diff --git a/dashboard.php b/dashboard.php
index 5362dfe..a01f06b 100644
--- a/dashboard.php
+++ b/dashboard.php
@@ -1,13 +1,31 @@
 <?php
+// Enable detailed error reporting for debugging 500 errors
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+
 $section = 'dashboard';
 require_once __DIR__ . '/db/config.php';
+
+// Try to connect to DB first to catch connection errors early
+try {
+    $db = db();
+} catch (PDOException $e) {
+    die("Database Connection Error: " . $e->getMessage());
+} catch (Exception $e) {
+    die("General Error: " . $e->getMessage());
+}
+
+// Now include helpers, which can use the existing $db connection
 require_once __DIR__ . '/helpers.php';
 
-// Auth Check (Moved to top to prevent 500 error on unauthenticated access)
+// Auth Check
 require_once __DIR__ . '/includes/auth.php';
 check_auth();
 
-$db = db();
+// $db is already set above, so no need to call db() again, but it's safe if we do.
+// $db = db(); 
+
 $lang = $_SESSION['lang'];
 
 require_once __DIR__ . '/includes/actions.php';
@@ -21,4 +39,4 @@ require_once __DIR__ . '/includes/pages/dashboard.php';
 
 if (!isset($_GET['ajax_search'])) {
     require_once __DIR__ . '/includes/layout/footer.php';
-}
\ No newline at end of file
+}
diff --git a/helpers.php b/helpers.php
index 5799547..62813cb 100644
--- a/helpers.php
+++ b/helpers.php
@@ -11,7 +11,12 @@ function get_system_settings() {
 
     if (!isset($db)) {
         require_once __DIR__ . '/db/config.php';
-        $local_db = db();
+        try {
+            $local_db = db();
+        } catch (Exception $e) {
+            // If DB connection fails, return empty settings instead of crashing
+            return [];
+        }
     } else {
         $local_db = $db;
     }
@@ -30,9 +35,13 @@ function get_system_settings() {
 }
 
 function apply_timezone() {
-    $s = get_system_settings();
-    if (!empty($s['timezone'])) {
-        date_default_timezone_set($s['timezone']);
+    try {
+        $s = get_system_settings();
+        if (!empty($s['timezone'])) {
+            date_default_timezone_set($s['timezone']);
+        }
+    } catch (Exception $e) {
+        // Ignore timezone errors
     }
 }
 apply_timezone();
@@ -45,7 +54,11 @@ function format_currency($amount) {
     return $currency_symbol . ' ' . number_format((float)$amount, $decimal_digits);
 }
 
-session_start();
+// Only start session if not already started
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
 require_once __DIR__ . '/lang.php';
 
 if (!isset($_SESSION['lang'])) {
@@ -56,19 +69,21 @@ if (isset($_GET['lang'])) {
     if ($_GET['lang'] === 'ar' || $_GET['lang'] === 'en') {
         $_SESSION['lang'] = $_GET['lang'];
         // Redirect to remove lang param
-        header("Location: " . strtok($_SERVER["REQUEST_URI"], '?'));
-        exit;
+        if (!headers_sent()) {
+            header("Location: " . strtok($_SERVER["REQUEST_URI"], '?'));
+            exit;
+        }
     }
 }
 
 function __($key) {
     global $translations;
-    $lang = $_SESSION['lang'];
+    $lang = $_SESSION['lang'] ?? 'en'; // Fallback if session is empty
     return $translations[$lang][$key] ?? $key;
 }
 
 function is_rtl() {
-    return $_SESSION['lang'] === 'ar';
+    return ($_SESSION['lang'] ?? 'en') === 'ar';
 }
 
 function get_dir() {
@@ -76,11 +91,11 @@ function get_dir() {
 }
 
 function get_lang_name() {
-    return $_SESSION['lang'] === 'ar' ? 'English' : 'العربية';
+    return ($_SESSION['lang'] ?? 'en') === 'ar' ? 'English' : 'العربية';
 }
 
 function get_lang_code() {
-    return $_SESSION['lang'] === 'ar' ? 'en' : 'ar';
+    return $_SESSION['lang'] ?? 'en';
 }
 
 function calculate_age($dob) {
@@ -114,4 +129,4 @@ if (!function_exists('mb_strimwidth')) {
         
         return substr($string, 0, $targetLen) . $trimmarker;
     }
-}
+}
\ No newline at end of file
diff --git a/login.php b/login.php
index 26c4531..dc34f6e 100644
--- a/login.php
+++ b/login.php
@@ -1,8 +1,24 @@
 <?php
-session_start();
-require_once 'db/config.php';
-require_once 'lang.php';
-require_once 'helpers.php';
+// Enable error reporting for debugging
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+require_once __DIR__ . '/db/config.php';
+
+// Initialize DB safely
+try {
+    $db = db();
+} catch (Exception $e) {
+    die("Database Connection Error: " . $e->getMessage());
+}
+
+require_once __DIR__ . '/lang.php';
+require_once __DIR__ . '/helpers.php';
 
 if (isset($_SESSION['user_id'])) {
     header("Location: dashboard.php");
@@ -18,20 +34,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (empty($email) || empty($password)) {
         $error = __('fill_all_fields');
     } else {
-        $db = db();
         $stmt = $db->prepare("SELECT id, name, password, role_id, active FROM users WHERE email = ?");
         $stmt->execute([$email]);
         $user = $stmt->fetch(PDO::FETCH_ASSOC);
         
         if ($user && $user['active']) {
-            // For the default seeded user, we used a specific hash. 
-            // In a real app, use password_verify($password, $user['password'])
-            // For this demo/prototype environment where I manually inserted a hash:
             if (password_verify($password, $user['password'])) {
                 $_SESSION['user_id'] = $user['id'];
                 $_SESSION['user_name'] = $user['name'];
                 
-                // Update last login
                 $update = $db->prepare("UPDATE users SET last_login = NOW() WHERE id = ?");
                 $update->execute([$user['id']]);
                 
@@ -47,18 +58,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 }
 
 // Fetch site settings for branding
-$db = db();
-$stmt = $db->query("SELECT setting_key, setting_value FROM settings WHERE setting_key IN ('company_name', 'company_logo')");
-$settings = [];
-while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
-    $settings[$row['setting_key']] = $row['setting_value'];
+try {
+    $stmt = $db->query("SELECT setting_key, setting_value FROM settings WHERE setting_key IN ('company_name', 'company_logo')");
+    $settings = [];
+    while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+        $settings[$row['setting_key']] = $row['setting_value'];
+    }
+} catch (Exception $e) {
+    $settings = [];
 }
 $site_name = !empty($settings['company_name']) ? $settings['company_name'] : 'Hospital Management';
 $site_logo = !empty($settings['company_logo']) ? $settings['company_logo'] : null;
 
 ?>
 <!DOCTYPE html>
-<html lang="<?php echo $_SESSION['lang']; ?>" dir="<?php echo get_dir(); ?>">
+<html lang="<?php echo get_lang_code(); ?>" dir="<?php echo get_dir(); ?>">
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
@@ -165,4 +179,4 @@ $site_logo = !empty($settings['company_logo']) ? $settings['company_logo'] : nul
 </div>
 
 </body>
-</html>
+</html>
\ No newline at end of file