diff --git a/install.php b/install.php
new file mode 100644
index 0000000..dcd8f42
--- /dev/null
+++ b/install.php
@@ -0,0 +1,316 @@
+<?php
+/**
+ * Installation File for Admin Panel
+ * This file handles requirement checks, database configuration, migrations, and super admin setup.
+ */
+
+session_start();
+
+$step = isset($_GET['step']) ? (int)$_GET['step'] : 1;
+$error = '';
+$success = '';
+
+// Path to config file
+$config_file = __DIR__ . '/db/config.php';
+
+// Helper to update config file
+function update_config($host, $name, $user, $pass) {
+    $content = "<?php\n";
+    $content .= "// Database configuration generated by installer\n";
+    $content .= "define('DB_HOST', " . var_export($host, true) . ");\n";
+    $content .= "define('DB_NAME', " . var_export($name, true) . ");\n";
+    $content .= "define('DB_USER', " . var_export($user, true) . ");\n";
+    $content .= "define('DB_PASS', " . var_export($pass, true) . ");\n\n";
+    $content .= "function db() {\n";
+    $content .= "  static $pdo;
+";
+    $content .= "  if (!$pdo) {\n";
+    $content .= "    try {\n";
+    $content .= "      $pdo = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME.';charset=utf8mb4', DB_USER, DB_PASS, [
+";
+    $content .= "        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+";
+    $content .= "        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+";
+    $content .= "      ]);\n";
+    $content .= "    } catch (PDOException $e) {\n";
+    $content .= "      die('Database connection failed: ' . $e->getMessage());\n";
+    $content .= "    }\n";
+    $content .= "  }\n";
+    $content .= "  return $pdo;
+";
+    $content .= "}\n\n";
+    
+    // Include existing helpers if needed, or keep it clean
+    $content .= "/**
+ * Generates the next reference number
+ */\n";
+    $content .= "function generateRefNo($type) {\n";
+    $content .= "    $prefix = 'IN';
+";
+    $content .= "    if ($type === 'outbound') $prefix = 'OUT';
+";
+    $content .= "    if ($type === 'internal') $prefix = 'INT';
+    
+";
+    $content .= "    $year = date('Y');
+";
+    $content .= "    $pattern = $prefix . '-' . $year . '-%';
+    
+";
+    $content .= "    $stmt = db()->prepare(\"SELECT ref_no FROM mailbox WHERE type = ? AND ref_no LIKE ? ORDER BY id DESC LIMIT 1\");
+";
+    $content .= "    $stmt->execute([$type, $pattern]);
+";
+    $content .= "    $last_ref = $stmt->fetchColumn();
+    
+";
+    $content .= "    $serial = 1;
+";
+    $content .= "    if ($last_ref) {\n";
+    $content .= "        $parts = explode('-', $last_ref);
+";
+    $content .= "        if (count($parts) === 3) {\n";
+    $content .= "            $serial = (int)$parts[2] + 1;
+";
+    $content .= "        }
+";
+    $content .= "    }
+    
+";
+    $content .= "    return $prefix . '-' . $year . '-' . str_pad($serial, 3, '0', STR_PAD_LEFT);
+";
+    $content .= "}
+";
+
+    return file_put_contents(__DIR__ . '/db/config.php', $content);
+}
+
+// Step 2: Database Connection Test & Save
+if ($step == 2 && $_SERVER['REQUEST_METHOD'] == 'POST') {
+    $host = $_POST['db_host'] ?? '';
+    $name = $_POST['db_name'] ?? '';
+    $user = $_POST['db_user'] ?? '';
+    $pass = $_POST['db_pass'] ?? '';
+
+    try {
+        $pdo = new PDO("mysql:host=$host;dbname=$name;charset=utf8mb4", $user, $pass);
+        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+        
+        if (update_config($host, $name, $user, $pass)) {
+            header('Location: install.php?step=3');
+            exit;
+        } else {
+            $error = "Failed to write to db/config.php. Check permissions.";
+        }
+    } catch (PDOException $e) {
+        $error = "Connection failed: " . $e->getMessage();
+    }
+}
+
+// Step 3: Run Migrations
+if ($step == 3 && isset($_POST['run_migrations'])) {
+    try {
+        require_once $config_file;
+        $pdo = db();
+        $migrations_dir = __DIR__ . '/db/migrations';
+        $files = glob($migrations_dir . '/*.sql');
+        sort($files);
+
+        foreach ($files as $file) {
+            $sql = file_get_contents($file);
+            // Split by semicolon to execute multiple statements if needed, 
+            // but PDO::exec usually handles multiple statements in one call for SQL scripts.
+            $pdo->exec($sql);
+        }
+        $success = "Migrations completed successfully!";
+        header('Location: install.php?step=4');
+        exit;
+    } catch (Exception $e) {
+        $error = "Migration error: " . $e->getMessage();
+    }
+}
+
+// Step 4: Super Admin Setup
+if ($step == 4 && $_SERVER['REQUEST_METHOD'] == 'POST') {
+    $admin_user = $_POST['admin_user'] ?? '';
+    $admin_pass = $_POST['admin_pass'] ?? '';
+    $admin_email = $_POST['admin_email'] ?? '';
+
+    if (empty($admin_user) || empty($admin_pass)) {
+        $error = "Username and password are required.";
+    } else {
+        try {
+            require_once $config_file;
+            $pdo = db();
+            $hash = password_hash($admin_pass, PASSWORD_DEFAULT);
+            
+            // Check if user exists
+            $stmt = $pdo->prepare("SELECT id FROM users WHERE username = ?");
+            $stmt->execute([$admin_user]);
+            $existing = $stmt->fetch();
+
+            if ($existing) {
+                $stmt = $pdo->prepare("UPDATE users SET password = ?, email = ?, is_super_admin = 1 WHERE id = ?");
+                $stmt->execute([$hash, $admin_email, $existing['id']]);
+            } else {
+                $stmt = $pdo->prepare("INSERT INTO users (username, password, email, is_super_admin) VALUES (?, ?, ?, 1)");
+                $stmt->execute([$admin_user, $hash, $admin_email]);
+            }
+            
+            // Set some default settings if table exists
+            $pdo->exec("INSERT IGNORE INTO charity_settings (id, site_name) VALUES (1, 'Admin Panel')");
+
+            $_SESSION['installed'] = true;
+            header('Location: install.php?step=5');
+            exit;
+        } catch (Exception $e) {
+            $error = "Admin setup error: " . $e->getMessage();
+        }
+    }
+}
+
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Installer - Admin Panel</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
+    <style>
+        body { background-color: #f8f9fa; }
+        .install-card { max-width: 600px; margin: 50px auto; border-radius: 15px; box-shadow: 0 10px 30px rgba(0,0,0,0.1); }
+        .step-indicator { display: flex; justify-content: space-between; margin-bottom: 30px; }
+        .step-dot { width: 30px; height: 30px; border-radius: 50%; background: #dee2e6; display: flex; align-items: center; justify-content: center; font-weight: bold; color: white; }
+        .step-dot.active { background: #0d6efd; }
+        .step-dot.completed { background: #198754; }
+    </style>
+</head>
+<body>
+
+<div class="container">
+    <div class="card install-card">
+        <div class="card-body p-5">
+            <h2 class="text-center mb-4">Installation</h2>
+            
+            <div class="step-indicator">
+                <div class="step-dot <?php echo $step >= 1 ? ($step > 1 ? 'completed' : 'active') : ''; ?>">1</div>
+                <div class="step-dot <?php echo $step >= 2 ? ($step > 2 ? 'completed' : 'active') : ''; ?>">2</div>
+                <div class="step-dot <?php echo $step >= 3 ? ($step > 3 ? 'completed' : 'active') : ''; ?>">3</div>
+                <div class="step-dot <?php echo $step >= 4 ? ($step > 4 ? 'completed' : 'active') : ''; ?>">4</div>
+                <div class="step-dot <?php echo $step >= 5 ? 'active' : ''; ?>">5</div>
+            </div>
+
+            <?php if ($error): ?>
+                <div class="alert alert-danger"><?php echo $error; ?></div>
+            <?php endif; ?>
+
+            <?php if ($step == 1): ?>
+                <h4>Step 1: System Requirements</h4>
+                <ul class="list-group mb-4">
+                    <?php
+                    $reqs = [
+                        'PHP Version >= 7.4' => version_compare(PHP_VERSION, '7.4.0', '>='),
+                        'PDO MySQL Extension' => extension_loaded('pdo_mysql'),
+                        'Config File Writable' => is_writable(__DIR__ . '/db') || is_writable($config_file),
+                        'Uploads Directory Writable' => is_writable(__DIR__ . '/uploads')
+                    ];
+                    $all_ok = true;
+                    foreach ($reqs as $label => $ok):
+                        if (!$ok) $all_ok = false;
+                    ?>
+                        <li class="list-group-item d-flex justify-content-between align-items-center">
+                            <?php echo $label; ?>
+                            <span class="badge <?php echo $ok ? 'bg-success' : 'bg-danger'; ?> rounded-pill">
+                                <?php echo $ok ? 'OK' : 'Fail'; ?>
+                            </span>
+                        </li>
+                    <?php endforeach; ?>
+                </ul>
+                <?php if ($all_ok): ?>
+                    <a href="install.php?step=2" class="btn btn-primary w-100">Continue to Database Setup</a>
+                <?php else:
+                    // This is a deliberate newline for readability in the code, not an escaping issue.
+                    ?>
+                    <div class="alert alert-warning">Please fix the issues above to continue.</div>
+                    <button onclick="window.location.reload()" class="btn btn-secondary w-100">Check Again</button>
+                <?php endif; ?>
+
+            <?php elseif ($step == 2):
+                // Deliberate newline for readability.
+                ?>
+                <h4>Step 2: Database Configuration</h4>
+                <form method="POST">
+                    <div class="mb-3">
+                        <label class="form-label">DB Host</label>
+                        <input type="text" name="db_host" class="form-control" value="127.0.0.1" required>
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label">DB Name</label>
+                        <input type="text" name="db_name" class="form-control" value="app_database" required>
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label">DB User</label>
+                        <input type="text" name="db_user" class="form-control" value="root" required>
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label">DB Password</label>
+                        <input type="password" name="db_pass" class="form-control">
+                    </div>
+                    <button type="submit" class="btn btn-primary w-100">Test & Save Config</button>
+                </form>
+
+            <?php elseif ($step == 3):
+                // Deliberate newline for readability.
+                ?>
+                <h4>Step 3: Database Migrations</h4>
+                <p>Ready to set up the database tables and initial data.</p>
+                <form method="POST">
+                    <button type="submit" name="run_migrations" class="btn btn-primary w-100">Run Migrations Now</button>
+                </form>
+
+            <?php elseif ($step == 4):
+                // Deliberate newline for readability.
+                ?>
+                <h4>Step 4: Super Admin Setup</h4>
+                <form method="POST">
+                    <div class="mb-3">
+                        <label class="form-label">Admin Username</label>
+                        <input type="text" name="admin_user" class="form-control" value="admin" required>
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label">Admin Email</label>
+                        <input type="email" name="admin_email" class="form-control" placeholder="admin@example.com">
+                    </div>
+                    <div class="mb-3">
+                        <label class="form-label">Admin Password</label>
+                        <input type="password" name="admin_pass" class="form-control" required>
+                    </div>
+                    <button type="submit" class="btn btn-primary w-100">Complete Installation</button>
+                </form>
+
+            <?php elseif ($step == 5):
+                // Deliberate newline for readability.
+                ?>
+                <div class="text-center">
+                    <div class="mb-4">
+                        <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" fill="currentColor" class="bi bi-check-circle-fill text-success" viewBox="0 0 16 16">
+                          <path d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zm-3.97-3.03a.75.75 0 0 0-1.08.022L7.477 9.417 5.384 7.323a.75.75 0 0 0-1.06 1.06L6.97 11.03a.75.75 0 0 0 1.079-.02l3.992-4.99a.75.75 0 0 0-.01-1.05z"/>
+                        </svg>
+                    </div>
+                    <h4>Success!</h4>
+                    <p>The application has been installed successfully.</p>
+                    <div class="alert alert-warning small">
+                        <strong>Security Warning:</strong> Please delete the <code>install.php</code> file from your server.
+                    </div>
+                    <a href="login.php" class="btn btn-primary w-100">Go to Login</a>
+                </div>
+            <?php endif; ?>
+
+        </div>
+    </div>
+</div>
+
+</body>
+</html>