
     } else {
-        $pdo->prepare("DELETE FROM tables WHERE id = ?")->execute([$_GET['delete']]);
+        $id = $_GET['delete'];
+        $pdo->prepare("DELETE FROM tables WHERE id = ?")->execute([$id]);
         header("Location: tables.php");
         exit;
     }
 }
 
-// Fetch tables with area and outlet names
-$query = "SELECT tables.*, areas.name as area_name, outlets.name as outlet_name 
-    FROM tables 
-    LEFT JOIN areas ON tables.area_id = areas.id 
-    LEFT JOIN outlets ON areas.outlet_id = outlets.id
-    ORDER BY tables.id DESC";
+$areas = $pdo->query("SELECT * FROM areas ORDER BY name ASC")->fetchAll();
 
+$query = "SELECT t.*, a.name as area_name 
+          FROM tables t 
+          LEFT JOIN areas a ON t.area_id = a.id 
+          ORDER BY a.name ASC, t.table_number ASC";
 $tables_pagination = paginate_query($pdo, $query);
 $tables = $tables_pagination['data'];
 
-// Fetch areas for dropdown (with outlet names)
-$areas = $pdo->query("SELECT areas.id, areas.name, outlets.name as outlet_name 
-    FROM areas 
-    JOIN outlets ON areas.outlet_id = outlets.id 
-    ORDER BY outlets.name ASC, areas.name ASC")->fetchAll();
-
 include 'includes/header.php';
-
-// Determine base URL for QR codes
-$isHttps = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') 
-           || ($_SERVER['HTTP_X_FORWARDED_PROTO'] ?? '') === 'https'
-           || $_SERVER['SERVER_PORT'] == 443;
-$protocol = $isHttps ? "https://" : "http://";
-$host = $_SERVER['HTTP_HOST'];
-$dir = dirname($_SERVER['PHP_SELF'], 2);
-$baseUrl = $protocol . $host . ($dir === '/' ? '' : $dir) . '/qorder.php';
 ?>
 
 <div class="d-flex justify-content-between align-items-center mb-4">
     <h2 class="fw-bold mb-0">Tables</h2>
     <?php if (has_permission('tables_add')): ?>
-    <button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#addTableModal">
+    <button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#tableModal" onclick="prepareAddForm()">
         <i class="bi bi-plus-lg"></i> Add Table
     </button>
     <?php endif; ?>
@@ -77,44 +88,46 @@ $baseUrl = $protocol . $host . ($dir === '/' ? '' : $dir) . '/qorder.php';
                 <thead class="bg-light">
                     <tr>
                         <th class="ps-4">ID</th>
-                        <th>Name</th>
-                        <th>Outlet / Area</th>
+                        <th>Table Number</th>
+                        <th>Area</th>
                         <th>Capacity</th>
-                        <th>Actions</th>
+                        <th>Status</th>
+                        <th class="text-end pe-4">Actions</th>
                     </tr>
                 </thead>
                 <tbody>
-                    <?php foreach ($tables as $table): 
-                        $qrUrl = $baseUrl . '?table_id=' . $table['id'];
-                    ?>
+                    <?php foreach ($tables as $table): ?>
                     <tr>
                         <td class="ps-4 fw-medium">#<?= $table['id'] ?></td>
-                        <td class="fw-bold"><?= htmlspecialchars($table['name']) ?></td>
+                        <td class="fw-bold"><?= htmlspecialchars($table['table_number']) ?></td>
+                        <td><span class="badge bg-light text-dark border"><?= htmlspecialchars($table['area_name'] ?: 'None') ?></span></td>
+                        <td><?= $table['capacity'] ?> Persons</td>
                         <td>
-                            <span class="badge bg-info text-dark"><?= htmlspecialchars($table['outlet_name'] ?? 'N/A') ?></span>
-                            <span class="badge bg-secondary"><?= htmlspecialchars($table['area_name'] ?? 'N/A') ?></span>
+                            <?php if ($table['status'] === 'available'): ?>
+                                <span class="badge bg-success-subtle text-success px-3">Available</span>
+                            <?php elseif ($table['status'] === 'occupied'): ?>
+                                <span class="badge bg-danger-subtle text-danger px-3">Occupied</span>
+                            <?php else: ?>
+                                <span class="badge bg-secondary-subtle text-secondary px-3"><?= ucfirst($table['status']) ?></span>
+                            <?php endif; ?>
                         </td>
-                        <td><?= htmlspecialchars($table['capacity']) ?> pax</td>
-                        <td>
-                            <button class="btn btn-sm btn-dark me-1" 
-                                    onclick="showQR('<?= htmlspecialchars($table['name'], ENT_QUOTES) ?>', '<?= $qrUrl ?>')" 
-                                    title="View QR Code">
-                                <i class="bi bi-qr-code me-1"></i> QR
-                            </button>
+                        <td class="text-end pe-4">
                             <?php if (has_permission('tables_add')): ?>
-                            <a href="table_edit.php?id=<?= $table['id'] ?>" class="btn btn-sm btn-outline-primary me-1" title="Edit"><i class="bi bi-pencil"></i></a>
+                            <button type="button" class="btn btn-sm btn-outline-primary me-1" 
+                                    data-bs-toggle="modal" data-bs-target="#tableModal"
+                                    onclick='prepareEditForm(<?= htmlspecialchars(json_encode($table), ENT_QUOTES, "UTF-8") ?>)' title="Edit"><i class="bi bi-pencil"></i></button>
                             <?php endif; ?>
                             
                             <?php if (has_permission('tables_del')): ?>
-                            <a href="?delete=<?= $table['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this table?')" title="Delete"><i class="bi bi-trash"></i></a>
+                            <a href="?delete=<?= $table['id'] ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('Delete this table?')"><i class="bi bi-trash"></i></a>
                             <?php endif; ?>
                         </td>
                     </tr>
                     <?php endforeach; ?>
                     <?php if (empty($tables)): ?>
-                    <tr>
-                        <td colspan="5" class="text-center py-4 text-muted">No tables found. Add one to get started.</td>
-                    </tr>
+                        <tr>
+                            <td colspan="6" class="text-center py-4 text-muted">No tables found.</td>
+                        </tr>
                     <?php endif; ?>
                 </tbody>
             </table>
@@ -126,34 +139,44 @@ $baseUrl = $protocol . $host . ($dir === '/' ? '' : $dir) . '/qorder.php';
     </div>
 </div>
 
-<!-- Add Table Modal -->
+<!-- Table Modal -->
 <?php if (has_permission('tables_add')): ?>
-<div class="modal fade" id="addTableModal" tabindex="-1">
+<div class="modal fade" id="tableModal" tabindex="-1" aria-hidden="true">
     <div class="modal-dialog">
         <div class="modal-content">
-            <div class="modal-header">
-                <h5 class="modal-title">Add Table</h5>
-                <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
+            <div class="modal-header bg-primary text-white">
+                <h5 class="modal-title" id="tableModalTitle">Add New Table</h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
             </div>
-            <form method="POST">
+            <form method="POST" id="tableForm">
                 <div class="modal-body">
-                    <input type="hidden" name="action" value="add_table">
+                    <input type="hidden" name="action" id="tableAction" value="add_table">
+                    <input type="hidden" name="id" id="tableId">
                     <div class="mb-3">
-                        <label class="form-label">Table Name/Number</label>
-                        <input type="text" name="name" class="form-control" placeholder="e.g. T1, Window 5" required>
+                        <label class="form-label">Table Number <span class="text-danger">*</span></label>
+                        <input type="text" name="table_number" id="tableNumber" class="form-control" required placeholder="e.g. T1">
                     </div>
                     <div class="mb-3">
-                        <label class="form-label">Area (Sorted by Outlet)</label>
-                        <select name="area_id" class="form-select" required>
+                        <label class="form-label">Area <span class="text-danger">*</span></label>
+                        <select name="area_id" id="tableAreaId" class="form-select" required>
                             <option value="">Select Area</option>
                             <?php foreach ($areas as $area): ?>
-                            <option value="<?= $area['id'] ?>"><?= htmlspecialchars($area['outlet_name']) ?> &raquo; <?= htmlspecialchars($area['name']) ?></option>
+                                <option value="<?= $area['id'] ?>"><?= htmlspecialchars($area['name']) ?></option>
                             <?php endforeach; ?>
                         </select>
                     </div>
                     <div class="mb-3">
-                        <label class="form-label">Capacity (Pax)</label>
-                        <input type="number" name="capacity" class="form-control" value="4" min="1" required>
+                        <label class="form-label">Capacity (Persons)</label>
+                        <input type="number" name="capacity" id="tableCapacity" class="form-control" value="2" min="1">
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label">Status</label>
+                        <select name="status" id="tableStatus" class="form-select">
+                            <option value="available">Available</option>
+                            <option value="occupied">Occupied</option>
+                            <option value="reserved">Reserved</option>
+                            <option value="inactive">Inactive</option>
+                        </select>
                     </div>
                 </div>
                 <div class="modal-footer">
@@ -164,53 +187,26 @@ $baseUrl = $protocol . $host . ($dir === '/' ? '' : $dir) . '/qorder.php';
         </div>
     </div>
 </div>
-<?php endif; ?>
-
-<!-- QR Code Modal -->
-<div class="modal fade" id="qrModal" tabindex="-1">
-    <div class="modal-dialog modal-sm modal-dialog-centered">
-        <div class="modal-content">
-            <div class="modal-header">
-                <h5 class="modal-title" id="qrModalTitle">Table QR Code</h5>
-                <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
-            </div>
-            <div class="modal-body text-center">
-                <div id="qr-container" class="mb-3">
-                    <img id="qr-image" src="" alt="QR Code" class="img-fluid border p-2 bg-white" onerror="this.src='https://placehold.co/300x300?text=QR+Error'">
-                </div>
-                <div id="qr-url" class="small text-muted text-break mb-3"></div>
-                <button class="btn btn-sm btn-outline-primary" onclick="printQR()">
-                    <i class="bi bi-printer"></i> Print QR
-                </button>
-            </div>
-        </div>
-    </div>
-</div>
 
 <script>
-function showQR(tableName, url) {
-    document.getElementById('qrModalTitle').textContent = 'QR Code - ' + tableName;
-    document.getElementById('qr-image').src = 'https://api.qrserver.com/v1/create-qr-code/?size=300x300&data=' + encodeURIComponent(url);
-    document.getElementById('qr-url').textContent = url;
-    const modal = new bootstrap.Modal(document.getElementById('qrModal'));
-    modal.show();
+function prepareAddForm() {
+    document.getElementById('tableModalTitle').innerText = 'Add New Table';
+    document.getElementById('tableAction').value = 'add_table';
+    document.getElementById('tableForm').reset();
+    document.getElementById('tableId').value = '';
 }
 
-function printQR() {
-    const img = document.getElementById('qr-image').src;
-    const title = document.getElementById('qrModalTitle').textContent;
-    const win = window.open('', '_blank');
-    const html = '<html><head><title>Print QR</title><style>' +
-                 'body { text-align: center; font-family: sans-serif; padding: 40px; }' +
-                 'img { width: 300px; height: 300px; border: 1px solid #ccc; padding: 10px; }' +
-                 'h1 { margin-bottom: 20px; }</style></head>' +
-                 '<body onload="window.print(); window.close();">' +
-                 '<h1>' + title + '</h1>' +
-                 '<img src="' + img + '">' +
-                 '<p>Scan to order</p></body></html>';
-    win.document.write(html);
-    win.document.close();
+function prepareEditForm(table) {
+    if (!table) return;
+    document.getElementById('tableModalTitle').innerText = 'Edit Table';
+    document.getElementById('tableAction').value = 'edit_table';
+    document.getElementById('tableId').value = table.id;
+    document.getElementById('tableNumber').value = table.table_number || '';
+    document.getElementById('tableAreaId').value = table.area_id || '';
+    document.getElementById('tableCapacity').value = table.capacity || 2;
+    document.getElementById('tableStatus').value = table.status || 'available';
 }
 </script>
+<?php endif; ?>
 
 <?php include 'includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/user_edit.php b/admin/user_edit.php
deleted file mode 100644
index b34961a..0000000
--- a/admin/user_edit.php
+++ /dev/null
@@ -1,311 +0,0 @@
-<?php
-require_once __DIR__ . '/../db/config.php';
-require_once __DIR__ . '/../includes/functions.php';
-
-$pdo = db();
-require_permission('all');
-
-$id = $_GET['id'] ?? null;
-$user = null;
-
-if ($id) {
-    $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
-    $stmt->execute([$id]);
-    $user = $stmt->fetch(PDO::FETCH_ASSOC);
-    if (!$user) {
-        header('Location: users.php');
-        exit;
-    }
-} else {
-    // Default values for new user
-    $user = [
-        'id' => null,
-        'username' => '',
-        'full_name' => '',
-        'email' => '',
-        'group_id' => '',
-        'employee_id' => '',
-        'is_active' => 1,
-        'is_ratable' => 0,
-        'profile_pic' => '',
-        'created_at' => date('Y-m-d H:i:s')
-    ];
-}
-
-$message = '';
-
-if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $full_name = $_POST['full_name'];
-    $username = $_POST['username'];
-    $email = $_POST['email'];
-    $group_id = $_POST['group_id'];
-    $employee_id = $_POST['employee_id'] ?? null;
-    $is_active = isset($_POST['is_active']) ? 1 : 0;
-    $is_ratable = isset($_POST['is_ratable']) ? 1 : 0;
-    $assigned_outlets = $_POST['outlets'] ?? [];
-    $password = $_POST['password'] ?? '';
-    
-    // Validation
-    if (!$id && empty($password)) {
-        $message = '<div class="alert alert-danger">Password is required for new users.</div>';
-    } else {
-        // Check if username already exists
-        $stmt = $pdo->prepare("SELECT id FROM users WHERE username = ? AND id != ?");
-        $stmt->execute([$username, (int)$id]);
-        if ($stmt->fetch()) {
-            $message = '<div class="alert alert-danger">Username already taken.</div>';
-        }
-    }
-    
-    if (!$message) {
-        $pdo->beginTransaction();
-        try {
-            if ($id) {
-                // Update
-                $sql = "UPDATE users SET full_name = ?, username = ?, email = ?, group_id = ?, is_active = ?, is_ratable = ?, employee_id = ? WHERE id = ?";
-                $params = [$full_name, $username, $email, $group_id, $is_active, $is_ratable, $employee_id, $id];
-                $stmt = $pdo->prepare($sql);
-                $stmt->execute($params);
-                
-                if (!empty($password)) {
-                    $hashed_password = password_hash($password, PASSWORD_DEFAULT);
-                    $pdo->prepare("UPDATE users SET password = ? WHERE id = ?")->execute([$hashed_password, $id]);
-                }
-                $user_id = $id;
-            } else {
-                // Insert
-                $hashed_password = password_hash($password, PASSWORD_DEFAULT);
-                $sql = "INSERT INTO users (full_name, username, email, group_id, is_active, is_ratable, employee_id, password) VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
-                $params = [$full_name, $username, $email, $group_id, $is_active, $is_ratable, $employee_id, $hashed_password];
-                $stmt = $pdo->prepare($sql);
-                $stmt->execute($params);
-                $user_id = $pdo->lastInsertId();
-            }
-
-            // Update assigned outlets
-            $pdo->prepare("DELETE FROM user_outlets WHERE user_id = ?")->execute([$user_id]);
-            if (!empty($assigned_outlets)) {
-                $stmt_outlet = $pdo->prepare("INSERT INTO user_outlets (user_id, outlet_id) VALUES (?, ?)");
-                foreach ($assigned_outlets as $outlet_id) {
-                    $stmt_outlet->execute([$user_id, $outlet_id]);
-                }
-            }
-
-            // Handle Profile Picture Upload
-            if (isset($_FILES['profile_pic']) && $_FILES['profile_pic']['error'] === UPLOAD_ERR_OK) {
-                $upload_dir = __DIR__ . '/../assets/images/users/';
-                if (!is_dir($upload_dir)) {
-                    mkdir($upload_dir, 0775, true);
-                }
-                
-                $file_tmp = $_FILES['profile_pic']['tmp_name'];
-                $file_name = $_FILES['profile_pic']['name'];
-                $file_ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION));
-                $allowed_exts = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
-                
-                if (in_array($file_ext, $allowed_exts)) {
-                    $new_file_name = 'user_' . $user_id . '_' . uniqid() . '.' . $file_ext;
-                    $upload_path = $upload_dir . $new_file_name;
-                    
-                    if (move_uploaded_file($file_tmp, $upload_path)) {
-                        // Delete old profile pic if exists
-                        if ($user['profile_pic'] && file_exists(__DIR__ . '/../' . $user['profile_pic'])) {
-                            unlink(__DIR__ . '/../' . $user['profile_pic']);
-                        }
-                        
-                        $profile_pic_path = 'assets/images/users/' . $new_file_name;
-                        $pdo->prepare("UPDATE users SET profile_pic = ? WHERE id = ?")->execute([$profile_pic_path, $user_id]);
-                    }
-                }
-            }
-
-            $pdo->commit();
-            
-            if ($id) {
-                $message = '<div class="alert alert-success">User updated successfully!</div>';
-            } else {
-                header("Location: user_edit.php?id=$user_id&success=1");
-                exit;
-            }
-            
-            // Refresh user data
-            $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
-            $stmt->execute([$user_id]);
-            $user = $stmt->fetch(PDO::FETCH_ASSOC);
-        } catch (Exception $e) {
-            $pdo->rollBack();
-            $message = '<div class="alert alert-danger">Error saving user: ' . $e->getMessage() . '</div>';
-        }
-    }
-}
-
-if (isset($_GET['success'])) {
-    $message = '<div class="alert alert-success">User created successfully!</div>';
-}
-
-$groups = $pdo->query("SELECT * FROM user_groups ORDER BY name")->fetchAll();
-$all_outlets = $pdo->query("SELECT * FROM outlets ORDER BY name")->fetchAll();
-$assigned_outlet_ids = [];
-if ($id) {
-    $user_outlets = $pdo->prepare("SELECT outlet_id FROM user_outlets WHERE user_id = ?");
-    $user_outlets->execute([$id]);
-    $assigned_outlet_ids = $user_outlets->fetchAll(PDO::FETCH_COLUMN);
-}
-
-include 'includes/header.php';
-?>
-
-<div class="mb-4">
-    <a href="users.php" class="text-decoration-none text-muted small"><i class="bi bi-arrow-left"></i> Back to Users</a>
-    <div class="d-flex align-items-center mt-2">
-        <h2 class="fw-bold mb-0"><?= $id ? 'Edit' : 'Add' ?> User<?= $user['username'] ? ': ' . htmlspecialchars($user['username']) : '' ?></h2>
-    </div>
-</div>
-
-<?= $message ?>
-
-<div class="row">
-    <div class="col-md-8">
-        <div class="card border-0 shadow-sm rounded-4 mb-4">
-            <div class="card-body p-4">
-                <form method="POST" enctype="multipart/form-data">
-                    <div class="row mb-4">
-                        <div class="col-md-6">
-                            <label class="form-label small fw-bold text-muted">FULL NAME</label>
-                            <input type="text" name="full_name" class="form-control" value="<?= htmlspecialchars($user['full_name']) ?>" required>
-                        </div>
-                        <div class="col-md-6">
-                            <label class="form-label small fw-bold text-muted">USERNAME</label>
-                            <input type="text" name="username" class="form-control" value="<?= htmlspecialchars($user['username']) ?>" required>
-                        </div>
-                    </div>
-
-                    <div class="row mb-4">
-                        <div class="col-md-6">
-                            <label class="form-label small fw-bold text-muted">EMAIL</label>
-                            <input type="email" name="email" class="form-control" value="<?= htmlspecialchars($user['email']) ?>" required>
-                        </div>
-                        <div class="col-md-6">
-                            <label class="form-label small fw-bold text-muted">EMPLOYEE / BIOMETRIC ID</label>
-                            <input type="text" name="employee_id" class="form-control mb-3" value="<?= htmlspecialchars($user['employee_id'] ?? '') ?>" placeholder="e.g. 101">
-                            <label class="form-label small fw-bold text-muted">USER GROUP / ROLE</label>
-                            <select name="group_id" class="form-select" required>
-                                <option value="">Select Group</option>
-                                <?php foreach ($groups as $group): ?>
-                                    <option value="<?= $group['id'] ?>" <?= $user['group_id'] == $group['id'] ? 'selected' : '' ?>><?= htmlspecialchars($group['name']) ?></option>
-                                <?php endforeach; ?>
-                            </select>
-                        </div>
-                    </div>
-
-                    <div class="row mb-4">
-                        <div class="col-md-12">
-                            <label class="form-label small fw-bold text-muted">PROFILE PICTURE</label>
-                            <div class="d-flex align-items-center gap-3">
-                                <?php if ($user['profile_pic']): ?>
-                                    <img src="../<?= htmlspecialchars($user['profile_pic']) ?>?v=<?= time() ?>" alt="Profile Picture" class="rounded-circle shadow-sm" style="width: 80px; height: 80px; object-fit: cover;">
-                                <?php else: ?>
-                                    <div class="bg-primary bg-gradient text-white rounded-circle d-flex align-items-center justify-content-center shadow-sm" style="width: 80px; height: 80px; font-weight: 700; font-size: 1.5rem;">
-                                        <?= strtoupper(substr($user['full_name'] ?: $user['username'] ?: 'U', 0, 1)) ?>
-                                    </div>
-                                <?php endif; ?>
-                                <div class="flex-grow-1">
-                                    <input type="file" name="profile_pic" class="form-control" accept="image/*">
-                                    <div class="form-text mt-1">Allowed: JPG, PNG, GIF, WebP. Recommended: Square image.</div>
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-
-                    <div class="mb-4">
-                        <label class="form-label small fw-bold text-muted"><?= $id ? 'NEW PASSWORD (LEAVE BLANK TO KEEP CURRENT)' : 'PASSWORD' ?></label>
-                        <input type="password" name="password" class="form-control" placeholder="<?= $id ? '******' : 'Enter password' ?>" <?= $id ? '' : 'required' ?>>
-                    </div>
-
-                    <div class="mb-4">
-                        <label class="form-label small fw-bold text-muted d-block mb-2">ASSIGNED OUTLETS</label>
-                        <div class="row">
-                            <?php foreach ($all_outlets as $outlet): ?>
-                                <div class="col-md-4 mb-2">
-                                    <div class="form-check">
-                                        <input class="form-check-input" type="checkbox" name="outlets[]" value="<?= $outlet['id'] ?>" id="outlet_<?= $outlet['id'] ?>" <?= in_array($outlet['id'], $assigned_outlet_ids) ? 'checked' : '' ?>>
-                                        <label class="form-check-label small" for="outlet_<?= $outlet['id'] ?>">
-                                            <?= htmlspecialchars($outlet['name']) ?>
-                                        </label>
-                                    </div>
-                                </div>
-                            <?php endforeach; ?>
-                        </div>
-                        <div class="form-text mt-1">Assign one or more outlets to this user.</div>
-                    </div>
-
-                    <div class="row mb-4">
-                        <div class="col-md-6">
-                            <div class="form-check form-switch">
-                                <input class="form-check-input" type="checkbox" name="is_active" id="isActiveSwitch" <?= $user['is_active'] ? 'checked' : '' ?>>
-                                <label class="form-check-label fw-bold text-muted small" for="isActiveSwitch">ACTIVE ACCOUNT</label>
-                            </div>
-                        </div>
-                        <div class="col-md-6">
-                            <div class="form-check form-switch">
-                                <input class="form-check-input" type="checkbox" name="is_ratable" id="isRatableSwitch" <?= $user['is_ratable'] ? 'checked' : '' ?>>
-                                <label class="form-check-label fw-bold text-muted small" for="isRatableSwitch">DISPLAY IN STAFF RATINGS</label>
-                            </div>
-                            <div class="form-text small mt-1">Enable this to allow customers to rate this staff member in the public rating page.</div>
-                        </div>
-                    </div>
-
-                    <hr class="my-4">
-
-                    <div class="d-flex justify-content-end gap-2">
-                        <a href="users.php" class="btn btn-light rounded-pill px-4">Cancel</a>
-                        <button type="submit" class="btn btn-primary rounded-pill px-4 fw-bold"><?= $id ? 'Update' : 'Create' ?> User</button>
-                    </div>
-                </form>
-            </div>
-        </div>
-    </div>
-    
-    <div class="col-md-4">
-        <div class="card border-0 shadow-sm rounded-4 bg-primary bg-gradient text-white shadow">
-            <div class="card-body p-4">
-                <h5 class="fw-bold mb-3">User Info</h5>
-                <div class="d-flex align-items-center mb-3">
-                    <?php if ($user['profile_pic']): ?>
-                        <img src="../<?= htmlspecialchars($user['profile_pic']) ?>?v=<?= time() ?>" alt="Profile Picture" class="rounded-circle shadow-sm border border-2 border-white me-3" style="width: 60px; height: 60px; object-fit: cover;">
-                    <?php else: ?>
-                        <div class="bg-white text-primary rounded-circle d-flex align-items-center justify-content-center me-3" style="width:60px;height:60px; font-weight:700; font-size:1.5rem;">
-                            <?= strtoupper(substr($user['full_name'] ?: $user['username'] ?: 'U', 0, 1)) ?>
-                        </div>
-                    <?php endif; ?>
-                    <div>
-                        <div class="fw-bold"><?= htmlspecialchars($user['full_name'] ?: 'New User') ?></div>
-                        <div class="small opacity-75">Member since <?= date('M Y', strtotime($user['created_at'])) ?></div>
-                    </div>
-                </div>
-                <div class="small">
-                    <div class="mb-1"><i class="bi bi-envelope me-2"></i> <?= htmlspecialchars($user['email'] ?: 'Email not set') ?></div>
-                    <div><i class="bi bi-person-badge me-2"></i> User ID: <?= $id ? '#' . $id : '<i>New</i>' ?></div>
-                </div>
-                
-                <hr class="opacity-25 my-3">
-                <div class="small">
-                    <div class="fw-bold mb-2">Assigned Outlets:</div>
-                    <?php if (empty($assigned_outlet_ids)): ?>
-                        <div class="opacity-75">No outlets assigned.</div>
-                    <?php else: ?>
-                        <ul class="list-unstyled mb-0 opacity-75">
-                            <?php foreach ($all_outlets as $outlet): ?>
-                                <?php if (in_array($outlet['id'], $assigned_outlet_ids)): ?>
-                                    <li><i class="bi bi-geo-alt me-1"></i> <?= htmlspecialchars($outlet['name']) ?></li>
-                                <?php endif; ?>
-                            <?php endforeach; ?>
-                        </ul>
-                    <?php endif; ?>
-                </div>
-            </div>
-        </div>
-    </div>
-</div>
-
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/user_group_edit.php b/admin/user_group_edit.php
index 974b011..3761a97 100644
--- a/admin/user_group_edit.php
+++ b/admin/user_group_edit.php
@@ -46,13 +46,18 @@ $modules = [
     'areas' => 'Areas',
     'tables' => 'Tables',
     'suppliers' => 'Suppliers',
+    'purchases' => 'Purchases',
+    'expenses' => 'Expenses',
+    'expense_categories' => 'Expense Categories',
     'payment_types' => 'Payment Types',
     'loyalty' => 'Loyalty',
     'ads' => 'Ads',
     'reports' => 'Reports',
     'users' => 'Users',
     'user_groups' => 'User Groups',
-    'settings' => 'Settings'
+    'settings' => 'Settings',
+    'attendance' => 'Attendance',
+    'ratings' => 'Staff Ratings'
 ];
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'update_group') {
@@ -88,7 +93,13 @@ include 'includes/header.php';
 
 <div class="mb-4">
     <a href="user_groups.php" class="text-decoration-none text-muted small"><i class="bi bi-arrow-left"></i> Back to Groups</a>
-    <h2 class="fw-bold mt-2">Edit Group: <?= htmlspecialchars($group['name']) ?></h2>
+    <div class="d-flex justify-content-between align-items-center mt-2">
+        <h2 class="fw-bold">Edit Group Permissions: <?= htmlspecialchars($group['name']) ?></h2>
+        <div>
+            <button type="button" class="btn btn-outline-primary btn-sm rounded-pill" onclick="toggleAll(true)">Select All</button>
+            <button type="button" class="btn btn-outline-secondary btn-sm rounded-pill" onclick="toggleAll(false)">Deselect All</button>
+        </div>
+    </div>
 </div>
 
 <?= $message ?>
@@ -112,9 +123,10 @@ include 'includes/header.php';
                                 <tr>
                                     <th class="ps-4 py-3">Module</th>
                                     <th class="text-center py-3">View</th>
-                                    <th class="text-center py-3">Add / Edit</th>
+                                    <th class="text-center py-3">Add</th>
+                                    <th class="text-center py-3">Edit</th>
                                     <th class="text-center py-3">Delete</th>
-                                    <th class="text-center py-3">Full Access</th>
+                                    <th class="text-center py-3">Actions</th>
                                 </tr>
                             </thead>
                             <tbody>
@@ -131,6 +143,11 @@ include 'includes/header.php';
                                             <input class="form-check-input perm-checkbox" type="checkbox" name="perms[]" value="<?= $key ?>_add" id="perm_<?= $key ?>_add" <?= (in_array($key . '_add', $current_perms) || in_array('all', $current_perms)) ? 'checked' : '' ?> <?= !has_permission('user_groups_add') ? 'disabled' : '' ?>>
                                         </div>
                                     </td>
+                                    <td class="text-center">
+                                        <div class="form-check form-check-inline m-0">
+                                            <input class="form-check-input perm-checkbox" type="checkbox" name="perms[]" value="<?= $key ?>_edit" id="perm_<?= $key ?>_edit" <?= (in_array($key . '_edit', $current_perms) || in_array('all', $current_perms)) ? 'checked' : '' ?> <?= !has_permission('user_groups_add') ? 'disabled' : '' ?>>
+                                        </div>
+                                    </td>
                                     <td class="text-center">
                                         <div class="form-check form-check-inline m-0">
                                             <input class="form-check-input perm-checkbox" type="checkbox" name="perms[]" value="<?= $key ?>_del" id="perm_<?= $key ?>_del" <?= (in_array($key . '_del', $current_perms) || in_array('all', $current_perms)) ? 'checked' : '' ?> <?= !has_permission('user_groups_add') ? 'disabled' : '' ?>>
@@ -149,7 +166,7 @@ include 'includes/header.php';
                                 
                                 <tr class="table-info bg-opacity-10">
                                     <td class="ps-4 fw-bold">ADMINISTRATIVE</td>
-                                    <td colspan="3" class="text-center small text-muted">Grants full access to everything in the system.</td>
+                                    <td colspan="4" class="text-center small text-muted">Grants full access to everything in the system.</td>
                                     <td class="text-center">
                                         <div class="form-check form-switch d-inline-block">
                                             <input class="form-check-input" type="checkbox" name="perms[]" value="all" id="perm_all" <?= in_array('all', $current_perms) ? 'checked' : '' ?> <?= !has_permission('user_groups_add') ? 'disabled' : '' ?>>
@@ -175,9 +192,21 @@ include 'includes/header.php';
 
 <script>
 function toggleRow(key, state) {
-    document.getElementById('perm_' + key + '_view').checked = state;
-    document.getElementById('perm_' + key + '_add').checked = state;
-    document.getElementById('perm_' + key + '_del').checked = state;
+    const view = document.getElementById('perm_' + key + '_view');
+    const add = document.getElementById('perm_' + key + '_add');
+    const edit = document.getElementById('perm_' + key + '_edit');
+    const del = document.getElementById('perm_' + key + '_del');
+    
+    if(view) view.checked = state;
+    if(add) add.checked = state;
+    if(edit) edit.checked = state;
+    if(del) del.checked = state;
+}
+
+function toggleAll(state) {
+    document.querySelectorAll('.perm-checkbox').forEach(cb => {
+        if (!cb.disabled) cb.checked = state;
+    });
 }
 
 // If Super Admin is checked, maybe disable others? Or just let them be.
@@ -205,4 +234,4 @@ if (permAll) {
 }
 </script>
 
-<?php include 'includes/footer.php'; ?>
+<?php include 'includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/user_groups.php b/admin/user_groups.php
index 5d0cf6e..b985a69 100644
--- a/admin/user_groups.php
+++ b/admin/user_groups.php
@@ -1,21 +1,46 @@
 <?php
+require_once __DIR__ . "/../includes/functions.php";
+require_permission("user_groups_view");
 require_once __DIR__ . '/../db/config.php';
-require_once __DIR__ . '/../includes/functions.php';
-
 $pdo = db();
-require_permission('user_groups_view');
 
 $message = '';
 
+// Handle New Group Creation
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_user_group') {
+    if (!has_permission('user_groups_add')) {
+        $message = '<div class="alert alert-danger">Access Denied.</div>';
+    } else {
+        $name = trim($_POST['name']);
+        if (empty($name)) {
+            $message = '<div class="alert alert-danger">Group name is required.</div>';
+        } else {
+            try {
+                $stmt = $pdo->prepare("INSERT INTO user_groups (name, permissions) VALUES (?, '')");
+                $stmt->execute([$name]);
+                $newId = $pdo->lastInsertId();
+                header("Location: user_group_edit.php?id=" . $newId);
+                exit;
+            } catch (PDOException $e) {
+                $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
+            }
+        }
+    }
+}
+
 // Handle Delete
 if (isset($_GET['delete'])) {
     if (!has_permission('user_groups_del')) {
-        $message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to delete groups.</div>';
+        $message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete user groups.</div>';
     } else {
         $id = $_GET['delete'];
-        // Don't delete admin group
-        if ($id == 1) {
-            $message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Cannot delete the Administrator group.</div>';
+        // Don't allow deleting Administrator group
+        $stmt = $pdo->prepare("SELECT name FROM user_groups WHERE id = ?");
+        $stmt->execute([$id]);
+        $groupName = $stmt->fetchColumn();
+        
+        if ($groupName === 'Administrator') {
+            $message = '<div class="alert alert-danger">The Administrator group cannot be deleted.</div>';
         } else {
             $pdo->prepare("DELETE FROM user_groups WHERE id = ?")->execute([$id]);
             header("Location: user_groups.php");
@@ -24,105 +49,158 @@ if (isset($_GET['delete'])) {
     }
 }
 
-// Fetch Groups
-$groups = $pdo->query("SELECT g.*, (SELECT COUNT(*) FROM users u WHERE u.group_id = g.id) as user_count 
-                      FROM user_groups g 
-                      ORDER BY g.id ASC")->fetchAll(PDO::FETCH_ASSOC);
+$availablePermissions = [
+    'dashboard' => 'Dashboard',
+    'pos' => 'POS Terminal',
+    'orders' => 'Orders',
+    'kitchen' => 'Kitchen View',
+    'products' => 'Products',
+    'categories' => 'Categories',
+    'customers' => 'Customers',
+    'outlets' => 'Outlets',
+    'areas' => 'Areas',
+    'tables' => 'Tables',
+    'suppliers' => 'Suppliers',
+    'purchases' => 'Purchases',
+    'expenses' => 'Expenses',
+    'expense_categories' => 'Expense Categories',
+    'payment_types' => 'Payment Types',
+    'loyalty' => 'Loyalty',
+    'ads' => 'Ads',
+    'reports' => 'Reports',
+    'users' => 'Users',
+    'user_groups' => 'User Groups',
+    'settings' => 'Settings',
+    'attendance' => 'Attendance',
+    'ratings' => 'Staff Ratings'
+];
+
+$query = "SELECT * FROM user_groups ORDER BY id ASC";
+$groups_pagination = paginate_query($pdo, $query);
+$groups = $groups_pagination['data'];
 
 include 'includes/header.php';
 ?>
 
 <div class="d-flex justify-content-between align-items-center mb-4">
     <div>
-        <h2 class="fw-bold mb-1">User Groups / Roles</h2>
-        <p class="text-muted mb-0">Define permissions and access levels</p>
+        <h2 class="fw-bold mb-0">User Roles & Groups</h2>
+        <p class="text-muted mb-0">Manage permissions and access levels</p>
     </div>
     <?php if (has_permission('user_groups_add')): ?>
-    <button class="btn btn-primary btn-lg shadow-sm" data-bs-toggle="modal" data-bs-target="#addGroupModal" style="border-radius: 10px;">
-        <i class="bi bi-shield-plus me-1"></i> Add Group
+    <button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#addGroupModal">
+        <i class="bi bi-plus-lg"></i> Add Group
     </button>
     <?php endif; ?>
 </div>
 
 <?= $message ?>
 
-<div class="row g-4">
-    <?php foreach ($groups as $group): ?>
-    <div class="col-md-6 col-lg-4">
-        <div class="card border-0 shadow-sm rounded-4 h-100 position-relative overflow-hidden">
-            <div class="card-body p-4">
-                <div class="d-flex justify-content-between align-items-start mb-3">
-                    <div class="bg-primary bg-opacity-10 text-primary p-3 rounded-3 shadow-sm">
-                        <i class="bi bi-shield-lock-fill fs-4"></i>
-                    </div>
-                    <?php if (has_permission('user_groups_add')): ?>
-                    <a href="user_group_edit.php?id=<?= $group['id'] ?>" class="btn-icon-soft edit" title="Edit Permissions">
-                        <i class="bi bi-pencil-fill"></i>
-                    </a>
-                    <?php endif; ?>
-                </div>
-                
-                <h5 class="fw-bold mb-1"><?= htmlspecialchars($group['name']) ?></h5>
-                <p class="text-muted small mb-3"><?= $group['user_count'] ?> users assigned</p>
-                
-                <div class="d-flex flex-wrap gap-1 mb-4">
-                    <?php 
-                    $perms = explode(',', $group['permissions']);
-                    $display_perms = array_slice($perms, 0, 3);
-                    foreach ($display_perms as $p): if (empty($p)) continue; ?>
-                        <span class="badge bg-light text-muted border px-2 py-1" style="font-size: 0.65rem;"><?= htmlspecialchars($p) ?></span>
+<div class="card border-0 shadow-sm rounded-4 overflow-hidden">
+    <div class="card-body p-0">
+        <!-- Pagination Controls -->
+        <div class="p-3 border-bottom bg-light">
+             <?php render_pagination_controls($groups_pagination); ?>
+        </div>
+        <div class="table-responsive">
+            <table class="table table-hover align-middle mb-0">
+                <thead class="bg-light">
+                    <tr>
+                        <th class="ps-4">ID</th>
+                        <th>Group Name</th>
+                        <th>Permissions Summary</th>
+                        <th class="text-end pe-4">Actions</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <?php foreach ($groups as $group): ?>
+                    <tr>
+                        <td class="ps-4 fw-medium text-muted">#<?= $group['id'] ?></td>
+                        <td class="fw-bold text-dark"><?= htmlspecialchars($group['name']) ?></td>
+                        <td>
+                            <?php 
+                            if ($group['permissions'] === 'all') {
+                                echo '<span class="badge bg-danger-subtle text-danger border border-danger">Super Admin (All)</span>';
+                            } else {
+                                $perms = explode(',', $group['permissions']);
+                                $modules_found = [];
+                                foreach ($perms as $p) {
+                                    $mod = explode('_', $p)[0];
+                                    if (isset($availablePermissions[$mod]) && !in_array($availablePermissions[$mod], $modules_found)) {
+                                        $modules_found[] = $availablePermissions[$mod];
+                                    }
+                                }
+                                
+                                if (count($modules_found) > 0) {
+                                    echo '<div class="d-flex flex-wrap gap-1">';
+                                    $i = 0;
+                                    foreach ($modules_found as $m) {
+                                        if ($i < 5) {
+                                            echo '<span class="badge bg-light text-dark border small">' . $m . '</span>';
+                                        }
+                                        $i++;
+                                    }
+                                    if (count($modules_found) > 5) {
+                                        echo '<span class="badge bg-light text-muted border small">+' . (count($modules_found) - 5) . ' more</span>';
+                                    }
+                                    echo '</div>';
+                                } elseif (!empty($group['permissions'])) {
+                                    echo '<small class="text-muted">' . htmlspecialchars(substr($group['permissions'], 0, 30)) . '...</small>';
+                                } else {
+                                    echo '<small class="text-muted">No permissions defined</small>';
+                                }
+                            }
+                            ?>
+                        </td>
+                        <td class="text-end pe-4">
+                            <?php if (has_permission('user_groups_add')): ?>
+                            <a href="user_group_edit.php?id=<?= $group['id'] ?>" class="btn btn-sm btn-outline-primary rounded-pill px-3 me-1" title="Manage Permissions">
+                                <i class="bi bi-shield-lock me-1"></i> Permissions
+                            </a>
+                            <?php endif; ?>
+                            
+                            <?php if (has_permission('user_groups_del') && $group['name'] !== 'Administrator'): ?>
+                            <a href="?delete=<?= $group['id'] ?>" class="btn btn-sm btn-outline-danger rounded-pill px-3" onclick="return confirm('Delete this user group?')">
+                                <i class="bi bi-trash me-1"></i> Delete
+                            </a>
+                            <?php endif; ?>
+                        </td>
+                    </tr>
                     <?php endforeach; ?>
-                    <?php if (count($perms) > 3): ?>
-                        <span class="badge bg-light text-muted border px-2 py-1" style="font-size: 0.65rem;">+<?= count($perms) - 3 ?> more</span>
-                    <?php endif; ?>
-                </div>
-                
-                <div class="d-flex gap-2">
-                    <?php if (has_permission('user_groups_add')): ?>
-                    <a href="user_group_edit.php?id=<?= $group['id'] ?>" class="btn btn-primary w-100 rounded-pill">Manage Permissions</a>
-                    <?php endif; ?>
-                    
-                    <?php if (has_permission('user_groups_del') && $group['id'] != 1): ?>
-                    <a href="?delete=<?= $group['id'] ?>" class="btn btn-light text-danger w-100 rounded-pill" onclick="return confirm('Are you sure?')">Delete</a>
-                    <?php endif; ?>
-                </div>
-            </div>
-            
-            <?php if ($group['name'] === 'Administrator' || $group['permissions'] === 'all'): ?>
-            <div class="position-absolute top-0 end-0 m-3">
-                <span class="badge bg-warning text-dark shadow-sm">Super Admin</span>
-            </div>
-            <?php endif; ?>
+                </tbody>
+            </table>
+        </div>
+        <!-- Bottom Pagination -->
+        <div class="p-3 border-top bg-light">
+             <?php render_pagination_controls($groups_pagination); ?>
         </div>
     </div>
-    <?php endforeach; ?>
 </div>
 
 <!-- Add Group Modal -->
-<?php if (has_permission('user_groups_add')): ?>
-<div class="modal fade" id="addGroupModal" tabindex="-1">
-    <div class="modal-dialog modal-dialog-centered">
-        <div class="modal-content border-0 shadow-lg rounded-4">
-            <div class="modal-header border-0 pb-0 ps-4 pt-4">
-                <h5 class="modal-title fw-bold">Create New User Group</h5>
-                <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
+<div class="modal fade" id="addGroupModal" tabindex="-1" aria-hidden="true">
+    <div class="modal-dialog">
+        <div class="modal-content border-0 shadow rounded-4">
+            <div class="modal-header border-0 pb-0">
+                <h5 class="modal-title fw-bold">Create New Group</h5>
+                <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
             </div>
-            <form action="user_group_edit.php" method="POST">
-                <div class="modal-body p-4">
+            <form method="POST">
+                <div class="modal-body py-4">
+                    <input type="hidden" name="action" value="add_user_group">
                     <div class="mb-3">
                         <label class="form-label small fw-bold text-muted">GROUP NAME</label>
-                        <input type="text" name="name" class="form-control form-control-lg border-0 bg-light rounded-3" placeholder="e.g. Supervisor" required>
-                        <p class="form-text small text-muted mt-2">After creating the group, you will be redirected to define its specific permissions.</p>
+                        <input type="text" name="name" class="form-control form-control-lg border-0 bg-light rounded-3" required placeholder="e.g. Supervisor" autofocus>
                     </div>
+                    <p class="text-muted small mb-0">After creating, you will be redirected to the permissions page to configure access levels.</p>
                 </div>
-                <div class="modal-footer border-0 p-4 pt-0">
-                    <button type="button" class="btn btn-light rounded-pill px-4" data-bs-toggle="modal">Cancel</button>
-                    <button type="submit" class="btn btn-primary rounded-pill px-4 fw-bold">Create & Configure</button>
+                <div class="modal-footer border-0 pt-0">
+                    <button type="button" class="btn btn-light rounded-pill px-4" data-bs-dismiss="modal">Cancel</button>
+                    <button type="submit" class="btn btn-primary rounded-pill px-4 fw-bold shadow-sm">Create & Configure</button>
                 </div>
             </form>
         </div>
     </div>
 </div>
-<?php endif; ?>
 
-<?php include 'includes/footer.php'; ?>
+<?php include 'includes/footer.php'; ?>
\ No newline at end of file
diff --git a/admin/users.php b/admin/users.php
index 3501600..fd4dadd 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -1,38 +1,107 @@
 <?php
+require_once __DIR__ . "/../includes/functions.php";
+require_permission("users_view");
 require_once __DIR__ . '/../db/config.php';
-require_once __DIR__ . '/../includes/functions.php';
-
 $pdo = db();
-require_permission('users_view');
 
 $message = '';
 
+// Handle Add/Edit User
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
+    $action = $_POST['action'];
+    $username = trim($_POST['username']);
+    $full_name = trim($_POST['full_name']);
+    $email = trim($_POST['email']);
+    $group_id = (int)$_POST['group_id'];
+    $is_active = isset($_POST['is_active']) ? 1 : 0;
+    $is_ratable = isset($_POST['is_ratable']) ? 1 : 0;
+    $id = isset($_POST['id']) ? (int)$_POST['id'] : null;
+
+    $profile_pic = null;
+    if ($id) {
+        $stmt = $pdo->prepare("SELECT profile_pic FROM users WHERE id = ?");
+        $stmt->execute([$id]);
+        $profile_pic = $stmt->fetchColumn();
+    }
+
+    if (isset($_FILES['profile_pic']) && $_FILES['profile_pic']['error'] === UPLOAD_ERR_OK) {
+        $uploadDir = __DIR__ . '/../assets/images/users/';
+        if (!is_dir($uploadDir)) mkdir($uploadDir, 0755, true);
+        
+        $file_ext = strtolower(pathinfo($_FILES['profile_pic']['name'], PATHINFO_EXTENSION));
+        if (in_array($file_ext, ['jpg', 'jpeg', 'png', 'gif', 'webp'])) {
+            $new_file_name = 'user_' . ($id ?: uniqid()) . '_' . uniqid() . '.' . $file_ext;
+            if (move_uploaded_file($_FILES['profile_pic']['tmp_name'], $uploadDir . $new_file_name)) {
+                $profile_pic = 'assets/images/users/' . $new_file_name;
+            }
+        }
+    }
+
+    if (empty($username)) {
+        $message = '<div class="alert alert-danger">Username is required.</div>';
+    } else {
+        try {
+            if ($action === 'edit_user' && $id) {
+                if (!has_permission('users_edit') && !has_permission('users_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied: You do not have permission to edit users.</div>';
+                } else {
+                    $sql = "UPDATE users SET username = ?, full_name = ?, email = ?, group_id = ?, is_active = ?, is_ratable = ?, profile_pic = ? WHERE id = ?";
+                    $params = [$username, $full_name, $email, $group_id, $is_active, $is_ratable, $profile_pic, $id];
+                    
+                    if (!empty($_POST['password'])) {
+                        $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
+                        $sql = "UPDATE users SET username = ?, full_name = ?, email = ?, group_id = ?, is_active = ?, is_ratable = ?, profile_pic = ?, password = ? WHERE id = ?";
+                        $params = [$username, $full_name, $email, $group_id, $is_active, $is_ratable, $profile_pic, $password, $id];
+                    }
+                    
+                    $stmt = $pdo->prepare($sql);
+                    $stmt->execute($params);
+                    $message = '<div class="alert alert-success">User updated successfully!</div>';
+                }
+            } elseif ($action === 'add_user') {
+                if (!has_permission('users_add')) {
+                    $message = '<div class="alert alert-danger">Access Denied: You do not have permission to add users.</div>';
+                } else {
+                    $password = password_hash($_POST['password'] ?: '123456', PASSWORD_DEFAULT);
+                    $stmt = $pdo->prepare("INSERT INTO users (username, password, full_name, email, group_id, is_active, is_ratable, profile_pic) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
+                    $stmt->execute([$username, $password, $full_name, $email, $group_id, $is_active, $is_ratable, $profile_pic]);
+                    $message = '<div class="alert alert-success">User created successfully!</div>';
+                }
+            }
+        } catch (PDOException $e) {
+            if ($e->getCode() == 23000) {
+                $message = '<div class="alert alert-danger">Username or Email already exists.</div>';
+            } else {
+                $message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
+            }
+        }
+    }
+}
+
 // Handle Delete
 if (isset($_GET['delete'])) {
     if (!has_permission('users_del')) {
-        $message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to delete users.</div>';
+        $message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete users.</div>';
     } else {
         $id = $_GET['delete'];
-        $pdo->prepare("DELETE FROM users WHERE id = ?")->execute([$id]);
-        header("Location: users.php");
-        exit;
+        // Don't allow deleting current user
+        if ($id == $_SESSION['user']['id']) {
+            $message = '<div class="alert alert-danger text-center">You cannot delete your own account.</div>';
+        } else {
+            $pdo->prepare("DELETE FROM users WHERE id = ?")->execute([$id]);
+            header("Location: users.php");
+            exit;
+        }
     }
 }
 
-// Handle Search
-$search = $_GET['search'] ?? '';
-$params = [];
+$groups = $pdo->query("SELECT * FROM user_groups ORDER BY name ASC")->fetchAll();
+
 $query = "SELECT u.*, g.name as group_name 
           FROM users u 
-          LEFT JOIN user_groups g ON u.group_id = g.id";
-
-if ($search) {
-    $query .= " WHERE u.username LIKE ? OR u.full_name LIKE ? OR u.email LIKE ? OR u.employee_id LIKE ?";
-    $params = ["%$search%", "%$search%", "%$search%", "%$search%"];
-}
-
-$query .= " ORDER BY u.id DESC";
-$users_pagination = paginate_query($pdo, $query, $params);
+          LEFT JOIN user_groups g ON u.group_id = g.id 
+          ORDER BY u.id DESC";
+$users_pagination = paginate_query($pdo, $query);
 $users = $users_pagination['data'];
 
 include 'includes/header.php';
@@ -40,45 +109,33 @@ include 'includes/header.php';
 
 <div class="d-flex justify-content-between align-items-center mb-4">
     <div>
-        <h2 class="fw-bold mb-1">Users</h2>
-        <p class="text-muted mb-0">Manage system staff and access</p>
+        <h2 class="fw-bold mb-1">User Management</h2>
+        <p class="text-muted mb-0">Manage staff accounts, roles and access permissions</p>
     </div>
     <?php if (has_permission('users_add')): ?>
-    <a href="user_edit.php" class="btn btn-primary btn-lg shadow-sm" style="border-radius: 10px;">
-        <i class="bi bi-person-plus me-1"></i> Add User
-    </a>
+    <button class="btn btn-primary btn-lg shadow-sm" data-bs-toggle="modal" data-bs-target="#userModal" onclick="prepareAddForm()" style="border-radius: 12px;">
+        <i class="bi bi-plus-lg"></i> Add New User
+    </button>
     <?php endif; ?>
 </div>
 
 <?= $message ?>
 
-<div class="card border-0 shadow-sm rounded-4 mb-4">
+<div class="card border-0 shadow-sm rounded-4 overflow-hidden">
     <div class="card-body p-0">
-        <div class="p-3 border-bottom bg-light bg-opacity-50">
-            <form method="GET" class="row g-2">
-                <div class="col-md-4">
-                    <div class="input-group">
-                        <span class="input-group-text bg-white border-end-0"><i class="bi bi-search text-muted"></i></span>
-                        <input type="text" name="search" class="form-control border-start-0" placeholder="Search users..." value="<?= htmlspecialchars($search) ?>">
-                    </div>
-                </div>
-                <div class="col-auto">
-                    <button type="submit" class="btn btn-light border">Filter</button>
-                </div>
-            </form>
+        <!-- Pagination Controls -->
+        <div class="p-3 border-bottom bg-light">
+             <?php render_pagination_controls($users_pagination); ?>
         </div>
-        
         <div class="table-responsive">
             <table class="table table-hover align-middle mb-0">
                 <thead class="bg-light">
                     <tr>
                         <th class="ps-4">User</th>
-                        <th>Role / Group</th>
-                        <th>Emp. ID</th>
                         <th>Email</th>
-                        <th>Ratable</th>
+                        <th>Role / Group</th>
                         <th>Status</th>
-                        <th>Joined</th>
+                        <th>Ratable</th>
                         <th class="text-end pe-4">Actions</th>
                     </tr>
                 </thead>
@@ -88,61 +145,174 @@ include 'includes/header.php';
                         <td class="ps-4">
                             <div class="d-flex align-items-center">
                                 <?php if ($user['profile_pic']): ?>
-                                    <img src="../<?= htmlspecialchars($user['profile_pic']) ?>?v=<?= time() ?>" alt="Profile" class="rounded-circle me-3 shadow-sm border border-2 border-white" style="width: 45px; height: 45px; object-fit: cover;">
+                                    <img src="../<?= htmlspecialchars($user['profile_pic']) ?>" class="rounded-circle me-3 border border-2 border-white shadow-sm" width="48" height="48" style="object-fit: cover;">
                                 <?php else: ?>
-                                    <div class="rounded-circle bg-primary bg-opacity-10 text-primary d-flex align-items-center justify-content-center me-3 shadow-sm" style="width: 45px; height: 45px; font-weight: 600;">
-                                        <?= strtoupper(substr($user['username'], 0, 1)) ?>
-                                    </div>
+                                    <div class="bg-primary bg-gradient rounded-circle d-flex align-items-center justify-content-center text-white me-3 shadow-sm" style="width:48px;height:48px; font-weight:700; font-size: 1.2rem;"><?= strtoupper(substr($user['username'],0,1)) ?></div>
                                 <?php endif; ?>
                                 <div>
-                                    <div class="fw-bold text-dark"><?= htmlspecialchars($user['full_name'] ?: $user['username']) ?></div>
-                                    <div class="text-muted small">@<?= htmlspecialchars($user['username']) ?></div>
+                                    <div class="fw-bold text-dark fs-6"><?= htmlspecialchars($user['full_name'] ?: $user['username']) ?></div>
+                                    <small class="text-muted fw-medium">@<?= htmlspecialchars($user['username']) ?></small>
                                 </div>
                             </div>
                         </td>
-                        <td>
-                            <span class="badge bg-info bg-opacity-10 text-info border border-info border-opacity-25 px-3 rounded-pill fw-medium">
-                                <?= htmlspecialchars($user['group_name'] ?: 'No Group') ?>
-                            </span>
-                        </td>
-                        <td><?= htmlspecialchars($user['employee_id'] ?: '-') ?></td>
                         <td><?= htmlspecialchars($user['email'] ?: '-') ?></td>
-                        <td>
-                            <?php if ($user['is_ratable']): ?>
-                                <span class="badge bg-warning bg-opacity-10 text-warning border border-warning border-opacity-25 px-2 rounded-pill"><i class="bi bi-star-fill small"></i> Yes</span>
-                            <?php else: ?>
-                                <span class="badge bg-secondary bg-opacity-10 text-secondary border border-secondary border-opacity-25 px-2 rounded-pill">No</span>
-                            <?php endif; ?>
-                        </td>
+                        <td><span class="badge bg-light text-dark border px-2 py-1"><?= htmlspecialchars($user['group_name'] ?: 'None') ?></span></td>
                         <td>
                             <?php if ($user['is_active']): ?>
-                                <span class="badge bg-success bg-opacity-10 text-success border border-success border-opacity-25 px-3 rounded-pill">Active</span>
+                                <span class="badge bg-success-subtle text-success px-3 py-1 rounded-pill">Active</span>
                             <?php else: ?>
-                                <span class="badge bg-danger bg-opacity-10 text-danger border border-danger border-opacity-25 px-3 rounded-pill">Inactive</span>
+                                <span class="badge bg-danger-subtle text-danger px-3 py-1 rounded-pill">Inactive</span>
+                            <?php endif; ?>
+                        </td>
+                        <td>
+                            <?php if ($user['is_ratable']): ?>
+                                <span class="badge bg-info-subtle text-info px-3 py-1 rounded-pill">Yes</span>
+                            <?php else: ?>
+                                <span class="badge bg-secondary-subtle text-secondary px-3 py-1 rounded-pill">No</span>
                             <?php endif; ?>
                         </td>
-                        <td class="text-muted small"><?= date('M d, Y', strtotime($user['created_at'])) ?></td>
                         <td class="text-end pe-4">
-                            <div class="d-inline-flex gap-2">
-                                <?php if (has_permission('users_add')): ?>
-                                <a href="user_edit.php?id=<?= $user['id'] ?>" class="btn btn-sm btn-outline-primary rounded-pill px-3">Edit</a>
-                                <?php endif; ?>
-                                
-                                <?php if (has_permission('users_del')): ?>
-                                <a href="?delete=<?= $user['id'] ?>" class="btn btn-sm btn-outline-danger rounded-pill px-3" onclick="return confirm('Delete this user?')">Delete</a>
-                                <?php endif; ?>
-                            </div>
+                            <?php if (has_permission('users_edit') || has_permission('users_add')): ?>
+                            <button type="button" class="btn btn-sm btn-outline-primary rounded-pill px-3 me-1" 
+                                    data-bs-toggle="modal" data-bs-target="#userModal"
+                                    onclick='prepareEditForm(<?= htmlspecialchars(json_encode($user), ENT_QUOTES, "UTF-8") ?>)' title="Edit Profile">
+                                <i class="bi bi-pencil me-1"></i> Edit</button>
+                            <?php endif; ?>
+                            
+                            <?php if (has_permission('users_del')): ?>
+                            <a href="?delete=<?= $user['id'] ?>" class="btn btn-sm btn-outline-danger rounded-pill px-3" onclick="return confirm('Permanently delete this user account?')">
+                                <i class="bi bi-trash"></i>
+                            </a>
+                            <?php endif; ?>
                         </td>
                     </tr>
                     <?php endforeach; ?>
+                    <?php if (empty($users)): ?>
+                        <tr>
+                            <td colspan="6" class="text-center py-5 text-muted">No users found.</td>
+                        </tr>
+                    <?php endif; ?>
                 </tbody>
             </table>
         </div>
-        
-        <div class="p-3 border-top">
-            <?php render_pagination_controls($users_pagination); ?>
+        <!-- Bottom Pagination -->
+        <div class="p-3 border-top bg-light">
+             <?php render_pagination_controls($users_pagination); ?>
         </div>
     </div>
 </div>
 
-<?php include 'includes/footer.php'; ?>
\ No newline at end of file
+<!-- User Modal -->
+<?php if (has_permission('users_add') || has_permission('users_edit')): ?>
+<div class="modal fade" id="userModal" tabindex="-1" aria-hidden="true">
+    <div class="modal-dialog modal-dialog-centered">
+        <div class="modal-content border-0 shadow-lg rounded-4">
+            <div class="modal-header bg-primary text-white border-0 py-3">
+                <h5 class="modal-title fw-bold" id="userModalTitle">Add New User</h5>
+                <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
+            </div>
+            <form method="POST" id="userForm" enctype="multipart/form-data">
+                <div class="modal-body p-4">
+                    <input type="hidden" name="action" id="userAction" value="add_user">
+                    <input type="hidden" name="id" id="userId">
+                    
+                    <div class="mb-4 text-center" id="userImagePreviewContainer" style="display: none;">
+                        <img src="" id="userImagePreview" class="img-fluid rounded-circle border border-4 border-white shadow mb-2" style="width: 100px; height: 100px; object-fit: cover;">
+                        <p class="small text-muted mb-0">Current Profile Picture</p>
+                    </div>
+
+                    <div class="mb-3">
+                        <label class="form-label small fw-bold text-muted">FULL NAME</label>
+                        <input type="text" name="full_name" id="userFullName" class="form-control rounded-3 border-0 bg-light" required>
+                    </div>
+                    <div class="row g-3">
+                        <div class="col-md-6 mb-3">
+                            <label class="form-label small fw-bold text-muted">USERNAME <span class="text-danger">*</span></label>
+                            <input type="text" name="username" id="userUsername" class="form-control rounded-3 border-0 bg-light" required>
+                        </div>
+                        <div class="col-md-6 mb-3">
+                            <label class="form-label small fw-bold text-muted">EMAIL</label>
+                            <input type="email" name="email" id="userEmail" class="form-control rounded-3 border-0 bg-light">
+                        </div>
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label small fw-bold text-muted">PASSWORD <span id="pwdLabel" class="text-danger">*</span></label>
+                        <input type="password" name="password" id="userPassword" class="form-control rounded-3 border-0 bg-light" placeholder="Min. 6 characters">
+                        <small class="text-muted" id="pwdHint" style="display:none;">Leave blank to keep the current password.</small>
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label small fw-bold text-muted">ROLE / USER GROUP <span class="text-danger">*</span></label>
+                        <select name="group_id" id="userGroupId" class="form-select rounded-3 border-0 bg-light" required>
+                            <option value="">Select Group</option>
+                            <?php foreach ($groups as $group): ?>
+                                <option value="<?= $group['id'] ?>"><?= htmlspecialchars($group['name']) ?></option>
+                            <?php endforeach; ?>
+                        </select>
+                    </div>
+                    <div class="mb-4">
+                        <label class="form-label small fw-bold text-muted">PROFILE PICTURE</label>
+                        <input type="file" name="profile_pic" id="userProfilePicFile" class="form-control rounded-3 border-0 bg-light" accept="image/*">
+                    </div>
+                    <div class="row bg-light p-3 rounded-4 g-2">
+                        <div class="col-6">
+                            <div class="form-check form-switch m-0">
+                                <input class="form-check-input" type="checkbox" name="is_active" id="userIsActive" checked>
+                                <label class="form-check-label fw-bold small" for="userIsActive">Active Account</label>
+                            </div>
+                        </div>
+                        <div class="col-6">
+                            <div class="form-check form-switch m-0">
+                                <input class="form-check-input" type="checkbox" name="is_ratable" id="userIsRatable" checked>
+                                <label class="form-check-label fw-bold small" for="userIsRatable">Ratable Staff</label>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <div class="modal-footer border-0 p-4 pt-0">
+                    <button type="button" class="btn btn-light rounded-pill px-4" data-bs-dismiss="modal">Cancel</button>
+                    <button type="submit" class="btn btn-primary rounded-pill px-4 fw-bold shadow-sm">Save User Profile</button>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+
+<script>
+function prepareAddForm() {
+    document.getElementById('userModalTitle').innerText = 'Add New User';
+    document.getElementById('userAction').value = 'add_user';
+    document.getElementById('userForm').reset();
+    document.getElementById('userId').value = '';
+    document.getElementById('pwdLabel').style.display = 'inline';
+    document.getElementById('pwdHint').style.display = 'none';
+    document.getElementById('userPassword').required = true;
+    document.getElementById('userImagePreviewContainer').style.display = 'none';
+}
+
+function prepareEditForm(user) {
+    if (!user) return;
+    document.getElementById('userModalTitle').innerText = 'Edit User: ' + (user.full_name || user.username);
+    document.getElementById('userAction').value = 'edit_user';
+    document.getElementById('userId').value = user.id;
+    document.getElementById('userFullName').value = user.full_name || '';
+    document.getElementById('userUsername').value = user.username || '';
+    document.getElementById('userEmail').value = user.email || '';
+    document.getElementById('userGroupId').value = user.group_id || '';
+    document.getElementById('userIsActive').checked = user.is_active == 1;
+    document.getElementById('userIsRatable').checked = user.is_ratable == 1;
+    document.getElementById('userPassword').required = false;
+    document.getElementById('pwdLabel').style.display = 'none';
+    document.getElementById('pwdHint').style.display = 'block';
+    
+    if (user.profile_pic) {
+        const preview = document.getElementById('userImagePreview');
+        preview.src = '../' + user.profile_pic;
+        document.getElementById('userImagePreviewContainer').style.display = 'block';
+    } else {
+        document.getElementById('userImagePreviewContainer').style.display = 'none';
+    }
+}
+</script>
+<?php endif; ?>
+
+<?php include 'includes/footer.php'; ?>
diff --git a/api/order.php b/api/order.php
index 54f8ac4..3b4b286 100644
--- a/api/order.php
+++ b/api/order.php
@@ -126,7 +126,10 @@ try {
     $user = get_logged_user();
     $user_id = $user ? $user['id'] : null;
     $payment_type_id = isset($data['payment_type_id']) ? intval($data['payment_type_id']) : null;
-    $discount = isset($data['discount']) ? floatval($data['discount']) : 0.00;
+    
+    // VAT vs Discount: We repurpose the 'discount' column in the database to store VAT value.
+    // If it's a positive value, it's VAT. If negative, it acts as a discount (loyalty).
+    $vat = isset($data['vat']) ? floatval($data['vat']) : 0.00;
     
     // Total amount will be recalculated on server to be safe
     $calculated_total = 0;
@@ -172,7 +175,7 @@ try {
         }
     }
 
-    $final_total = max(0, $calculated_total - $discount);
+    $final_total = max(0, $calculated_total + $vat);
 
     // Check for Existing Order ID (Update Mode)
     $order_id = isset($data['order_id']) ? intval($data['order_id']) : null;
@@ -198,18 +201,16 @@ try {
         $stmt->execute([
             $outlet_id, $table_id, $table_number, $order_type, 
             $customer_id, $customer_name, $customer_phone, 
-            $payment_type_id, $final_total, $discount, $user_id, 
+            $payment_type_id, $final_total, $vat, $user_id, 
             $order_id
         ]);
 
-        // Clear existing items and revert stock (if you want to be precise)
-        // For simplicity, we'll just handle stock for new items and assume updates are for current session.
         $delStmt = $pdo->prepare("DELETE FROM order_items WHERE order_id = ?");
         $delStmt->execute([$order_id]);
     } else {
         // INSERT New Order
         $stmt = $pdo->prepare("INSERT INTO orders (outlet_id, table_id, table_number, order_type, customer_id, customer_name, customer_phone, payment_type_id, total_amount, discount, user_id, status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'pending')");
-        $stmt->execute([$outlet_id, $table_id, $table_number, $order_type, $customer_id, $customer_name, $customer_phone, $payment_type_id, $final_total, $discount, $user_id]);
+        $stmt->execute([$outlet_id, $table_id, $table_number, $order_type, $customer_id, $customer_name, $customer_phone, $payment_type_id, $final_total, $vat, $user_id]);
         $order_id = $pdo->lastInsertId();
     }
 
@@ -298,4 +299,4 @@ You've earned *{points_earned} points* with this order.
     if ($pdo->inTransaction()) $pdo->rollBack();
     error_log("Order Error: " . $e->getMessage());
     echo json_encode(['success' => false, 'error' => $e->getMessage()]);
-}
\ No newline at end of file
+}
diff --git a/assets/js/main.js b/assets/js/main.js
index 3752816..004bec4 100644
--- a/assets/js/main.js
+++ b/assets/js/main.js
@@ -17,7 +17,7 @@ document.addEventListener('DOMContentLoaded', () => {
     const cartItemsContainer = document.getElementById('cart-items');
     const cartTotalPrice = document.getElementById('cart-total-price');
     const cartSubtotal = document.getElementById('cart-subtotal');
-    const cartDiscountInput = document.getElementById('cart-discount-input');
+    const cartVatInput = document.getElementById('cart-vat-input');
     
     // Updated Button References
     const quickOrderBtn = document.getElementById('quick-order-btn');
@@ -188,7 +188,7 @@ document.addEventListener('DOMContentLoaded', () => {
 
                     // Populate Cart
                     cart = data.items; // Assuming format matches
-                    cartDiscountInput.value = data.order.discount || 0;
+                    cartVatInput.value = data.order.discount || 0; // We still use the discount field for VAT value
                     
                     updateCart();
                     if (recallModal) recallModal.hide();
@@ -287,7 +287,7 @@ document.addEventListener('DOMContentLoaded', () => {
             // Hide Loyalty
             if (loyaltySection) loyaltySection.classList.add('d-none');
             isLoyaltyRedemption = false;
-            cartDiscountInput.value = 0;
+            cartVatInput.value = 0;
             updateCart();
             
             customerSearchInput.focus();
@@ -324,9 +324,9 @@ document.addEventListener('DOMContentLoaded', () => {
                 if (result.isConfirmed) {
                     isLoyaltyRedemption = true;
                     
-                    // Calculate total and apply as discount
+                    // Calculate total and apply as discount (which is now negative VAT internally)
                     const subtotal = cart.reduce((acc, item) => acc + (item.price * item.quantity), 0);
-                    cartDiscountInput.value = subtotal.toFixed(2);
+                    cartVatInput.value = -subtotal.toFixed(2);
                     updateCart();
                     
                     showToast("Loyalty Redemption Applied!", "success");
@@ -555,13 +555,14 @@ document.addEventListener('DOMContentLoaded', () => {
 
         cartSubtotal.innerText = formatCurrency(subtotal);
         
-        let discount = parseFloat(cartDiscountInput.value) || 0;
+        let vat = parseFloat(cartVatInput.value) || 0;
         if (isLoyaltyRedemption) {
-            discount = subtotal;
-            cartDiscountInput.value = subtotal.toFixed(2);
+            // Internal trick: send negative VAT to represent discount for loyalty
+            vat = -subtotal;
+            cartVatInput.value = (-subtotal).toFixed(2);
         }
         
-        let total = subtotal - discount;
+        let total = subtotal + vat;
         if (total < 0) total = 0;
 
         cartTotalPrice.innerText = formatCurrency(total);
@@ -569,8 +570,8 @@ document.addEventListener('DOMContentLoaded', () => {
         if (placeOrderBtn) placeOrderBtn.disabled = false;
     }
 
-    if (cartDiscountInput) {
-        cartDiscountInput.addEventListener('input', () => {
+    if (cartVatInput) {
+        cartVatInput.addEventListener('input', () => {
              updateCart();
         });
     }
@@ -593,7 +594,7 @@ document.addEventListener('DOMContentLoaded', () => {
         }).then((result) => {
             if (result.isConfirmed) {
                 cart = [];
-                cartDiscountInput.value = 0;
+                cartVatInput.value = 0;
                 currentOrderId = null;
                 isLoyaltyRedemption = false;
                 updateCart();
@@ -683,8 +684,8 @@ document.addEventListener('DOMContentLoaded', () => {
         const orderTypeInput = document.querySelector('input[name="order_type"]:checked');
         const orderType = orderTypeInput ? orderTypeInput.value : 'takeaway';
         const subtotal = cart.reduce((acc, item) => acc + (item.price * item.quantity), 0);
-        const discount = parseFloat(cartDiscountInput.value) || 0;
-        const totalAmount = Math.max(0, subtotal - discount);
+        const vat = parseFloat(cartVatInput.value) || 0;
+        const totalAmount = Math.max(0, subtotal + vat);
         const custId = selectedCustomerId.value;
 
         const orderData = {
@@ -695,7 +696,7 @@ document.addEventListener('DOMContentLoaded', () => {
             outlet_id: new URLSearchParams(window.location.search).get('outlet_id') || 1,
             payment_type_id: paymentTypeId,
             total_amount: totalAmount,
-            discount: discount,
+            vat: vat, // Send as vat
             redeem_loyalty: isLoyaltyRedemption, 
             items: cart.map(item => ({
                 product_id: item.id,
@@ -736,7 +737,7 @@ document.addEventListener('DOMContentLoaded', () => {
                     customer: currentCustomer,
                     items: [...cart], 
                     total: totalAmount,
-                    discount: discount,
+                    vat: vat,
                     orderType: orderType,
                     tableNumber: (orderType === 'dine-in') ? currentTableName : null,
                     date: new Date().toLocaleString(),
@@ -745,7 +746,7 @@ document.addEventListener('DOMContentLoaded', () => {
                 });
 
                 cart = [];
-                cartDiscountInput.value = 0;
+                cartVatInput.value = 0;
                 currentOrderId = null; // Reset
                 isLoyaltyRedemption = false; // Reset
                 updateCart();
@@ -784,8 +785,8 @@ document.addEventListener('DOMContentLoaded', () => {
         if (!currentOrderId) return;
         
         const subtotal = cart.reduce((acc, item) => acc + (item.price * item.quantity), 0);
-        const discount = parseFloat(cartDiscountInput.value) || 0;
-        const totalAmount = Math.max(0, subtotal - discount);
+        const vat = parseFloat(cartVatInput.value) || 0;
+        const totalAmount = Math.max(0, subtotal + vat);
         const orderType = document.querySelector('input[name="order_type"]:checked').value;
         
         printReceipt({
@@ -793,7 +794,7 @@ document.addEventListener('DOMContentLoaded', () => {
             customer: currentCustomer,
             items: [...cart], 
             total: totalAmount,
-            discount: discount,
+            vat: vat,
             orderType: orderType,
             tableNumber: (orderType === 'dine-in') ? currentTableName : null,
             date: new Date().toLocaleString() + ' (Reprint)',
@@ -821,7 +822,7 @@ document.addEventListener('DOMContentLoaded', () => {
             'ITEM': 'الصنف',
             'TOTAL': 'المجموع',
             'Subtotal': 'المجموع الفرعي',
-            'Discount': 'الخصم',
+            'VAT': 'ضريبة القيمة المضافة',
             'Tax Included': 'شامل الضريبة',
             'THANK YOU FOR YOUR VISIT!': 'شكراً لزيارتكم!',
             'Please come again.': 'يرجى زيارتنا مرة أخرى.',
@@ -872,9 +873,9 @@ document.addEventListener('DOMContentLoaded', () => {
 
         const loyaltyHtml = data.loyaltyRedeemed ? `<div style="color: #d63384; font-weight: bold; margin: 5px 0; text-align: center;">* Loyalty Reward Applied *</div>` : '';
         
-        const vatRate = parseFloat(settings.vat_rate) || 0;
-        const subtotal = data.total + data.discount;
-        const vatAmount = vatRate > 0 ? (data.total * (vatRate / (100 + vatRate))) : 0;
+        const subtotal = data.total - data.vat;
+        const vatRateSettings = parseFloat(settings.vat_rate) || 0;
+        const vatAmount = data.vat; // User manually entered VAT
 
         const logoHtml = settings.logo_url ? `<img src="${BASE_URL}${settings.logo_url}" style="max-height: 80px; max-width: 150px; margin-bottom: 10px;">` : '';
 
@@ -971,15 +972,10 @@ document.addEventListener('DOMContentLoaded', () => {
                             <td>Subtotal / ${tr['Subtotal']}</td>
                             <td style="text-align: right">${formatCurrency(subtotal)}</td>
                         </tr>
-                        ${data.discount > 0 ? `
+                        ${Math.abs(data.vat) > 0 ? `
                         <tr>
-                            <td>Discount / ${tr['Discount']}</td>
-                            <td style="text-align: right">-${formatCurrency(data.discount)}</td>
-                        </tr>` : ''}
-                        ${vatRate > 0 ? `
-                        <tr>
-                            <td style="font-size: 11px;">Tax Incl. (${vatRate}%) / ${tr['Tax Included']}</td>
-                            <td style="text-align: right">${formatCurrency(vatAmount)}</td>
+                            <td>${data.vat < 0 ? 'Discount' : 'VAT'} / ${tr['VAT']}</td>
+                            <td style="text-align: right">${data.vat < 0 ? '-' : '+'}${formatCurrency(Math.abs(data.vat))}</td>
                         </tr>` : ''}
                         <tr style="font-weight: bold; font-size: 18px;">
                             <td style="padding-top: 10px;">TOTAL / ${tr['TOTAL']}</td>
@@ -996,7 +992,7 @@ document.addEventListener('DOMContentLoaded', () => {
                     <div>Please come again.</div>
                     <div class="rtl">${tr['Please come again.']}</div>
                     ${settings.email ? `<div style="margin-top: 5px; font-size: 10px;">${settings.email}</div>` : ''}
-                    <div style="margin-top: 15px; font-size: 10px; color: #888;">Powered by Flatlogic POS</div>
+                    <div style="margin-top: 15px; font-size: 10px; color: #888;">Powered by Abidarcafe</div>
                 </div>
 
                 <script>
diff --git a/db/migrations/026_backup_settings.sql b/db/migrations/026_backup_settings.sql
new file mode 100644
index 0000000..5bce16d
--- /dev/null
+++ b/db/migrations/026_backup_settings.sql
@@ -0,0 +1,2 @@
+ALTER TABLE company_settings ADD COLUMN IF NOT EXISTS auto_backup_enabled TINYINT(1) DEFAULT 0;
+ALTER TABLE company_settings ADD COLUMN IF NOT EXISTS last_auto_backup TIMESTAMP NULL DEFAULT NULL;
diff --git a/includes/functions.php b/includes/functions.php
index 70110bd..aef82bd 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -305,3 +305,61 @@ function get_base_url() {
     
     return $protocol . $domainName . $script_dir . '/';
 }
+
+/**
+ * Backup functions
+ */
+
+function create_backup() {
+    $backupDir = __DIR__ . '/../storage/backups/';
+    if (!is_dir($backupDir)) {
+        mkdir($backupDir, 0777, true);
+    }
+    
+    $filename = 'backup_' . date('Y-m-d_H-i-s') . '.sql';
+    $path = $backupDir . $filename;
+    
+    $command = sprintf(
+        'mysqldump -h %s -u %s -p%s %s > %s',
+        escapeshellarg(DB_HOST),
+        escapeshellarg(DB_USER),
+        escapeshellarg(DB_PASS),
+        escapeshellarg(DB_NAME),
+        escapeshellarg($path)
+    );
+    
+    exec($command, $output, $returnVar);
+    
+    if ($returnVar === 0) {
+        // Enforce retention: keep 5 latest
+        $files = glob($backupDir . '/*.sql');
+        if (count($files) > 5) {
+            usort($files, function($a, $b) {
+                return filemtime($a) - filemtime($b);
+            });
+            while (count($files) > 5) {
+                $oldest = array_shift($files);
+                unlink($oldest);
+            }
+        }
+        return $filename;
+    }
+    return false;
+}
+
+function trigger_auto_backup() {
+    $settings = get_company_settings();
+    if (empty($settings['auto_backup_enabled'])) return;
+    
+    $lastBackup = !empty($settings['last_auto_backup']) ? strtotime($settings['last_auto_backup']) : 0;
+    $now = time();
+    
+    // Run once every 24 hours
+    if ($now - $lastBackup > 86400) {
+        if (create_backup()) {
+            $pdo = db();
+            $stmt = $pdo->prepare("UPDATE company_settings SET last_auto_backup = NOW(), updated_at = NOW() LIMIT 1");
+            $stmt->execute();
+        }
+    }
+}
\ No newline at end of file
diff --git a/pos.php b/pos.php
index 866ad7a..8dd107d 100644
--- a/pos.php
+++ b/pos.php
@@ -85,18 +85,22 @@ if (!$loyalty_settings) {
   <link rel="stylesheet" href="assets/css/custom.css?v=<?= time() ?>">
   <script src="https://cdn.jsdelivr.net/npm/sweetalert2@11"></script>
   <style>
-      body { height: 100vh; overflow: hidden; } /* Fix body for scrolling areas */
+      body { height: 100vh; overflow: hidden; font-family: 'Inter', sans-serif; } /* Fix body for scrolling areas */
       .scrollable-y { overflow-y: auto; height: 100%; scrollbar-width: thin; }
       .category-sidebar { height: calc(100vh - 60px); background: #f8f9fa; }
       .product-area { height: calc(100vh - 60px); background: #fff; }
       .cart-sidebar { height: calc(100vh - 60px); background: #fff; border-left: 1px solid #dee2e6; display: flex; flex-direction: column; }
       .product-card { transition: transform 0.1s; cursor: pointer; }
       .product-card:active { transform: scale(0.98); }
-      .category-btn { text-align: left; border: none; background: none; padding: 10px 15px; width: 100%; display: block; border-radius: 8px; color: #333; font-weight: 500; }
+      .category-btn { text-align: left; border: none; background: none; padding: 10px 15px; width: 100%; display: block; border-radius: 8px; color: #333; font-weight: 500; font-size: 0.95rem; }
       .category-btn:hover { background-color: #e9ecef; }
       .category-btn.active { background-color: #0d6efd; color: white; }
       .search-dropdown { position: absolute; width: 100%; z-index: 1000; max-height: 200px; overflow-y: auto; display: none; }
-      .payment-btn { height: 80px; font-size: 1.2rem; font-weight: bold; }
+      .payment-btn { height: 70px; font-size: 1.05rem; font-weight: bold; }
+      .btn-lg { font-size: 1.1rem; padding: 0.75rem 1rem; }
+      .btn-sm { font-size: 0.85rem; }
+      .navbar-brand { font-size: 1.15rem; }
+      .card-title { font-size: 0.9rem; }
   </style>
 </head>
 <body>
@@ -119,12 +123,6 @@ if (!$loyalty_settings) {
          <button class="btn btn-sm btn-outline-danger" id="recall-bill-btn"><i class="bi bi-clock-history"></i> Recall Bill</button>
          <?php endif; ?>
 
-         <a href="pos.php?order_type=dine-in" class="btn btn-sm btn-outline-secondary">Waiter View</a>
-         
-         <?php if (has_permission('orders_view')): ?>
-         <a href="admin/orders.php" class="btn btn-sm btn-outline-secondary">Current Orders</a>
-         <?php endif; ?>
-
          <button class="btn btn-sm btn-outline-warning" onclick="showRatingQR()">
             <i class="bi bi-qr-code"></i> Rating QR
          </button>
@@ -319,12 +317,12 @@ if (!$loyalty_settings) {
                  <span class="fw-bold" id="cart-subtotal"><?= format_currency(0) ?></span>
              </div>
              
-             <!-- Discount Field -->
+             <!-- VAT Field -->
              <div class="d-flex justify-content-between align-items-center mb-2">
-                 <span class="text-muted">Discount</span>
+                 <span class="text-muted">VAT</span>
                  <div class="input-group input-group-sm w-50">
-                     <span class="input-group-text bg-white border-end-0 text-muted">-</span>
-                     <input type="number" id="cart-discount-input" class="form-control border-start-0 text-end" value="0" min="0" step="0.01">
+                     <span class="input-group-text bg-white border-end-0 text-muted">+</span>
+                     <input type="number" id="cart-vat-input" class="form-control border-start-0 text-end" value="0" step="0.01">
                  </div>
              </div>
 
@@ -335,7 +333,7 @@ if (!$loyalty_settings) {
              
              <?php if (has_permission('pos_add')): ?>
              <div class="mb-2">
-                 <button class="btn btn-outline-danger w-100 py-2 fw-bold mb-2" onclick="clearCart()">
+                 <button class="btn btn-outline-danger w-100 py-2 fw-bold mb-2 btn-sm" onclick="clearCart()">
                      <i class="bi bi-trash me-1"></i> CLEAR CART
                  </button>
                  <div class="d-flex gap-2">
diff --git a/storage/backups/backup_2026-02-24_05-08-06.sql b/storage/backups/backup_2026-02-24_05-08-06.sql
new file mode 100644
index 0000000..664507a
--- /dev/null
+++ b/storage/backups/backup_2026-02-24_05-08-06.sql
@@ -0,0 +1,1120 @@
+/*M!999999\- enable the sandbox mode */ 
+-- MariaDB dump 10.19  Distrib 10.11.14-MariaDB, for debian-linux-gnu (x86_64)
+--
+-- Host: 127.0.0.1    Database: app_38682
+-- ------------------------------------------------------
+-- Server version	10.11.14-MariaDB-0+deb12u2
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
+/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
+/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
+/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
+
+--
+-- Table structure for table `ads_images`
+--
+
+DROP TABLE IF EXISTS `ads_images`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `ads_images` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `image_path` varchar(255) NOT NULL,
+  `title` varchar(255) DEFAULT NULL,
+  `sort_order` int(11) DEFAULT 0,
+  `is_active` tinyint(1) DEFAULT 1,
+  `display_layout` enum('both','split','fullscreen') DEFAULT 'both',
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `ads_images`
+--
+
+LOCK TABLES `ads_images` WRITE;
+/*!40000 ALTER TABLE `ads_images` DISABLE KEYS */;
+INSERT INTO `ads_images` VALUES
+(1,'assets/images/ads/ad_699bf2574849b.jpeg','Summer Special',0,1,'both','2026-02-23 19:48:29'),
+(2,'assets/images/ads/ad_699bf270e9a69.jpeg','New Burger Launch',0,1,'both','2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `ads_images` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `areas`
+--
+
+DROP TABLE IF EXISTS `areas`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `areas` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `outlet_id` int(11) DEFAULT NULL,
+  `name` varchar(255) NOT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `outlet_id` (`outlet_id`),
+  CONSTRAINT `areas_ibfk_1` FOREIGN KEY (`outlet_id`) REFERENCES `outlets` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `areas`
+--
+
+LOCK TABLES `areas` WRITE;
+/*!40000 ALTER TABLE `areas` DISABLE KEYS */;
+INSERT INTO `areas` VALUES
+(1,1,'Main Dining Area','2026-02-23 19:48:28'),
+(2,1,'Patio','2026-02-23 19:48:28'),
+(3,2,'Indoor Section','2026-02-23 19:48:28');
+/*!40000 ALTER TABLE `areas` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `attendance_logs`
+--
+
+DROP TABLE IF EXISTS `attendance_logs`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `attendance_logs` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `user_id` int(11) DEFAULT NULL,
+  `employee_id` varchar(50) DEFAULT NULL,
+  `log_timestamp` datetime DEFAULT NULL,
+  `log_type` enum('IN','OUT','OTHER') DEFAULT 'IN',
+  `device_id` varchar(100) DEFAULT NULL,
+  `ip_address` varchar(45) DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `user_id` (`user_id`),
+  CONSTRAINT `attendance_logs_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE SET NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `attendance_logs`
+--
+
+LOCK TABLES `attendance_logs` WRITE;
+/*!40000 ALTER TABLE `attendance_logs` DISABLE KEYS */;
+/*!40000 ALTER TABLE `attendance_logs` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `categories`
+--
+
+DROP TABLE IF EXISTS `categories`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `categories` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `sort_order` int(11) DEFAULT 0,
+  `image_url` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `categories`
+--
+
+LOCK TABLES `categories` WRITE;
+/*!40000 ALTER TABLE `categories` DISABLE KEYS */;
+INSERT INTO `categories` VALUES
+(1,'Burgers',1,NULL),
+(2,'Sides',2,NULL),
+(3,'Drinks',3,NULL),
+(4,'Desserts',4,NULL),
+(5,'Salads',5,NULL),
+(6,'Pasta',6,NULL);
+/*!40000 ALTER TABLE `categories` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `company_settings`
+--
+
+DROP TABLE IF EXISTS `company_settings`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `company_settings` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `company_name` varchar(255) NOT NULL DEFAULT 'My Restaurant',
+  `address` text DEFAULT NULL,
+  `phone` varchar(50) DEFAULT NULL,
+  `email` varchar(255) DEFAULT NULL,
+  `vat_rate` decimal(5,2) DEFAULT 0.00,
+  `currency_symbol` varchar(10) DEFAULT '$',
+  `currency_decimals` int(11) DEFAULT 2,
+  `logo_url` varchar(255) DEFAULT NULL,
+  `favicon_url` varchar(255) DEFAULT NULL,
+  `ctr_number` varchar(50) DEFAULT NULL,
+  `vat_number` varchar(50) DEFAULT NULL,
+  `updated_at` timestamp NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
+  `auto_backup_enabled` tinyint(1) DEFAULT 0,
+  `last_auto_backup` timestamp NULL DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `company_settings`
+--
+
+LOCK TABLES `company_settings` WRITE;
+/*!40000 ALTER TABLE `company_settings` DISABLE KEYS */;
+INSERT INTO `company_settings` VALUES
+(1,'Al-Bidar Cafe','al -hamra','99359472','aalabry@gmail.com',5.00,'OMRR',3,'assets/images/company/logo_699d0d4e79490.png','assets/images/company/favicon_699d0d4e7a2f6.png','','OM99888','2026-02-24 05:08:06',1,NULL);
+/*!40000 ALTER TABLE `company_settings` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `customers`
+--
+
+DROP TABLE IF EXISTS `customers`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `customers` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `phone` varchar(20) DEFAULT NULL,
+  `email` varchar(255) DEFAULT NULL,
+  `points` int(11) DEFAULT 0,
+  `loyalty_redemptions_count` int(11) DEFAULT 0,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  `address` text DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `phone` (`phone`)
+) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `customers`
+--
+
+LOCK TABLES `customers` WRITE;
+/*!40000 ALTER TABLE `customers` DISABLE KEYS */;
+INSERT INTO `customers` VALUES
+(1,'John Doe','5551234','john@example.com',50,0,'2026-02-23 19:48:28',NULL),
+(2,'Jane Smith','5555678','jane@example.com',120,0,'2026-02-23 19:48:28',NULL),
+(3,'Michael Brown','5558765','michael@example.com',15,0,'2026-02-23 19:48:28',NULL),
+(4,'Emily Davis','5554321','emily@example.com',85,0,'2026-02-23 19:48:28',NULL),
+(5,'Chris Wilson','5551111','chris@example.com',0,0,'2026-02-23 19:48:28',NULL),
+(6,'Sarah Miller','5552222','sarah@example.com',200,0,'2026-02-23 19:48:28',NULL),
+(7,'David Taylor','5553333','david@example.com',30,0,'2026-02-23 19:48:28',NULL),
+(8,'moosa','99359472','laura@example.com',55,0,'2026-02-23 19:48:28','');
+/*!40000 ALTER TABLE `customers` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `expense_categories`
+--
+
+DROP TABLE IF EXISTS `expense_categories`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `expense_categories` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `description` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `expense_categories`
+--
+
+LOCK TABLES `expense_categories` WRITE;
+/*!40000 ALTER TABLE `expense_categories` DISABLE KEYS */;
+INSERT INTO `expense_categories` VALUES
+(1,'Utilities','Electricity, Water, Gas','2026-02-23 19:48:29'),
+(2,'Rent','Monthly outlet rent','2026-02-23 19:48:29'),
+(3,'Supplies','Cleaning and office supplies','2026-02-23 19:48:29'),
+(4,'Marketing','Advertisements and promotions','2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `expense_categories` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `expenses`
+--
+
+DROP TABLE IF EXISTS `expenses`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `expenses` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `category_id` int(11) NOT NULL,
+  `outlet_id` int(11) NOT NULL,
+  `amount` decimal(10,2) NOT NULL,
+  `description` text DEFAULT NULL,
+  `expense_date` date NOT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `category_id` (`category_id`),
+  KEY `outlet_id` (`outlet_id`),
+  CONSTRAINT `expenses_ibfk_1` FOREIGN KEY (`category_id`) REFERENCES `expense_categories` (`id`),
+  CONSTRAINT `expenses_ibfk_2` FOREIGN KEY (`outlet_id`) REFERENCES `outlets` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `expenses`
+--
+
+LOCK TABLES `expenses` WRITE;
+/*!40000 ALTER TABLE `expenses` DISABLE KEYS */;
+INSERT INTO `expenses` VALUES
+(1,3,2,194.31,'Sample expense for 2026-02-20','2026-02-20','2026-02-23 19:48:29'),
+(2,3,4,467.60,'Sample expense for 2026-01-28','2026-01-28','2026-02-23 19:48:29'),
+(3,3,2,470.68,'Sample expense for 2026-02-18','2026-02-18','2026-02-23 19:48:29'),
+(4,4,1,377.27,'Sample expense for 2026-02-14','2026-02-14','2026-02-23 19:48:29'),
+(5,2,3,92.16,'Sample expense for 2026-02-08','2026-02-08','2026-02-23 19:48:29'),
+(6,3,3,250.49,'Sample expense for 2026-02-02','2026-02-02','2026-02-23 19:48:29'),
+(7,3,4,423.19,'Sample expense for 2026-02-13','2026-02-13','2026-02-23 19:48:29'),
+(8,3,3,247.94,'Sample expense for 2026-02-15','2026-02-15','2026-02-23 19:48:29'),
+(9,1,2,244.02,'Sample expense for 2026-01-30','2026-01-30','2026-02-23 19:48:29'),
+(10,4,3,228.07,'Sample expense for 2026-02-21','2026-02-21','2026-02-23 19:48:29'),
+(11,1,3,398.84,'Sample expense for 2026-02-13','2026-02-13','2026-02-23 19:48:29'),
+(12,1,3,450.92,'Sample expense for 2026-02-20','2026-02-20','2026-02-23 19:48:29'),
+(13,1,2,379.73,'Sample expense for 2026-02-05','2026-02-05','2026-02-23 19:48:29'),
+(14,2,2,440.60,'Sample expense for 2026-01-29','2026-01-29','2026-02-23 19:48:29'),
+(15,3,2,185.03,'Sample expense for 2026-01-27','2026-01-27','2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `expenses` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `integration_settings`
+--
+
+DROP TABLE IF EXISTS `integration_settings`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `integration_settings` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `provider` varchar(50) NOT NULL,
+  `setting_key` varchar(100) NOT NULL,
+  `setting_value` text DEFAULT NULL,
+  `updated_at` timestamp NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `unique_provider_key` (`provider`,`setting_key`)
+) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `integration_settings`
+--
+
+LOCK TABLES `integration_settings` WRITE;
+/*!40000 ALTER TABLE `integration_settings` DISABLE KEYS */;
+INSERT INTO `integration_settings` VALUES
+(1,'wablas','domain','https://deu.wablas.com/','2026-02-24 02:31:26'),
+(2,'wablas','token','xOSMYzXiM9uABP0zcoALzlGJjKsRBaLCS2paBAE2kyECNNJkCQbgMW8','2026-02-24 02:31:26'),
+(3,'wablas','secret_key','ZBtnBwfm','2026-02-24 02:31:26'),
+(4,'wablas','order_template','Dear *{customer_name}*,\r\n\r\nThank you for dining with *{company_name}*! 🍽️\r\n\r\n*Order Details:*\r\n{order_details}\r\n\r\nTotal: *{total_amount}* OMR\r\n\r\nYou\'ve earned *{points_earned} points* with this order.\r\n💰 *Current Balance: {new_balance} points*','2026-02-24 02:31:26'),
+(5,'wablas','is_enabled','0','2026-02-24 02:31:26');
+/*!40000 ALTER TABLE `integration_settings` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `loyalty_settings`
+--
+
+DROP TABLE IF EXISTS `loyalty_settings`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `loyalty_settings` (
+  `id` int(11) NOT NULL,
+  `points_per_order` int(11) DEFAULT 10,
+  `points_for_free_meal` int(11) DEFAULT 70,
+  `is_enabled` tinyint(1) DEFAULT 1,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `loyalty_settings`
+--
+
+LOCK TABLES `loyalty_settings` WRITE;
+/*!40000 ALTER TABLE `loyalty_settings` DISABLE KEYS */;
+INSERT INTO `loyalty_settings` VALUES
+(1,10,70,1);
+/*!40000 ALTER TABLE `loyalty_settings` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `migrations`
+--
+
+DROP TABLE IF EXISTS `migrations`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `migrations` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `migration_name` varchar(255) NOT NULL,
+  `applied_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `migration_name` (`migration_name`)
+) ENGINE=InnoDB AUTO_INCREMENT=24 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `migrations`
+--
+
+LOCK TABLES `migrations` WRITE;
+/*!40000 ALTER TABLE `migrations` DISABLE KEYS */;
+INSERT INTO `migrations` VALUES
+(1,'001_add_payments.sql','2026-02-23 19:40:07'),
+(2,'003_add_payment_type_to_orders.sql','2026-02-23 19:40:07'),
+(3,'004_seed_payment_types.sql','2026-02-23 19:40:07'),
+(4,'006_integration_settings.sql','2026-02-23 19:40:07'),
+(5,'007_add_loyalty_payment_type.sql','2026-02-23 19:40:07'),
+(6,'008_user_system.sql','2026-02-23 19:40:07'),
+(7,'009_user_outlets.sql','2026-02-23 19:40:07'),
+(8,'010_ads_images.sql','2026-02-23 19:40:07'),
+(9,'011_add_user_id_to_orders.sql','2026-02-23 19:40:07'),
+(10,'012_expenses_schema.sql','2026-02-23 19:40:07'),
+(11,'013_product_promotions.sql','2026-02-23 19:40:07'),
+(12,'015_add_redemptions_to_customers.sql','2026-02-23 19:40:07'),
+(13,'016_add_profile_pic_to_users.sql','2026-02-23 19:40:07'),
+(14,'017_attendance_system.sql','2026-02-23 19:40:07'),
+(15,'018_add_cost_price_to_products.sql','2026-02-23 19:40:07'),
+(16,'019_purchase_module.sql','2026-02-23 19:40:07'),
+(17,'020_staff_ratings.sql','2026-02-23 19:40:07'),
+(18,'021_add_is_ratable_to_users.sql','2026-02-23 19:40:07'),
+(19,'022_service_ratings.sql','2026-02-23 19:40:07'),
+(20,'002_add_customer_id_to_orders.sql','2026-02-23 19:40:26'),
+(21,'005_loyalty_schema.sql','2026-02-23 19:40:26'),
+(22,'014_loyalty_toggle.sql','2026-02-23 19:40:26'),
+(23,'023_add_image_url_to_categories.sql','2026-02-23 19:40:26');
+/*!40000 ALTER TABLE `migrations` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `order_items`
+--
+
+DROP TABLE IF EXISTS `order_items`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `order_items` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `order_id` int(11) DEFAULT NULL,
+  `product_id` int(11) DEFAULT NULL,
+  `variant_id` int(11) DEFAULT NULL,
+  `quantity` int(11) NOT NULL,
+  `unit_price` decimal(10,2) NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `order_id` (`order_id`),
+  KEY `product_id` (`product_id`),
+  CONSTRAINT `order_items_ibfk_1` FOREIGN KEY (`order_id`) REFERENCES `orders` (`id`),
+  CONSTRAINT `order_items_ibfk_2` FOREIGN KEY (`product_id`) REFERENCES `products` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=126 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `order_items`
+--
+
+LOCK TABLES `order_items` WRITE;
+/*!40000 ALTER TABLE `order_items` DISABLE KEYS */;
+INSERT INTO `order_items` VALUES
+(1,1,4,NULL,2,3.50),
+(2,2,12,NULL,2,13.99),
+(3,3,3,NULL,1,5.99),
+(4,4,2,NULL,3,11.50),
+(5,4,3,NULL,3,5.99),
+(6,5,13,NULL,2,12.50),
+(7,5,9,NULL,3,6.99),
+(8,5,8,NULL,3,7.99),
+(9,6,9,NULL,1,6.99),
+(10,7,13,NULL,2,12.50),
+(11,8,9,NULL,1,6.99),
+(12,8,10,NULL,3,9.50),
+(13,8,4,NULL,2,3.50),
+(14,8,3,NULL,3,5.99),
+(15,9,10,NULL,3,9.50),
+(16,10,5,NULL,2,15.99),
+(17,10,1,NULL,3,12.99),
+(18,11,3,NULL,2,5.99),
+(19,11,1,NULL,3,12.99),
+(20,11,6,NULL,3,6.50),
+(21,11,11,NULL,3,10.50),
+(22,12,8,NULL,3,7.99),
+(23,12,4,NULL,3,3.50),
+(24,12,5,NULL,3,15.99),
+(25,13,9,NULL,1,6.99),
+(26,13,8,NULL,2,7.99),
+(27,13,2,NULL,3,11.50),
+(28,13,1,NULL,3,12.99),
+(29,14,2,NULL,2,11.50),
+(30,14,10,NULL,3,9.50),
+(31,14,8,NULL,1,7.99),
+(32,15,12,NULL,1,13.99),
+(33,15,9,NULL,3,6.99),
+(34,15,6,NULL,3,6.50),
+(35,15,10,NULL,2,9.50),
+(36,16,8,NULL,3,7.99),
+(37,17,12,NULL,2,13.99),
+(38,17,6,NULL,2,6.50),
+(39,17,13,NULL,1,12.50),
+(40,18,1,NULL,1,12.99),
+(41,18,5,NULL,3,15.99),
+(42,18,10,NULL,1,9.50),
+(43,18,8,NULL,3,7.99),
+(44,19,2,NULL,1,11.50),
+(45,20,9,NULL,1,6.99),
+(46,21,3,NULL,3,5.99),
+(47,21,1,NULL,3,12.99),
+(48,22,9,NULL,3,6.99),
+(49,22,1,NULL,3,12.99),
+(50,22,11,NULL,3,10.50),
+(51,22,5,NULL,2,15.99),
+(52,23,13,NULL,2,12.50),
+(53,23,11,NULL,3,10.50),
+(54,23,8,NULL,3,7.99),
+(55,23,6,NULL,3,6.50),
+(56,24,6,NULL,3,6.50),
+(57,24,13,NULL,2,12.50),
+(58,25,1,NULL,3,12.99),
+(59,25,5,NULL,3,15.99),
+(60,25,8,NULL,3,7.99),
+(61,25,2,NULL,1,11.50),
+(62,26,9,NULL,1,6.99),
+(63,26,10,NULL,1,9.50),
+(64,27,9,NULL,2,6.99),
+(65,27,4,NULL,1,3.50),
+(66,28,8,NULL,2,7.99),
+(67,28,10,NULL,3,9.50),
+(68,28,5,NULL,1,15.99),
+(69,29,7,NULL,2,3.99),
+(70,29,9,NULL,1,6.99),
+(71,29,6,NULL,2,6.50),
+(72,30,9,NULL,2,6.99),
+(73,30,10,NULL,2,9.50),
+(74,30,12,NULL,3,13.99),
+(75,31,8,NULL,1,7.99),
+(76,31,1,NULL,3,12.99),
+(77,31,13,NULL,2,12.50),
+(78,32,1,NULL,2,12.99),
+(79,32,3,NULL,3,5.99),
+(80,33,5,NULL,3,15.99),
+(81,34,11,NULL,2,10.50),
+(82,34,5,NULL,1,15.99),
+(83,34,10,NULL,1,9.50),
+(84,35,2,NULL,3,11.50),
+(85,35,7,NULL,1,3.99),
+(86,36,1,NULL,2,12.99),
+(87,36,11,NULL,2,10.50),
+(88,36,13,NULL,2,12.50),
+(89,36,6,NULL,3,6.50),
+(90,37,5,NULL,3,15.99),
+(91,37,2,NULL,2,11.50),
+(92,37,8,NULL,3,7.99),
+(93,38,4,NULL,3,3.50),
+(94,38,10,NULL,2,9.50),
+(95,38,2,NULL,3,11.50),
+(96,38,3,NULL,1,5.99),
+(97,39,5,NULL,2,15.99),
+(98,40,8,NULL,3,7.99),
+(99,41,4,NULL,1,3.50),
+(100,41,6,NULL,1,6.50),
+(101,42,12,NULL,2,13.99),
+(102,43,3,NULL,1,5.99),
+(103,43,11,NULL,2,10.50),
+(104,43,6,NULL,3,6.50),
+(105,43,8,NULL,3,7.99),
+(106,44,13,NULL,1,12.50),
+(107,45,8,NULL,3,7.99),
+(108,46,11,NULL,3,10.50),
+(109,46,13,NULL,3,12.50),
+(110,47,13,NULL,1,12.50),
+(111,48,6,NULL,1,6.50),
+(112,49,2,NULL,2,11.50),
+(113,50,3,NULL,3,5.99),
+(114,50,6,NULL,1,6.50),
+(115,51,6,NULL,1,6.50),
+(116,51,3,NULL,1,5.99),
+(117,51,5,NULL,1,15.99),
+(118,52,3,NULL,1,5.99),
+(119,52,5,NULL,1,15.99),
+(120,52,9,NULL,1,6.99),
+(121,53,9,NULL,1,6.99),
+(122,53,8,NULL,1,7.99),
+(123,54,1,NULL,1,12.99),
+(124,55,5,NULL,1,15.99),
+(125,55,1,NULL,1,12.99);
+/*!40000 ALTER TABLE `order_items` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `orders`
+--
+
+DROP TABLE IF EXISTS `orders`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `orders` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `outlet_id` int(11) DEFAULT NULL,
+  `user_id` int(11) DEFAULT NULL,
+  `customer_id` int(11) DEFAULT NULL,
+  `table_id` int(11) DEFAULT NULL,
+  `table_number` varchar(50) DEFAULT NULL,
+  `order_type` enum('dine-in','delivery','drive-thru','takeaway') DEFAULT 'dine-in',
+  `status` enum('pending','preparing','ready','completed','cancelled') DEFAULT 'pending',
+  `payment_type_id` int(11) DEFAULT NULL,
+  `total_amount` decimal(10,2) NOT NULL,
+  `discount` decimal(10,2) DEFAULT 0.00,
+  `customer_name` varchar(255) DEFAULT NULL,
+  `customer_phone` varchar(50) DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `outlet_id` (`outlet_id`),
+  KEY `user_id` (`user_id`),
+  KEY `table_id` (`table_id`),
+  KEY `fk_orders_customer` (`customer_id`),
+  CONSTRAINT `fk_orders_customer` FOREIGN KEY (`customer_id`) REFERENCES `customers` (`id`) ON DELETE SET NULL,
+  CONSTRAINT `orders_ibfk_1` FOREIGN KEY (`outlet_id`) REFERENCES `outlets` (`id`),
+  CONSTRAINT `orders_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE SET NULL,
+  CONSTRAINT `orders_ibfk_3` FOREIGN KEY (`customer_id`) REFERENCES `customers` (`id`) ON DELETE SET NULL,
+  CONSTRAINT `orders_ibfk_4` FOREIGN KEY (`table_id`) REFERENCES `tables` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=56 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `orders`
+--
+
+LOCK TABLES `orders` WRITE;
+/*!40000 ALTER TABLE `orders` DISABLE KEYS */;
+INSERT INTO `orders` VALUES
+(1,1,2,4,3,NULL,'takeaway','completed',1,7.00,0.00,NULL,NULL,'2026-02-17 12:56:39'),
+(2,2,3,NULL,3,NULL,'takeaway','cancelled',NULL,27.98,0.00,NULL,NULL,'2026-02-15 11:27:36'),
+(3,4,1,NULL,NULL,NULL,'delivery','preparing',NULL,5.99,0.00,NULL,NULL,'2026-01-26 21:23:42'),
+(4,1,2,7,1,NULL,'delivery','completed',NULL,52.47,0.00,NULL,NULL,'2026-01-29 12:30:10'),
+(5,1,2,NULL,4,NULL,'takeaway','completed',2,69.94,0.00,NULL,NULL,'2026-02-09 21:53:42'),
+(6,1,1,5,5,NULL,'delivery','completed',NULL,6.99,0.00,NULL,NULL,'2026-02-13 17:44:22'),
+(7,1,1,NULL,5,NULL,'delivery','completed',2,25.00,0.00,NULL,NULL,'2026-02-10 18:30:26'),
+(8,1,3,1,4,NULL,'takeaway','completed',1,60.46,0.00,NULL,NULL,'2026-01-27 12:58:30'),
+(9,1,2,8,4,NULL,'takeaway','completed',1,28.50,0.00,NULL,NULL,'2026-01-31 17:43:40'),
+(10,3,1,7,NULL,NULL,'dine-in','preparing',NULL,70.95,0.00,NULL,NULL,'2026-01-27 14:36:19'),
+(11,2,2,NULL,4,NULL,'takeaway','completed',1,101.95,0.00,NULL,NULL,'2026-02-09 15:56:54'),
+(12,4,2,NULL,NULL,NULL,'dine-in','pending',NULL,82.44,0.00,NULL,NULL,'2026-02-13 13:53:50'),
+(13,4,1,4,NULL,NULL,'delivery','ready',NULL,96.44,0.00,NULL,NULL,'2026-02-23 19:27:40'),
+(14,2,1,6,3,NULL,'dine-in','preparing',NULL,59.49,0.00,NULL,NULL,'2026-01-24 16:30:19'),
+(15,1,1,7,4,NULL,'dine-in','completed',2,73.46,0.00,NULL,NULL,'2026-02-16 22:12:57'),
+(16,4,3,6,NULL,NULL,'takeaway','completed',2,23.97,0.00,NULL,NULL,'2026-02-21 17:46:14'),
+(17,2,2,2,4,NULL,'dine-in','cancelled',NULL,53.48,0.00,NULL,NULL,'2026-02-09 22:58:34'),
+(18,2,3,NULL,3,NULL,'dine-in','ready',NULL,94.43,0.00,NULL,NULL,'2026-02-09 17:22:45'),
+(19,2,1,6,3,NULL,'takeaway','completed',1,11.50,0.00,NULL,NULL,'2026-01-30 15:04:40'),
+(20,1,3,1,7,NULL,'delivery','completed',NULL,6.99,0.00,NULL,NULL,'2026-02-21 22:58:03'),
+(21,1,2,1,2,NULL,'delivery','completed',2,56.94,0.00,NULL,NULL,'2026-02-16 20:55:36'),
+(22,1,3,NULL,7,NULL,'dine-in','completed',NULL,123.42,0.00,NULL,NULL,'2026-02-13 19:42:01'),
+(23,3,2,1,NULL,NULL,'delivery','completed',1,99.97,0.00,NULL,NULL,'2026-02-18 19:01:06'),
+(24,1,2,NULL,6,NULL,'dine-in','completed',NULL,44.50,0.00,NULL,NULL,'2026-02-04 21:44:38'),
+(25,2,1,4,4,NULL,'takeaway','completed',2,122.41,0.00,NULL,NULL,'2026-02-16 21:35:44'),
+(26,4,1,7,NULL,NULL,'delivery','cancelled',NULL,16.49,0.00,NULL,NULL,'2026-02-18 21:55:05'),
+(27,2,3,6,2,NULL,'delivery','completed',2,17.48,0.00,NULL,NULL,'2026-01-29 21:14:52'),
+(28,1,2,3,3,NULL,'takeaway','completed',NULL,60.47,0.00,NULL,NULL,'2026-02-12 18:52:11'),
+(29,3,2,7,NULL,NULL,'delivery','preparing',NULL,27.97,0.00,NULL,NULL,'2026-02-02 15:06:49'),
+(30,1,1,2,4,NULL,'delivery','completed',2,74.95,0.00,NULL,NULL,'2026-02-11 13:15:33'),
+(31,2,2,3,2,NULL,'delivery','completed',2,71.96,0.00,NULL,NULL,'2026-02-05 15:04:26'),
+(32,1,3,2,4,NULL,'takeaway','completed',NULL,43.95,0.00,NULL,NULL,'2026-02-11 21:21:43'),
+(33,2,2,2,6,NULL,'delivery','cancelled',NULL,47.97,0.00,NULL,NULL,'2026-02-12 20:10:48'),
+(34,3,3,NULL,NULL,NULL,'dine-in','completed',1,46.49,0.00,NULL,NULL,'2026-02-11 14:51:35'),
+(35,3,3,5,NULL,NULL,'delivery','completed',1,38.49,0.00,NULL,NULL,'2026-02-20 17:08:32'),
+(36,3,1,4,NULL,NULL,'delivery','completed',1,91.48,0.00,NULL,NULL,'2026-02-01 16:21:38'),
+(37,3,1,NULL,NULL,NULL,'delivery','pending',NULL,94.94,0.00,NULL,NULL,'2026-02-08 18:31:06'),
+(38,3,1,5,NULL,NULL,'dine-in','completed',1,69.99,0.00,NULL,NULL,'2026-02-04 13:01:09'),
+(39,2,3,3,6,NULL,'delivery','preparing',NULL,31.98,0.00,NULL,NULL,'2026-02-16 13:13:22'),
+(40,3,3,6,NULL,NULL,'takeaway','pending',NULL,23.97,0.00,NULL,NULL,'2026-02-01 17:33:38'),
+(41,2,1,5,4,NULL,'takeaway','ready',NULL,10.00,0.00,NULL,NULL,'2026-01-31 14:49:13'),
+(42,3,3,2,NULL,NULL,'delivery','completed',2,27.98,0.00,NULL,NULL,'2026-01-28 11:38:11'),
+(43,2,2,8,3,NULL,'dine-in','pending',NULL,70.46,0.00,NULL,NULL,'2026-02-21 13:27:55'),
+(44,4,1,2,NULL,NULL,'delivery','cancelled',NULL,12.50,0.00,NULL,NULL,'2026-02-18 12:47:10'),
+(45,1,1,NULL,3,NULL,'delivery','completed',1,23.97,0.00,NULL,NULL,'2026-01-30 11:43:19'),
+(46,3,2,2,NULL,NULL,'takeaway','cancelled',NULL,69.00,0.00,NULL,NULL,'2026-01-25 22:14:08'),
+(47,4,1,NULL,NULL,NULL,'dine-in','completed',1,12.50,0.00,NULL,NULL,'2026-02-19 18:31:12'),
+(48,4,2,NULL,NULL,NULL,'takeaway','completed',1,6.50,0.00,NULL,NULL,'2026-02-21 18:02:45'),
+(49,2,1,NULL,7,NULL,'dine-in','pending',NULL,23.00,0.00,NULL,NULL,'2026-02-02 18:23:13'),
+(50,3,3,NULL,NULL,NULL,'delivery','cancelled',NULL,24.47,0.00,NULL,NULL,'2026-01-28 12:13:05'),
+(51,1,1,8,NULL,NULL,'takeaway','completed',1,28.48,0.00,'moosa','99359472','2026-02-24 02:28:17'),
+(52,1,1,NULL,NULL,NULL,'takeaway','completed',1,28.97,0.00,NULL,NULL,'2026-02-24 02:39:42'),
+(53,1,1,NULL,NULL,NULL,'takeaway','completed',1,14.98,0.00,NULL,NULL,'2026-02-24 02:40:36'),
+(54,1,1,NULL,NULL,NULL,'takeaway','completed',1,12.99,0.00,NULL,NULL,'2026-02-24 02:48:59'),
+(55,1,1,NULL,NULL,NULL,'takeaway','completed',1,28.98,0.00,NULL,NULL,'2026-02-24 02:49:23');
+/*!40000 ALTER TABLE `orders` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `outlets`
+--
+
+DROP TABLE IF EXISTS `outlets`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `outlets` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `address` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `outlets`
+--
+
+LOCK TABLES `outlets` WRITE;
+/*!40000 ALTER TABLE `outlets` DISABLE KEYS */;
+INSERT INTO `outlets` VALUES
+(1,'Main Downtown','123 Main St','2026-02-23 18:56:57'),
+(2,'Westside Hub','456 West Blvd','2026-02-23 18:56:57'),
+(3,'North Point Mall','789 North Ave','2026-02-23 19:48:28'),
+(4,'South Beach','321 Coastal Rd','2026-02-23 19:48:28');
+/*!40000 ALTER TABLE `outlets` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `payment_types`
+--
+
+DROP TABLE IF EXISTS `payment_types`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `payment_types` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `type` enum('cash','card','api') DEFAULT 'cash',
+  `api_provider` varchar(50) DEFAULT NULL,
+  `is_active` tinyint(1) DEFAULT 1,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `payment_types`
+--
+
+LOCK TABLES `payment_types` WRITE;
+/*!40000 ALTER TABLE `payment_types` DISABLE KEYS */;
+INSERT INTO `payment_types` VALUES
+(1,'Cash','cash',NULL,1,'2026-02-23 19:40:07'),
+(2,'Credit Card','card',NULL,1,'2026-02-23 19:40:07'),
+(3,'Loyalty Redeem','cash',NULL,0,'2026-02-23 19:40:07');
+/*!40000 ALTER TABLE `payment_types` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `product_variants`
+--
+
+DROP TABLE IF EXISTS `product_variants`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `product_variants` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `product_id` int(11) DEFAULT NULL,
+  `name` varchar(255) NOT NULL,
+  `price_adjustment` decimal(10,2) DEFAULT 0.00,
+  PRIMARY KEY (`id`),
+  KEY `product_id` (`product_id`),
+  CONSTRAINT `product_variants_ibfk_1` FOREIGN KEY (`product_id`) REFERENCES `products` (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `product_variants`
+--
+
+LOCK TABLES `product_variants` WRITE;
+/*!40000 ALTER TABLE `product_variants` DISABLE KEYS */;
+/*!40000 ALTER TABLE `product_variants` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `products`
+--
+
+DROP TABLE IF EXISTS `products`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `products` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `category_id` int(11) DEFAULT NULL,
+  `name` varchar(255) NOT NULL,
+  `description` text DEFAULT NULL,
+  `price` decimal(10,2) NOT NULL,
+  `cost_price` decimal(10,2) DEFAULT 0.00,
+  `stock_quantity` int(11) DEFAULT 0,
+  `image_url` varchar(255) DEFAULT NULL,
+  `promo_discount_percent` decimal(5,2) DEFAULT NULL,
+  `promo_date_from` date DEFAULT NULL,
+  `promo_date_to` date DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  KEY `category_id` (`category_id`),
+  CONSTRAINT `products_ibfk_1` FOREIGN KEY (`category_id`) REFERENCES `categories` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=14 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `products`
+--
+
+LOCK TABLES `products` WRITE;
+/*!40000 ALTER TABLE `products` DISABLE KEYS */;
+INSERT INTO `products` VALUES
+(1,1,'Signature Burger','Juicy beef patty with special sauce',12.99,0.00,-2,NULL,NULL,NULL,NULL),
+(2,1,'Veggie Delight','Plant-based patty with fresh avocado',11.50,0.00,0,NULL,NULL,NULL,NULL),
+(3,2,'Truffle Fries','Crispy fries with truffle oil and parmesan',5.99,0.00,-2,NULL,NULL,NULL,NULL),
+(4,3,'Craft Cola','House-made sparkling cola',3.50,0.00,0,NULL,NULL,NULL,NULL),
+(5,1,'Double Bacon Burger','Double patty with crispy bacon and cheddar',15.99,6.50,97,NULL,NULL,NULL,NULL),
+(6,2,'Sweet Potato Fries','Waffle cut sweet potato fries with maple dip',6.50,2.00,199,NULL,NULL,NULL,NULL),
+(7,3,'Lemon Iced Tea','Freshly brewed black tea with lemon and honey',3.99,0.50,500,NULL,NULL,NULL,NULL),
+(8,4,'Chocolate Lava Cake','Warm chocolate cake with a gooey center',7.99,3.00,49,NULL,NULL,NULL,NULL),
+(9,4,'NY Cheesecake','Classic creamy cheesecake with strawberry topping',6.99,2.50,58,NULL,NULL,NULL,NULL),
+(10,5,'Caesar Salad','Romaine lettuce with parmesan, croutons and dressing',9.50,3.50,80,NULL,NULL,NULL,NULL),
+(11,5,'Greek Salad','Cucumber, tomato, onion, olives and feta cheese',10.50,4.00,70,NULL,NULL,NULL,NULL),
+(12,6,'Spaghetti Carbonara','Pasta with eggs, cheese, guanciale and black pepper',13.99,5.50,90,NULL,NULL,NULL,NULL),
+(13,6,'Penne Arrabbiata','Spicy pasta with tomato sauce, garlic and chili',12.50,4.50,100,NULL,NULL,NULL,NULL);
+/*!40000 ALTER TABLE `products` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `purchase_items`
+--
+
+DROP TABLE IF EXISTS `purchase_items`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `purchase_items` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `purchase_id` int(11) NOT NULL,
+  `product_id` int(11) NOT NULL,
+  `quantity` int(11) NOT NULL,
+  `cost_price` decimal(10,2) NOT NULL,
+  `total_price` decimal(10,2) NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `purchase_id` (`purchase_id`),
+  KEY `product_id` (`product_id`),
+  CONSTRAINT `purchase_items_ibfk_1` FOREIGN KEY (`purchase_id`) REFERENCES `purchases` (`id`) ON DELETE CASCADE,
+  CONSTRAINT `purchase_items_ibfk_2` FOREIGN KEY (`product_id`) REFERENCES `products` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `purchase_items`
+--
+
+LOCK TABLES `purchase_items` WRITE;
+/*!40000 ALTER TABLE `purchase_items` DISABLE KEYS */;
+INSERT INTO `purchase_items` VALUES
+(1,1,11,36,4.00,144.00),
+(2,2,1,27,0.00,0.00),
+(3,2,4,29,0.00,0.00),
+(4,2,8,29,3.00,87.00),
+(5,3,8,26,3.00,78.00),
+(6,3,4,35,0.00,0.00),
+(7,4,5,31,6.50,201.50),
+(8,4,7,19,0.50,9.50),
+(9,5,9,32,2.50,80.00),
+(10,5,11,14,4.00,56.00);
+/*!40000 ALTER TABLE `purchase_items` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `purchases`
+--
+
+DROP TABLE IF EXISTS `purchases`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `purchases` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `supplier_id` int(11) DEFAULT NULL,
+  `purchase_date` date NOT NULL,
+  `total_amount` decimal(10,2) DEFAULT 0.00,
+  `status` enum('pending','completed','cancelled') DEFAULT 'pending',
+  `notes` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `supplier_id` (`supplier_id`),
+  CONSTRAINT `purchases_ibfk_1` FOREIGN KEY (`supplier_id`) REFERENCES `suppliers` (`id`) ON DELETE SET NULL
+) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `purchases`
+--
+
+LOCK TABLES `purchases` WRITE;
+/*!40000 ALTER TABLE `purchases` DISABLE KEYS */;
+INSERT INTO `purchases` VALUES
+(1,3,'2026-02-11',144.00,'completed',NULL,'2026-02-23 19:48:29'),
+(2,1,'2026-02-17',87.00,'completed',NULL,'2026-02-23 19:48:29'),
+(3,1,'2026-02-15',78.00,'completed',NULL,'2026-02-23 19:48:29'),
+(4,3,'2026-02-11',211.00,'completed',NULL,'2026-02-23 19:48:29'),
+(5,2,'2026-02-09',136.00,'completed',NULL,'2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `purchases` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `service_ratings`
+--
+
+DROP TABLE IF EXISTS `service_ratings`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `service_ratings` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `rating` int(11) NOT NULL CHECK (`rating` >= 1 and `rating` <= 5),
+  `comment` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `service_ratings`
+--
+
+LOCK TABLES `service_ratings` WRITE;
+/*!40000 ALTER TABLE `service_ratings` DISABLE KEYS */;
+INSERT INTO `service_ratings` VALUES
+(1,5,'Excellent service and great food!','2026-02-23 19:48:29'),
+(2,4,'Burger was amazing, but wait time was a bit long.','2026-02-23 19:48:29'),
+(3,5,'Best pizza in town!','2026-02-23 19:48:29'),
+(4,3,'Okay, but nothing special.','2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `service_ratings` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `staff_ratings`
+--
+
+DROP TABLE IF EXISTS `staff_ratings`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `staff_ratings` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `user_id` int(11) NOT NULL,
+  `rating` int(11) NOT NULL CHECK (`rating` >= 1 and `rating` <= 5),
+  `comment` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `user_id` (`user_id`),
+  CONSTRAINT `staff_ratings_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `staff_ratings`
+--
+
+LOCK TABLES `staff_ratings` WRITE;
+/*!40000 ALTER TABLE `staff_ratings` DISABLE KEYS */;
+/*!40000 ALTER TABLE `staff_ratings` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `suppliers`
+--
+
+DROP TABLE IF EXISTS `suppliers`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `suppliers` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `contact_person` varchar(255) DEFAULT NULL,
+  `email` varchar(255) DEFAULT NULL,
+  `phone` varchar(50) DEFAULT NULL,
+  `address` text DEFAULT NULL,
+  `vat_no` varchar(50) DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `suppliers`
+--
+
+LOCK TABLES `suppliers` WRITE;
+/*!40000 ALTER TABLE `suppliers` DISABLE KEYS */;
+INSERT INTO `suppliers` VALUES
+(1,'Fresh Farms Ltd','Farmer Joe',NULL,'555-9999',NULL,NULL,'2026-02-23 19:48:29'),
+(2,'Beverage Co','Drink Distributor',NULL,'555-8888',NULL,NULL,'2026-02-23 19:48:29'),
+(3,'Kitchen Supplies Inc','Cookware Expert','','555-7777','','','2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `suppliers` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `tables`
+--
+
+DROP TABLE IF EXISTS `tables`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `tables` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `area_id` int(11) DEFAULT NULL,
+  `name` varchar(50) NOT NULL,
+  `capacity` int(11) DEFAULT 4,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `area_id` (`area_id`),
+  CONSTRAINT `tables_ibfk_1` FOREIGN KEY (`area_id`) REFERENCES `areas` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `tables`
+--
+
+LOCK TABLES `tables` WRITE;
+/*!40000 ALTER TABLE `tables` DISABLE KEYS */;
+INSERT INTO `tables` VALUES
+(1,1,'Table 1',4,'2026-02-23 19:48:28'),
+(2,1,'Table 2',4,'2026-02-23 19:48:28'),
+(3,1,'Table 3',6,'2026-02-23 19:48:28'),
+(4,2,'Patio 1',2,'2026-02-23 19:48:28'),
+(5,2,'Patio 2',2,'2026-02-23 19:48:28'),
+(6,3,'Booth A',4,'2026-02-23 19:48:28'),
+(7,3,'Booth B',4,'2026-02-23 19:48:28');
+/*!40000 ALTER TABLE `tables` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `user_groups`
+--
+
+DROP TABLE IF EXISTS `user_groups`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `user_groups` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `permissions` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `user_groups`
+--
+
+LOCK TABLES `user_groups` WRITE;
+/*!40000 ALTER TABLE `user_groups` DISABLE KEYS */;
+INSERT INTO `user_groups` VALUES
+(1,'Administrator','all','2026-02-23 18:56:57'),
+(2,'Administrator','all','2026-02-23 19:40:07'),
+(3,'Manager','manage_orders,manage_products,manage_reports','2026-02-23 19:40:07'),
+(4,'Cashier','pos_view,pos_add,pos_del,kitchen_view,kitchen_add,kitchen_del,products_view,categories_view','2026-02-23 19:40:07'),
+(5,'Waiter','pos','2026-02-23 19:40:07');
+/*!40000 ALTER TABLE `user_groups` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `user_outlets`
+--
+
+DROP TABLE IF EXISTS `user_outlets`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `user_outlets` (
+  `user_id` int(11) NOT NULL,
+  `outlet_id` int(11) NOT NULL,
+  PRIMARY KEY (`user_id`,`outlet_id`),
+  KEY `outlet_id` (`outlet_id`),
+  CONSTRAINT `user_outlets_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE,
+  CONSTRAINT `user_outlets_ibfk_2` FOREIGN KEY (`outlet_id`) REFERENCES `outlets` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `user_outlets`
+--
+
+LOCK TABLES `user_outlets` WRITE;
+/*!40000 ALTER TABLE `user_outlets` DISABLE KEYS */;
+INSERT INTO `user_outlets` VALUES
+(1,1),
+(1,2),
+(1,3),
+(1,4),
+(2,1),
+(3,2);
+/*!40000 ALTER TABLE `user_outlets` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `users`
+--
+
+DROP TABLE IF EXISTS `users`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `users` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `group_id` int(11) DEFAULT NULL,
+  `username` varchar(255) NOT NULL,
+  `password` varchar(255) NOT NULL,
+  `full_name` varchar(255) DEFAULT NULL,
+  `employee_id` varchar(50) DEFAULT NULL,
+  `email` varchar(255) DEFAULT NULL,
+  `profile_pic` varchar(255) DEFAULT NULL,
+  `is_active` tinyint(1) DEFAULT 1,
+  `is_ratable` tinyint(1) DEFAULT 0,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `username` (`username`),
+  UNIQUE KEY `employee_id` (`employee_id`),
+  UNIQUE KEY `email` (`email`),
+  KEY `group_id` (`group_id`),
+  CONSTRAINT `users_ibfk_1` FOREIGN KEY (`group_id`) REFERENCES `user_groups` (`id`) ON DELETE SET NULL
+) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `users`
+--
+
+LOCK TABLES `users` WRITE;
+/*!40000 ALTER TABLE `users` DISABLE KEYS */;
+INSERT INTO `users` VALUES
+(1,1,'admin','$2y$10$52ZJ3bcFXYY8B7pcWL/9LeY90Fd3M1eAIolOGG.XpXa50zBmwFSuS','Super Admin',NULL,NULL,NULL,1,0,'2026-02-23 18:56:57'),
+(2,2,'cashier1','$2y$10$2.LYIJUOfkoiqkjtLtPe3uMLAAF6o4WmjinqXAuuWt72EYeQ8ZMQG','Alice Cashier',NULL,NULL,NULL,1,0,'2026-02-23 19:48:28'),
+(3,3,'waiter1','$2y$10$2.LYIJUOfkoiqkjtLtPe3uMLAAF6o4WmjinqXAuuWt72EYeQ8ZMQG','Bob Waiter',NULL,NULL,NULL,1,0,'2026-02-23 19:48:28');
+/*!40000 ALTER TABLE `users` ENABLE KEYS */;
+UNLOCK TABLES;
+/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
+
+/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
+/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
+/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
+/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
+
+-- Dump completed on 2026-02-24  5:08:07
diff --git a/storage/backups/backup_2026-02-24_05-11-43.sql b/storage/backups/backup_2026-02-24_05-11-43.sql
new file mode 100644
index 0000000..1d35eda
--- /dev/null
+++ b/storage/backups/backup_2026-02-24_05-11-43.sql
@@ -0,0 +1,1120 @@
+/*M!999999\- enable the sandbox mode */ 
+-- MariaDB dump 10.19  Distrib 10.11.14-MariaDB, for debian-linux-gnu (x86_64)
+--
+-- Host: 127.0.0.1    Database: app_38682
+-- ------------------------------------------------------
+-- Server version	10.11.14-MariaDB-0+deb12u2
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
+/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
+/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
+/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
+
+--
+-- Table structure for table `ads_images`
+--
+
+DROP TABLE IF EXISTS `ads_images`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `ads_images` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `image_path` varchar(255) NOT NULL,
+  `title` varchar(255) DEFAULT NULL,
+  `sort_order` int(11) DEFAULT 0,
+  `is_active` tinyint(1) DEFAULT 1,
+  `display_layout` enum('both','split','fullscreen') DEFAULT 'both',
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `ads_images`
+--
+
+LOCK TABLES `ads_images` WRITE;
+/*!40000 ALTER TABLE `ads_images` DISABLE KEYS */;
+INSERT INTO `ads_images` VALUES
+(1,'assets/images/ads/ad_699bf2574849b.jpeg','Summer Special',0,1,'both','2026-02-23 19:48:29'),
+(2,'assets/images/ads/ad_699bf270e9a69.jpeg','New Burger Launch',0,1,'both','2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `ads_images` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `areas`
+--
+
+DROP TABLE IF EXISTS `areas`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `areas` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `outlet_id` int(11) DEFAULT NULL,
+  `name` varchar(255) NOT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `outlet_id` (`outlet_id`),
+  CONSTRAINT `areas_ibfk_1` FOREIGN KEY (`outlet_id`) REFERENCES `outlets` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `areas`
+--
+
+LOCK TABLES `areas` WRITE;
+/*!40000 ALTER TABLE `areas` DISABLE KEYS */;
+INSERT INTO `areas` VALUES
+(1,1,'Main Dining Area','2026-02-23 19:48:28'),
+(2,1,'Patio','2026-02-23 19:48:28'),
+(3,2,'Indoor Section','2026-02-23 19:48:28');
+/*!40000 ALTER TABLE `areas` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `attendance_logs`
+--
+
+DROP TABLE IF EXISTS `attendance_logs`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `attendance_logs` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `user_id` int(11) DEFAULT NULL,
+  `employee_id` varchar(50) DEFAULT NULL,
+  `log_timestamp` datetime DEFAULT NULL,
+  `log_type` enum('IN','OUT','OTHER') DEFAULT 'IN',
+  `device_id` varchar(100) DEFAULT NULL,
+  `ip_address` varchar(45) DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `user_id` (`user_id`),
+  CONSTRAINT `attendance_logs_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE SET NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `attendance_logs`
+--
+
+LOCK TABLES `attendance_logs` WRITE;
+/*!40000 ALTER TABLE `attendance_logs` DISABLE KEYS */;
+/*!40000 ALTER TABLE `attendance_logs` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `categories`
+--
+
+DROP TABLE IF EXISTS `categories`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `categories` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `sort_order` int(11) DEFAULT 0,
+  `image_url` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `categories`
+--
+
+LOCK TABLES `categories` WRITE;
+/*!40000 ALTER TABLE `categories` DISABLE KEYS */;
+INSERT INTO `categories` VALUES
+(1,'Burgers',1,NULL),
+(2,'Sides',2,NULL),
+(3,'Drinks',3,NULL),
+(4,'Desserts',4,NULL),
+(5,'Salads',5,NULL),
+(6,'Pasta',6,NULL);
+/*!40000 ALTER TABLE `categories` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `company_settings`
+--
+
+DROP TABLE IF EXISTS `company_settings`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `company_settings` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `company_name` varchar(255) NOT NULL DEFAULT 'My Restaurant',
+  `address` text DEFAULT NULL,
+  `phone` varchar(50) DEFAULT NULL,
+  `email` varchar(255) DEFAULT NULL,
+  `vat_rate` decimal(5,2) DEFAULT 0.00,
+  `currency_symbol` varchar(10) DEFAULT '$',
+  `currency_decimals` int(11) DEFAULT 2,
+  `logo_url` varchar(255) DEFAULT NULL,
+  `favicon_url` varchar(255) DEFAULT NULL,
+  `ctr_number` varchar(50) DEFAULT NULL,
+  `vat_number` varchar(50) DEFAULT NULL,
+  `updated_at` timestamp NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
+  `auto_backup_enabled` tinyint(1) DEFAULT 0,
+  `last_auto_backup` timestamp NULL DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `company_settings`
+--
+
+LOCK TABLES `company_settings` WRITE;
+/*!40000 ALTER TABLE `company_settings` DISABLE KEYS */;
+INSERT INTO `company_settings` VALUES
+(1,'Al-Bidar Cafe','al -hamra','99359472','aalabry@gmail.com',5.00,'OMRR',3,'assets/images/company/logo_699d0d4e79490.png','assets/images/company/favicon_699d0d4e7a2f6.png','','OM99888','2026-02-24 05:08:19',0,'2026-02-24 05:08:07');
+/*!40000 ALTER TABLE `company_settings` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `customers`
+--
+
+DROP TABLE IF EXISTS `customers`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `customers` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `phone` varchar(20) DEFAULT NULL,
+  `email` varchar(255) DEFAULT NULL,
+  `points` int(11) DEFAULT 0,
+  `loyalty_redemptions_count` int(11) DEFAULT 0,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  `address` text DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `phone` (`phone`)
+) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `customers`
+--
+
+LOCK TABLES `customers` WRITE;
+/*!40000 ALTER TABLE `customers` DISABLE KEYS */;
+INSERT INTO `customers` VALUES
+(1,'John Doe','5551234','john@example.com',50,0,'2026-02-23 19:48:28',NULL),
+(2,'Jane Smith','5555678','jane@example.com',120,0,'2026-02-23 19:48:28',NULL),
+(3,'Michael Brown','5558765','michael@example.com',15,0,'2026-02-23 19:48:28',NULL),
+(4,'Emily Davis','5554321','emily@example.com',85,0,'2026-02-23 19:48:28',NULL),
+(5,'Chris Wilson','5551111','chris@example.com',0,0,'2026-02-23 19:48:28',NULL),
+(6,'Sarah Miller','5552222','sarah@example.com',200,0,'2026-02-23 19:48:28',NULL),
+(7,'David Taylor','5553333','david@example.com',30,0,'2026-02-23 19:48:28',NULL),
+(8,'moosa','99359472','laura@example.com',55,0,'2026-02-23 19:48:28','');
+/*!40000 ALTER TABLE `customers` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `expense_categories`
+--
+
+DROP TABLE IF EXISTS `expense_categories`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `expense_categories` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `description` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `expense_categories`
+--
+
+LOCK TABLES `expense_categories` WRITE;
+/*!40000 ALTER TABLE `expense_categories` DISABLE KEYS */;
+INSERT INTO `expense_categories` VALUES
+(1,'Utilities','Electricity, Water, Gas','2026-02-23 19:48:29'),
+(2,'Rent','Monthly outlet rent','2026-02-23 19:48:29'),
+(3,'Supplies','Cleaning and office supplies','2026-02-23 19:48:29'),
+(4,'Marketing','Advertisements and promotions','2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `expense_categories` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `expenses`
+--
+
+DROP TABLE IF EXISTS `expenses`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `expenses` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `category_id` int(11) NOT NULL,
+  `outlet_id` int(11) NOT NULL,
+  `amount` decimal(10,2) NOT NULL,
+  `description` text DEFAULT NULL,
+  `expense_date` date NOT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `category_id` (`category_id`),
+  KEY `outlet_id` (`outlet_id`),
+  CONSTRAINT `expenses_ibfk_1` FOREIGN KEY (`category_id`) REFERENCES `expense_categories` (`id`),
+  CONSTRAINT `expenses_ibfk_2` FOREIGN KEY (`outlet_id`) REFERENCES `outlets` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `expenses`
+--
+
+LOCK TABLES `expenses` WRITE;
+/*!40000 ALTER TABLE `expenses` DISABLE KEYS */;
+INSERT INTO `expenses` VALUES
+(1,3,2,194.31,'Sample expense for 2026-02-20','2026-02-20','2026-02-23 19:48:29'),
+(2,3,4,467.60,'Sample expense for 2026-01-28','2026-01-28','2026-02-23 19:48:29'),
+(3,3,2,470.68,'Sample expense for 2026-02-18','2026-02-18','2026-02-23 19:48:29'),
+(4,4,1,377.27,'Sample expense for 2026-02-14','2026-02-14','2026-02-23 19:48:29'),
+(5,2,3,92.16,'Sample expense for 2026-02-08','2026-02-08','2026-02-23 19:48:29'),
+(6,3,3,250.49,'Sample expense for 2026-02-02','2026-02-02','2026-02-23 19:48:29'),
+(7,3,4,423.19,'Sample expense for 2026-02-13','2026-02-13','2026-02-23 19:48:29'),
+(8,3,3,247.94,'Sample expense for 2026-02-15','2026-02-15','2026-02-23 19:48:29'),
+(9,1,2,244.02,'Sample expense for 2026-01-30','2026-01-30','2026-02-23 19:48:29'),
+(10,4,3,228.07,'Sample expense for 2026-02-21','2026-02-21','2026-02-23 19:48:29'),
+(11,1,3,398.84,'Sample expense for 2026-02-13','2026-02-13','2026-02-23 19:48:29'),
+(12,1,3,450.92,'Sample expense for 2026-02-20','2026-02-20','2026-02-23 19:48:29'),
+(13,1,2,379.73,'Sample expense for 2026-02-05','2026-02-05','2026-02-23 19:48:29'),
+(14,2,2,440.60,'Sample expense for 2026-01-29','2026-01-29','2026-02-23 19:48:29'),
+(15,3,2,185.03,'Sample expense for 2026-01-27','2026-01-27','2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `expenses` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `integration_settings`
+--
+
+DROP TABLE IF EXISTS `integration_settings`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `integration_settings` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `provider` varchar(50) NOT NULL,
+  `setting_key` varchar(100) NOT NULL,
+  `setting_value` text DEFAULT NULL,
+  `updated_at` timestamp NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `unique_provider_key` (`provider`,`setting_key`)
+) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `integration_settings`
+--
+
+LOCK TABLES `integration_settings` WRITE;
+/*!40000 ALTER TABLE `integration_settings` DISABLE KEYS */;
+INSERT INTO `integration_settings` VALUES
+(1,'wablas','domain','https://deu.wablas.com/','2026-02-24 02:31:26'),
+(2,'wablas','token','xOSMYzXiM9uABP0zcoALzlGJjKsRBaLCS2paBAE2kyECNNJkCQbgMW8','2026-02-24 02:31:26'),
+(3,'wablas','secret_key','ZBtnBwfm','2026-02-24 02:31:26'),
+(4,'wablas','order_template','Dear *{customer_name}*,\r\n\r\nThank you for dining with *{company_name}*! 🍽️\r\n\r\n*Order Details:*\r\n{order_details}\r\n\r\nTotal: *{total_amount}* OMR\r\n\r\nYou\'ve earned *{points_earned} points* with this order.\r\n💰 *Current Balance: {new_balance} points*','2026-02-24 02:31:26'),
+(5,'wablas','is_enabled','0','2026-02-24 02:31:26');
+/*!40000 ALTER TABLE `integration_settings` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `loyalty_settings`
+--
+
+DROP TABLE IF EXISTS `loyalty_settings`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `loyalty_settings` (
+  `id` int(11) NOT NULL,
+  `points_per_order` int(11) DEFAULT 10,
+  `points_for_free_meal` int(11) DEFAULT 70,
+  `is_enabled` tinyint(1) DEFAULT 1,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `loyalty_settings`
+--
+
+LOCK TABLES `loyalty_settings` WRITE;
+/*!40000 ALTER TABLE `loyalty_settings` DISABLE KEYS */;
+INSERT INTO `loyalty_settings` VALUES
+(1,10,70,1);
+/*!40000 ALTER TABLE `loyalty_settings` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `migrations`
+--
+
+DROP TABLE IF EXISTS `migrations`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `migrations` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `migration_name` varchar(255) NOT NULL,
+  `applied_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `migration_name` (`migration_name`)
+) ENGINE=InnoDB AUTO_INCREMENT=24 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `migrations`
+--
+
+LOCK TABLES `migrations` WRITE;
+/*!40000 ALTER TABLE `migrations` DISABLE KEYS */;
+INSERT INTO `migrations` VALUES
+(1,'001_add_payments.sql','2026-02-23 19:40:07'),
+(2,'003_add_payment_type_to_orders.sql','2026-02-23 19:40:07'),
+(3,'004_seed_payment_types.sql','2026-02-23 19:40:07'),
+(4,'006_integration_settings.sql','2026-02-23 19:40:07'),
+(5,'007_add_loyalty_payment_type.sql','2026-02-23 19:40:07'),
+(6,'008_user_system.sql','2026-02-23 19:40:07'),
+(7,'009_user_outlets.sql','2026-02-23 19:40:07'),
+(8,'010_ads_images.sql','2026-02-23 19:40:07'),
+(9,'011_add_user_id_to_orders.sql','2026-02-23 19:40:07'),
+(10,'012_expenses_schema.sql','2026-02-23 19:40:07'),
+(11,'013_product_promotions.sql','2026-02-23 19:40:07'),
+(12,'015_add_redemptions_to_customers.sql','2026-02-23 19:40:07'),
+(13,'016_add_profile_pic_to_users.sql','2026-02-23 19:40:07'),
+(14,'017_attendance_system.sql','2026-02-23 19:40:07'),
+(15,'018_add_cost_price_to_products.sql','2026-02-23 19:40:07'),
+(16,'019_purchase_module.sql','2026-02-23 19:40:07'),
+(17,'020_staff_ratings.sql','2026-02-23 19:40:07'),
+(18,'021_add_is_ratable_to_users.sql','2026-02-23 19:40:07'),
+(19,'022_service_ratings.sql','2026-02-23 19:40:07'),
+(20,'002_add_customer_id_to_orders.sql','2026-02-23 19:40:26'),
+(21,'005_loyalty_schema.sql','2026-02-23 19:40:26'),
+(22,'014_loyalty_toggle.sql','2026-02-23 19:40:26'),
+(23,'023_add_image_url_to_categories.sql','2026-02-23 19:40:26');
+/*!40000 ALTER TABLE `migrations` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `order_items`
+--
+
+DROP TABLE IF EXISTS `order_items`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `order_items` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `order_id` int(11) DEFAULT NULL,
+  `product_id` int(11) DEFAULT NULL,
+  `variant_id` int(11) DEFAULT NULL,
+  `quantity` int(11) NOT NULL,
+  `unit_price` decimal(10,2) NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `order_id` (`order_id`),
+  KEY `product_id` (`product_id`),
+  CONSTRAINT `order_items_ibfk_1` FOREIGN KEY (`order_id`) REFERENCES `orders` (`id`),
+  CONSTRAINT `order_items_ibfk_2` FOREIGN KEY (`product_id`) REFERENCES `products` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=126 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `order_items`
+--
+
+LOCK TABLES `order_items` WRITE;
+/*!40000 ALTER TABLE `order_items` DISABLE KEYS */;
+INSERT INTO `order_items` VALUES
+(1,1,4,NULL,2,3.50),
+(2,2,12,NULL,2,13.99),
+(3,3,3,NULL,1,5.99),
+(4,4,2,NULL,3,11.50),
+(5,4,3,NULL,3,5.99),
+(6,5,13,NULL,2,12.50),
+(7,5,9,NULL,3,6.99),
+(8,5,8,NULL,3,7.99),
+(9,6,9,NULL,1,6.99),
+(10,7,13,NULL,2,12.50),
+(11,8,9,NULL,1,6.99),
+(12,8,10,NULL,3,9.50),
+(13,8,4,NULL,2,3.50),
+(14,8,3,NULL,3,5.99),
+(15,9,10,NULL,3,9.50),
+(16,10,5,NULL,2,15.99),
+(17,10,1,NULL,3,12.99),
+(18,11,3,NULL,2,5.99),
+(19,11,1,NULL,3,12.99),
+(20,11,6,NULL,3,6.50),
+(21,11,11,NULL,3,10.50),
+(22,12,8,NULL,3,7.99),
+(23,12,4,NULL,3,3.50),
+(24,12,5,NULL,3,15.99),
+(25,13,9,NULL,1,6.99),
+(26,13,8,NULL,2,7.99),
+(27,13,2,NULL,3,11.50),
+(28,13,1,NULL,3,12.99),
+(29,14,2,NULL,2,11.50),
+(30,14,10,NULL,3,9.50),
+(31,14,8,NULL,1,7.99),
+(32,15,12,NULL,1,13.99),
+(33,15,9,NULL,3,6.99),
+(34,15,6,NULL,3,6.50),
+(35,15,10,NULL,2,9.50),
+(36,16,8,NULL,3,7.99),
+(37,17,12,NULL,2,13.99),
+(38,17,6,NULL,2,6.50),
+(39,17,13,NULL,1,12.50),
+(40,18,1,NULL,1,12.99),
+(41,18,5,NULL,3,15.99),
+(42,18,10,NULL,1,9.50),
+(43,18,8,NULL,3,7.99),
+(44,19,2,NULL,1,11.50),
+(45,20,9,NULL,1,6.99),
+(46,21,3,NULL,3,5.99),
+(47,21,1,NULL,3,12.99),
+(48,22,9,NULL,3,6.99),
+(49,22,1,NULL,3,12.99),
+(50,22,11,NULL,3,10.50),
+(51,22,5,NULL,2,15.99),
+(52,23,13,NULL,2,12.50),
+(53,23,11,NULL,3,10.50),
+(54,23,8,NULL,3,7.99),
+(55,23,6,NULL,3,6.50),
+(56,24,6,NULL,3,6.50),
+(57,24,13,NULL,2,12.50),
+(58,25,1,NULL,3,12.99),
+(59,25,5,NULL,3,15.99),
+(60,25,8,NULL,3,7.99),
+(61,25,2,NULL,1,11.50),
+(62,26,9,NULL,1,6.99),
+(63,26,10,NULL,1,9.50),
+(64,27,9,NULL,2,6.99),
+(65,27,4,NULL,1,3.50),
+(66,28,8,NULL,2,7.99),
+(67,28,10,NULL,3,9.50),
+(68,28,5,NULL,1,15.99),
+(69,29,7,NULL,2,3.99),
+(70,29,9,NULL,1,6.99),
+(71,29,6,NULL,2,6.50),
+(72,30,9,NULL,2,6.99),
+(73,30,10,NULL,2,9.50),
+(74,30,12,NULL,3,13.99),
+(75,31,8,NULL,1,7.99),
+(76,31,1,NULL,3,12.99),
+(77,31,13,NULL,2,12.50),
+(78,32,1,NULL,2,12.99),
+(79,32,3,NULL,3,5.99),
+(80,33,5,NULL,3,15.99),
+(81,34,11,NULL,2,10.50),
+(82,34,5,NULL,1,15.99),
+(83,34,10,NULL,1,9.50),
+(84,35,2,NULL,3,11.50),
+(85,35,7,NULL,1,3.99),
+(86,36,1,NULL,2,12.99),
+(87,36,11,NULL,2,10.50),
+(88,36,13,NULL,2,12.50),
+(89,36,6,NULL,3,6.50),
+(90,37,5,NULL,3,15.99),
+(91,37,2,NULL,2,11.50),
+(92,37,8,NULL,3,7.99),
+(93,38,4,NULL,3,3.50),
+(94,38,10,NULL,2,9.50),
+(95,38,2,NULL,3,11.50),
+(96,38,3,NULL,1,5.99),
+(97,39,5,NULL,2,15.99),
+(98,40,8,NULL,3,7.99),
+(99,41,4,NULL,1,3.50),
+(100,41,6,NULL,1,6.50),
+(101,42,12,NULL,2,13.99),
+(102,43,3,NULL,1,5.99),
+(103,43,11,NULL,2,10.50),
+(104,43,6,NULL,3,6.50),
+(105,43,8,NULL,3,7.99),
+(106,44,13,NULL,1,12.50),
+(107,45,8,NULL,3,7.99),
+(108,46,11,NULL,3,10.50),
+(109,46,13,NULL,3,12.50),
+(110,47,13,NULL,1,12.50),
+(111,48,6,NULL,1,6.50),
+(112,49,2,NULL,2,11.50),
+(113,50,3,NULL,3,5.99),
+(114,50,6,NULL,1,6.50),
+(115,51,6,NULL,1,6.50),
+(116,51,3,NULL,1,5.99),
+(117,51,5,NULL,1,15.99),
+(118,52,3,NULL,1,5.99),
+(119,52,5,NULL,1,15.99),
+(120,52,9,NULL,1,6.99),
+(121,53,9,NULL,1,6.99),
+(122,53,8,NULL,1,7.99),
+(123,54,1,NULL,1,12.99),
+(124,55,5,NULL,1,15.99),
+(125,55,1,NULL,1,12.99);
+/*!40000 ALTER TABLE `order_items` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `orders`
+--
+
+DROP TABLE IF EXISTS `orders`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `orders` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `outlet_id` int(11) DEFAULT NULL,
+  `user_id` int(11) DEFAULT NULL,
+  `customer_id` int(11) DEFAULT NULL,
+  `table_id` int(11) DEFAULT NULL,
+  `table_number` varchar(50) DEFAULT NULL,
+  `order_type` enum('dine-in','delivery','drive-thru','takeaway') DEFAULT 'dine-in',
+  `status` enum('pending','preparing','ready','completed','cancelled') DEFAULT 'pending',
+  `payment_type_id` int(11) DEFAULT NULL,
+  `total_amount` decimal(10,2) NOT NULL,
+  `discount` decimal(10,2) DEFAULT 0.00,
+  `customer_name` varchar(255) DEFAULT NULL,
+  `customer_phone` varchar(50) DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `outlet_id` (`outlet_id`),
+  KEY `user_id` (`user_id`),
+  KEY `table_id` (`table_id`),
+  KEY `fk_orders_customer` (`customer_id`),
+  CONSTRAINT `fk_orders_customer` FOREIGN KEY (`customer_id`) REFERENCES `customers` (`id`) ON DELETE SET NULL,
+  CONSTRAINT `orders_ibfk_1` FOREIGN KEY (`outlet_id`) REFERENCES `outlets` (`id`),
+  CONSTRAINT `orders_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE SET NULL,
+  CONSTRAINT `orders_ibfk_3` FOREIGN KEY (`customer_id`) REFERENCES `customers` (`id`) ON DELETE SET NULL,
+  CONSTRAINT `orders_ibfk_4` FOREIGN KEY (`table_id`) REFERENCES `tables` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=56 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `orders`
+--
+
+LOCK TABLES `orders` WRITE;
+/*!40000 ALTER TABLE `orders` DISABLE KEYS */;
+INSERT INTO `orders` VALUES
+(1,1,2,4,3,NULL,'takeaway','completed',1,7.00,0.00,NULL,NULL,'2026-02-17 12:56:39'),
+(2,2,3,NULL,3,NULL,'takeaway','cancelled',NULL,27.98,0.00,NULL,NULL,'2026-02-15 11:27:36'),
+(3,4,1,NULL,NULL,NULL,'delivery','preparing',NULL,5.99,0.00,NULL,NULL,'2026-01-26 21:23:42'),
+(4,1,2,7,1,NULL,'delivery','completed',NULL,52.47,0.00,NULL,NULL,'2026-01-29 12:30:10'),
+(5,1,2,NULL,4,NULL,'takeaway','completed',2,69.94,0.00,NULL,NULL,'2026-02-09 21:53:42'),
+(6,1,1,5,5,NULL,'delivery','completed',NULL,6.99,0.00,NULL,NULL,'2026-02-13 17:44:22'),
+(7,1,1,NULL,5,NULL,'delivery','completed',2,25.00,0.00,NULL,NULL,'2026-02-10 18:30:26'),
+(8,1,3,1,4,NULL,'takeaway','completed',1,60.46,0.00,NULL,NULL,'2026-01-27 12:58:30'),
+(9,1,2,8,4,NULL,'takeaway','completed',1,28.50,0.00,NULL,NULL,'2026-01-31 17:43:40'),
+(10,3,1,7,NULL,NULL,'dine-in','preparing',NULL,70.95,0.00,NULL,NULL,'2026-01-27 14:36:19'),
+(11,2,2,NULL,4,NULL,'takeaway','completed',1,101.95,0.00,NULL,NULL,'2026-02-09 15:56:54'),
+(12,4,2,NULL,NULL,NULL,'dine-in','pending',NULL,82.44,0.00,NULL,NULL,'2026-02-13 13:53:50'),
+(13,4,1,4,NULL,NULL,'delivery','ready',NULL,96.44,0.00,NULL,NULL,'2026-02-23 19:27:40'),
+(14,2,1,6,3,NULL,'dine-in','preparing',NULL,59.49,0.00,NULL,NULL,'2026-01-24 16:30:19'),
+(15,1,1,7,4,NULL,'dine-in','completed',2,73.46,0.00,NULL,NULL,'2026-02-16 22:12:57'),
+(16,4,3,6,NULL,NULL,'takeaway','completed',2,23.97,0.00,NULL,NULL,'2026-02-21 17:46:14'),
+(17,2,2,2,4,NULL,'dine-in','cancelled',NULL,53.48,0.00,NULL,NULL,'2026-02-09 22:58:34'),
+(18,2,3,NULL,3,NULL,'dine-in','ready',NULL,94.43,0.00,NULL,NULL,'2026-02-09 17:22:45'),
+(19,2,1,6,3,NULL,'takeaway','completed',1,11.50,0.00,NULL,NULL,'2026-01-30 15:04:40'),
+(20,1,3,1,7,NULL,'delivery','completed',NULL,6.99,0.00,NULL,NULL,'2026-02-21 22:58:03'),
+(21,1,2,1,2,NULL,'delivery','completed',2,56.94,0.00,NULL,NULL,'2026-02-16 20:55:36'),
+(22,1,3,NULL,7,NULL,'dine-in','completed',NULL,123.42,0.00,NULL,NULL,'2026-02-13 19:42:01'),
+(23,3,2,1,NULL,NULL,'delivery','completed',1,99.97,0.00,NULL,NULL,'2026-02-18 19:01:06'),
+(24,1,2,NULL,6,NULL,'dine-in','completed',NULL,44.50,0.00,NULL,NULL,'2026-02-04 21:44:38'),
+(25,2,1,4,4,NULL,'takeaway','completed',2,122.41,0.00,NULL,NULL,'2026-02-16 21:35:44'),
+(26,4,1,7,NULL,NULL,'delivery','cancelled',NULL,16.49,0.00,NULL,NULL,'2026-02-18 21:55:05'),
+(27,2,3,6,2,NULL,'delivery','completed',2,17.48,0.00,NULL,NULL,'2026-01-29 21:14:52'),
+(28,1,2,3,3,NULL,'takeaway','completed',NULL,60.47,0.00,NULL,NULL,'2026-02-12 18:52:11'),
+(29,3,2,7,NULL,NULL,'delivery','preparing',NULL,27.97,0.00,NULL,NULL,'2026-02-02 15:06:49'),
+(30,1,1,2,4,NULL,'delivery','completed',2,74.95,0.00,NULL,NULL,'2026-02-11 13:15:33'),
+(31,2,2,3,2,NULL,'delivery','completed',2,71.96,0.00,NULL,NULL,'2026-02-05 15:04:26'),
+(32,1,3,2,4,NULL,'takeaway','completed',NULL,43.95,0.00,NULL,NULL,'2026-02-11 21:21:43'),
+(33,2,2,2,6,NULL,'delivery','cancelled',NULL,47.97,0.00,NULL,NULL,'2026-02-12 20:10:48'),
+(34,3,3,NULL,NULL,NULL,'dine-in','completed',1,46.49,0.00,NULL,NULL,'2026-02-11 14:51:35'),
+(35,3,3,5,NULL,NULL,'delivery','completed',1,38.49,0.00,NULL,NULL,'2026-02-20 17:08:32'),
+(36,3,1,4,NULL,NULL,'delivery','completed',1,91.48,0.00,NULL,NULL,'2026-02-01 16:21:38'),
+(37,3,1,NULL,NULL,NULL,'delivery','pending',NULL,94.94,0.00,NULL,NULL,'2026-02-08 18:31:06'),
+(38,3,1,5,NULL,NULL,'dine-in','completed',1,69.99,0.00,NULL,NULL,'2026-02-04 13:01:09'),
+(39,2,3,3,6,NULL,'delivery','preparing',NULL,31.98,0.00,NULL,NULL,'2026-02-16 13:13:22'),
+(40,3,3,6,NULL,NULL,'takeaway','pending',NULL,23.97,0.00,NULL,NULL,'2026-02-01 17:33:38'),
+(41,2,1,5,4,NULL,'takeaway','ready',NULL,10.00,0.00,NULL,NULL,'2026-01-31 14:49:13'),
+(42,3,3,2,NULL,NULL,'delivery','completed',2,27.98,0.00,NULL,NULL,'2026-01-28 11:38:11'),
+(43,2,2,8,3,NULL,'dine-in','pending',NULL,70.46,0.00,NULL,NULL,'2026-02-21 13:27:55'),
+(44,4,1,2,NULL,NULL,'delivery','cancelled',NULL,12.50,0.00,NULL,NULL,'2026-02-18 12:47:10'),
+(45,1,1,NULL,3,NULL,'delivery','completed',1,23.97,0.00,NULL,NULL,'2026-01-30 11:43:19'),
+(46,3,2,2,NULL,NULL,'takeaway','cancelled',NULL,69.00,0.00,NULL,NULL,'2026-01-25 22:14:08'),
+(47,4,1,NULL,NULL,NULL,'dine-in','completed',1,12.50,0.00,NULL,NULL,'2026-02-19 18:31:12'),
+(48,4,2,NULL,NULL,NULL,'takeaway','completed',1,6.50,0.00,NULL,NULL,'2026-02-21 18:02:45'),
+(49,2,1,NULL,7,NULL,'dine-in','pending',NULL,23.00,0.00,NULL,NULL,'2026-02-02 18:23:13'),
+(50,3,3,NULL,NULL,NULL,'delivery','cancelled',NULL,24.47,0.00,NULL,NULL,'2026-01-28 12:13:05'),
+(51,1,1,8,NULL,NULL,'takeaway','completed',1,28.48,0.00,'moosa','99359472','2026-02-24 02:28:17'),
+(52,1,1,NULL,NULL,NULL,'takeaway','completed',1,28.97,0.00,NULL,NULL,'2026-02-24 02:39:42'),
+(53,1,1,NULL,NULL,NULL,'takeaway','completed',1,14.98,0.00,NULL,NULL,'2026-02-24 02:40:36'),
+(54,1,1,NULL,NULL,NULL,'takeaway','completed',1,12.99,0.00,NULL,NULL,'2026-02-24 02:48:59'),
+(55,1,1,NULL,NULL,NULL,'takeaway','completed',1,28.98,0.00,NULL,NULL,'2026-02-24 02:49:23');
+/*!40000 ALTER TABLE `orders` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `outlets`
+--
+
+DROP TABLE IF EXISTS `outlets`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `outlets` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `address` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `outlets`
+--
+
+LOCK TABLES `outlets` WRITE;
+/*!40000 ALTER TABLE `outlets` DISABLE KEYS */;
+INSERT INTO `outlets` VALUES
+(1,'Main Downtown','123 Main St','2026-02-23 18:56:57'),
+(2,'Westside Hub','456 West Blvd','2026-02-23 18:56:57'),
+(3,'North Point Mall','789 North Ave','2026-02-23 19:48:28'),
+(4,'South Beach','321 Coastal Rd','2026-02-23 19:48:28');
+/*!40000 ALTER TABLE `outlets` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `payment_types`
+--
+
+DROP TABLE IF EXISTS `payment_types`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `payment_types` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `type` enum('cash','card','api') DEFAULT 'cash',
+  `api_provider` varchar(50) DEFAULT NULL,
+  `is_active` tinyint(1) DEFAULT 1,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `payment_types`
+--
+
+LOCK TABLES `payment_types` WRITE;
+/*!40000 ALTER TABLE `payment_types` DISABLE KEYS */;
+INSERT INTO `payment_types` VALUES
+(1,'Cash','cash',NULL,1,'2026-02-23 19:40:07'),
+(2,'Credit Card','card',NULL,1,'2026-02-23 19:40:07'),
+(3,'Loyalty Redeem','cash',NULL,0,'2026-02-23 19:40:07');
+/*!40000 ALTER TABLE `payment_types` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `product_variants`
+--
+
+DROP TABLE IF EXISTS `product_variants`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `product_variants` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `product_id` int(11) DEFAULT NULL,
+  `name` varchar(255) NOT NULL,
+  `price_adjustment` decimal(10,2) DEFAULT 0.00,
+  PRIMARY KEY (`id`),
+  KEY `product_id` (`product_id`),
+  CONSTRAINT `product_variants_ibfk_1` FOREIGN KEY (`product_id`) REFERENCES `products` (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `product_variants`
+--
+
+LOCK TABLES `product_variants` WRITE;
+/*!40000 ALTER TABLE `product_variants` DISABLE KEYS */;
+/*!40000 ALTER TABLE `product_variants` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `products`
+--
+
+DROP TABLE IF EXISTS `products`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `products` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `category_id` int(11) DEFAULT NULL,
+  `name` varchar(255) NOT NULL,
+  `description` text DEFAULT NULL,
+  `price` decimal(10,2) NOT NULL,
+  `cost_price` decimal(10,2) DEFAULT 0.00,
+  `stock_quantity` int(11) DEFAULT 0,
+  `image_url` varchar(255) DEFAULT NULL,
+  `promo_discount_percent` decimal(5,2) DEFAULT NULL,
+  `promo_date_from` date DEFAULT NULL,
+  `promo_date_to` date DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  KEY `category_id` (`category_id`),
+  CONSTRAINT `products_ibfk_1` FOREIGN KEY (`category_id`) REFERENCES `categories` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=14 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `products`
+--
+
+LOCK TABLES `products` WRITE;
+/*!40000 ALTER TABLE `products` DISABLE KEYS */;
+INSERT INTO `products` VALUES
+(1,1,'Signature Burger','Juicy beef patty with special sauce',12.99,0.00,-2,NULL,NULL,NULL,NULL),
+(2,1,'Veggie Delight','Plant-based patty with fresh avocado',11.50,0.00,0,NULL,NULL,NULL,NULL),
+(3,2,'Truffle Fries','Crispy fries with truffle oil and parmesan',5.99,0.00,-2,NULL,NULL,NULL,NULL),
+(4,3,'Craft Cola','House-made sparkling cola',3.50,0.00,0,NULL,NULL,NULL,NULL),
+(5,1,'Double Bacon Burger','Double patty with crispy bacon and cheddar',15.99,6.50,97,NULL,NULL,NULL,NULL),
+(6,2,'Sweet Potato Fries','Waffle cut sweet potato fries with maple dip',6.50,2.00,199,NULL,NULL,NULL,NULL),
+(7,3,'Lemon Iced Tea','Freshly brewed black tea with lemon and honey',3.99,0.50,500,NULL,NULL,NULL,NULL),
+(8,4,'Chocolate Lava Cake','Warm chocolate cake with a gooey center',7.99,3.00,49,NULL,NULL,NULL,NULL),
+(9,4,'NY Cheesecake','Classic creamy cheesecake with strawberry topping',6.99,2.50,58,NULL,NULL,NULL,NULL),
+(10,5,'Caesar Salad','Romaine lettuce with parmesan, croutons and dressing',9.50,3.50,80,NULL,NULL,NULL,NULL),
+(11,5,'Greek Salad','Cucumber, tomato, onion, olives and feta cheese',10.50,4.00,70,NULL,NULL,NULL,NULL),
+(12,6,'Spaghetti Carbonara','Pasta with eggs, cheese, guanciale and black pepper',13.99,5.50,90,NULL,NULL,NULL,NULL),
+(13,6,'Penne Arrabbiata','Spicy pasta with tomato sauce, garlic and chili',12.50,4.50,100,NULL,NULL,NULL,NULL);
+/*!40000 ALTER TABLE `products` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `purchase_items`
+--
+
+DROP TABLE IF EXISTS `purchase_items`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `purchase_items` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `purchase_id` int(11) NOT NULL,
+  `product_id` int(11) NOT NULL,
+  `quantity` int(11) NOT NULL,
+  `cost_price` decimal(10,2) NOT NULL,
+  `total_price` decimal(10,2) NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `purchase_id` (`purchase_id`),
+  KEY `product_id` (`product_id`),
+  CONSTRAINT `purchase_items_ibfk_1` FOREIGN KEY (`purchase_id`) REFERENCES `purchases` (`id`) ON DELETE CASCADE,
+  CONSTRAINT `purchase_items_ibfk_2` FOREIGN KEY (`product_id`) REFERENCES `products` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `purchase_items`
+--
+
+LOCK TABLES `purchase_items` WRITE;
+/*!40000 ALTER TABLE `purchase_items` DISABLE KEYS */;
+INSERT INTO `purchase_items` VALUES
+(1,1,11,36,4.00,144.00),
+(2,2,1,27,0.00,0.00),
+(3,2,4,29,0.00,0.00),
+(4,2,8,29,3.00,87.00),
+(5,3,8,26,3.00,78.00),
+(6,3,4,35,0.00,0.00),
+(7,4,5,31,6.50,201.50),
+(8,4,7,19,0.50,9.50),
+(9,5,9,32,2.50,80.00),
+(10,5,11,14,4.00,56.00);
+/*!40000 ALTER TABLE `purchase_items` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `purchases`
+--
+
+DROP TABLE IF EXISTS `purchases`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `purchases` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `supplier_id` int(11) DEFAULT NULL,
+  `purchase_date` date NOT NULL,
+  `total_amount` decimal(10,2) DEFAULT 0.00,
+  `status` enum('pending','completed','cancelled') DEFAULT 'pending',
+  `notes` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `supplier_id` (`supplier_id`),
+  CONSTRAINT `purchases_ibfk_1` FOREIGN KEY (`supplier_id`) REFERENCES `suppliers` (`id`) ON DELETE SET NULL
+) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `purchases`
+--
+
+LOCK TABLES `purchases` WRITE;
+/*!40000 ALTER TABLE `purchases` DISABLE KEYS */;
+INSERT INTO `purchases` VALUES
+(1,3,'2026-02-11',144.00,'completed',NULL,'2026-02-23 19:48:29'),
+(2,1,'2026-02-17',87.00,'completed',NULL,'2026-02-23 19:48:29'),
+(3,1,'2026-02-15',78.00,'completed',NULL,'2026-02-23 19:48:29'),
+(4,3,'2026-02-11',211.00,'completed',NULL,'2026-02-23 19:48:29'),
+(5,2,'2026-02-09',136.00,'completed',NULL,'2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `purchases` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `service_ratings`
+--
+
+DROP TABLE IF EXISTS `service_ratings`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `service_ratings` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `rating` int(11) NOT NULL CHECK (`rating` >= 1 and `rating` <= 5),
+  `comment` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `service_ratings`
+--
+
+LOCK TABLES `service_ratings` WRITE;
+/*!40000 ALTER TABLE `service_ratings` DISABLE KEYS */;
+INSERT INTO `service_ratings` VALUES
+(1,5,'Excellent service and great food!','2026-02-23 19:48:29'),
+(2,4,'Burger was amazing, but wait time was a bit long.','2026-02-23 19:48:29'),
+(3,5,'Best pizza in town!','2026-02-23 19:48:29'),
+(4,3,'Okay, but nothing special.','2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `service_ratings` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `staff_ratings`
+--
+
+DROP TABLE IF EXISTS `staff_ratings`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `staff_ratings` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `user_id` int(11) NOT NULL,
+  `rating` int(11) NOT NULL CHECK (`rating` >= 1 and `rating` <= 5),
+  `comment` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `user_id` (`user_id`),
+  CONSTRAINT `staff_ratings_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `staff_ratings`
+--
+
+LOCK TABLES `staff_ratings` WRITE;
+/*!40000 ALTER TABLE `staff_ratings` DISABLE KEYS */;
+/*!40000 ALTER TABLE `staff_ratings` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `suppliers`
+--
+
+DROP TABLE IF EXISTS `suppliers`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `suppliers` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `contact_person` varchar(255) DEFAULT NULL,
+  `email` varchar(255) DEFAULT NULL,
+  `phone` varchar(50) DEFAULT NULL,
+  `address` text DEFAULT NULL,
+  `vat_no` varchar(50) DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `suppliers`
+--
+
+LOCK TABLES `suppliers` WRITE;
+/*!40000 ALTER TABLE `suppliers` DISABLE KEYS */;
+INSERT INTO `suppliers` VALUES
+(1,'Fresh Farms Ltd','Farmer Joe',NULL,'555-9999',NULL,NULL,'2026-02-23 19:48:29'),
+(2,'Beverage Co','Drink Distributor',NULL,'555-8888',NULL,NULL,'2026-02-23 19:48:29'),
+(3,'Kitchen Supplies Inc','Cookware Expert','','555-7777','','','2026-02-23 19:48:29');
+/*!40000 ALTER TABLE `suppliers` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `tables`
+--
+
+DROP TABLE IF EXISTS `tables`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `tables` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `area_id` int(11) DEFAULT NULL,
+  `name` varchar(50) NOT NULL,
+  `capacity` int(11) DEFAULT 4,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  KEY `area_id` (`area_id`),
+  CONSTRAINT `tables_ibfk_1` FOREIGN KEY (`area_id`) REFERENCES `areas` (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `tables`
+--
+
+LOCK TABLES `tables` WRITE;
+/*!40000 ALTER TABLE `tables` DISABLE KEYS */;
+INSERT INTO `tables` VALUES
+(1,1,'Table 1',4,'2026-02-23 19:48:28'),
+(2,1,'Table 2',4,'2026-02-23 19:48:28'),
+(3,1,'Table 3',6,'2026-02-23 19:48:28'),
+(4,2,'Patio 1',2,'2026-02-23 19:48:28'),
+(5,2,'Patio 2',2,'2026-02-23 19:48:28'),
+(6,3,'Booth A',4,'2026-02-23 19:48:28'),
+(7,3,'Booth B',4,'2026-02-23 19:48:28');
+/*!40000 ALTER TABLE `tables` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `user_groups`
+--
+
+DROP TABLE IF EXISTS `user_groups`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `user_groups` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `permissions` text DEFAULT NULL,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `user_groups`
+--
+
+LOCK TABLES `user_groups` WRITE;
+/*!40000 ALTER TABLE `user_groups` DISABLE KEYS */;
+INSERT INTO `user_groups` VALUES
+(1,'Administrator','all','2026-02-23 18:56:57'),
+(2,'Administrator','all','2026-02-23 19:40:07'),
+(3,'Manager','manage_orders,manage_products,manage_reports','2026-02-23 19:40:07'),
+(4,'Cashier','pos_view,pos_add,pos_del,kitchen_view,kitchen_add,kitchen_del,products_view,categories_view','2026-02-23 19:40:07'),
+(5,'Waiter','pos','2026-02-23 19:40:07');
+/*!40000 ALTER TABLE `user_groups` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `user_outlets`
+--
+
+DROP TABLE IF EXISTS `user_outlets`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `user_outlets` (
+  `user_id` int(11) NOT NULL,
+  `outlet_id` int(11) NOT NULL,
+  PRIMARY KEY (`user_id`,`outlet_id`),
+  KEY `outlet_id` (`outlet_id`),
+  CONSTRAINT `user_outlets_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE,
+  CONSTRAINT `user_outlets_ibfk_2` FOREIGN KEY (`outlet_id`) REFERENCES `outlets` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `user_outlets`
+--
+
+LOCK TABLES `user_outlets` WRITE;
+/*!40000 ALTER TABLE `user_outlets` DISABLE KEYS */;
+INSERT INTO `user_outlets` VALUES
+(1,1),
+(1,2),
+(1,3),
+(1,4),
+(2,1),
+(3,2);
+/*!40000 ALTER TABLE `user_outlets` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `users`
+--
+
+DROP TABLE IF EXISTS `users`;
+/*!40101 SET @saved_cs_client     = @@character_set_client */;
+/*!40101 SET character_set_client = utf8mb4 */;
+CREATE TABLE `users` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `group_id` int(11) DEFAULT NULL,
+  `username` varchar(255) NOT NULL,
+  `password` varchar(255) NOT NULL,
+  `full_name` varchar(255) DEFAULT NULL,
+  `employee_id` varchar(50) DEFAULT NULL,
+  `email` varchar(255) DEFAULT NULL,
+  `profile_pic` varchar(255) DEFAULT NULL,
+  `is_active` tinyint(1) DEFAULT 1,
+  `is_ratable` tinyint(1) DEFAULT 0,
+  `created_at` timestamp NULL DEFAULT current_timestamp(),
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `username` (`username`),
+  UNIQUE KEY `employee_id` (`employee_id`),
+  UNIQUE KEY `email` (`email`),
+  KEY `group_id` (`group_id`),
+  CONSTRAINT `users_ibfk_1` FOREIGN KEY (`group_id`) REFERENCES `user_groups` (`id`) ON DELETE SET NULL
+) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `users`
+--
+
+LOCK TABLES `users` WRITE;
+/*!40000 ALTER TABLE `users` DISABLE KEYS */;
+INSERT INTO `users` VALUES
+(1,1,'admin','$2y$10$52ZJ3bcFXYY8B7pcWL/9LeY90Fd3M1eAIolOGG.XpXa50zBmwFSuS','Super Admin',NULL,NULL,NULL,1,0,'2026-02-23 18:56:57'),
+(2,2,'cashier1','$2y$10$2.LYIJUOfkoiqkjtLtPe3uMLAAF6o4WmjinqXAuuWt72EYeQ8ZMQG','Alice Cashier',NULL,NULL,NULL,1,0,'2026-02-23 19:48:28'),
+(3,3,'waiter1','$2y$10$2.LYIJUOfkoiqkjtLtPe3uMLAAF6o4WmjinqXAuuWt72EYeQ8ZMQG','Bob Waiter',NULL,NULL,NULL,1,0,'2026-02-23 19:48:28');
+/*!40000 ALTER TABLE `users` ENABLE KEYS */;
+UNLOCK TABLES;
+/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
+
+/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
+/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
+/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
+/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
+
+-- Dump completed on 2026-02-24  5:11:44