Initial dev export (exclude uploads/runtime)

2026-03-04 20:46:11 +00:00
commit b2afadd539
120 changed files with 20410 additions and 0 deletions
--- a/modules/admin/views/account_new.php
+++ b/modules/admin/views/account_new.php
@@ -0,0 +1,45 @@
+<?php
+$pageTitle = 'New Account';
+$error = $error ?? '';
+ob_start();
+?>
+<section class="admin-card">
+  <div class="badge">Accounts</div>
+  <div style="display:flex; align-items:center; justify-content:space-between; gap:16px; margin-top:16px;">
+    <div>
+      <h1 style="font-size:28px; margin:0;">New Account</h1>
+      <p style="color: var(--muted); margin-top:6px;">Create an admin, manager, or editor account.</p>
+    </div>
+    <a href="/admin/accounts" class="btn outline small">Back</a>
+  </div>
+
+  <?php if ($error): ?>
+    <div style="margin-top:16px; color:#f3b0b0; font-size:13px;"><?= htmlspecialchars($error, ENT_QUOTES, 'UTF-8') ?></div>
+  <?php endif; ?>
+
+  <form method="post" action="/admin/accounts/save" style="margin-top:18px; display:grid; gap:16px;">
+    <div class="admin-card" style="padding:16px;">
+      <div style="display:grid; gap:12px;">
+        <label class="label">Name</label>
+        <input class="input" name="name" placeholder="Name">
+        <label class="label">Email</label>
+        <input class="input" name="email" placeholder="name@example.com">
+        <label class="label">Password</label>
+        <input class="input" type="password" name="password" placeholder="Password">
+        <label class="label">Role</label>
+        <select class="input" name="role">
+          <option value="admin">Admin</option>
+          <option value="manager">Manager</option>
+          <option value="editor">Editor</option>
+        </select>
+      </div>
+    </div>
+
+    <div style="display:flex; justify-content:flex-end;">
+      <button type="submit" class="btn">Create account</button>
+    </div>
+  </form>
+</section>
+<?php
+$content = ob_get_clean();
+require __DIR__ . '/layout.php';
--- a/modules/admin/views/accounts.php
+++ b/modules/admin/views/accounts.php
@@ -0,0 +1,75 @@
+<?php
+$pageTitle = 'Accounts';
+$users = $users ?? [];
+$error = $error ?? '';
+ob_start();
+?>
+<section class="admin-card">
+  <div class="badge">Accounts</div>
+  <div style="display:flex; align-items:center; justify-content:space-between; gap:16px; margin-top:16px;">
+    <div>
+      <h1 style="font-size:28px; margin:0;">Accounts</h1>
+      <p style="color: var(--muted); margin-top:6px;">Manage admin access and roles.</p>
+    </div>
+    <a href="/admin/accounts/new" class="btn small">New Account</a>
+  </div>
+
+  <?php if ($error): ?>
+    <div style="margin-top:16px; color:#f3b0b0; font-size:13px;"><?= htmlspecialchars($error, ENT_QUOTES, 'UTF-8') ?></div>
+  <?php endif; ?>
+
+  <div style="margin-top:18px; display:grid; gap:12px;">
+    <div class="badge" style="opacity:0.7;">Permissions</div>
+    <div style="display:grid; grid-template-columns: 1.2fr repeat(3, 1fr); gap:12px; font-size:11px; color:var(--muted); text-transform:uppercase; letter-spacing:0.2em;">
+      <div>Capability</div>
+      <div>Admin</div>
+      <div>Manager</div>
+      <div>Editor</div>
+    </div>
+    <div style="display:grid; grid-template-columns: 1.2fr repeat(3, 1fr); gap:12px; align-items:center; padding:10px 12px; border-radius:16px; border:1px solid var(--stroke); background: rgba(14,14,16,0.9);">
+      <div>Full access</div>
+      <div style="color:var(--accent-2); font-weight:600;">✓</div>
+      <div style="color:#f3b0b0;">✕</div>
+      <div style="color:#f3b0b0;">✕</div>
+    </div>
+    <div style="display:grid; grid-template-columns: 1.2fr repeat(3, 1fr); gap:12px; align-items:center; padding:10px 12px; border-radius:16px; border:1px solid var(--stroke); background: rgba(14,14,16,0.9);">
+      <div>Restricted modules</div>
+      <div style="color:var(--accent-2); font-weight:600;">✓</div>
+      <div style="color:var(--accent-2); font-weight:600;">✓</div>
+      <div style="color:#f3b0b0;">✕</div>
+    </div>
+    <div style="display:grid; grid-template-columns: 1.2fr repeat(3, 1fr); gap:12px; align-items:center; padding:10px 12px; border-radius:16px; border:1px solid var(--stroke); background: rgba(14,14,16,0.9);">
+      <div>Edit pages</div>
+      <div style="color:var(--accent-2); font-weight:600;">✓</div>
+      <div style="color:var(--accent-2); font-weight:600;">✓</div>
+      <div style="color:var(--accent-2); font-weight:600;">✓</div>
+    </div>
+  </div>
+
+  <div style="margin-top:24px; display:grid; gap:10px;">
+    <div style="display:grid; grid-template-columns: 1.4fr 1.2fr 160px 140px; gap:12px; font-size:11px; color:var(--muted); text-transform:uppercase; letter-spacing:0.2em;">
+      <div>Name</div>
+      <div>Email</div>
+      <div>Role</div>
+      <div>Actions</div>
+    </div>
+    <?php if (!$users): ?>
+      <div style="color: var(--muted); font-size:13px;">No accounts yet.</div>
+    <?php else: ?>
+      <?php foreach ($users as $user): ?>
+        <div style="display:grid; grid-template-columns: 1.4fr 1.2fr 160px 140px; gap:12px; align-items:center; padding:10px 12px; border-radius:16px; border:1px solid var(--stroke); background: rgba(14,14,16,0.9);">
+          <div style="font-weight:600;"><?= htmlspecialchars((string)($user['name'] ?? ''), ENT_QUOTES, 'UTF-8') ?></div>
+          <div style="font-size:12px; color:var(--muted);"><?= htmlspecialchars((string)($user['email'] ?? ''), ENT_QUOTES, 'UTF-8') ?></div>
+          <div style="text-transform:uppercase; font-size:12px; color:var(--accent);"><?= htmlspecialchars((string)($user['role'] ?? ''), ENT_QUOTES, 'UTF-8') ?></div>
+          <form method="post" action="/admin/accounts/delete" onsubmit="return confirm('Delete this account?');">
+            <input type="hidden" name="id" value="<?= (int)($user['id'] ?? 0) ?>">
+            <button type="submit" class="btn outline small">Delete</button>
+          </form>
+        </div>
+      <?php endforeach; ?>
+    <?php endif; ?>
+  </div>
+</section>
+<?php
+$content = ob_get_clean();
+require __DIR__ . '/layout.php';
--- a/modules/admin/views/crons.php
+++ b/modules/admin/views/crons.php
@@ -0,0 +1,87 @@
+<?php
+$pageTitle = 'Cron Jobs';
+$storeEnabled = (bool)($store_enabled ?? false);
+$supportEnabled = (bool)($support_enabled ?? false);
+$storeCron = is_array($store_cron ?? null) ? $store_cron : null;
+$supportCron = is_array($support_cron ?? null) ? $support_cron : null;
+ob_start();
+?>
+<section class="admin-card">
+  <div class="badge">Automation</div>
+  <div style="display:flex; align-items:flex-end; justify-content:space-between; gap:14px; margin-top:14px;">
+    <div>
+      <h1 style="margin:0; font-size:30px;">Cron Jobs</h1>
+      <p style="margin:8px 0 0; color:var(--muted); max-width:780px;">Cron jobs run server tasks in the background. Use them when tasks must run reliably without waiting for page visits.</p>
+    </div>
+  </div>
+
+  <div class="admin-card" style="margin-top:14px; padding:12px 14px; border-radius:12px;">
+    <div style="display:grid; gap:6px; font-size:13px; color:var(--muted);">
+      <div><strong style="color:#f5f7ff;">Support IMAP Sync:</strong> <span style="color:#ffcf9a;">Required</span> if you want email replies imported into tickets.</div>
+      <div><strong style="color:#f5f7ff;">Store Sales Chart:</strong> <span style="color:#9ff8d8;">Recommended</span> for predictable chart refresh and lower request-time work.</div>
+    </div>
+  </div>
+
+  <?php if (!$storeEnabled && !$supportEnabled): ?>
+    <article class="admin-card" style="margin-top:14px; padding:12px 14px; border-radius:12px;">
+      <div style="font-size:13px; color:var(--muted);">Enable Store and/or Support plugin to show cron commands here.</div>
+    </article>
+  <?php else: ?>
+    <div style="display:grid; gap:12px; margin-top:14px;">
+      <?php foreach ([$storeCron, $supportCron] as $job): ?>
+        <?php if (!is_array($job)) { continue; } ?>
+        <article class="admin-card" style="padding:12px 14px; border-radius:12px; display:grid; gap:10px;">
+          <div style="display:flex; align-items:center; justify-content:space-between; gap:10px;">
+            <div>
+              <div style="font-size:11px; letter-spacing:0.2em; text-transform:uppercase; color:var(--muted);"><?= htmlspecialchars((string)($job['title'] ?? ''), ENT_QUOTES, 'UTF-8') ?></div>
+              <div style="color:var(--muted); font-size:13px; margin-top:6px;"><?= htmlspecialchars((string)($job['description'] ?? ''), ENT_QUOTES, 'UTF-8') ?></div>
+            </div>
+            <span class="pill"><?= htmlspecialchars((string)($job['interval'] ?? ''), ENT_QUOTES, 'UTF-8') ?></span>
+          </div>
+
+          <div style="display:grid; grid-template-columns:1fr auto; gap:8px; align-items:center;">
+            <input class="input" value="<?= htmlspecialchars((string)($job['key'] ?? ''), ENT_QUOTES, 'UTF-8') ?>" readonly>
+            <form method="post" action="<?= htmlspecialchars((string)($job['regen_action'] ?? ''), ENT_QUOTES, 'UTF-8') ?>">
+              <?php foreach ((array)($job['regen_fields'] ?? []) as $k => $v): ?>
+                <input type="hidden" name="<?= htmlspecialchars((string)$k, ENT_QUOTES, 'UTF-8') ?>" value="<?= htmlspecialchars((string)$v, ENT_QUOTES, 'UTF-8') ?>">
+              <?php endforeach; ?>
+              <button class="btn outline small" type="submit">Regenerate Key</button>
+            </form>
+          </div>
+
+          <input class="input cron-url" value="<?= htmlspecialchars((string)($job['url'] ?? ''), ENT_QUOTES, 'UTF-8') ?>" readonly>
+
+          <div style="display:grid; grid-template-columns:1fr auto; gap:8px; align-items:start;">
+            <textarea class="input cron-command" rows="2" style="resize:vertical; font-family:'IBM Plex Mono', monospace; font-size:12px; line-height:1.5;" readonly><?= htmlspecialchars((string)($job['command'] ?? ''), ENT_QUOTES, 'UTF-8') ?></textarea>
+            <button class="btn outline small copy-cron-btn" type="button">Copy</button>
+          </div>
+        </article>
+      <?php endforeach; ?>
+    </div>
+  <?php endif; ?>
+</section>
+
+<script>
+(function(){
+  const buttons = Array.from(document.querySelectorAll('.copy-cron-btn'));
+  buttons.forEach((btn) => {
+    btn.addEventListener('click', async () => {
+      const wrap = btn.closest('article');
+      const input = wrap ? wrap.querySelector('.cron-command') : null;
+      if (!input) return;
+      try {
+        await navigator.clipboard.writeText(input.value);
+        const prev = btn.textContent;
+        btn.textContent = 'Copied';
+        setTimeout(() => { btn.textContent = prev; }, 1200);
+      } catch (e) {
+        input.focus();
+        input.select();
+      }
+    });
+  });
+})();
+</script>
+<?php
+$content = ob_get_clean();
+require __DIR__ . '/layout.php';
--- a/modules/admin/views/dashboard.php
+++ b/modules/admin/views/dashboard.php
@@ -0,0 +1,15 @@
+<?php
+$pageTitle = 'Admin';
+ob_start();
+?>
+<section class="card">
+  <div class="badge">Admin</div>
+  <h1 style="margin-top:16px; font-size:28px;">Welcome</h1>
+  <p style="color:var(--muted);">Admin module is live. Use Settings to update the footer text.</p>
+  <div style="margin-top:16px;">
+    <a href="/admin/settings" class="btn">Settings</a>
+  </div>
+</section>
+<?php
+$content = ob_get_clean();
+require __DIR__ . '/layout.php';
--- a/modules/admin/views/installer.php
+++ b/modules/admin/views/installer.php
@@ -0,0 +1,185 @@
+<?php
+$pageTitle = 'Installer';
+$step = (int)($step ?? 1);
+$values = is_array($values ?? null) ? $values : [];
+$smtpResult = is_array($smtp_result ?? null) ? $smtp_result : [];
+$checks = is_array($checks ?? null) ? $checks : [];
+
+$val = static function (string $key, string $default = '') use ($values): string {
+    return (string)($values[$key] ?? $default);
+};
+
+ob_start();
+?>
+<section class="card" style="max-width:980px; margin:0 auto;">
+  <div class="badge">Setup</div>
+  <h1 style="margin:16px 0 6px; font-size:30px;">AudioCore V1.5 Installer</h1>
+  <p style="margin:0; color:rgba(235,241,255,.75);">Deploy a fresh instance with validated SMTP and baseline health checks.</p>
+
+  <div style="display:flex; gap:10px; margin-top:18px; flex-wrap:wrap;">
+    <div style="padding:8px 12px; border-radius:999px; border:1px solid rgba(255,255,255,.16); background:<?= $step === 1 ? 'rgba(57,244,179,.18)' : 'rgba(255,255,255,.03)' ?>;">
+      <span style="font-size:11px; letter-spacing:.18em; text-transform:uppercase;">1. Core Setup</span>
+    </div>
+    <div style="padding:8px 12px; border-radius:999px; border:1px solid rgba(255,255,255,.16); background:<?= $step === 2 ? 'rgba(57,244,179,.18)' : 'rgba(255,255,255,.03)' ?>;">
+      <span style="font-size:11px; letter-spacing:.18em; text-transform:uppercase;">2. Site + SMTP</span>
+    </div>
+  </div>
+
+  <?php if (!empty($error)): ?>
+    <div style="margin-top:16px; border:1px solid rgba(255,124,124,.45); background:rgba(180,40,40,.18); border-radius:12px; padding:12px 14px; color:#ffd6d6;">
+      <?= htmlspecialchars((string)$error, ENT_QUOTES, 'UTF-8') ?>
+    </div>
+  <?php endif; ?>
+  <?php if (!empty($success)): ?>
+    <div style="margin-top:16px; border:1px solid rgba(57,244,179,.45); background:rgba(10,90,60,.22); border-radius:12px; padding:12px 14px; color:#b8ffe5;">
+      <?= htmlspecialchars((string)$success, ENT_QUOTES, 'UTF-8') ?>
+    </div>
+  <?php endif; ?>
+
+  <?php if ($step === 1): ?>
+    <form method="post" action="/admin/install" style="margin-top:18px; display:grid; gap:14px;">
+      <input type="hidden" name="installer_action" value="setup_core">
+      <div style="display:grid; grid-template-columns:repeat(auto-fit,minmax(220px,1fr)); gap:12px;">
+        <div>
+          <label>DB Host *</label>
+          <input class="input" name="db_host" value="<?= htmlspecialchars($val('db_host', 'localhost'), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>DB Port *</label>
+          <input class="input" name="db_port" value="<?= htmlspecialchars($val('db_port', '3306'), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>DB Name *</label>
+          <input class="input" name="db_name" value="<?= htmlspecialchars($val('db_name', ''), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>DB User *</label>
+          <input class="input" name="db_user" value="<?= htmlspecialchars($val('db_user', ''), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div style="grid-column:1/-1;">
+          <label>DB Password</label>
+          <input class="input" type="password" name="db_pass" value="">
+        </div>
+      </div>
+
+      <div style="margin-top:6px; padding-top:14px; border-top:1px solid rgba(255,255,255,.1); display:grid; grid-template-columns:repeat(auto-fit,minmax(220px,1fr)); gap:12px;">
+        <div>
+          <label>Admin Name *</label>
+          <input class="input" name="admin_name" value="<?= htmlspecialchars($val('admin_name', 'Admin'), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>Admin Email *</label>
+          <input class="input" type="email" name="admin_email" value="<?= htmlspecialchars($val('admin_email', ''), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>Admin Password *</label>
+          <input class="input" type="password" name="admin_password" value="" placeholder="Minimum 8 characters">
+        </div>
+      </div>
+
+      <div style="display:flex; justify-content:flex-end; margin-top:4px;">
+        <button type="submit" class="button button-primary">Create Core Setup</button>
+      </div>
+    </form>
+  <?php else: ?>
+    <form method="post" action="/admin/install" style="margin-top:18px; display:grid; gap:14px;">
+      <div style="display:grid; grid-template-columns:repeat(auto-fit,minmax(220px,1fr)); gap:12px;">
+        <div>
+          <label>Site Title *</label>
+          <input class="input" name="site_title" value="<?= htmlspecialchars($val('site_title', 'AudioCore V1.5'), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>Site Tagline</label>
+          <input class="input" name="site_tagline" value="<?= htmlspecialchars($val('site_tagline', 'Core CMS for DJs & Producers'), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>SEO Title Suffix</label>
+          <input class="input" name="seo_title_suffix" value="<?= htmlspecialchars($val('seo_title_suffix', 'AudioCore V1.5'), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div style="grid-column:1/-1;">
+          <label>SEO Meta Description</label>
+          <textarea class="input" name="seo_meta_description" rows="3" style="resize:vertical;"><?= htmlspecialchars($val('seo_meta_description', ''), ENT_QUOTES, 'UTF-8') ?></textarea>
+        </div>
+      </div>
+
+      <div style="padding-top:12px; border-top:1px solid rgba(255,255,255,.1); display:grid; grid-template-columns:repeat(auto-fit,minmax(220px,1fr)); gap:12px;">
+        <div>
+          <label>SMTP Host *</label>
+          <input class="input" name="smtp_host" value="<?= htmlspecialchars($val('smtp_host', ''), ENT_QUOTES, 'UTF-8') ?>" placeholder="smtp.example.com">
+        </div>
+        <div>
+          <label>SMTP Port *</label>
+          <input class="input" name="smtp_port" value="<?= htmlspecialchars($val('smtp_port', '587'), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>SMTP User</label>
+          <input class="input" name="smtp_user" value="<?= htmlspecialchars($val('smtp_user', ''), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>SMTP Password</label>
+          <input class="input" type="password" name="smtp_pass" value="<?= htmlspecialchars($val('smtp_pass', ''), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>SMTP Encryption</label>
+          <input class="input" name="smtp_encryption" value="<?= htmlspecialchars($val('smtp_encryption', 'tls'), ENT_QUOTES, 'UTF-8') ?>" placeholder="tls or ssl">
+        </div>
+        <div>
+          <label>SMTP From Email *</label>
+          <input class="input" type="email" name="smtp_from_email" value="<?= htmlspecialchars($val('smtp_from_email', ''), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>SMTP From Name</label>
+          <input class="input" name="smtp_from_name" value="<?= htmlspecialchars($val('smtp_from_name', 'AudioCore V1.5'), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+        <div>
+          <label>Test Recipient Email *</label>
+          <input class="input" type="email" name="smtp_test_email" value="<?= htmlspecialchars($val('smtp_test_email', ''), ENT_QUOTES, 'UTF-8') ?>">
+        </div>
+      </div>
+
+      <?php if (!empty($smtpResult)): ?>
+        <div style="border:1px solid <?= !empty($smtpResult['ok']) ? 'rgba(57,244,179,.45)' : 'rgba(255,124,124,.45)' ?>; background:<?= !empty($smtpResult['ok']) ? 'rgba(10,90,60,.22)' : 'rgba(180,40,40,.18)' ?>; border-radius:12px; padding:12px 14px;">
+          <div style="font-weight:700; margin-bottom:4px; color:<?= !empty($smtpResult['ok']) ? '#b8ffe5' : '#ffd6d6' ?>">
+            <?= !empty($smtpResult['ok']) ? 'SMTP test passed' : 'SMTP test failed' ?>
+          </div>
+          <div style="color:<?= !empty($smtpResult['ok']) ? '#b8ffe5' : '#ffd6d6' ?>;">
+            <?= htmlspecialchars((string)($smtpResult['message'] ?? ''), ENT_QUOTES, 'UTF-8') ?>
+          </div>
+          <?php if (!empty($smtpResult['debug'])): ?>
+            <details style="margin-top:8px;">
+              <summary style="cursor:pointer;">Debug output</summary>
+              <pre style="white-space:pre-wrap; margin-top:8px; font-size:12px; color:#cfd6f5;"><?= htmlspecialchars((string)$smtpResult['debug'], ENT_QUOTES, 'UTF-8') ?></pre>
+            </details>
+          <?php endif; ?>
+        </div>
+      <?php endif; ?>
+
+      <?php if (!empty($checks)): ?>
+        <div style="padding:12px; border:1px solid rgba(255,255,255,.1); border-radius:12px; background:rgba(255,255,255,.02);">
+          <div style="font-size:12px; text-transform:uppercase; letter-spacing:.16em; color:rgba(255,255,255,.65); margin-bottom:10px;">Installer Health Checks</div>
+          <div style="display:grid; gap:8px;">
+            <?php foreach ($checks as $check): ?>
+              <div style="display:flex; gap:10px; align-items:flex-start;">
+                <span style="display:inline-flex; align-items:center; justify-content:center; width:18px; height:18px; border-radius:999px; font-size:12px; margin-top:2px; background:<?= !empty($check['ok']) ? 'rgba(57,244,179,.2)' : 'rgba(255,124,124,.2)' ?>; color:<?= !empty($check['ok']) ? '#9ff8d8' : '#ffb7b7' ?>;">
+                  <?= !empty($check['ok']) ? '✓' : '!' ?>
+                </span>
+                <div>
+                  <div style="font-weight:600;"><?= htmlspecialchars((string)($check['label'] ?? ''), ENT_QUOTES, 'UTF-8') ?></div>
+                  <div style="color:rgba(235,241,255,.65); font-size:13px;"><?= htmlspecialchars((string)($check['detail'] ?? ''), ENT_QUOTES, 'UTF-8') ?></div>
+                </div>
+              </div>
+            <?php endforeach; ?>
+          </div>
+        </div>
+      <?php endif; ?>
+
+      <div style="display:flex; justify-content:flex-end; gap:10px; flex-wrap:wrap; margin-top:4px;">
+        <button type="submit" name="installer_action" value="test_smtp" class="button">Send Test Email + Run Checks</button>
+        <button type="submit" name="installer_action" value="finish_install" class="button button-primary">Finish Installation</button>
+      </div>
+    </form>
+  <?php endif; ?>
+</section>
+<?php
+$content = ob_get_clean();
+require __DIR__ . '/../../../views/site/layout.php';
--- a/modules/admin/views/layout.php
+++ b/modules/admin/views/layout.php
@@ -0,0 +1,638 @@
+<?php
+/** @var string $pageTitle */
+/** @var string $content */
+use Core\Services\Auth;
+use Core\Services\Settings;
+use Core\Services\Plugins;
+use Core\Services\Updater;
+
+$faUrl = Settings::get('fontawesome_pro_url', '');
+if ($faUrl === '') {
+  $faUrl = Settings::get('fontawesome_url', '');
+}
+$faEnabled = $faUrl !== '';
+$role = Auth::role();
+$isAuthed = Auth::check();
+$pluginNav = Plugins::adminNav();
+$userName = Auth::name();
+$updateStatus = ['ok' => false, 'update_available' => false];
+if ($isAuthed) {
+  try {
+    $updateStatus = Updater::getStatus(false);
+  } catch (Throwable $e) {
+    $updateStatus = ['ok' => false, 'update_available' => false];
+  }
+}
+?>
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title><?= htmlspecialchars($pageTitle ?? 'Admin', ENT_QUOTES, 'UTF-8') ?></title>
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  <link href="https://fonts.googleapis.com/css2?family=Syne:wght@500;600;700&family=IBM+Plex+Mono:wght@400;600&display=swap" rel="stylesheet">
+  <?php if ($faEnabled): ?>
+    <link rel="stylesheet" href="<?= htmlspecialchars($faUrl, ENT_QUOTES, 'UTF-8') ?>">
+  <?php endif; ?>
+  <style>
+    :root {
+      color-scheme: dark;
+      --bg: #0b0b0c;
+      --panel: #1b1c1f;
+      --panel-2: #232427;
+      --text: #f3f4f8;
+      --muted: #a2a7b3;
+      --accent: #22a7ff;
+      --accent-2: #22f2a5;
+      --stroke: rgba(255,255,255,0.1);
+    }
+    * { box-sizing: border-box; }
+    body {
+      margin: 0;
+      font-family: 'Syne', sans-serif;
+      background: var(--bg);
+      color: var(--text);
+    }
+    a { color: inherit; text-decoration: none; }
+    .shell { max-width: 1200px; margin: 0 auto; padding: 0 24px; }
+    .admin-wrapper {
+      max-width: 1280px;
+      margin: 24px auto;
+      padding: 0 18px;
+    }
+    .admin-shell {
+      display: grid;
+      grid-template-columns: 240px 1fr;
+      min-height: 100vh;
+      background: rgba(14,14,16,0.98);
+      border: 1px solid rgba(255,255,255,0.06);
+      border-radius: 24px;
+      overflow: hidden;
+      box-shadow: 0 30px 70px rgba(0,0,0,0.45);
+    }
+    .auth-shell {
+      display: grid;
+      grid-template-columns: 1fr;
+      min-height: 70vh;
+      align-items: center;
+    }
+    .sidebar {
+      border-right: 1px solid var(--stroke);
+      background: rgba(10,10,12,0.98);
+      padding: 24px 18px;
+      display: flex;
+      flex-direction: column;
+      gap: 18px;
+      position: sticky;
+      top: 0;
+      height: 100vh;
+      overflow-y: auto;
+    }
+    .sidebar-user {
+      display: flex;
+      align-items: center;
+      gap: 10px;
+      padding: 8px 6px 16px;
+      border-bottom: 1px solid rgba(255,255,255,0.08);
+    }
+    .sidebar-user .icon {
+      width: 40px;
+      height: 40px;
+      border-radius: 12px;
+      background: rgba(255,255,255,0.06);
+      display: grid;
+      place-items: center;
+      font-size: 18px;
+      color: var(--accent-2);
+    }
+    .sidebar-user .hello {
+      font-size: 12px;
+      color: rgba(255,255,255,0.55);
+      text-transform: uppercase;
+      letter-spacing: 0.2em;
+    }
+    .sidebar-user .name {
+      font-size: 14px;
+      font-weight: 600;
+    }
+    .sidebar-section {
+      display: grid;
+      gap: 8px;
+    }
+    .sidebar-title {
+      font-size: 10px;
+      text-transform: uppercase;
+      letter-spacing: 0.3em;
+      color: rgba(255,255,255,0.4);
+      margin-top: 10px;
+    }
+    .sidebar a {
+      display: flex;
+      align-items: center;
+      gap: 10px;
+      padding: 10px 12px;
+      border-radius: 12px;
+      font-size: 12px;
+      font-weight: 600;
+      letter-spacing: 0.12em;
+      text-transform: uppercase;
+      background: rgba(255,255,255,0.03);
+      border: 1px solid var(--stroke);
+      color: var(--muted);
+    }
+    .sidebar a.active,
+    .sidebar a:hover {
+      color: var(--text);
+      background: rgba(255,255,255,0.08);
+    }
+    .brand {
+      display: flex;
+      align-items: center;
+      gap: 12px;
+      font-weight: 600;
+      font-size: 18px;
+    }
+    .brand-badge {
+      width: 48px;
+      height: 48px;
+      border-radius: 14px;
+      background: linear-gradient(135deg, var(--accent), var(--accent-2));
+      display: grid;
+      place-items: center;
+      color: #071016;
+      font-weight: 700;
+    }
+    .badge {
+      font-family: 'IBM Plex Mono', monospace;
+      text-transform: uppercase;
+      font-size: 10px;
+      letter-spacing: 0.3em;
+      color: rgba(255,255,255,0.5);
+    }
+    .btn {
+      display: inline-flex;
+      align-items: center;
+      gap: 8px;
+      padding: 10px 16px;
+      border-radius: 999px;
+      background: var(--accent);
+      color: #041018;
+      font-weight: 600;
+      font-size: 12px;
+      text-transform: uppercase;
+      letter-spacing: 0.25em;
+      border: none;
+      cursor: pointer;
+    }
+    .btn.outline {
+      background: transparent;
+      color: var(--text);
+      border: 1px solid rgba(255,255,255,0.18);
+    }
+    .btn.small {
+      padding: 4px 10px;
+      font-size: 10px;
+      letter-spacing: 0.18em;
+      border-radius: 999px;
+      line-height: 1.4;
+      min-height: 26px;
+    }
+    .modal-backdrop {
+      position: fixed;
+      inset: 0;
+      background: rgba(0,0,0,0.6);
+      display: none;
+      align-items: center;
+      justify-content: center;
+      padding: 24px;
+      z-index: 50;
+    }
+    .modal {
+      background: #17181d;
+      border: 1px solid rgba(255,255,255,0.1);
+      border-radius: 18px;
+      padding: 16px;
+      width: min(900px, 92vw);
+      max-height: 80vh;
+      overflow: hidden;
+      display: grid;
+      gap: 12px;
+    }
+    .media-grid {
+      display: grid;
+      grid-template-columns: repeat(auto-fill, minmax(140px, 1fr));
+      gap: 10px;
+      overflow: auto;
+      padding-right: 4px;
+    }
+    .media-thumb {
+      border-radius: 12px;
+      border: 1px solid rgba(255,255,255,0.12);
+      background: rgba(0,0,0,0.35);
+      padding: 8px;
+      display: grid;
+      gap: 6px;
+      cursor: pointer;
+    }
+    .media-thumb img {
+      width: 100%;
+      aspect-ratio: 1 / 1;
+      object-fit: cover;
+      border-radius: 8px;
+    }
+    .media-meta {
+      font-size: 11px;
+      color: var(--muted);
+      word-break: break-word;
+    }
+    .modal-header {
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      gap: 12px;
+    }
+    .modal-title {
+      font-size: 14px;
+      font-weight: 600;
+      text-transform: uppercase;
+      letter-spacing: 0.2em;
+    }
+    .modal-actions {
+      display: flex;
+      gap: 10px;
+      align-items: center;
+      flex: 1;
+      justify-content: flex-end;
+    }
+    .media-empty {
+      color: var(--muted);
+      font-size: 13px;
+      padding: 12px;
+    }
+    .input {
+      width: 100%;
+      padding: 10px 12px;
+      border-radius: 12px;
+      border: 1px solid var(--stroke);
+      background: rgba(12,12,14,0.9);
+      color: var(--text);
+    }
+    .label {
+      font-size: 12px;
+      color: var(--muted);
+      text-transform: uppercase;
+      letter-spacing: 0.2em;
+    }
+    .admin-header {
+      border-bottom: 1px solid var(--stroke);
+      background: rgba(10,10,12,0.9);
+      backdrop-filter: blur(6px);
+    }
+    .admin-top {
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      gap: 16px;
+      padding: 18px 0;
+    }
+    .admin-actions {
+      display: flex;
+      gap: 10px;
+      align-items: center;
+    }
+    .admin-content {
+      padding: 28px 0 64px;
+    }
+    .admin-main {
+      display: flex;
+      flex-direction: column;
+      min-width: 0;
+    }
+    .admin-container {
+      max-width: 1200px;
+      margin: 0 auto;
+      padding: 0 28px;
+      width: 100%;
+    }
+    .admin-card {
+      background: rgba(255,255,255,0.04);
+      border: 1px solid rgba(255,255,255,0.1);
+      border-radius: 20px;
+      padding: 20px;
+      box-shadow: 0 18px 40px rgba(0,0,0,0.35);
+    }
+    .pill {
+      display: inline-flex;
+      align-items: center;
+      gap: 8px;
+      padding: 10px 14px;
+      border-radius: 999px;
+      font-size: 12px;
+      font-weight: 600;
+      text-transform: uppercase;
+      letter-spacing: 0.2em;
+      border: 1px solid rgba(255,255,255,0.12);
+      background: rgba(255,255,255,0.04);
+      color: var(--muted);
+    }
+    @media (max-width: 1200px) {
+      .admin-container { max-width: 1040px; }
+    }
+    @media (max-width: 1024px) {
+      .admin-shell { grid-template-columns: 210px 1fr; }
+      .admin-container { padding: 0 20px; }
+    }
+    @media (max-width: 880px) {
+      .admin-wrapper { margin: 16px auto; }
+      .admin-shell { grid-template-columns: 1fr; min-height: auto; }
+      .sidebar {
+        position: relative;
+        height: auto;
+        border-right: none;
+        border-bottom: 1px solid var(--stroke);
+      }
+    }
+  </style>
+</head>
+<body>
+  <div class="admin-wrapper">
+    <div class="<?= $isAuthed ? 'admin-shell' : 'auth-shell' ?>">
+      <?php if ($isAuthed): ?>
+        <aside class="sidebar">
+          <div class="sidebar-user">
+            <div class="icon">
+              <?php if ($faEnabled): ?>
+                <i class="fa-duotone fa-head-side-headphones"></i>
+              <?php else: ?>
+              AC
+            <?php endif; ?>
+          </div>
+          <div>
+            <div class="hello">Hello</div>
+            <div class="name"><?= htmlspecialchars($userName, ENT_QUOTES, 'UTF-8') ?></div>
+          </div>
+        </div>
+        <div class="sidebar-section">
+          <div class="sidebar-title">Core</div>
+          <a href="/admin" class="<?= ($pageTitle ?? '') === 'Admin' ? 'active' : '' ?>">
+            <?php if ($faEnabled): ?><i class="fa-solid fa-house"></i><?php endif; ?>
+            Dashboard
+          </a>
+          <?php if (in_array($role, ['admin', 'manager', 'editor'], true)): ?>
+            <a href="/admin/pages" class="<?= ($pageTitle ?? '') === 'Pages' ? 'active' : '' ?>">
+              <?php if ($faEnabled): ?><i class="fa-solid fa-file-lines"></i><?php endif; ?>
+              Pages
+            </a>
+          <?php endif; ?>
+          <?php if (in_array($role, ['admin', 'manager'], true)): ?>
+            <a href="/admin/media" class="<?= ($pageTitle ?? '') === 'Media' ? 'active' : '' ?>">
+              <?php if ($faEnabled): ?><i class="fa-solid fa-photo-film"></i><?php endif; ?>
+              Media
+            </a>
+          <?php endif; ?>
+          <?php if (in_array($role, ['admin', 'manager'], true)): ?>
+            <a href="/admin/navigation" class="<?= ($pageTitle ?? '') === 'Navigation' ? 'active' : '' ?>">
+              <?php if ($faEnabled): ?><i class="fa-solid fa-sitemap"></i><?php endif; ?>
+              Navigation
+            </a>
+          <?php endif; ?>
+        </div>
+
+        <?php if (in_array($role, ['admin', 'manager'], true)): ?>
+          <div class="sidebar-section">
+            <div class="sidebar-title">Content</div>
+            <a href="/admin/posts" class="<?= ($pageTitle ?? '') === 'Posts' ? 'active' : '' ?>">
+              <?php if ($faEnabled): ?><i class="fa-solid fa-newspaper"></i><?php endif; ?>
+              Blog
+            </a>
+            <a href="/admin/newsletter" class="<?= ($pageTitle ?? '') === 'Newsletter' ? 'active' : '' ?>">
+              <?php if ($faEnabled): ?><i class="fa-solid fa-envelope"></i><?php endif; ?>
+              Newsletter
+            </a>
+            <a href="/admin/shortcodes" class="<?= ($pageTitle ?? '') === 'Shortcodes' ? 'active' : '' ?>">
+              <?php if ($faEnabled): ?><i class="fa-solid fa-code"></i><?php endif; ?>
+              Shortcodes
+            </a>
+            <a href="/admin/updates" class="<?= ($pageTitle ?? '') === 'Updates' ? 'active' : '' ?>">
+              <?php if ($faEnabled): ?><i class="fa-solid fa-download"></i><?php endif; ?>
+              Updates
+              <?php if (!empty($updateStatus['update_available'])): ?>
+                <span style="margin-left:auto; width:8px; height:8px; border-radius:999px; background:#22f2a5;"></span>
+              <?php endif; ?>
+            </a>
+          </div>
+        <?php endif; ?>
+
+        <?php if ($pluginNav): ?>
+          <div class="sidebar-section">
+            <div class="sidebar-title">Plugins</div>
+            <?php foreach ($pluginNav as $item): ?>
+              <?php
+                $roles = $item['roles'] ?? [];
+                if ($roles && !in_array($role, $roles, true)) {
+                    continue;
+                }
+                $itemUrl = (string)$item['url'];
+                $itemLabel = (string)$item['label'];
+                $itemIcon = (string)$item['icon'];
+                $activeClass = (($pageTitle ?? '') === $itemLabel) ? 'active' : '';
+              ?>
+              <a href="<?= htmlspecialchars($itemUrl, ENT_QUOTES, 'UTF-8') ?>" class="<?= $activeClass ?>">
+                <?php if ($faEnabled && $itemIcon): ?><i class="<?= htmlspecialchars($itemIcon, ENT_QUOTES, 'UTF-8') ?>"></i><?php endif; ?>
+                <?= htmlspecialchars($itemLabel, ENT_QUOTES, 'UTF-8') ?>
+              </a>
+            <?php endforeach; ?>
+          </div>
+        <?php endif; ?>
+
+        <?php if ($role === 'admin'): ?>
+          <div class="sidebar-section">
+              <div class="sidebar-title">Admin</div>
+              <a href="/admin/accounts" class="<?= ($pageTitle ?? '') === 'Accounts' ? 'active' : '' ?>">
+                <?php if ($faEnabled): ?><i class="fa-solid fa-user-shield"></i><?php endif; ?>
+                Accounts
+              </a>
+              <a href="/admin/plugins" class="<?= ($pageTitle ?? '') === 'Plugins' ? 'active' : '' ?>">
+                <?php if ($faEnabled): ?><i class="fa-solid fa-plug"></i><?php endif; ?>
+                Plugins
+              </a>
+            </div>
+          <?php endif; ?>
+        </aside>
+      <?php endif; ?>
+
+      <div class="admin-main">
+        <?php if ($isAuthed): ?>
+          <header class="admin-header">
+            <div class="admin-container">
+              <div class="admin-top">
+                <div class="brand">
+                  <div class="brand-badge">AC</div>
+                  <div>
+                    <div>AudioCore Admin</div>
+                    <div class="badge">V1.5</div>
+                  </div>
+                </div>
+                <div class="admin-actions">
+                  <a href="/admin/updates" class="btn outline" style="<?= !empty($updateStatus['update_available']) ? 'border-color: rgba(34,242,165,.6); color:#9ff8d8;' : '' ?>">
+                    <?php if ($faEnabled): ?><i class="fa-solid fa-download"></i><?php endif; ?>
+                    <?= !empty($updateStatus['update_available']) ? 'Update Available' : 'Updates' ?>
+                  </a>
+                  <a href="/admin/settings" class="btn outline">
+                    <?php if ($faEnabled): ?><i class="fa-solid fa-gear"></i><?php endif; ?>
+                    Settings
+                  </a>
+                  <a href="/admin/logout" class="btn outline">
+                    <?php if ($faEnabled): ?><i class="fa-solid fa-right-from-bracket"></i><?php endif; ?>
+                    Logout
+                  </a>
+                </div>
+              </div>
+            </div>
+          </header>
+        <?php endif; ?>
+        <main class="admin-content">
+          <div class="admin-container">
+            <?= $content ?? '' ?>
+          </div>
+        </main>
+      </div>
+    </div>
+  </div>
+  <div id="mediaPickerBackdrop" class="modal-backdrop" aria-hidden="true">
+    <div class="modal" role="dialog" aria-modal="true" aria-label="Media picker">
+      <div class="modal-header">
+        <div class="modal-title">Media Picker</div>
+        <div class="modal-actions">
+          <input id="mediaPickerSearch" class="input" placeholder="Search media..." style="max-width: 320px;">
+          <button type="button" class="btn outline small" id="mediaPickerClose">Close</button>
+        </div>
+      </div>
+      <div id="mediaPickerGrid" class="media-grid"></div>
+      <div id="mediaPickerEmpty" class="media-empty" style="display:none;">No images available.</div>
+    </div>
+  </div>
+  <script>
+    (function () {
+      const backdrop = document.getElementById('mediaPickerBackdrop');
+      const grid = document.getElementById('mediaPickerGrid');
+      const empty = document.getElementById('mediaPickerEmpty');
+      const search = document.getElementById('mediaPickerSearch');
+      const closeBtn = document.getElementById('mediaPickerClose');
+      if (!backdrop || !grid || !search || !closeBtn) {
+        return;
+      }
+
+      let items = [];
+      let activeTarget = null;
+
+      function insertAtCursor(textarea, text) {
+        const start = textarea.selectionStart || 0;
+        const end = textarea.selectionEnd || 0;
+        const value = textarea.value || '';
+        textarea.value = value.slice(0, start) + text + value.slice(end);
+        const next = start + text.length;
+        textarea.setSelectionRange(next, next);
+        textarea.focus();
+      }
+
+      function renderGrid(filterText) {
+        const q = (filterText || '').toLowerCase();
+        const filtered = items.filter(item => {
+          const name = String(item.file_name || '').toLowerCase();
+          const isImage = String(item.file_type || '').startsWith('image/');
+          return isImage && (!q || name.includes(q));
+        });
+
+        grid.innerHTML = '';
+        if (!filtered.length) {
+          empty.style.display = 'block';
+          return;
+        }
+        empty.style.display = 'none';
+
+        filtered.forEach(item => {
+          const card = document.createElement('button');
+          card.type = 'button';
+          card.className = 'media-thumb';
+          card.innerHTML = `
+            <img src="${item.file_url}" alt="">
+            <div class="media-meta">${item.file_name || ''}</div>
+          `;
+          card.addEventListener('click', function () {
+            const target = activeTarget ? document.getElementById(activeTarget) : null;
+            if (!target) {
+              return;
+            }
+            if (activeMode === 'url') {
+              insertAtCursor(target, item.file_url);
+            } else {
+              insertAtCursor(target, '<img src="' + item.file_url + '" alt="">');
+            }
+            closePicker();
+          });
+          grid.appendChild(card);
+        });
+      }
+
+      let activeMode = 'html';
+
+      function openPicker(targetId, mode) {
+        activeTarget = targetId;
+        activeMode = mode || 'html';
+        backdrop.style.display = 'flex';
+        backdrop.setAttribute('aria-hidden', 'false');
+        search.value = '';
+        fetch('/admin/media/picker', { credentials: 'same-origin' })
+          .then(resp => resp.ok ? resp.json() : Promise.reject())
+          .then(data => {
+            items = Array.isArray(data.items) ? data.items : [];
+            renderGrid('');
+          })
+          .catch(() => {
+            items = [];
+            renderGrid('');
+          });
+      }
+
+      function closePicker() {
+        backdrop.style.display = 'none';
+        backdrop.setAttribute('aria-hidden', 'true');
+        activeTarget = null;
+      }
+
+      document.addEventListener('click', function (event) {
+        const btn = event.target.closest('[data-media-picker]');
+        if (!btn) {
+          return;
+        }
+        const targetId = btn.getAttribute('data-media-picker');
+        const mode = btn.getAttribute('data-media-picker-mode');
+        if (targetId) {
+          openPicker(targetId, mode);
+        }
+      });
+
+      search.addEventListener('input', function () {
+        renderGrid(search.value);
+      });
+
+      closeBtn.addEventListener('click', closePicker);
+
+      backdrop.addEventListener('click', function (event) {
+        if (event.target === backdrop) {
+          closePicker();
+        }
+      });
+
+      document.addEventListener('keydown', function (event) {
+        if (event.key === 'Escape' && backdrop.style.display === 'flex') {
+          closePicker();
+        }
+      });
+    })();
+  </script>
+</body>
+</html>
--- a/modules/admin/views/login.php
+++ b/modules/admin/views/login.php
@@ -0,0 +1,26 @@
+<?php
+$pageTitle = 'Admin Login';
+ob_start();
+?>
+<section class="admin-card" style="max-width:520px; margin:0 auto;">
+  <div class="badge">Admin</div>
+  <h1 style="margin-top:16px; font-size:28px;">Admin Login</h1>
+  <p style="color: var(--muted); margin-top:6px;">Sign in to manage AudioCore.</p>
+  <?php if (!empty($error)): ?>
+    <p style="color:#ff9d9d; font-size:13px; margin-top:12px;"><?= htmlspecialchars($error, ENT_QUOTES, 'UTF-8') ?></p>
+  <?php endif; ?>
+  <form method="post" action="/admin/login" style="margin-top:18px; display:grid; gap:16px;">
+    <div style="display:grid; gap:8px;">
+      <label class="label">Email</label>
+      <input class="input" name="email" autocomplete="username">
+    </div>
+    <div style="display:grid; gap:8px;">
+      <label class="label">Password</label>
+      <input class="input" name="password" type="password" autocomplete="current-password">
+    </div>
+    <button type="submit" class="btn">Login</button>
+  </form>
+</section>
+<?php
+$content = ob_get_clean();
+require __DIR__ . '/../../../modules/admin/views/layout.php';
--- a/modules/admin/views/navigation.php
+++ b/modules/admin/views/navigation.php
@@ -0,0 +1,339 @@
+<?php
+$pageTitle = 'Navigation';
+$links = $links ?? [];
+$pages = $pages ?? [];
+$error = $error ?? '';
+$saved = ($saved ?? '') === '1';
+ob_start();
+?>
+<section class="admin-card">
+  <div class="badge">Navigation</div>
+  <h1 style="margin-top:16px; font-size:28px;">Site Navigation</h1>
+  <p style="color: var(--muted); margin-top:8px;">Build your main menu. Add items on the left, then drag to reorder.</p>
+
+  <?php if ($error): ?>
+    <div style="margin-top:16px; color: #f3b0b0; font-size:13px;"><?= htmlspecialchars($error, ENT_QUOTES, 'UTF-8') ?></div>
+  <?php elseif ($saved): ?>
+    <div style="margin-top:16px; color: var(--accent); font-size:13px;">Navigation saved.</div>
+  <?php endif; ?>
+
+  <style>
+    .nav-grid { display: grid; grid-template-columns: 320px 1fr; gap: 18px; }
+    .nav-list { display: grid; gap: 10px; }
+    .nav-item {
+      display: grid;
+      grid-template-columns: 34px 1.3fr 2fr 90px 90px 90px;
+      gap: 12px;
+      align-items: center;
+      padding: 10px 12px;
+      border-radius: 16px;
+      border: 1px solid var(--stroke);
+      background: rgba(14,14,16,0.9);
+    }
+    .nav-item.dragging { opacity: 0.6; }
+    .drag-handle {
+      display: inline-flex;
+      align-items: center;
+      justify-content: center;
+      width: 28px;
+      height: 28px;
+      border-radius: 8px;
+      border: 1px solid rgba(255,255,255,0.12);
+      background: rgba(255,255,255,0.04);
+      font-size: 12px;
+      color: var(--muted);
+      cursor: grab;
+      user-select: none;
+    }
+    .nav-meta {
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      font-size: 12px;
+      color: var(--muted);
+      text-transform: uppercase;
+      letter-spacing: 0.2em;
+    }
+    .nav-item input[readonly] { opacity: 0.7; }
+    @media (max-width: 980px) {
+      .nav-grid { grid-template-columns: 1fr; }
+      .nav-item { grid-template-columns: 28px 1fr; grid-auto-rows: auto; }
+      .nav-item > *:nth-child(n+3) { grid-column: 2 / -1; }
+    }
+  </style>
+
+  <form method="post" action="/admin/navigation" style="margin-top:20px; display:grid; gap:18px;">
+    <div class="nav-grid">
+      <aside class="admin-card" style="padding:16px;">
+        <div class="badge" style="opacity:0.7;">Add menu items</div>
+        <div style="margin-top:12px; display:grid; gap:12px;">
+          <label class="label">Page picker</label>
+          <select id="navPageSelect" class="input" style="text-transform:none;">
+            <option value="" data-label="" data-url="">Select page</option>
+            <option value="home" data-label="Home" data-url="/">Home</option>
+            <option value="artists" data-label="Artists" data-url="/artists">Artists</option>
+            <option value="releases" data-label="Releases" data-url="/releases">Releases</option>
+            <option value="store" data-label="Store" data-url="/store">Store</option>
+            <option value="contact" data-label="Contact" data-url="/contact">Contact</option>
+            <?php foreach ($pages as $page): ?>
+              <option value="page-<?= htmlspecialchars((string)($page['slug'] ?? ''), ENT_QUOTES, 'UTF-8') ?>"
+                      data-label="<?= htmlspecialchars((string)($page['title'] ?? ''), ENT_QUOTES, 'UTF-8') ?>"
+                      data-url="/<?= htmlspecialchars((string)($page['slug'] ?? ''), ENT_QUOTES, 'UTF-8') ?>">
+                <?= htmlspecialchars((string)($page['title'] ?? ''), ENT_QUOTES, 'UTF-8') ?>
+              </option>
+            <?php endforeach; ?>
+            <option value="custom" data-label="" data-url="">Custom link</option>
+          </select>
+          <label style="display:flex; align-items:center; gap:8px; font-size:12px; color:var(--muted); text-transform:uppercase; letter-spacing:0.2em;">
+            <input id="navActiveInput" type="checkbox" checked>
+            Active
+          </label>
+          <button type="button" id="navAddButton" class="btn" style="padding:8px 14px;">Add to menu</button>
+          <div style="font-size:12px; color:var(--muted);">Use Custom for external links or anchors.</div>
+        </div>
+      </aside>
+
+      <section class="admin-card" style="padding:16px;">
+        <div class="badge" style="opacity:0.7;">Menu structure</div>
+        <div style="margin-top:12px; display:grid; gap:12px;">
+          <div class="nav-item" style="background: transparent; border: none; padding: 0;">
+            <div></div>
+            <div class="nav-meta">Label</div>
+            <div class="nav-meta">URL</div>
+            <div class="nav-meta">Order</div>
+            <div class="nav-meta">Active</div>
+            <div class="nav-meta">Delete</div>
+          </div>
+          <div id="navMenuEmpty" style="color: var(--muted); font-size:13px; display: <?= $links ? 'none' : 'block' ?>;">No navigation links yet.</div>
+          <div id="navMenuList" class="nav-list">
+            <?php foreach ($links as $link): ?>
+              <div class="nav-item" draggable="true">
+                <div class="drag-handle" title="Drag to reorder">||</div>
+                <input class="input" name="items[<?= (int)$link['id'] ?>][label]" value="<?= htmlspecialchars((string)($link['label'] ?? ''), ENT_QUOTES, 'UTF-8') ?>">
+                <input class="input" name="items[<?= (int)$link['id'] ?>][url]" value="<?= htmlspecialchars((string)($link['url'] ?? ''), ENT_QUOTES, 'UTF-8') ?>">
+                <input class="input" name="items[<?= (int)$link['id'] ?>][sort_order]" data-sort-input value="<?= htmlspecialchars((string)($link['sort_order'] ?? 0), ENT_QUOTES, 'UTF-8') ?>" readonly>
+                <label style="display:flex; justify-content:center;">
+                  <input type="checkbox" name="items[<?= (int)$link['id'] ?>][is_active]" value="1" <?= ((int)($link['is_active'] ?? 0) === 1) ? 'checked' : '' ?>>
+                </label>
+                <label style="display:flex; justify-content:center;">
+                  <input type="checkbox" name="delete_ids[]" value="<?= (int)$link['id'] ?>">
+                </label>
+              </div>
+            <?php endforeach; ?>
+          </div>
+        </div>
+      </section>
+    </div>
+
+    <div style="display:flex; justify-content:flex-end;">
+      <button type="submit" class="btn">Save navigation</button>
+    </div>
+  </form>
+</section>
+
+<div id="navModal" style="position:fixed; inset:0; background:rgba(0,0,0,0.55); display:none; align-items:center; justify-content:center; padding:24px; z-index:40;">
+  <div class="admin-card" style="max-width:520px; width:100%; position:relative;">
+    <div class="badge">Custom link</div>
+    <h2 style="margin-top:12px; font-size:24px;">Add custom link</h2>
+    <div style="display:grid; gap:14px; margin-top:16px;">
+      <div>
+        <label class="label">Label</label>
+        <input id="modalLabel" class="input" placeholder="Press Kit">
+      </div>
+      <div>
+        <label class="label">URL</label>
+        <input id="modalUrl" class="input" placeholder="https://example.com/press">
+      </div>
+      <label style="display:flex; align-items:center; gap:8px; font-size:12px; color:var(--muted); text-transform:uppercase; letter-spacing:0.2em;">
+        <input id="modalActive" type="checkbox" checked>
+        Active
+      </label>
+      <div style="display:flex; gap:12px; justify-content:flex-end;">
+        <button type="button" id="modalCancel" class="btn" style="background:transparent; color:var(--text); border:1px solid rgba(255,255,255,0.2);">Cancel</button>
+        <button type="button" id="modalAdd" class="btn">Add link</button>
+      </div>
+    </div>
+  </div>
+</div>
+<script>
+  (function () {
+    const menuList = document.getElementById('navMenuList');
+    const menuEmpty = document.getElementById('navMenuEmpty');
+    const addButton = document.getElementById('navAddButton');
+    const pageSelect = document.getElementById('navPageSelect');
+    const activeInput = document.getElementById('navActiveInput');
+
+    const modal = document.getElementById('navModal');
+    const modalLabel = document.getElementById('modalLabel');
+    const modalUrl = document.getElementById('modalUrl');
+    const modalActive = document.getElementById('modalActive');
+    const modalAdd = document.getElementById('modalAdd');
+    const modalCancel = document.getElementById('modalCancel');
+
+    let stagedIndex = 0;
+
+    function showModal() {
+      modal.style.display = 'flex';
+      modalLabel.value = '';
+      modalUrl.value = '';
+      modalActive.checked = true;
+      modalLabel.focus();
+    }
+
+    function hideModal() {
+      modal.style.display = 'none';
+    }
+
+    function updateOrder() {
+      const items = menuList.querySelectorAll('.nav-item');
+      items.forEach((item, index) => {
+        const sortInput = item.querySelector('[data-sort-input]');
+        if (sortInput) {
+          sortInput.value = String(index + 1);
+        }
+      });
+      menuEmpty.style.display = items.length ? 'none' : 'block';
+    }
+
+    function addStagedLink(label, url, isActive) {
+      if (!label || !url) {
+        return;
+      }
+      stagedIndex += 1;
+      const row = document.createElement('div');
+      row.className = 'nav-item';
+      row.setAttribute('draggable', 'true');
+
+      const handle = document.createElement('div');
+      handle.className = 'drag-handle';
+      handle.textContent = '||';
+      handle.title = 'Drag to reorder';
+
+      const labelInput = document.createElement('input');
+      labelInput.className = 'input';
+      labelInput.name = `new[${stagedIndex}][label]`;
+      labelInput.value = label;
+
+      const urlInput = document.createElement('input');
+      urlInput.className = 'input';
+      urlInput.name = `new[${stagedIndex}][url]`;
+      urlInput.value = url;
+
+      const orderInputEl = document.createElement('input');
+      orderInputEl.className = 'input';
+      orderInputEl.name = `new[${stagedIndex}][sort_order]`;
+      orderInputEl.value = '0';
+      orderInputEl.setAttribute('data-sort-input', '');
+      orderInputEl.readOnly = true;
+
+      const activeLabel = document.createElement('label');
+      activeLabel.style.display = 'flex';
+      activeLabel.style.justifyContent = 'center';
+      const activeCheckbox = document.createElement('input');
+      activeCheckbox.type = 'checkbox';
+      activeCheckbox.name = `new[${stagedIndex}][is_active]`;
+      activeCheckbox.value = '1';
+      activeCheckbox.checked = !!isActive;
+      activeLabel.appendChild(activeCheckbox);
+
+      const removeButton = document.createElement('button');
+      removeButton.type = 'button';
+      removeButton.className = 'btn';
+      removeButton.textContent = 'Remove';
+      removeButton.style.padding = '6px 12px';
+      removeButton.style.background = 'transparent';
+      removeButton.style.color = 'var(--text)';
+      removeButton.style.border = '1px solid rgba(255,255,255,0.2)';
+
+      row.appendChild(handle);
+      row.appendChild(labelInput);
+      row.appendChild(urlInput);
+      row.appendChild(orderInputEl);
+      row.appendChild(activeLabel);
+      row.appendChild(removeButton);
+
+      removeButton.addEventListener('click', () => {
+        row.remove();
+        updateOrder();
+      });
+
+      menuList.appendChild(row);
+      enableDrag(row);
+      updateOrder();
+    }
+
+    addButton.addEventListener('click', () => {
+      const selected = pageSelect.options[pageSelect.selectedIndex];
+      if (!selected || !selected.value) {
+        return;
+      }
+      if (selected.value === 'custom') {
+        showModal();
+        return;
+      }
+      const label = selected.getAttribute('data-label') || '';
+      const url = selected.getAttribute('data-url') || '';
+      const isActive = activeInput.checked;
+      addStagedLink(label, url, isActive);
+      pageSelect.value = '';
+      activeInput.checked = true;
+    });
+
+    modalAdd.addEventListener('click', () => {
+      const label = modalLabel.value.trim();
+      const url = modalUrl.value.trim();
+      const isActive = modalActive.checked;
+      addStagedLink(label, url, isActive);
+      hideModal();
+    });
+
+    modalCancel.addEventListener('click', hideModal);
+    modal.addEventListener('click', (event) => {
+      if (event.target === modal) {
+        hideModal();
+      }
+    });
+
+    function getDragAfterElement(container, y) {
+      const elements = [...container.querySelectorAll('.nav-item:not(.dragging)')];
+      return elements.reduce((closest, child) => {
+        const box = child.getBoundingClientRect();
+        const offset = y - box.top - box.height / 2;
+        if (offset < 0 && offset > closest.offset) {
+          return { offset, element: child };
+        }
+        return closest;
+      }, { offset: Number.NEGATIVE_INFINITY }).element;
+    }
+
+    function enableDrag(item) {
+      item.addEventListener('dragstart', () => {
+        item.classList.add('dragging');
+      });
+      item.addEventListener('dragend', () => {
+        item.classList.remove('dragging');
+        updateOrder();
+      });
+    }
+
+    menuList.addEventListener('dragover', (event) => {
+      event.preventDefault();
+      const dragging = menuList.querySelector('.dragging');
+      if (!dragging) {
+        return;
+      }
+      const afterElement = getDragAfterElement(menuList, event.clientY);
+      if (afterElement == null) {
+        menuList.appendChild(dragging);
+      } else {
+        menuList.insertBefore(dragging, afterElement);
+      }
+    });
+
+    menuList.querySelectorAll('.nav-item').forEach(enableDrag);
+    updateOrder();
+  })();
+</script>
+<?php
+$content = ob_get_clean();
+require __DIR__ . '/layout.php';
--- a/modules/admin/views/settings.php
+++ b/modules/admin/views/settings.php
@@ -0,0 +1,682 @@
+<?php
+$pageTitle = 'Settings';
+ob_start();
+?>
+<section class="admin-card settings-shell">
+  <div class="badge">Settings</div>
+  <h1 style="margin-top:16px; font-size:28px;">Site Settings</h1>
+  <p style="color: var(--muted); margin-top:8px;">Configure branding, maintenance, icons, and integrations.</p>
+  <?php if (!empty($status_message ?? '')): ?>
+    <div class="settings-status <?= (($status ?? '') === 'ok') ? 'is-ok' : 'is-error' ?>">
+      <?= htmlspecialchars((string)$status_message, ENT_QUOTES, 'UTF-8') ?>
+    </div>
+  <?php endif; ?>
+
+  <form method="post" action="/admin/settings" enctype="multipart/form-data" style="margin-top:20px; display:grid; gap:16px;">
+    <div class="settings-tabs" role="tablist" aria-label="Settings sections">
+      <button type="button" class="settings-tab is-active" data-tab="branding" role="tab" aria-selected="true">Branding</button>
+      <button type="button" class="settings-tab" data-tab="footer" role="tab" aria-selected="false">Footer</button>
+      <button type="button" class="settings-tab" data-tab="maintenance" role="tab" aria-selected="false">Maintenance</button>
+      <button type="button" class="settings-tab" data-tab="icons" role="tab" aria-selected="false">Icons</button>
+      <button type="button" class="settings-tab" data-tab="smtp" role="tab" aria-selected="false">SMTP</button>
+      <button type="button" class="settings-tab" data-tab="mailchimp" role="tab" aria-selected="false">Mailchimp</button>
+      <button type="button" class="settings-tab" data-tab="seo" role="tab" aria-selected="false">SEO</button>
+      <button type="button" class="settings-tab" data-tab="redirects" role="tab" aria-selected="false">Redirects</button>
+      <button type="button" class="settings-tab" data-tab="permissions" role="tab" aria-selected="false">Permissions</button>
+      <button type="button" class="settings-tab" data-tab="audit" role="tab" aria-selected="false">Audit Log</button>
+    </div>
+
+    <div class="settings-panel is-active" data-panel="branding" role="tabpanel">
+      <div class="admin-card" style="padding:16px;">
+        <div class="badge" style="opacity:0.7;">Branding</div>
+        <div style="margin-top:12px; display:grid; gap:12px;">
+          <label class="label">Header Title</label>
+          <input class="input" name="site_header_title" value="<?= htmlspecialchars($site_header_title ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="AudioCore V1.5">
+
+          <label class="label">Header Tagline</label>
+          <input class="input" name="site_header_tagline" value="<?= htmlspecialchars($site_header_tagline ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="Core CMS for DJs & Producers">
+
+          <label class="label">Header Badge Text (right side)</label>
+          <input class="input" name="site_header_badge_text" value="<?= htmlspecialchars($site_header_badge_text ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="Independent catalog">
+
+          <div style="display:grid; grid-template-columns:1fr 1fr; gap:12px;">
+            <div>
+              <label class="label">Header Left Mode</label>
+              <select class="input" name="site_header_brand_mode">
+                <option value="default" <?= (($site_header_brand_mode ?? 'default') === 'default') ? 'selected' : '' ?>>Text + mark</option>
+                <option value="logo_only" <?= (($site_header_brand_mode ?? '') === 'logo_only') ? 'selected' : '' ?>>Logo only</option>
+              </select>
+            </div>
+            <div>
+              <label class="label">Mark Content</label>
+              <select class="input" name="site_header_mark_mode">
+                <option value="text" <?= (($site_header_mark_mode ?? 'text') === 'text') ? 'selected' : '' ?>>Text</option>
+                <option value="icon" <?= (($site_header_mark_mode ?? '') === 'icon') ? 'selected' : '' ?>>Font Awesome icon</option>
+                <option value="logo" <?= (($site_header_mark_mode ?? '') === 'logo') ? 'selected' : '' ?>>Logo in mark</option>
+              </select>
+            </div>
+          </div>
+
+          <div style="display:grid; grid-template-columns:1fr 1fr; gap:12px;">
+            <div>
+              <label class="label">Mark Text</label>
+              <input class="input" name="site_header_mark_text" value="<?= htmlspecialchars($site_header_mark_text ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="AC">
+            </div>
+            <div>
+              <label class="label">Mark Icon Class</label>
+              <input class="input" name="site_header_mark_icon" value="<?= htmlspecialchars($site_header_mark_icon ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="fa-solid fa-music">
+              <div style="font-size:12px; color:var(--muted); margin-top:6px;">Use class only (or paste full &lt;i ...&gt; and it will be normalized).</div>
+            </div>
+          </div>
+
+          <div style="display:grid; grid-template-columns:1fr 1fr; gap:12px;">
+            <div>
+              <label class="label">Mark Gradient Start</label>
+              <input class="input" name="site_header_mark_bg_start" value="<?= htmlspecialchars($site_header_mark_bg_start ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="#22f2a5">
+            </div>
+            <div>
+              <label class="label">Mark Gradient End</label>
+              <input class="input" name="site_header_mark_bg_end" value="<?= htmlspecialchars($site_header_mark_bg_end ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="#10252e">
+            </div>
+          </div>
+
+          <label class="label">Logo URL (for logo-only or mark logo mode)</label>
+          <input class="input" name="site_header_logo_url" value="<?= htmlspecialchars($site_header_logo_url ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="https://example.com/logo.png">
+          <div class="settings-logo-tools">
+            <div class="settings-logo-preview">
+              <?php if (!empty($site_header_logo_url ?? '')): ?>
+                <img src="<?= htmlspecialchars((string)$site_header_logo_url, ENT_QUOTES, 'UTF-8') ?>" alt="">
+              <?php else: ?>
+                <span>No logo set</span>
+              <?php endif; ?>
+            </div>
+            <div class="settings-logo-actions">
+              <button type="button" class="btn outline" id="openLogoMediaPicker">Use from Media</button>
+              <button type="submit" class="btn outline danger" name="settings_action" value="remove_logo">Remove current logo</button>
+            </div>
+          </div>
+          <div class="admin-card" style="padding:12px; margin-top:4px;">
+            <div class="label" style="margin-bottom:8px;">Upload Logo</div>
+            <label class="settings-upload-dropzone" for="headerLogoFile">
+              <input id="headerLogoFile" class="settings-file-input" type="file" name="header_logo_file" accept="image/*,.svg">
+              <div class="settings-upload-text">
+                <div style="font-size:11px; letter-spacing:0.2em; text-transform:uppercase; color:rgba(255,255,255,0.6);">Drag & Drop</div>
+                <div style="font-size:14px; color:var(--text);">or click to upload</div>
+                <div class="settings-file-name" id="headerLogoFileName">No file selected</div>
+              </div>
+            </label>
+            <div style="display:flex; justify-content:flex-end; margin-top:10px;">
+              <button type="submit" class="btn" name="settings_action" value="upload_logo">Upload logo</button>
+            </div>
+          </div>
+
+        </div>
+      </div>
+    </div>
+
+    <div class="settings-panel" data-panel="footer" role="tabpanel" hidden>
+      <div class="admin-card" style="padding:16px;">
+        <div class="badge" style="opacity:0.7;">Footer</div>
+        <div style="margin-top:12px; display:grid; gap:12px;">
+          <label class="label">Footer Text</label>
+          <input class="input" name="footer_text" value="<?= htmlspecialchars($footer_text ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="AudioCore V1.5">
+          <div style="font-size:12px; color:var(--muted);">Shown in the site footer.</div>
+
+          <div class="label">Footer Links</div>
+          <div class="admin-card" style="padding:12px;">
+            <div id="footerLinksList" style="display:grid; gap:8px;"></div>
+            <div style="display:flex; justify-content:space-between; align-items:center; margin-top:10px; gap:8px; flex-wrap:wrap;">
+              <button type="button" class="btn outline" id="addFooterLinkRow">Add footer link</button>
+              <div style="font-size:12px; color:var(--muted);">Examples: Privacy, Terms, Refund Policy.</div>
+            </div>
+          </div>
+          <input type="hidden" name="footer_links_json" id="footerLinksJson" value="">
+        </div>
+      </div>
+    </div>
+
+    <div class="settings-panel" data-panel="maintenance" role="tabpanel" hidden>
+      <div class="admin-card" style="padding:16px;">
+        <div class="badge" style="opacity:0.7;">Coming Soon / Maintenance</div>
+        <div style="margin-top:12px; display:grid; gap:12px;">
+          <label style="display:inline-flex; align-items:center; gap:8px; font-size:13px;">
+            <input type="checkbox" name="site_maintenance_enabled" value="1" <?= (($site_maintenance_enabled ?? '0') === '1') ? 'checked' : '' ?>>
+            Enable maintenance mode for visitors (admins still see full site when logged in)
+          </label>
+          <label class="label">Title</label>
+          <input class="input" name="site_maintenance_title" value="<?= htmlspecialchars($site_maintenance_title ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="Coming Soon">
+          <label class="label">Message</label>
+          <textarea class="input" name="site_maintenance_message" rows="3" style="resize:vertical;"><?= htmlspecialchars($site_maintenance_message ?? '', ENT_QUOTES, 'UTF-8') ?></textarea>
+          <div style="display:grid; grid-template-columns:1fr 1fr; gap:12px;">
+            <div>
+              <label class="label">Button Label (optional)</label>
+              <input class="input" name="site_maintenance_button_label" value="<?= htmlspecialchars($site_maintenance_button_label ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="Admin Login">
+            </div>
+            <div>
+              <label class="label">Button URL (optional)</label>
+              <input class="input" name="site_maintenance_button_url" value="<?= htmlspecialchars($site_maintenance_button_url ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="/admin/login">
+            </div>
+          </div>
+          <label class="label">Custom HTML (optional, overrides title/message layout)</label>
+          <textarea class="input" name="site_maintenance_html" rows="6" style="resize:vertical; font-family:'IBM Plex Mono', monospace;"><?= htmlspecialchars($site_maintenance_html ?? '', ENT_QUOTES, 'UTF-8') ?></textarea>
+        </div>
+      </div>
+    </div>
+
+    <div class="settings-panel" data-panel="icons" role="tabpanel" hidden>
+      <div class="admin-card" style="padding:16px;">
+        <div class="badge" style="opacity:0.7;">Icons</div>
+        <div style="margin-top:12px; display:grid; gap:12px;">
+          <label class="label">Font Awesome Pro URL</label>
+          <input class="input" name="fontawesome_pro_url" value="<?= htmlspecialchars($fontawesome_pro_url ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="https://kit.fontawesome.com/your-kit-id.css">
+          <div style="font-size:12px; color:var(--muted);">Use your Pro kit URL to enable duotone icons.</div>
+          <label class="label">Font Awesome URL (Fallback)</label>
+          <input class="input" name="fontawesome_url" value="<?= htmlspecialchars($fontawesome_url ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css">
+          <div style="font-size:12px; color:var(--muted);">Used if Pro URL is empty.</div>
+        </div>
+      </div>
+    </div>
+
+    <div class="settings-panel" data-panel="smtp" role="tabpanel" hidden>
+      <div class="admin-card" style="padding:16px;">
+        <div class="badge" style="opacity:0.7;">SMTP</div>
+        <div style="margin-top:12px; display:grid; gap:12px;">
+          <label class="label">SMTP Host</label>
+          <input class="input" name="smtp_host" value="<?= htmlspecialchars($smtp_host ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="smtp.example.com">
+          <label class="label">SMTP Port</label>
+          <input class="input" name="smtp_port" value="<?= htmlspecialchars($smtp_port ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="587">
+          <label class="label">SMTP User</label>
+          <input class="input" name="smtp_user" value="<?= htmlspecialchars($smtp_user ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="user@example.com">
+          <label class="label">SMTP Password</label>
+          <input class="input" type="password" name="smtp_pass" value="<?= htmlspecialchars($smtp_pass ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="password">
+          <label class="label">SMTP Encryption</label>
+          <input class="input" name="smtp_encryption" value="<?= htmlspecialchars($smtp_encryption ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="tls">
+          <label class="label">From Email</label>
+          <input class="input" name="smtp_from_email" value="<?= htmlspecialchars($smtp_from_email ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="no-reply@example.com">
+          <label class="label">From Name</label>
+          <input class="input" name="smtp_from_name" value="<?= htmlspecialchars($smtp_from_name ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="AudioCore">
+        </div>
+      </div>
+    </div>
+
+    <div class="settings-panel" data-panel="mailchimp" role="tabpanel" hidden>
+      <div class="admin-card" style="padding:16px;">
+        <div class="badge" style="opacity:0.7;">Mailchimp</div>
+        <div style="margin-top:12px; display:grid; gap:12px;">
+          <label class="label">API Key</label>
+          <input class="input" name="mailchimp_api_key" value="<?= htmlspecialchars($mailchimp_api_key ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="xxxx-us1">
+          <label class="label">List ID</label>
+          <input class="input" name="mailchimp_list_id" value="<?= htmlspecialchars($mailchimp_list_id ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="abcd1234">
+          <div style="font-size:12px; color:var(--muted);">Used for syncing subscriber signups.</div>
+        </div>
+      </div>
+    </div>
+
+    <div class="settings-panel" data-panel="seo" role="tabpanel" hidden>
+      <div class="admin-card" style="padding:16px;">
+        <div class="badge" style="opacity:0.7;">Global SEO</div>
+        <div style="margin-top:12px; display:grid; gap:12px;">
+          <label class="label">Title Suffix</label>
+          <input class="input" name="seo_title_suffix" value="<?= htmlspecialchars($seo_title_suffix ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="AudioCore V1.5">
+          <label class="label">Default Meta Description</label>
+          <textarea class="input" name="seo_meta_description" rows="3" style="resize:vertical;"><?= htmlspecialchars($seo_meta_description ?? '', ENT_QUOTES, 'UTF-8') ?></textarea>
+          <label class="label">Open Graph Image URL</label>
+          <input class="input" name="seo_og_image" value="<?= htmlspecialchars($seo_og_image ?? '', ENT_QUOTES, 'UTF-8') ?>" placeholder="https://example.com/og-image.jpg">
+          <div style="display:flex; gap:20px; flex-wrap:wrap;">
+            <label style="display:inline-flex; align-items:center; gap:8px; font-size:13px;">
+              <input type="checkbox" name="seo_robots_index" value="1" <?= (($seo_robots_index ?? '1') === '1') ? 'checked' : '' ?>>
+              Allow indexing
+            </label>
+            <label style="display:inline-flex; align-items:center; gap:8px; font-size:13px;">
+              <input type="checkbox" name="seo_robots_follow" value="1" <?= (($seo_robots_follow ?? '1') === '1') ? 'checked' : '' ?>>
+              Allow link following
+            </label>
+          </div>
+        </div>
+      </div>
+    </div>
+
+    <div class="settings-panel" data-panel="redirects" role="tabpanel" hidden>
+      <div class="admin-card" style="padding:16px; display:grid; gap:12px;">
+        <div class="badge" style="opacity:0.7;">Redirects Manager</div>
+        <div style="font-size:12px; color:var(--muted);">Exact-path redirects. Example source <code>/old-page</code> → target <code>/new-page</code>.</div>
+        <div style="display:grid; gap:10px;">
+          <input class="input" name="redirect_source_path" placeholder="/old-url">
+          <input class="input" name="redirect_target_url" placeholder="/new-url or https://external.site/path">
+          <div style="display:grid; grid-template-columns: 180px 1fr auto; gap:10px; align-items:center;">
+            <select class="input" name="redirect_status_code">
+              <option value="301">301 Permanent</option>
+              <option value="302">302 Temporary</option>
+              <option value="307">307 Temporary</option>
+              <option value="308">308 Permanent</option>
+            </select>
+            <label style="display:inline-flex; align-items:center; gap:8px; font-size:13px;">
+              <input type="checkbox" name="redirect_is_active" value="1" checked>
+              Active
+            </label>
+            <button type="submit" class="btn" name="settings_action" value="save_redirect">Save redirect</button>
+          </div>
+        </div>
+        <div class="admin-card" style="padding:12px;">
+          <div class="badge" style="margin-bottom:8px;">Existing Redirects</div>
+          <?php if (empty($redirects ?? [])): ?>
+            <div style="color:var(--muted); font-size:13px;">No redirects configured.</div>
+          <?php else: ?>
+            <div style="display:grid; gap:8px;">
+              <?php foreach (($redirects ?? []) as $redirect): ?>
+                <div style="display:grid; grid-template-columns:minmax(0,1fr) minmax(0,1fr) auto auto auto; gap:10px; align-items:center; border:1px solid rgba(255,255,255,0.1); border-radius:10px; padding:8px 10px;">
+                  <div style="font-family:'IBM Plex Mono', monospace; font-size:12px;"><?= htmlspecialchars((string)$redirect['source_path'], ENT_QUOTES, 'UTF-8') ?></div>
+                  <div style="font-family:'IBM Plex Mono', monospace; font-size:12px; color:var(--muted);"><?= htmlspecialchars((string)$redirect['target_url'], ENT_QUOTES, 'UTF-8') ?></div>
+                  <div style="font-size:12px; color:var(--muted);"><?= (int)$redirect['status_code'] ?></div>
+                  <div style="font-size:12px; color:<?= ((int)($redirect['is_active'] ?? 0) === 1) ? '#9df6d3' : '#ffb7c2' ?>;"><?= ((int)($redirect['is_active'] ?? 0) === 1) ? 'active' : 'inactive' ?></div>
+                  <button type="submit" class="btn outline danger" name="settings_action" value="delete_redirect" onclick="document.getElementById('redirectDeleteId').value='<?= (int)$redirect['id'] ?>';">Delete</button>
+                </div>
+              <?php endforeach; ?>
+            </div>
+          <?php endif; ?>
+          <input type="hidden" name="redirect_id" id="redirectDeleteId" value="0">
+        </div>
+      </div>
+    </div>
+
+    <div class="settings-panel" data-panel="permissions" role="tabpanel" hidden>
+      <div class="admin-card" style="padding:16px;">
+        <div class="badge" style="opacity:0.7;">Role Permissions Matrix</div>
+        <div style="margin-top:10px; font-size:12px; color:var(--muted);">Plugin/module-level restrictions by admin role.</div>
+        <div style="margin-top:12px; overflow:auto;">
+          <table style="width:100%; border-collapse:collapse; min-width:640px;">
+            <thead>
+              <tr style="text-align:left; border-bottom:1px solid rgba(255,255,255,0.12);">
+                <th style="padding:10px 8px; font-size:12px; letter-spacing:0.14em; text-transform:uppercase;">Permission</th>
+                <th style="padding:10px 8px; font-size:12px; letter-spacing:0.14em; text-transform:uppercase;">Admin</th>
+                <th style="padding:10px 8px; font-size:12px; letter-spacing:0.14em; text-transform:uppercase;">Manager</th>
+                <th style="padding:10px 8px; font-size:12px; letter-spacing:0.14em; text-transform:uppercase;">Editor</th>
+              </tr>
+            </thead>
+            <tbody>
+              <?php $currentGroup = ''; ?>
+              <?php foreach (($permission_definitions ?? []) as $permission): ?>
+                <?php
+                  $pKey = (string)($permission['key'] ?? '');
+                  $pLabel = (string)($permission['label'] ?? $pKey);
+                  $pGroup = (string)($permission['group'] ?? 'Other');
+                  $row = $permission_matrix[$pKey] ?? ['admin' => true, 'manager' => false, 'editor' => false];
+                ?>
+                <?php if ($pGroup !== $currentGroup): $currentGroup = $pGroup; ?>
+                  <tr><td colspan="4" style="padding:12px 8px 6px; color:var(--muted); font-size:11px; letter-spacing:0.22em; text-transform:uppercase;"><?= htmlspecialchars($pGroup, ENT_QUOTES, 'UTF-8') ?></td></tr>
+                <?php endif; ?>
+                <tr style="border-bottom:1px solid rgba(255,255,255,0.08);">
+                  <td style="padding:10px 8px;"><?= htmlspecialchars($pLabel, ENT_QUOTES, 'UTF-8') ?></td>
+                  <td style="padding:10px 8px;"><input type="checkbox" name="permissions[<?= htmlspecialchars($pKey, ENT_QUOTES, 'UTF-8') ?>][admin]" value="1" <?= !empty($row['admin']) ? 'checked' : '' ?>></td>
+                  <td style="padding:10px 8px;"><input type="checkbox" name="permissions[<?= htmlspecialchars($pKey, ENT_QUOTES, 'UTF-8') ?>][manager]" value="1" <?= !empty($row['manager']) ? 'checked' : '' ?>></td>
+                  <td style="padding:10px 8px;"><input type="checkbox" name="permissions[<?= htmlspecialchars($pKey, ENT_QUOTES, 'UTF-8') ?>][editor]" value="1" <?= !empty($row['editor']) ? 'checked' : '' ?>></td>
+                </tr>
+              <?php endforeach; ?>
+            </tbody>
+          </table>
+        </div>
+        <div style="margin-top:12px; display:flex; justify-content:flex-end;">
+          <button type="submit" class="btn" name="settings_action" value="save_permissions">Save permissions</button>
+        </div>
+      </div>
+    </div>
+
+    <div class="settings-panel" data-panel="audit" role="tabpanel" hidden>
+      <div class="admin-card" style="padding:16px;">
+        <div class="badge" style="opacity:0.7;">Audit Log</div>
+        <div style="margin-top:10px; max-height:460px; overflow:auto; border:1px solid rgba(255,255,255,0.12); border-radius:12px;">
+          <?php if (empty($audit_logs ?? [])): ?>
+            <div style="padding:12px; color:var(--muted); font-size:13px;">No audit events yet.</div>
+          <?php else: ?>
+            <table style="width:100%; border-collapse:collapse; min-width:820px;">
+              <thead>
+                <tr style="text-align:left; border-bottom:1px solid rgba(255,255,255,0.12);">
+                  <th style="padding:10px 8px;">Time</th>
+                  <th style="padding:10px 8px;">Actor</th>
+                  <th style="padding:10px 8px;">Action</th>
+                  <th style="padding:10px 8px;">IP</th>
+                  <th style="padding:10px 8px;">Context</th>
+                </tr>
+              </thead>
+              <tbody>
+                <?php foreach (($audit_logs ?? []) as $log): ?>
+                  <tr style="border-bottom:1px solid rgba(255,255,255,0.08);">
+                    <td style="padding:9px 8px; font-family:'IBM Plex Mono', monospace; font-size:11px;"><?= htmlspecialchars((string)($log['created_at'] ?? ''), ENT_QUOTES, 'UTF-8') ?></td>
+                    <td style="padding:9px 8px;"><?= htmlspecialchars(trim((string)($log['actor_name'] ?? 'System') . ' (' . (string)($log['actor_role'] ?? '-') . ')'), ENT_QUOTES, 'UTF-8') ?></td>
+                    <td style="padding:9px 8px; font-family:'IBM Plex Mono', monospace; font-size:11px;"><?= htmlspecialchars((string)($log['action'] ?? ''), ENT_QUOTES, 'UTF-8') ?></td>
+                    <td style="padding:9px 8px; font-family:'IBM Plex Mono', monospace; font-size:11px;"><?= htmlspecialchars((string)($log['ip_address'] ?? ''), ENT_QUOTES, 'UTF-8') ?></td>
+                    <td style="padding:9px 8px; font-family:'IBM Plex Mono', monospace; font-size:11px; color:var(--muted);"><?= htmlspecialchars((string)($log['context_json'] ?? ''), ENT_QUOTES, 'UTF-8') ?></td>
+                  </tr>
+                <?php endforeach; ?>
+              </tbody>
+            </table>
+          <?php endif; ?>
+        </div>
+      </div>
+    </div>
+
+    <div style="display:flex; justify-content:flex-end;">
+      <button type="submit" class="btn">Save settings</button>
+    </div>
+  </form>
+</section>
+
+<style>
+  .settings-status {
+    margin-top: 14px;
+    border-radius: 12px;
+    padding: 10px 12px;
+    font-size: 13px;
+    border: 1px solid rgba(255,255,255,0.14);
+  }
+  .settings-status.is-ok {
+    border-color: rgba(34,242,165,0.35);
+    color: #baf8e3;
+    background: rgba(34,242,165,0.10);
+  }
+  .settings-status.is-error {
+    border-color: rgba(255,100,120,0.35);
+    color: #ffc9d2;
+    background: rgba(255,100,120,0.10);
+  }
+  .settings-tabs {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 8px;
+    border-bottom: 1px solid rgba(255,255,255,0.08);
+    padding-bottom: 12px;
+  }
+  .settings-tab {
+    height: 34px;
+    padding: 0 14px;
+    border-radius: 999px;
+    border: 1px solid rgba(255,255,255,0.14);
+    background: rgba(255,255,255,0.03);
+    color: var(--muted);
+    text-transform: uppercase;
+    letter-spacing: 0.12em;
+    font-size: 10px;
+    font-family: 'IBM Plex Mono', monospace;
+    cursor: pointer;
+  }
+  .settings-tab.is-active {
+    border-color: rgba(34,242,165,0.4);
+    color: #89f3cc;
+    background: rgba(34,242,165,0.1);
+  }
+  .settings-panel {
+    display: none;
+  }
+  .settings-panel.is-active {
+    display: block;
+  }
+  .settings-upload-dropzone {
+    border: 1px dashed rgba(255,255,255,0.22);
+    border-radius: 12px;
+    min-height: 108px;
+    padding: 12px;
+    display: grid;
+    place-items: center;
+    background: rgba(255,255,255,0.02);
+    cursor: pointer;
+    text-align: center;
+  }
+  .settings-upload-dropzone:hover {
+    border-color: rgba(34,242,165,0.45);
+    background: rgba(34,242,165,0.06);
+  }
+  .settings-logo-tools {
+    display: grid;
+    gap: 10px;
+    margin-top: 8px;
+  }
+  .settings-logo-preview {
+    min-height: 78px;
+    border-radius: 12px;
+    border: 1px solid rgba(255,255,255,0.12);
+    background: rgba(255,255,255,0.02);
+    display: grid;
+    place-items: center;
+    overflow: hidden;
+    padding: 8px;
+  }
+  .settings-logo-preview img {
+    max-height: 62px;
+    max-width: 100%;
+    object-fit: contain;
+    display: block;
+  }
+  .settings-logo-preview span {
+    color: var(--muted);
+    font-size: 12px;
+  }
+  .settings-logo-actions {
+    display: flex;
+    gap: 8px;
+    flex-wrap: wrap;
+  }
+  .settings-media-modal {
+    position: fixed;
+    inset: 0;
+    background: rgba(3,4,8,0.75);
+    z-index: 2000;
+    display: none;
+    align-items: center;
+    justify-content: center;
+    padding: 20px;
+  }
+  .settings-media-modal.is-open {
+    display: flex;
+  }
+  .settings-media-panel {
+    width: min(980px, 100%);
+    max-height: 80vh;
+    overflow: auto;
+    border-radius: 16px;
+    border: 1px solid rgba(255,255,255,0.12);
+    background: #12151f;
+    padding: 16px;
+  }
+  .settings-media-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fill, minmax(140px, 1fr));
+    gap: 10px;
+    margin-top: 12px;
+  }
+  .settings-media-item {
+    border: 1px solid rgba(255,255,255,0.12);
+    border-radius: 10px;
+    overflow: hidden;
+    background: rgba(255,255,255,0.03);
+    cursor: pointer;
+  }
+  .settings-media-item img {
+    width: 100%;
+    height: 104px;
+    object-fit: cover;
+    display: block;
+  }
+  .settings-media-item div {
+    padding: 8px;
+    font-size: 11px;
+    color: var(--muted);
+    word-break: break-word;
+  }
+  .settings-file-input {
+    display: none;
+  }
+  .settings-upload-text {
+    display: grid;
+    gap: 6px;
+  }
+  .settings-file-name {
+    font-size: 12px;
+    color: var(--muted);
+  }
+  @media (max-width: 760px) {
+    .settings-tabs {
+      display: grid;
+      grid-template-columns: 1fr 1fr;
+    }
+    .settings-tab {
+      width: 100%;
+      justify-self: stretch;
+    }
+  }
+</style>
+
+<script>
+  (function () {
+    const tabs = Array.from(document.querySelectorAll('.settings-tab'));
+    const panels = Array.from(document.querySelectorAll('.settings-panel'));
+    if (!tabs.length || !panels.length) return;
+
+    function activate(tabName) {
+      tabs.forEach((tab) => {
+        const isActive = tab.dataset.tab === tabName;
+        tab.classList.toggle('is-active', isActive);
+        tab.setAttribute('aria-selected', isActive ? 'true' : 'false');
+      });
+      panels.forEach((panel) => {
+        const isActive = panel.dataset.panel === tabName;
+        panel.classList.toggle('is-active', isActive);
+        panel.hidden = !isActive;
+      });
+      try { localStorage.setItem('ac_settings_tab', tabName); } catch (e) {}
+    }
+
+    tabs.forEach((tab) => {
+      tab.addEventListener('click', () => activate(tab.dataset.tab));
+    });
+
+    let start = 'branding';
+    try {
+      const saved = localStorage.getItem('ac_settings_tab');
+      if (saved && tabs.some((tab) => tab.dataset.tab === saved)) {
+        start = saved;
+      }
+    } catch (e) {}
+    activate(start);
+  })();
+
+  (function () {
+    const list = document.getElementById('footerLinksList');
+    const hidden = document.getElementById('footerLinksJson');
+    const addBtn = document.getElementById('addFooterLinkRow');
+    if (!list || !hidden || !addBtn) return;
+
+    const initial = <?= json_encode(is_array($footer_links ?? null) ? $footer_links : [], JSON_UNESCAPED_SLASHES) ?>;
+
+    function syncHidden() {
+      const rows = Array.from(list.querySelectorAll('.footer-link-row'));
+      const data = rows.map((row) => ({
+        label: (row.querySelector('input[name=\"footer_link_label[]\"]')?.value || '').trim(),
+        url: (row.querySelector('input[name=\"footer_link_url[]\"]')?.value || '').trim(),
+      })).filter((item) => item.label !== '' && item.url !== '');
+      hidden.value = JSON.stringify(data);
+    }
+
+    function createRow(item) {
+      const row = document.createElement('div');
+      row.className = 'footer-link-row';
+      row.style.display = 'grid';
+      row.style.gridTemplateColumns = '1fr 1fr auto';
+      row.style.gap = '8px';
+      row.innerHTML = '' +
+        '<input class=\"input\" name=\"footer_link_label[]\" placeholder=\"Label\" value=\"' + (item.label || '').replace(/\"/g, '&quot;') + '\">' +
+        '<input class=\"input\" name=\"footer_link_url[]\" placeholder=\"/privacy\" value=\"' + (item.url || '').replace(/\"/g, '&quot;') + '\">' +
+        '<button type=\"button\" class=\"btn outline danger\">Remove</button>';
+      row.querySelectorAll('input').forEach((inp) => inp.addEventListener('input', syncHidden));
+      row.querySelector('button').addEventListener('click', () => {
+        row.remove();
+        syncHidden();
+      });
+      return row;
+    }
+
+    if (initial.length) {
+      initial.forEach((item) => list.appendChild(createRow(item)));
+    } else {
+      list.appendChild(createRow({ label: '', url: '' }));
+    }
+    syncHidden();
+
+    addBtn.addEventListener('click', () => {
+      list.appendChild(createRow({ label: '', url: '' }));
+      syncHidden();
+    });
+
+    document.querySelector('form[action=\"/admin/settings\"]')?.addEventListener('submit', syncHidden);
+  })();
+
+  (function () {
+    const input = document.getElementById('headerLogoFile');
+    const label = document.getElementById('headerLogoFileName');
+    if (!input || !label) return;
+    input.addEventListener('change', function () {
+      const file = input.files && input.files.length ? input.files[0].name : 'No file selected';
+      label.textContent = file;
+    });
+  })();
+
+  (function () {
+    const openBtn = document.getElementById('openLogoMediaPicker');
+    const logoInput = document.querySelector('input[name="site_header_logo_url"]');
+    if (!openBtn || !logoInput) return;
+
+    const modal = document.createElement('div');
+    modal.className = 'settings-media-modal';
+    modal.innerHTML = '' +
+      '<div class="settings-media-panel">' +
+      '  <div style="display:flex; justify-content:space-between; align-items:center; gap:10px;">' +
+      '    <div class="badge">Media Library</div>' +
+      '    <button type="button" class="btn outline" id="closeLogoMediaPicker">Close</button>' +
+      '  </div>' +
+      '  <div id="settingsMediaList" class="settings-media-grid"></div>' +
+      '</div>';
+    document.body.appendChild(modal);
+
+    const list = modal.querySelector('#settingsMediaList');
+    const closeBtn = modal.querySelector('#closeLogoMediaPicker');
+
+    function closeModal() { modal.classList.remove('is-open'); }
+    closeBtn.addEventListener('click', closeModal);
+    modal.addEventListener('click', (e) => { if (e.target === modal) closeModal(); });
+
+    openBtn.addEventListener('click', async function () {
+      modal.classList.add('is-open');
+      list.innerHTML = '<div style="color:var(--muted);">Loading media...</div>';
+      try {
+        const res = await fetch('/admin/media/picker', { credentials: 'same-origin' });
+        const data = await res.json();
+        const items = Array.isArray(data.items) ? data.items : [];
+        if (!items.length) {
+          list.innerHTML = '<div style="color:var(--muted);">No media found.</div>';
+          return;
+        }
+        list.innerHTML = '';
+        items.forEach((item) => {
+          const url = (item.file_url || '').toString();
+          const type = (item.file_type || '').toString().toLowerCase();
+          const isImage = type.startsWith('image/');
+          const node = document.createElement('button');
+          node.type = 'button';
+          node.className = 'settings-media-item';
+          node.innerHTML = isImage
+            ? '<img src="' + url.replace(/"/g, '&quot;') + '" alt="">' + '<div>' + (item.file_name || url) + '</div>'
+            : '<div style="height:104px;display:grid;place-items:center;">' + (item.file_type || 'FILE') + '</div><div>' + (item.file_name || url) + '</div>';
+          node.addEventListener('click', () => {
+            logoInput.value = url;
+            closeModal();
+          });
+          list.appendChild(node);
+        });
+      } catch (err) {
+        list.innerHTML = '<div style="color:#ffb7c2;">Failed to load media picker.</div>';
+      }
+    });
+  })();
+</script>
+<?php
+$content = ob_get_clean();
+require __DIR__ . '/layout.php';
--- a/modules/admin/views/shortcodes.php
+++ b/modules/admin/views/shortcodes.php
@@ -0,0 +1,114 @@
+<?php
+$pageTitle = 'Shortcodes';
+$codes = is_array($codes ?? null) ? $codes : [];
+$enabledCodes = array_values(array_filter($codes, static fn(array $c): bool => !empty($c['enabled'])));
+$disabledCodes = array_values(array_filter($codes, static fn(array $c): bool => empty($c['enabled'])));
+ob_start();
+?>
+<section class="admin-card">
+  <div class="badge">Content</div>
+  <div style="display:flex; align-items:flex-end; justify-content:space-between; gap:14px; margin-top:14px;">
+    <div>
+      <h1 style="margin:0; font-size:30px;">Shortcodes</h1>
+      <p style="margin:8px 0 0; color:var(--muted);">Use these in page HTML to render dynamic blocks from modules/plugins.</p>
+    </div>
+    <a href="/admin/pages" class="btn outline">Back to pages</a>
+  </div>
+
+  <div style="display:grid; gap:16px; margin-top:18px;">
+    <article class="admin-card" style="padding:14px; border-radius:14px;">
+      <div class="label" style="font-size:11px;">Active Shortcodes</div>
+      <?php if (!$enabledCodes): ?>
+        <div style="margin-top:10px; color:var(--muted); font-size:13px;">No active shortcodes found.</div>
+      <?php else: ?>
+        <div style="display:grid; gap:12px; margin-top:10px;">
+          <?php foreach ($enabledCodes as $code): ?>
+            <article class="admin-card" style="padding:14px; border-radius:12px; box-shadow:none;">
+              <div style="display:flex; flex-wrap:wrap; gap:8px; align-items:center; justify-content:space-between;">
+                <div style="font-family:'IBM Plex Mono', monospace; font-size:13px; letter-spacing:0.08em;">
+                  <?= htmlspecialchars((string)($code['tag'] ?? ''), ENT_QUOTES, 'UTF-8') ?>
+                </div>
+                <span class="pill" style="padding:5px 10px; font-size:10px; letter-spacing:0.14em; border-color:rgba(115,255,198,0.4); color:#9ff8d8;">Enabled</span>
+              </div>
+              <div style="margin-top:8px; color:var(--muted); font-size:13px;">
+                <?= htmlspecialchars((string)($code['description'] ?? ''), ENT_QUOTES, 'UTF-8') ?>
+              </div>
+              <div style="margin-top:10px; display:grid; grid-template-columns:1fr auto; gap:10px; align-items:center;">
+                <code style="padding:9px 11px; border-radius:10px; border:1px solid rgba(255,255,255,0.12); background:rgba(255,255,255,0.03); font-family:'IBM Plex Mono', monospace; font-size:12px; overflow:auto; white-space:nowrap;">
+                  <?= htmlspecialchars((string)($code['example'] ?? ''), ENT_QUOTES, 'UTF-8') ?>
+                </code>
+                <div style="display:flex; gap:8px; align-items:center;">
+                  <button class="btn outline previewShortcodeBtn" type="button" data-code="<?= htmlspecialchars((string)($code['example'] ?? ''), ENT_QUOTES, 'UTF-8') ?>">Preview</button>
+                  <button class="btn outline" type="button" onclick="navigator.clipboard.writeText('<?= htmlspecialchars((string)($code['example'] ?? ''), ENT_QUOTES, 'UTF-8') ?>')">Copy</button>
+                </div>
+              </div>
+              <div style="margin-top:8px; font-size:12px; color:var(--muted);">Source: <?= htmlspecialchars((string)($code['source'] ?? ''), ENT_QUOTES, 'UTF-8') ?></div>
+            </article>
+          <?php endforeach; ?>
+        </div>
+      <?php endif; ?>
+    </article>
+
+    <?php if ($disabledCodes): ?>
+      <article class="admin-card" style="padding:14px; border-radius:14px;">
+        <div class="label" style="font-size:11px;">Disabled (plugin/module unavailable)</div>
+        <div style="display:grid; gap:10px; margin-top:10px;">
+          <?php foreach ($disabledCodes as $code): ?>
+            <div style="padding:10px 12px; border:1px dashed rgba(255,255,255,0.16); border-radius:10px; color:var(--muted); font-size:13px; display:flex; align-items:center; justify-content:space-between; gap:10px;">
+              <span style="font-family:'IBM Plex Mono', monospace; font-size:12px; color:#b7bcc8;"><?= htmlspecialchars((string)($code['tag'] ?? ''), ENT_QUOTES, 'UTF-8') ?></span>
+              <span style="font-size:12px; color:#ffbecc;"><?= htmlspecialchars((string)($code['source'] ?? ''), ENT_QUOTES, 'UTF-8') ?></span>
+            </div>
+          <?php endforeach; ?>
+        </div>
+      </article>
+    <?php endif; ?>
+  </div>
+</section>
+
+<div id="shortcodePreviewModal" style="position:fixed;inset:0;background:rgba(2,3,8,0.72);display:none;align-items:center;justify-content:center;z-index:4000;padding:18px;">
+  <div style="width:min(1100px,100%);height:min(760px,85vh);border-radius:16px;border:1px solid rgba(255,255,255,0.14);background:#11141c;display:grid;grid-template-rows:auto 1fr;overflow:hidden;">
+    <div style="display:flex;align-items:center;justify-content:space-between;gap:10px;padding:10px 12px;border-bottom:1px solid rgba(255,255,255,0.12);">
+      <div class="badge">Shortcode Preview</div>
+      <div style="display:flex;gap:8px;align-items:center;">
+        <a href="#" id="shortcodePreviewPopout" target="_blank" class="btn outline">Popout</a>
+        <button type="button" id="shortcodePreviewClose" class="btn outline">Close</button>
+      </div>
+    </div>
+    <iframe id="shortcodePreviewFrame" src="about:blank" style="width:100%;height:100%;border:0;background:#0d1016;"></iframe>
+  </div>
+</div>
+
+<script>
+  (function () {
+    const modal = document.getElementById('shortcodePreviewModal');
+    const frame = document.getElementById('shortcodePreviewFrame');
+    const popout = document.getElementById('shortcodePreviewPopout');
+    const closeBtn = document.getElementById('shortcodePreviewClose');
+    const buttons = Array.from(document.querySelectorAll('.previewShortcodeBtn'));
+    if (!modal || !frame || !popout || !closeBtn || !buttons.length) return;
+
+    function closeModal() {
+      modal.style.display = 'none';
+      frame.src = 'about:blank';
+      popout.href = '#';
+    }
+
+    closeBtn.addEventListener('click', closeModal);
+    modal.addEventListener('click', function (e) {
+      if (e.target === modal) closeModal();
+    });
+
+    buttons.forEach((btn) => {
+      btn.addEventListener('click', function () {
+        const code = btn.getAttribute('data-code') || '';
+        const url = '/admin/shortcodes/preview?code=' + encodeURIComponent(code);
+        frame.src = url;
+        popout.href = url;
+        modal.style.display = 'flex';
+      });
+    });
+  })();
+</script>
+<?php
+$content = ob_get_clean();
+require __DIR__ . '/layout.php';
--- a/modules/admin/views/updates.php
+++ b/modules/admin/views/updates.php
@@ -0,0 +1,90 @@
+<?php
+$pageTitle = 'Updates';
+$status = is_array($status ?? null) ? $status : [];
+$channel = (string)($channel ?? 'stable');
+$message = (string)($message ?? '');
+$messageType = (string)($message_type ?? '');
+
+ob_start();
+?>
+<section class="admin-card" style="display:grid; gap:18px;">
+  <div class="badge">System</div>
+  <div style="display:flex; align-items:flex-start; justify-content:space-between; gap:16px; flex-wrap:wrap;">
+    <div>
+      <h1 style="margin:0; font-size:42px; line-height:1;">Updates</h1>
+      <p style="margin:10px 0 0; color:var(--muted);">Check for new AudioCore releases from your Gitea manifest.</p>
+    </div>
+    <form method="post" action="/admin/updates">
+      <input type="hidden" name="updates_action" value="check_now">
+      <button class="btn" type="submit">Check Now</button>
+    </form>
+  </div>
+
+  <?php if ($message !== ''): ?>
+    <div style="padding:12px 14px; border-radius:12px; border:1px solid <?= $messageType === 'error' ? 'rgba(255,124,124,.45)' : 'rgba(57,244,179,.45)' ?>; background:<?= $messageType === 'error' ? 'rgba(180,40,40,.18)' : 'rgba(10,90,60,.22)' ?>;">
+      <?= htmlspecialchars($message, ENT_QUOTES, 'UTF-8') ?>
+    </div>
+  <?php endif; ?>
+
+  <div class="admin-card" style="padding:16px; background:rgba(255,255,255,.03); box-shadow:none;">
+    <div style="display:grid; grid-template-columns:repeat(auto-fit,minmax(220px,1fr)); gap:12px;">
+      <div>
+        <div class="badge" style="margin-bottom:6px;">Installed</div>
+        <div style="font-size:26px; font-weight:700;"><?= htmlspecialchars((string)($status['current_version'] ?? '0.0.0'), ENT_QUOTES, 'UTF-8') ?></div>
+      </div>
+      <div>
+        <div class="badge" style="margin-bottom:6px;">Latest</div>
+        <div style="font-size:26px; font-weight:700;"><?= htmlspecialchars((string)($status['latest_version'] ?? '-'), ENT_QUOTES, 'UTF-8') ?></div>
+      </div>
+      <div>
+        <div class="badge" style="margin-bottom:6px;">Status</div>
+        <?php if (!empty($status['ok']) && !empty($status['update_available'])): ?>
+          <div style="font-size:20px; font-weight:700; color:#9ff8d8;">Update available</div>
+        <?php elseif (!empty($status['ok'])): ?>
+          <div style="font-size:20px; font-weight:700; color:#9ff8d8;">Up to date</div>
+        <?php else: ?>
+          <div style="font-size:20px; font-weight:700; color:#ffb7b7;">Check failed</div>
+        <?php endif; ?>
+      </div>
+      <div>
+        <div class="badge" style="margin-bottom:6px;">Channel</div>
+        <div style="font-size:18px; font-weight:700; text-transform:uppercase;"><?= htmlspecialchars((string)($status['channel'] ?? 'stable'), ENT_QUOTES, 'UTF-8') ?></div>
+      </div>
+    </div>
+    <?php if (!empty($status['error'])): ?>
+      <div style="margin-top:12px; color:#ffb7b7;"><?= htmlspecialchars((string)$status['error'], ENT_QUOTES, 'UTF-8') ?></div>
+    <?php endif; ?>
+    <div style="margin-top:10px; color:var(--muted); font-size:13px;">
+      Last checked: <?= htmlspecialchars((string)($status['checked_at'] ?? 'never'), ENT_QUOTES, 'UTF-8') ?>
+    </div>
+    <?php if (!empty($status['changelog_url'])): ?>
+      <div style="margin-top:8px;">
+        <a href="<?= htmlspecialchars((string)$status['changelog_url'], ENT_QUOTES, 'UTF-8') ?>" target="_blank" rel="noopener" style="color:#9ff8d8;">View changelog</a>
+      </div>
+    <?php endif; ?>
+  </div>
+
+  <form method="post" action="/admin/updates" class="admin-card" style="padding:16px; background:rgba(255,255,255,.03); box-shadow:none; display:grid; gap:12px;">
+    <input type="hidden" name="updates_action" value="save_config">
+    <div class="badge">Update Source</div>
+    <div style="display:grid; grid-template-columns:1fr 1fr; gap:12px;">
+      <label style="display:grid; gap:6px;">
+        <span class="label">Channel</span>
+        <select class="input" name="update_channel">
+          <option value="stable" <?= $channel === 'stable' ? 'selected' : '' ?>>Stable</option>
+          <option value="beta" <?= $channel === 'beta' ? 'selected' : '' ?>>Beta</option>
+        </select>
+      </label>
+      <label style="display:grid; gap:6px;">
+        <span class="label">Manifest Source</span>
+        <input class="input" type="text" value="<?= htmlspecialchars((string)($status['manifest_url'] ?? ''), ENT_QUOTES, 'UTF-8') ?>" readonly>
+      </label>
+    </div>
+    <div style="display:flex; justify-content:flex-end;">
+      <button class="btn" type="submit">Save Update Settings</button>
+    </div>
+  </form>
+</section>
+<?php
+$content = ob_get_clean();
+require __DIR__ . '/layout.php';