From 798b149626442888d12766cb0b97d93768cd994f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 1 Jun 2026 18:41:50 +0000
Subject: [PATCH] Refine project intake, dashboard actions, and admin payment
 settings

---
 dashboard.php               |  36 ++--
 includes/portal-helpers.php |  64 +++++++
 project.php                 | 321 ++++++++++++++++++++++++++++++++++--
 settings.php                | 179 ++++++++++++++++++++
 staff/estimate-requests.php |   6 +-
 staff/paypal-setup.php      |   8 +-
 start-project.php           | 286 +++++++++++++++++---------------
 7 files changed, 727 insertions(+), 173 deletions(-)
 create mode 100644 settings.php

diff --git a/dashboard.php b/dashboard.php
index f9fa48d..53c9db1 100644
--- a/dashboard.php
+++ b/dashboard.php
@@ -9,6 +9,7 @@
 $role = portalGetRole();
 $displayName = $user['display_name'] ?? $user['username'] ?? 'User';
 $isStaffRole = in_array($role, ['admin', 'staff'], true);
+$isAdminRole = $role === 'admin';
 
 $requests = portalLoadProjectRequests();
 $proposals = portalLoadProposals();
@@ -291,6 +292,8 @@
         .portal-panel th { color:#5a7a9e;font-size:.68rem;text-transform:uppercase;border-top:none;letter-spacing:.04em; }
         .portal-muted { color:#7a9ac0;font-size:.8rem; }
         .portal-mono { font-family:monospace;color:#ffc600; }
+        .portal-primary-action { display:inline-block;border:1px solid rgba(54,243,255,.35);background:rgba(54,243,255,.08);color:#36f3ff;border-radius:4px;padding:2px 8px;font-size:.68rem;font-weight:700;margin-right:7px;text-transform:uppercase;letter-spacing:.04em; }
+        .portal-primary-action:hover { color:#ffc600;border-color:#ffc600;text-decoration:none; }
         .status-chip { display:inline-block;border:1px solid rgba(54,243,255,.28);background:rgba(54,243,255,.08);padding:2px 7px;border-radius:999px;color:#a8bedc;font-size:.68rem;font-weight:700; }
         .timeline-list,.message-list { list-style:none;margin:0;padding:0;display:flex;flex-direction:column;gap:7px; }
         .timeline-list li,.message-list li { border:1px solid rgba(54,243,255,.12);border-radius:8px;padding:9px 10px;background:rgba(5,11,20,.44); }
@@ -317,6 +320,7 @@
             <div class="portal-actions">
                 <a href="/estimate.php" class="portal-link-btn">Start Project</a>
                 <?php if ($isStaffRole): ?><a href="/staff/estimate-requests.php" class="portal-link-btn">All Projects</a><?php endif; ?>
+                <?php if ($isAdminRole): ?><a href="/settings.php" class="portal-link-btn">Settings</a><?php endif; ?>
                 <a href="/logout.php" class="portal-logout">Sign Out</a>
             </div>
         </div>
@@ -338,25 +342,23 @@
                     <thead>
                         <tr>
                             <th>Project ID</th>
-                            <th>Project</th>
+                            <th>Project ID</th>
                             <th>Client</th>
                             <th>Status</th>
                             <th>Updated</th>
-                            <th></th>
                         </tr>
                     </thead>
                     <tbody>
                     <?php if (empty($recentProjects)): ?>
-                        <tr><td colspan="6" class="portal-muted">No projects yet.</td></tr>
+                        <tr><td colspan="5" class="portal-muted">No projects yet.</td></tr>
                     <?php else: ?>
                         <?php foreach ($recentProjects as $project): ?>
                             <tr>
-                                <td class="portal-mono"><?php echo pe($project['id']); ?></td>
+                                <td class="portal-mono"><a class="portal-primary-action" href="/project.php?id=<?php echo urlencode((string)$project['id']); ?>">Open</a><?php echo pe($project['id']); ?></td>
                                 <td><?php echo pe($project['name']); ?></td>
                                 <td><?php echo pe($project['client']); ?></td>
                                 <td><span class="status-chip"><?php echo pe($project['status_label']); ?></span></td>
                                 <td class="portal-muted"><?php echo $project['last_updated_ts'] > 0 ? pe(date('M j, Y', (int)$project['last_updated_ts'])) : '—'; ?></td>
-                                <td><a href="/project.php?id=<?php echo urlencode((string)$project['id']); ?>" style="color:#36f3ff;">Open</a></td>
                             </tr>
                         <?php endforeach; ?>
                     <?php endif; ?>
@@ -370,23 +372,21 @@
                     <thead>
                     <tr>
                         <th>Project ID</th>
-                        <th>Project</th>
+                        <th>Project ID</th>
                         <th>Proposal</th>
                         <th>Agreement</th>
-                        <th></th>
                     </tr>
                     </thead>
                     <tbody>
                     <?php if (empty($activeProjectRows)): ?>
-                        <tr><td colspan="5" class="portal-muted">No active projects right now.</td></tr>
+                        <tr><td colspan="4" class="portal-muted">No active projects right now.</td></tr>
                     <?php else: ?>
                         <?php foreach (array_slice($activeProjectRows, 0, 8) as $project): ?>
                             <tr>
-                                <td class="portal-mono"><?php echo pe($project['id']); ?></td>
+                                <td class="portal-mono"><a class="portal-primary-action" href="/project.php?id=<?php echo urlencode((string)$project['id']); ?>">Open</a><?php echo pe($project['id']); ?></td>
                                 <td><?php echo pe($project['name']); ?></td>
                                 <td><?php echo pe($project['proposal_status_label']); ?></td>
                                 <td><?php echo pe($project['agreement_status_label']); ?></td>
-                                <td><a href="/project.php?id=<?php echo urlencode((string)$project['id']); ?>" style="color:#36f3ff;">Open</a></td>
                             </tr>
                         <?php endforeach; ?>
                     <?php endif; ?>
@@ -399,24 +399,22 @@
                 <table>
                     <thead>
                     <tr>
-                        <th>Project ID</th>
+                        <th>Project</th>
                         <th>Project</th>
                         <th>Status</th>
                         <th>Created</th>
-                        <th></th>
                     </tr>
                     </thead>
                     <tbody>
                     <?php if (empty($pendingProjectRows)): ?>
-                        <tr><td colspan="5" class="portal-muted">No pending projects.</td></tr>
+                        <tr><td colspan="4" class="portal-muted">No pending projects.</td></tr>
                     <?php else: ?>
                         <?php foreach (array_slice($pendingProjectRows, 0, 8) as $project): ?>
                             <tr>
-                                <td class="portal-mono"><?php echo pe($project['id']); ?></td>
+                                <td class="portal-mono"><a class="portal-primary-action" href="/project.php?id=<?php echo urlencode((string)$project['id']); ?>">Open</a><?php echo pe($project['id']); ?></td>
                                 <td><?php echo pe($project['name']); ?></td>
                                 <td><span class="status-chip"><?php echo pe($project['status_label']); ?></span></td>
                                 <td class="portal-muted"><?php echo $project['created_ts'] > 0 ? pe(date('M j, Y', (int)$project['created_ts'])) : '—'; ?></td>
-                                <td><a href="/project.php?id=<?php echo urlencode((string)$project['id']); ?>" style="color:#36f3ff;">Open</a></td>
                             </tr>
                         <?php endforeach; ?>
                     <?php endif; ?>
@@ -429,22 +427,20 @@
                 <table>
                     <thead>
                     <tr>
-                        <th>Project ID</th>
+                        <th>Project</th>
                         <th>Project</th>
                         <th>Completed</th>
-                        <th></th>
                     </tr>
                     </thead>
                     <tbody>
                     <?php if (empty($completedProjectRows)): ?>
-                        <tr><td colspan="4" class="portal-muted">No completed projects yet.</td></tr>
+                        <tr><td colspan="3" class="portal-muted">No completed projects yet.</td></tr>
                     <?php else: ?>
                         <?php foreach (array_slice($completedProjectRows, 0, 8) as $project): ?>
                             <tr>
-                                <td class="portal-mono"><?php echo pe($project['id']); ?></td>
+                                <td class="portal-mono"><a class="portal-primary-action" href="/project.php?id=<?php echo urlencode((string)$project['id']); ?>">Open</a><?php echo pe($project['id']); ?></td>
                                 <td><?php echo pe($project['name']); ?></td>
                                 <td class="portal-muted"><?php echo $project['last_updated_ts'] > 0 ? pe(date('M j, Y', (int)$project['last_updated_ts'])) : '—'; ?></td>
-                                <td><a href="/project.php?id=<?php echo urlencode((string)$project['id']); ?>" style="color:#36f3ff;">Open</a></td>
                             </tr>
                         <?php endforeach; ?>
                     <?php endif; ?>
diff --git a/includes/portal-helpers.php b/includes/portal-helpers.php
index e93d959..474f30e 100644
--- a/includes/portal-helpers.php
+++ b/includes/portal-helpers.php
@@ -226,6 +226,7 @@ function portalRefreshVerificationTokenByEmail($email, &$userOut = null) {
 define('PORTAL_ESTIMATES_FILE',        PORTAL_DATA_DIR . '/estimate_requests.json');
 define('PORTAL_PROPOSALS_FILE',        PORTAL_DATA_DIR . '/proposals.json');
 define('PORTAL_PROJECT_AGREEMENTS_FILE', PORTAL_DATA_DIR . '/project_agreements.json');
+define('PORTAL_ADMIN_SETTINGS_FILE', PORTAL_DATA_DIR . '/admin_settings.json');
 
 // Session keys
 define('PORTAL_STAFF_SESSION',   'rls_portal_staff');
@@ -276,6 +277,64 @@ function portalSaveJson($file, $data) {
     return file_put_contents($file, $json, LOCK_EX) !== false;
 }
 
+function portalDefaultAdminSettings() {
+    return [
+        'paypal' => [
+            'client_id' => '',
+            'secret' => '',
+            'environment' => 'sandbox',
+            'business_email' => '',
+            'invoice_defaults' => '',
+        ],
+        'email' => [
+            'from_name' => '',
+            'from_email' => '',
+            'reply_to' => '',
+        ],
+        'site' => [
+            'company_name' => 'Runlevel Systems',
+            'support_email' => '',
+            'support_phone' => '',
+        ],
+        'business' => [
+            'legal_name' => '',
+            'address' => '',
+        ],
+        'updated_at' => '',
+        'updated_by' => '',
+    ];
+}
+
+function portalLoadAdminSettings() {
+    $stored = portalLoadJson(PORTAL_ADMIN_SETTINGS_FILE);
+    $defaults = portalDefaultAdminSettings();
+    $paypalStored = isset($stored['paypal']) && is_array($stored['paypal']) ? $stored['paypal'] : [];
+    $emailStored = isset($stored['email']) && is_array($stored['email']) ? $stored['email'] : [];
+    $siteStored = isset($stored['site']) && is_array($stored['site']) ? $stored['site'] : [];
+    $businessStored = isset($stored['business']) && is_array($stored['business']) ? $stored['business'] : [];
+    return [
+        'paypal' => array_merge($defaults['paypal'], $paypalStored),
+        'email' => array_merge($defaults['email'], $emailStored),
+        'site' => array_merge($defaults['site'], $siteStored),
+        'business' => array_merge($defaults['business'], $businessStored),
+        'updated_at' => (string)($stored['updated_at'] ?? ''),
+        'updated_by' => (string)($stored['updated_by'] ?? ''),
+    ];
+}
+
+function portalSaveAdminSettings(array $settings) {
+    $defaults = portalDefaultAdminSettings();
+    $payload = [
+        'paypal' => array_merge($defaults['paypal'], isset($settings['paypal']) && is_array($settings['paypal']) ? $settings['paypal'] : []),
+        'email' => array_merge($defaults['email'], isset($settings['email']) && is_array($settings['email']) ? $settings['email'] : []),
+        'site' => array_merge($defaults['site'], isset($settings['site']) && is_array($settings['site']) ? $settings['site'] : []),
+        'business' => array_merge($defaults['business'], isset($settings['business']) && is_array($settings['business']) ? $settings['business'] : []),
+        'updated_at' => (string)($settings['updated_at'] ?? ''),
+        'updated_by' => (string)($settings['updated_by'] ?? ''),
+    ];
+    return portalSaveJson(PORTAL_ADMIN_SETTINGS_FILE, $payload);
+}
+
 /**
  * Sanitize HTML output.
  */
@@ -681,6 +740,8 @@ function portalNormalizeProjectRequest(array $request) {
     $request['admin_notes_updated_at'] = (string)($request['admin_notes_updated_at'] ?? '');
     $request['client_notes'] = (string)($request['client_notes'] ?? '');
     $request['client_notes_updated_at'] = (string)($request['client_notes_updated_at'] ?? '');
+    $request['staff_response'] = (string)($request['staff_response'] ?? '');
+    $request['staff_response_updated_at'] = (string)($request['staff_response_updated_at'] ?? '');
     $request['invoice_reference'] = (string)($request['invoice_reference'] ?? '');
     $request['invoice_status'] = (string)($request['invoice_status'] ?? '');
     $request['amount_due'] = (string)($request['amount_due'] ?? '');
@@ -688,6 +749,9 @@ function portalNormalizeProjectRequest(array $request) {
     $request['balance_due'] = (string)($request['balance_due'] ?? '');
     $request['payment_notes'] = (string)($request['payment_notes'] ?? '');
     $request['payment_received_at'] = (string)($request['payment_received_at'] ?? '');
+    $request['payment_link'] = (string)($request['payment_link'] ?? '');
+    $request['invoice_sent_at'] = (string)($request['invoice_sent_at'] ?? '');
+    $request['attachments'] = isset($request['attachments']) && is_array($request['attachments']) ? array_values($request['attachments']) : [];
     $request['proposal_ids'] = isset($request['proposal_ids']) && is_array($request['proposal_ids']) ? array_values($request['proposal_ids']) : [];
     $request['agreement_ids'] = isset($request['agreement_ids']) && is_array($request['agreement_ids']) ? array_values($request['agreement_ids']) : [];
     if (!isset($request['created_at']) || trim((string)$request['created_at']) === '') {
diff --git a/project.php b/project.php
index bc27023..4e79c18 100644
--- a/project.php
+++ b/project.php
@@ -22,6 +22,14 @@
 $allRequests  = portalLoadProjectRequests();
 $allProposals = portalLoadProposals();
 $allAgreements = portalLoadProjectAgreements();
+$adminSettings = portalLoadAdminSettings();
+$paypalSettings = isset($adminSettings['paypal']) && is_array($adminSettings['paypal']) ? $adminSettings['paypal'] : [];
+$paypalEnv = (string)($paypalSettings['environment'] ?? 'sandbox');
+$paypalBusinessEmail = trim((string)($paypalSettings['business_email'] ?? ''));
+$paypalClientId = trim((string)($paypalSettings['client_id'] ?? ''));
+$paypalSecret = trim((string)($paypalSettings['secret'] ?? ''));
+$paypalInvoiceDefaults = trim((string)($paypalSettings['invoice_defaults'] ?? ''));
+$paypalApiConfigured = ($paypalClientId !== '' && $paypalSecret !== '' && $paypalBusinessEmail !== '');
 
 // -- Find the project request
 $request      = null;
@@ -97,6 +105,21 @@ function _genAgreementId(array $agreements) {
         if (!empty($a['agreement_id'])) {
             $existing[(string)$a['agreement_id']] = true;
         }
+
+        function _genInvoiceId(array $requests) {
+            $existing = [];
+            foreach ($requests as $row) {
+                $invoiceRef = trim((string)($row['invoice_reference'] ?? ''));
+                if ($invoiceRef !== '') {
+                    $existing[$invoiceRef] = true;
+                }
+            }
+            $d = date('Ymd');
+            do {
+                $id = 'INV-' . $d . '-' . str_pad((string) random_int(1, 9999), 4, '0', STR_PAD_LEFT);
+            } while (isset($existing[$id]));
+            return $id;
+        }
     }
     $d = date('Ymd');
     do {
@@ -378,6 +401,126 @@ function _reloadData(&$allRequests, &$allProposals, &$allAgreements,
                     $currentProposal, $currentAgreement, $projectId);
         $notice = 'Agreement signed. Your project is now active.';
     }
+
+    if ($isStaff && in_array($action, ['create_invoice', 'send_invoice', 'create_payment_link', 'record_payment'], true)) {
+        $invoiceAmountDue = trim((string)($_POST['invoice_amount_due'] ?? ($request['amount_due'] ?? '')));
+        $invoiceNotes = trim((string)($_POST['invoice_notes'] ?? ($request['payment_notes'] ?? '')));
+        $invoiceReference = trim((string)($request['invoice_reference'] ?? ''));
+        if ($invoiceReference === '') {
+            $invoiceReference = _genInvoiceId($allRequests);
+        }
+
+        foreach ($allRequests as &$req) {
+            if (portalGetRequestDisplayId((array)$req) !== $projectId) {
+                continue;
+            }
+            if ($action === 'create_invoice') {
+                $req['invoice_reference'] = $invoiceReference;
+                $req['invoice_status'] = 'draft';
+                $req['amount_due'] = $invoiceAmountDue;
+                $req['payment_notes'] = $invoiceNotes;
+                $req['balance_due'] = $invoiceAmountDue;
+                $req['updated_at'] = date('c');
+                $notice = 'Invoice draft created.';
+            } elseif ($action === 'send_invoice') {
+                $req['invoice_reference'] = $invoiceReference;
+                $req['invoice_status'] = 'sent';
+                $req['invoice_sent_at'] = date('c');
+                $req['amount_due'] = $invoiceAmountDue;
+                $req['payment_notes'] = $invoiceNotes;
+                if (trim((string)($req['balance_due'] ?? '')) === '') {
+                    $req['balance_due'] = $invoiceAmountDue;
+                }
+                $req['updated_at'] = date('c');
+                $notice = 'Invoice marked as sent to client.';
+            } elseif ($action === 'create_payment_link') {
+                $payLink = trim((string)($_POST['payment_link'] ?? ''));
+                if ($payLink === '' || !filter_var($payLink, FILTER_VALIDATE_URL)) {
+                    $error = 'Enter a valid payment link URL.';
+                    break;
+                }
+                $req['invoice_reference'] = $invoiceReference;
+                $req['invoice_status'] = 'payment_link_sent';
+                $req['payment_link'] = $payLink;
+                $req['amount_due'] = $invoiceAmountDue;
+                $req['payment_notes'] = $invoiceNotes;
+                if (trim((string)($req['balance_due'] ?? '')) === '') {
+                    $req['balance_due'] = $invoiceAmountDue;
+                }
+                $req['updated_at'] = date('c');
+                $notice = 'Payment link saved and ready to send.';
+            } elseif ($action === 'record_payment') {
+                $amountPaid = trim((string)($_POST['amount_paid'] ?? ''));
+                $req['invoice_reference'] = $invoiceReference;
+                $req['invoice_status'] = 'paid';
+                $req['amount_due'] = $invoiceAmountDue;
+                $req['amount_paid'] = $amountPaid;
+                $req['balance_due'] = '';
+                $req['payment_notes'] = $invoiceNotes;
+                $req['payment_received_at'] = date('c');
+                if (in_array((string)($req['status'] ?? ''), ['proposal_sent', 'accepted'], true)) {
+                    $req['status'] = 'active';
+                }
+                $req['updated_at'] = date('c');
+                $notice = 'Payment recorded.';
+            }
+            break;
+        }
+        unset($req);
+
+        if ($error === '') {
+            portalSaveProjectRequests($allRequests);
+            _reloadData($allRequests, $allProposals, $allAgreements,
+                        $request, $linkedProposals, $linkedAgreements,
+                        $currentProposal, $currentAgreement, $projectId);
+        }
+    }
+
+    if ($isClient && $action === 'send_client_message') {
+        $message = trim((string)($_POST['client_message'] ?? ''));
+        if ($message === '') {
+            $error = 'Enter a message before sending.';
+        } else {
+            foreach ($allRequests as &$req) {
+                if (portalGetRequestDisplayId((array)$req) !== $projectId) {
+                    continue;
+                }
+                $req['client_notes'] = $message;
+                $req['client_notes_updated_at'] = date('c');
+                $req['updated_at'] = date('c');
+                break;
+            }
+            unset($req);
+            portalSaveProjectRequests($allRequests);
+            _reloadData($allRequests, $allProposals, $allAgreements,
+                        $request, $linkedProposals, $linkedAgreements,
+                        $currentProposal, $currentAgreement, $projectId);
+            $notice = 'Message sent to staff.';
+        }
+    }
+
+    if ($isStaff && $action === 'send_staff_message') {
+        $message = trim((string)($_POST['staff_message'] ?? ''));
+        if ($message === '') {
+            $error = 'Enter a reply before sending.';
+        } else {
+            foreach ($allRequests as &$req) {
+                if (portalGetRequestDisplayId((array)$req) !== $projectId) {
+                    continue;
+                }
+                $req['staff_response'] = $message;
+                $req['staff_response_updated_at'] = date('c');
+                $req['updated_at'] = date('c');
+                break;
+            }
+            unset($req);
+            portalSaveProjectRequests($allRequests);
+            _reloadData($allRequests, $allProposals, $allAgreements,
+                        $request, $linkedProposals, $linkedAgreements,
+                        $currentProposal, $currentAgreement, $projectId);
+            $notice = 'Reply sent to client.';
+        }
+    }
 }
 
 // ================================================================
@@ -473,6 +616,35 @@ function buildTimeline(array $request, ?array $proposal, ?array $agreement) {
                 $events[] = ['ts' => $signedAt, 'icon' => '✍️', 'text' => 'Agreement signed' . ($signedBy ? ' by ' . $signedBy : ''), 'color' => '#22c55e'];
             }
         }
+
+        $invoiceRef = trim((string)($request['invoice_reference'] ?? ''));
+        if ($invoiceRef !== '') {
+            $invoiceTs = strtotime((string)($request['invoice_sent_at'] ?? $request['updated_at'] ?? ''));
+            if ($invoiceTs) {
+                $events[] = ['ts' => $invoiceTs, 'icon' => '🧾', 'text' => 'Invoice prepared (' . $invoiceRef . ')', 'color' => '#60a5fa'];
+            }
+        }
+        $invoiceStatus = trim((string)($request['invoice_status'] ?? ''));
+        if (in_array($invoiceStatus, ['sent', 'payment_link_sent'], true)) {
+            $sentTs = strtotime((string)($request['invoice_sent_at'] ?? $request['updated_at'] ?? ''));
+            if ($sentTs) {
+                $events[] = ['ts' => $sentTs, 'icon' => '📨', 'text' => $invoiceStatus === 'payment_link_sent' ? 'Payment link sent to client' : 'Invoice sent to client', 'color' => '#fbbf24'];
+            }
+        }
+        if ($invoiceStatus === 'paid') {
+            $paidTs = strtotime((string)($request['payment_received_at'] ?? $request['updated_at'] ?? ''));
+            if ($paidTs) {
+                $events[] = ['ts' => $paidTs, 'icon' => '💸', 'text' => 'Payment received', 'color' => '#22c55e'];
+            }
+        }
+        $clientMsgTs = strtotime((string)($request['client_notes_updated_at'] ?? ''));
+        if ($clientMsgTs && trim((string)($request['client_notes'] ?? '')) !== '') {
+            $events[] = ['ts' => $clientMsgTs, 'icon' => '💬', 'text' => 'Client message sent', 'color' => '#36f3ff'];
+        }
+        $staffMsgTs = strtotime((string)($request['staff_response_updated_at'] ?? ''));
+        if ($staffMsgTs && trim((string)($request['staff_response'] ?? '')) !== '') {
+            $events[] = ['ts' => $staffMsgTs, 'icon' => '🗨️', 'text' => 'Staff reply sent', 'color' => '#a78bfa'];
+        }
     }
 
     $reqStatus = (string)($request['status'] ?? '');
@@ -497,17 +669,16 @@ function buildTimeline(array $request, ?array $proposal, ?array $agreement) {
 function buildTrackerSteps(array $request, ?array $proposal, ?array $agreement) {
     $reqStatus  = (string)($request['status'] ?? 'new');
     $propStatus = $proposal  ? (string)($proposal['status']  ?? '') : '';
-    $agrStatus  = $agreement ? (string)($agreement['status'] ?? '') : '';
+    $invoiceRef = trim((string)($request['invoice_reference'] ?? ''));
+    $invoiceStatus = trim((string)($request['invoice_status'] ?? ''));
 
     $steps = [];
 
-    $steps[] = ['label' => 'Request Submitted',  'done' => true];
-    $steps[] = ['label' => 'Proposal Created',   'done' => $proposal !== null];
-    $steps[] = ['label' => 'Proposal Sent',      'done' => in_array($propStatus, ['sent', 'accepted', 'rejected'], true)];
+    $steps[] = ['label' => 'Project Request',    'done' => true];
     $steps[] = ['label' => 'Proposal Approved',  'done' => $propStatus === 'accepted'];
-    $steps[] = ['label' => 'Agreement Created',  'done' => $agreement !== null];
-    $steps[] = ['label' => 'Agreement Sent',     'done' => in_array($agrStatus, ['sent', 'signed'], true)];
-    $steps[] = ['label' => 'Agreement Signed',   'done' => $agrStatus === 'signed'];
+    $steps[] = ['label' => 'Create Invoice',     'done' => $invoiceRef !== ''];
+    $steps[] = ['label' => 'Send Payment Link',  'done' => in_array($invoiceStatus, ['sent', 'payment_link_sent', 'paid'], true)];
+    $steps[] = ['label' => 'Payment Received',   'done' => $invoiceStatus === 'paid'];
     $steps[] = ['label' => 'Project Active',     'done' => in_array($reqStatus, ['active', 'accepted', 'completed', 'closed'], true)];
     $steps[] = ['label' => 'Project Completed',  'done' => in_array($reqStatus, ['completed', 'closed'], true)];
 
@@ -950,19 +1121,127 @@ function buildTrackerSteps(array $request, ?array $proposal, ?array $agreement)
     <details class="pw-section">
         <summary>Payments</summary>
         <div class="pw-section-body">
-            <p style="color:#5a7a9e;font-size:.84rem;margin:0 0 8px;">Payments are managed via PayPal invoices or approved payment method.</p>
-            <?php if ($isStaff): ?>
-            <div style="display:flex;gap:8px;flex-wrap:wrap;" class="no-print">
-                <a href="/staff/paypal-setup.php" class="btn btn-teal">PayPal Setup</a>
-                <a href="/payments.php" class="btn btn-teal">Payment Info</a>
+            <?php
+                $invoiceStatus = trim((string)($request['invoice_status'] ?? ''));
+                $invoiceReference = trim((string)($request['invoice_reference'] ?? ''));
+                $amountDue = trim((string)($request['amount_due'] ?? ''));
+                $amountPaid = trim((string)($request['amount_paid'] ?? ''));
+                $paymentLink = trim((string)($request['payment_link'] ?? ''));
+                $paymentNotes = trim((string)($request['payment_notes'] ?? ''));
+                $paymentReceivedAt = trim((string)($request['payment_received_at'] ?? ''));
+                $invoiceSentAt = trim((string)($request['invoice_sent_at'] ?? ''));
+            ?>
+            <p style="color:#5a7a9e;font-size:.84rem;margin:0 0 10px;">Preferred workflow: Project → Proposal Approved → Create Invoice → Send Payment Link → Payment Received → Project Active.</p>
+            <div class="pw-grid" style="margin-bottom:10px;">
+                <div><span class="pw-lbl">Invoice Reference</span><div class="pw-val pw-mono"><?php echo pe($invoiceReference !== '' ? $invoiceReference : '—'); ?></div></div>
+                <div><span class="pw-lbl">Invoice Status</span><div class="pw-val"><?php echo pe($invoiceStatus !== '' ? strtoupper(str_replace('_', ' ', $invoiceStatus)) : 'Not started'); ?></div></div>
+                <div><span class="pw-lbl">Amount Due</span><div class="pw-val"><?php echo pe($amountDue !== '' ? $amountDue : '—'); ?></div></div>
+                <div><span class="pw-lbl">Amount Paid</span><div class="pw-val"><?php echo pe($amountPaid !== '' ? $amountPaid : '—'); ?></div></div>
+                <div><span class="pw-lbl">Invoice Sent</span><div class="pw-val"><?php echo $invoiceSentAt !== '' ? pe(date('M j, Y g:i A', strtotime($invoiceSentAt))) : '—'; ?></div></div>
+                <div><span class="pw-lbl">Payment Received</span><div class="pw-val"><?php echo $paymentReceivedAt !== '' ? pe(date('M j, Y g:i A', strtotime($paymentReceivedAt))) : '—'; ?></div></div>
             </div>
+            <?php if ($paymentNotes !== ''): ?>
+                <div style="margin-bottom:10px;"><span class="pw-lbl">Payment Notes</span><div class="pw-val" style="white-space:pre-wrap;"><?php echo pe($paymentNotes); ?></div></div>
+            <?php endif; ?>
+            <?php if ($paymentLink !== ''): ?>
+                <div style="margin-bottom:10px;"><span class="pw-lbl">Payment Link</span><div class="pw-val"><a href="<?php echo pe($paymentLink); ?>" target="_blank" rel="noopener noreferrer" style="color:#36f3ff;"><?php echo pe($paymentLink); ?></a></div></div>
+            <?php endif; ?>
+
+            <?php if ($isStaff): ?>
+                <div style="margin:0 0 10px;color:#a8bedc;font-size:.82rem;">
+                    <?php if ($paypalApiConfigured): ?>
+                        PayPal API configuration is set for <strong><?php echo pe(ucfirst($paypalEnv)); ?></strong>. Use invoice actions below to track status and payment records.
+                    <?php else: ?>
+                        PayPal API credentials are not fully configured. Use fallback payment link workflow, or configure PayPal in admin settings.
+                    <?php endif; ?>
+                </div>
+                <form method="post" class="no-print" style="margin-bottom:10px;">
+                    <div class="pw-grid">
+                        <div>
+                            <label>Amount Due</label>
+                            <input class="pw-input" type="text" name="invoice_amount_due" value="<?php echo pe($amountDue); ?>" placeholder="e.g. 1500.00 USD">
+                        </div>
+                        <div>
+                            <label>Amount Paid</label>
+                            <input class="pw-input" type="text" name="amount_paid" value="<?php echo pe($amountPaid); ?>" placeholder="e.g. 1500.00 USD">
+                        </div>
+                    </div>
+                    <div style="margin-top:8px;">
+                        <label>Invoice Defaults / Notes</label>
+                        <textarea class="pw-textarea" name="invoice_notes"><?php echo pe($paymentNotes !== '' ? $paymentNotes : $paypalInvoiceDefaults); ?></textarea>
+                    </div>
+                    <div style="display:flex;gap:8px;flex-wrap:wrap;margin-top:10px;">
+                        <button class="btn btn-blue" type="submit" name="action" value="create_invoice">Create Invoice</button>
+                        <button class="btn btn-gold" type="submit" name="action" value="send_invoice">Send Invoice</button>
+                        <button class="btn btn-green" type="submit" name="action" value="record_payment">Record Payment</button>
+                    </div>
+                </form>
+                <form method="post" class="no-print">
+                    <input type="hidden" name="invoice_amount_due" value="<?php echo pe($amountDue); ?>">
+                    <input type="hidden" name="invoice_notes" value="<?php echo pe($paymentNotes); ?>">
+                    <label>Fallback Payment Link (if Invoice API unavailable)</label>
+                    <input class="pw-input" type="url" name="payment_link" value="<?php echo pe($paymentLink); ?>" placeholder="https://paypal.com/invoice/p/#...">
+                    <div style="display:flex;gap:8px;flex-wrap:wrap;margin-top:8px;">
+                        <button class="btn btn-teal" type="submit" name="action" value="create_payment_link">Save Payment Link</button>
+                        <?php if ($role === 'admin'): ?><a href="/settings.php" class="btn btn-teal">PayPal Settings</a><?php endif; ?>
+                        <a href="/payments.php" class="btn btn-teal">Payment Info</a>
+                    </div>
+                </form>
             <?php else: ?>
-            <a href="/payments.php" class="btn btn-teal">Payment Information</a>
+                <?php if ($invoiceStatus === 'paid'): ?>
+                    <p style="color:#4ade80;font-size:.84rem;margin:0;">Payment received. Thank you.</p>
+                <?php elseif ($paymentLink !== ''): ?>
+                    <a href="<?php echo pe($paymentLink); ?>" target="_blank" rel="noopener noreferrer" class="btn btn-green">Open Payment Link</a>
+                <?php else: ?>
+                    <p style="color:#a8bedc;font-size:.84rem;margin:0 0 8px;">Payment details will appear here when your invoice or payment link is ready.</p>
+                <?php endif; ?>
+                <a href="/payments.php" class="btn btn-teal">Payment Information</a>
             <?php endif; ?>
         </div>
     </details>
 
-    <!-- SECTION 7 — COMMUNICATION TIMELINE -->
+    <!-- SECTION 7 — MESSAGES -->
+    <details class="pw-section">
+        <summary>Messages</summary>
+        <div class="pw-section-body">
+            <?php
+                $clientMessage = trim((string)($request['client_notes'] ?? ''));
+                $clientMessageTs = trim((string)($request['client_notes_updated_at'] ?? ''));
+                $staffMessage = trim((string)($request['staff_response'] ?? ''));
+                $staffMessageTs = trim((string)($request['staff_response_updated_at'] ?? ''));
+            ?>
+            <?php if ($clientMessage !== ''): ?>
+                <div style="margin-bottom:10px;">
+                    <span class="pw-lbl">Client Message<?php echo $clientMessageTs !== '' ? ' · ' . pe(date('M j, Y g:i A', strtotime($clientMessageTs))) : ''; ?></span>
+                    <div class="pw-val" style="white-space:pre-wrap;background:rgba(0,0,0,.24);border:1px solid rgba(54,243,255,.1);border-radius:6px;padding:10px;"><?php echo pe($clientMessage); ?></div>
+                </div>
+            <?php endif; ?>
+            <?php if ($staffMessage !== ''): ?>
+                <div style="margin-bottom:10px;">
+                    <span class="pw-lbl">Staff Reply<?php echo $staffMessageTs !== '' ? ' · ' . pe(date('M j, Y g:i A', strtotime($staffMessageTs))) : ''; ?></span>
+                    <div class="pw-val" style="white-space:pre-wrap;background:rgba(0,0,0,.24);border:1px solid rgba(167,139,250,.16);border-radius:6px;padding:10px;"><?php echo pe($staffMessage); ?></div>
+                </div>
+            <?php endif; ?>
+
+            <?php if ($isClient): ?>
+                <form method="post" class="no-print">
+                    <label>Send Message to Staff</label>
+                    <textarea class="pw-textarea" name="client_message" placeholder="Add project updates, questions, or clarifications."><?php echo pe($clientMessage); ?></textarea>
+                    <div style="margin-top:8px;"><button class="btn btn-blue" type="submit" name="action" value="send_client_message">Send Message</button></div>
+                </form>
+            <?php endif; ?>
+
+            <?php if ($isStaff): ?>
+                <form method="post" class="no-print" style="margin-top:8px;">
+                    <label>Reply to Client</label>
+                    <textarea class="pw-textarea" name="staff_message" placeholder="Send a project update or request additional information."><?php echo pe($staffMessage); ?></textarea>
+                    <div style="margin-top:8px;"><button class="btn btn-gold" type="submit" name="action" value="send_staff_message">Send Reply</button></div>
+                </form>
+            <?php endif; ?>
+        </div>
+    </details>
+
+    <!-- SECTION 8 — COMMUNICATION TIMELINE -->
     <details class="pw-section">
         <summary>Project Timeline</summary>
         <div class="pw-section-body">
@@ -984,14 +1263,24 @@ function buildTrackerSteps(array $request, ?array $proposal, ?array $agreement)
         </div>
     </details>
 
-    <!-- SECTION 8 — FILES -->
+    <!-- SECTION 9 — FILES -->
     <details class="pw-section">
         <summary>Files &amp; Attachments</summary>
         <div class="pw-section-body">
-            <p class="pw-files-info">File attachments and document uploads are coming soon. Contact us directly to share files for this project.</p>
+            <p class="pw-files-info">Project files and attachments are tracked in this workspace.</p>
             <?php if ($request['repo_link'] ?? ''): ?>
             <div style="margin-top:8px;"><span class="pw-lbl">Repository / Project Link</span><div><a href="<?php echo pe($request['repo_link']); ?>" target="_blank" rel="noopener noreferrer" style="color:#36f3ff;font-size:.86rem;"><?php echo pe($request['repo_link']); ?></a></div></div>
             <?php endif; ?>
+            <?php if (!empty($request['attachments']) && is_array($request['attachments'])): ?>
+                <div style="margin-top:10px;">
+                    <span class="pw-lbl">Submitted Attachments</span>
+                    <ul style="margin:6px 0 0;padding-left:18px;">
+                        <?php foreach ($request['attachments'] as $attachment): ?>
+                            <li style="color:#a8bedc;font-size:.82rem;"><?php echo pe((string)($attachment['original_name'] ?? 'Attachment')); ?></li>
+                        <?php endforeach; ?>
+                    </ul>
+                </div>
+            <?php endif; ?>
         </div>
     </details>
 
diff --git a/settings.php b/settings.php
new file mode 100644
index 0000000..3654855
--- /dev/null
+++ b/settings.php
@@ -0,0 +1,179 @@
+<?php
+session_start();
+define('WDS_SYSTEM', true);
+require_once __DIR__ . '/includes/portal-helpers.php';
+portalRequireStaff(['admin']);
+
+$current_page = 'dashboard';
+$header_class = 'inner-header';
+
+$user = portalGetUser();
+$settings = portalLoadAdminSettings();
+$notice = '';
+$error = '';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $paypal = $settings['paypal'];
+    $email = $settings['email'];
+    $site = $settings['site'];
+    $business = $settings['business'];
+
+    $paypal['client_id'] = trim((string)($_POST['paypal_client_id'] ?? ''));
+    $paypal['secret'] = trim((string)($_POST['paypal_secret'] ?? ''));
+    $paypal['environment'] = trim((string)($_POST['paypal_environment'] ?? 'sandbox')) === 'production' ? 'production' : 'sandbox';
+    $paypal['business_email'] = trim((string)($_POST['paypal_business_email'] ?? ''));
+    $paypal['invoice_defaults'] = trim((string)($_POST['paypal_invoice_defaults'] ?? ''));
+
+    $email['from_name'] = trim((string)($_POST['email_from_name'] ?? ''));
+    $email['from_email'] = trim((string)($_POST['email_from_email'] ?? ''));
+    $email['reply_to'] = trim((string)($_POST['email_reply_to'] ?? ''));
+
+    $site['company_name'] = trim((string)($_POST['site_company_name'] ?? 'Runlevel Systems'));
+    $site['support_email'] = trim((string)($_POST['site_support_email'] ?? ''));
+    $site['support_phone'] = trim((string)($_POST['site_support_phone'] ?? ''));
+
+    $business['legal_name'] = trim((string)($_POST['business_legal_name'] ?? ''));
+    $business['address'] = trim((string)($_POST['business_address'] ?? ''));
+
+    if ($paypal['business_email'] !== '' && !filter_var($paypal['business_email'], FILTER_VALIDATE_EMAIL)) {
+        $error = 'Please enter a valid PayPal business email.';
+    } elseif ($email['from_email'] !== '' && !filter_var($email['from_email'], FILTER_VALIDATE_EMAIL)) {
+        $error = 'Please enter a valid sender email.';
+    } elseif ($email['reply_to'] !== '' && !filter_var($email['reply_to'], FILTER_VALIDATE_EMAIL)) {
+        $error = 'Please enter a valid reply-to email.';
+    } elseif ($site['support_email'] !== '' && !filter_var($site['support_email'], FILTER_VALIDATE_EMAIL)) {
+        $error = 'Please enter a valid support email.';
+    }
+
+    if ($error === '') {
+        $settings = [
+            'paypal' => $paypal,
+            'email' => $email,
+            'site' => $site,
+            'business' => $business,
+            'updated_at' => date('c'),
+            'updated_by' => (string)($user['username'] ?? 'admin'),
+        ];
+        if (portalSaveAdminSettings($settings)) {
+            $notice = 'Settings saved.';
+        } else {
+            $error = 'Unable to save settings.';
+        }
+    }
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="icon" type="image/png" href="/assets/images/RL-icon.png">
+    <title>Settings | Admin | Runlevel Systems</title>
+    <link href="assets/css/coreloop.css" rel="stylesheet">
+    <style>
+        .settings-wrap{padding:28px 0 70px;}
+        .settings-grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(280px,1fr));gap:12px;}
+        .settings-card{background:#0c1729;border:1px solid rgba(54,243,255,.16);border-radius:10px;padding:14px;}
+        .settings-card h2{margin:0 0 10px;color:#ffc600;font-size:.95rem;text-transform:uppercase;letter-spacing:.05em;}
+        .settings-card p{margin:0 0 8px;color:#7a9ac0;font-size:.82rem;}
+        .settings-input,.settings-select,.settings-textarea{width:100%;background:#09111d;border:1px solid rgba(54,243,255,.22);border-radius:6px;color:#eaf3ff;padding:8px 10px;font-size:.84rem;}
+        .settings-textarea{min-height:82px;resize:vertical;}
+        .settings-label{display:block;color:#a8bedc;font-size:.72rem;text-transform:uppercase;letter-spacing:.04em;margin:9px 0 4px;}
+        .settings-btn{display:inline-block;border:none;border-radius:6px;padding:8px 12px;background:#ffc600;color:#08111f;font-size:.8rem;font-weight:700;}
+        .settings-link{display:inline-block;margin-right:8px;border:1px solid rgba(54,243,255,.3);background:rgba(54,243,255,.08);color:#36f3ff;border-radius:6px;padding:6px 10px;font-size:.78rem;text-decoration:none;}
+        .settings-link:hover{color:#ffc600;border-color:#ffc600;text-decoration:none;}
+        .notice{background:rgba(34,197,94,.14);border:1px solid rgba(34,197,94,.35);color:#86efac;border-radius:6px;padding:10px 14px;margin-bottom:14px;font-size:.84rem;}
+        .error{background:rgba(239,68,68,.14);border:1px solid rgba(239,68,68,.35);color:#fecaca;border-radius:6px;padding:10px 14px;margin-bottom:14px;font-size:.84rem;}
+    </style>
+</head>
+<body>
+<?php include 'includes/header.php'; ?>
+<?php include 'includes/navigation.php'; ?>
+
+<section class="settings-wrap">
+    <div class="container">
+        <div style="display:flex;justify-content:space-between;align-items:center;gap:8px;flex-wrap:wrap;margin-bottom:12px;">
+            <div>
+                <h1 style="margin:0;color:#ffc600;font-size:1.22rem;">Settings</h1>
+                <p style="margin:4px 0 0;color:#7a9ac0;font-size:.82rem;">Admin only configuration dashboard.</p>
+            </div>
+            <a href="/dashboard.php" class="settings-link">← Dashboard</a>
+        </div>
+
+        <?php if ($notice !== ''): ?><div class="notice"><?php echo pe($notice); ?></div><?php endif; ?>
+        <?php if ($error !== ''): ?><div class="error"><?php echo pe($error); ?></div><?php endif; ?>
+
+        <form method="post" class="settings-grid">
+            <article class="settings-card">
+                <h2>PayPal Settings</h2>
+                <p>PayPal Configuration (Admin Only).</p>
+                <label class="settings-label" for="paypal_client_id">Client ID</label>
+                <input class="settings-input" id="paypal_client_id" name="paypal_client_id" type="text" value="<?php echo pe($settings['paypal']['client_id'] ?? ''); ?>">
+
+                <label class="settings-label" for="paypal_secret">Secret</label>
+                <input class="settings-input" id="paypal_secret" name="paypal_secret" type="password" value="<?php echo pe($settings['paypal']['secret'] ?? ''); ?>">
+
+                <label class="settings-label" for="paypal_environment">Environment</label>
+                <select class="settings-select" id="paypal_environment" name="paypal_environment">
+                    <option value="sandbox" <?php echo ($settings['paypal']['environment'] ?? 'sandbox') === 'sandbox' ? 'selected' : ''; ?>>Sandbox</option>
+                    <option value="production" <?php echo ($settings['paypal']['environment'] ?? '') === 'production' ? 'selected' : ''; ?>>Production</option>
+                </select>
+
+                <label class="settings-label" for="paypal_business_email">Business Email</label>
+                <input class="settings-input" id="paypal_business_email" name="paypal_business_email" type="email" value="<?php echo pe($settings['paypal']['business_email'] ?? ''); ?>">
+
+                <label class="settings-label" for="paypal_invoice_defaults">Invoice Defaults</label>
+                <textarea class="settings-textarea" id="paypal_invoice_defaults" name="paypal_invoice_defaults"><?php echo pe($settings['paypal']['invoice_defaults'] ?? ''); ?></textarea>
+
+                <div style="margin-top:10px;"><button class="settings-btn" type="submit">Save Settings</button></div>
+            </article>
+
+            <article class="settings-card">
+                <h2>Email Settings</h2>
+                <label class="settings-label" for="email_from_name">From Name</label>
+                <input class="settings-input" id="email_from_name" name="email_from_name" type="text" value="<?php echo pe($settings['email']['from_name'] ?? ''); ?>">
+                <label class="settings-label" for="email_from_email">From Email</label>
+                <input class="settings-input" id="email_from_email" name="email_from_email" type="email" value="<?php echo pe($settings['email']['from_email'] ?? ''); ?>">
+                <label class="settings-label" for="email_reply_to">Reply-To</label>
+                <input class="settings-input" id="email_reply_to" name="email_reply_to" type="email" value="<?php echo pe($settings['email']['reply_to'] ?? ''); ?>">
+            </article>
+
+            <article class="settings-card">
+                <h2>Site Settings</h2>
+                <label class="settings-label" for="site_company_name">Company Name</label>
+                <input class="settings-input" id="site_company_name" name="site_company_name" type="text" value="<?php echo pe($settings['site']['company_name'] ?? ''); ?>">
+                <label class="settings-label" for="site_support_email">Support Email</label>
+                <input class="settings-input" id="site_support_email" name="site_support_email" type="email" value="<?php echo pe($settings['site']['support_email'] ?? ''); ?>">
+                <label class="settings-label" for="site_support_phone">Support Phone</label>
+                <input class="settings-input" id="site_support_phone" name="site_support_phone" type="text" value="<?php echo pe($settings['site']['support_phone'] ?? ''); ?>">
+            </article>
+
+            <article class="settings-card">
+                <h2>Business Information</h2>
+                <label class="settings-label" for="business_legal_name">Legal Name</label>
+                <input class="settings-input" id="business_legal_name" name="business_legal_name" type="text" value="<?php echo pe($settings['business']['legal_name'] ?? ''); ?>">
+                <label class="settings-label" for="business_address">Business Address</label>
+                <textarea class="settings-textarea" id="business_address" name="business_address"><?php echo pe($settings['business']['address'] ?? ''); ?></textarea>
+            </article>
+
+            <article class="settings-card">
+                <h2>Staff Management</h2>
+                <p>Manage staff and admin user accounts.</p>
+                <a class="settings-link" href="/staff/users.php">Open Staff Management</a>
+            </article>
+
+            <article class="settings-card">
+                <h2>User Management</h2>
+                <p>Manage client portal users and file access.</p>
+                <a class="settings-link" href="/staff/client-portal.php">Open User Management</a>
+            </article>
+        </form>
+    </div>
+</section>
+
+<?php include 'includes/footer.php'; ?>
+<script src="assets/js/jquery-1.12.3.min.js"></script>
+<script src="assets/js/bootstrap.min.js"></script>
+</body>
+</html>
diff --git a/staff/estimate-requests.php b/staff/estimate-requests.php
index d8f71e8..bd669c8 100644
--- a/staff/estimate-requests.php
+++ b/staff/estimate-requests.php
@@ -150,12 +150,11 @@
                         <th>Status</th>
                         <th>Created</th>
                         <th>Last Updated</th>
-                        <th></th>
                     </tr>
                 </thead>
                 <tbody>
                 <?php if (empty($requests)): ?>
-                    <tr><td colspan="8" style="text-align:center;color:#5a7a9e;padding:20px;">No project requests yet.</td></tr>
+                    <tr><td colspan="7" style="text-align:center;color:#5a7a9e;padding:20px;">No project requests yet.</td></tr>
                 <?php else: ?>
                     <?php foreach ($requests as $r): ?>
                         <?php
@@ -164,14 +163,13 @@
                             $workspaceUrl = '/project.php?id=' . urlencode($rid);
                         ?>
                         <tr style="cursor:pointer;" onclick="window.location='<?php echo pe($workspaceUrl); ?>'">
-                            <td class="mono"><?php echo pe($rid); ?></td>
+                            <td class="mono"><a class="btn btn-teal" href="<?php echo pe($workspaceUrl); ?>" style="margin-right:6px;padding:4px 8px;font-size:.7rem;">Open</a><?php echo pe($rid); ?></td>
                             <td><?php echo pe($r['name'] ?? '—'); ?></td>
                             <td><?php echo pe($r['email'] ?? '—'); ?></td>
                             <td><?php echo pe($r['project_type'] ?? '—'); ?></td>
                             <td><span class="status"><?php echo pe($statuses[$status] ?? ucfirst($status)); ?></span></td>
                             <td><?php echo pe(date('M j, Y', strtotime((string)($r['created_at'] ?? 'now')))); ?></td>
                             <td><?php echo pe(!empty($r['updated_at']) ? date('M j, Y', strtotime((string)$r['updated_at'])) : '—'); ?></td>
-                            <td onclick="event.stopPropagation()"><a class="btn btn-teal" href="<?php echo pe($workspaceUrl); ?>">View</a></td>
                         </tr>
                     <?php endforeach; ?>
                 <?php endif; ?>
diff --git a/staff/paypal-setup.php b/staff/paypal-setup.php
index 9456272..8a24660 100644
--- a/staff/paypal-setup.php
+++ b/staff/paypal-setup.php
@@ -2,7 +2,7 @@
 session_start();
 define('WDS_SYSTEM', true);
 require_once __DIR__ . '/../includes/portal-helpers.php';
-portalRequireStaff();
+portalRequireStaff(['admin']);
 $current_page = 'staff-portal';
 $header_class = 'inner-header';
 ?>
@@ -13,7 +13,7 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <link rel="icon" type="image/png" href="../assets/images/RL-icon.png">
-    <title>PayPal Setup | Staff Portal | Runlevel Systems</title>
+    <title>PayPal Setup | Admin Portal | Runlevel Systems</title>
     <link href="../assets/css/coreloop.css" rel="stylesheet">
     <style>
         .portal-wrap { padding: 40px 0 80px; }
@@ -40,9 +40,9 @@
 
 <section class="portal-wrap">
     <div class="container">
-        <a href="/staff/dashboard.php" class="portal-back">← Back to Dashboard</a>
+        <a href="/settings.php" class="portal-back">← Back to Settings</a>
         <h1 style="color:#ffc600; margin-bottom: 8px;">🅿️ PayPal Setup Instructions</h1>
-        <p style="color:#7a9ac0; margin-bottom: 24px;">Internal setup guide for configuring Runlevel Systems payments through PayPal. Staff access only.</p>
+        <p style="color:#7a9ac0; margin-bottom: 24px;">Internal setup guide for configuring Runlevel Systems payments through PayPal. Admin access only.</p>
 
         <div class="security-box">
             🔒 <strong>Security reminder:</strong> Never store PayPal API keys, client secrets, or credentials in public files or version control.
diff --git a/start-project.php b/start-project.php
index bf89b6a..4378f89 100644
--- a/start-project.php
+++ b/start-project.php
@@ -7,52 +7,46 @@
 $header_class = 'inner-header';
 
 $requestTypes = [
-    'Quick Fix',
-    'Website',
-    'Web Application',
-    'Mobile App',
-    'Business Application',
-    'Backend / Server Work',
-    'Automation',
-    'Training / Simulation',
-    'Game / Interactive Project',
-    'Game Server / Mod / Script',
-    'Project Rescue',
-    'Commercial / Long-Term Work',
+    'New Website',
+    'Existing Software Issue',
+    'Mobile Application',
+    'Multiplayer Game',
+    'Infrastructure Project',
+    'Training Simulator',
+    'Custom Development',
     'Other',
 ];
 $budgetRanges = [
     'Not sure yet',
-    '$20 - $40',
-    '$30 - $100',
-    '$40 - $100',
-    '$20 - $150',
-    '$40 - $150',
-    '$150 - $500',
-    '$500+',
+    'Under $500',
+    '$500 - $2,500',
+    '$2,500 - $10,000',
+    '$10,000+',
     'Custom quote expected',
 ];
-$timelineOptions = ['ASAP', '1-2 weeks', '2-4 weeks', '1-3 months', 'Flexible', 'Not sure'];
-$contactOptions = ['Email', 'Phone', 'Text Message', 'Google Meet', 'Discord'];
+$timelineOptions = ['ASAP', '1-2 weeks', '2-4 weeks', '1-3 months', '3+ months', 'Flexible', 'Not sure'];
+$assetOptions = [
+    'Existing Website',
+    'Existing Application',
+    'Existing Repository',
+    'Existing Files',
+    'Existing Server',
+    'Starting From Scratch',
+];
 
 $prefillType = trim((string)($_GET['type'] ?? ''));
-$prefillTitle = trim((string)($_GET['title'] ?? ''));
 
 $defaults = [
     'name' => '',
     'email' => '',
     'phone' => '',
     'company' => '',
-    'project_title' => $prefillTitle,
     'request_type' => in_array($prefillType, $requestTypes, true) ? $prefillType : '',
     'description' => '',
-    'problem_to_solve' => '',
     'existing_assets' => '',
     'repo_link' => '',
     'budget_range' => 'Not sure yet',
     'desired_timeline' => '',
-    'contact_method' => 'Email',
-    'review_acknowledged' => '',
 ];
 
 $form = $defaults;
@@ -61,9 +55,6 @@
         $form[$key] = trim((string)$_POST[$key]);
     }
 }
-if (isset($_POST['review_acknowledged'])) {
-    $form['review_acknowledged'] = '1';
-}
 
 $error = '';
 $success = false;
@@ -74,30 +65,107 @@
         $error = 'Please enter your name.';
     } elseif ($form['email'] === '' || !filter_var($form['email'], FILTER_VALIDATE_EMAIL)) {
         $error = 'Please enter a valid email address.';
-    } elseif ($form['project_title'] === '') {
-        $error = 'Please enter a project title.';
     } elseif (!in_array($form['request_type'], $requestTypes, true)) {
-        $error = 'Please select a request type.';
+        $error = 'Please select a project type.';
     } elseif ($form['description'] === '') {
-        $error = 'Please describe what you need.';
-    } elseif ($form['problem_to_solve'] === '') {
-        $error = 'Please describe the problem you are trying to solve.';
-    } elseif ($form['existing_assets'] === '') {
-        $error = 'Please tell us whether you already have files, code, a website, a repo, or a project.';
+        $error = 'Please tell us about your project.';
+    } elseif (!in_array($form['existing_assets'], $assetOptions, true)) {
+        $error = 'Please select whether you already have existing assets.';
     } elseif ($form['repo_link'] !== '' && !filter_var($form['repo_link'], FILTER_VALIDATE_URL)) {
-        $error = 'Please enter a valid repository, website, or file link.';
+        $error = 'Please enter a valid repository or website link.';
     } elseif (!in_array($form['budget_range'], $budgetRanges, true)) {
-        $error = 'Please select an approximate budget range.';
+        $error = 'Please select a budget range.';
     } elseif (!in_array($form['desired_timeline'], $timelineOptions, true)) {
         $error = 'Please select a desired timeline.';
-    } elseif (!in_array($form['contact_method'], $contactOptions, true)) {
-        $error = 'Please select a preferred contact method.';
-    } elseif ($form['review_acknowledged'] !== '1') {
-        $error = 'Please confirm that this is a request for review and not a final quote.';
     }
 
-    if ($error === '') {
+    $savedAttachments = [];
+    if ($error === '' && isset($_FILES['attachments']) && is_array($_FILES['attachments']['name'] ?? null)) {
+        $fileNames = $_FILES['attachments']['name'];
+        $tmpNames = $_FILES['attachments']['tmp_name'] ?? [];
+        $fileErrors = $_FILES['attachments']['error'] ?? [];
+        $fileSizes = $_FILES['attachments']['size'] ?? [];
+        $maxBytes = 10 * 1024 * 1024;
+        $allowed = [
+            'pdf', 'doc', 'docx', 'txt', 'rtf',
+            'png', 'jpg', 'jpeg', 'gif', 'webp',
+            'zip', 'rar', '7z',
+            'csv', 'xlsx', 'xls',
+        ];
+        $nonEmptyCount = 0;
+        foreach ($fileNames as $idx => $originalName) {
+            $originalName = trim((string)$originalName);
+            $tmp = (string)($tmpNames[$idx] ?? '');
+            $err = (int)($fileErrors[$idx] ?? UPLOAD_ERR_NO_FILE);
+            $size = (int)($fileSizes[$idx] ?? 0);
+            if ($originalName === '' || $err === UPLOAD_ERR_NO_FILE) {
+                continue;
+            }
+            $nonEmptyCount++;
+            if ($err !== UPLOAD_ERR_OK || !is_uploaded_file($tmp)) {
+                $error = 'One or more attachments failed to upload. Please try again.';
+                break;
+            }
+            if ($size <= 0 || $size > $maxBytes) {
+                $error = 'Attachments must be less than 10MB each.';
+                break;
+            }
+            $ext = strtolower(pathinfo($originalName, PATHINFO_EXTENSION));
+            if ($ext === '' || !in_array($ext, $allowed, true)) {
+                $error = 'One or more attachments have an unsupported file type.';
+                break;
+            }
+        }
+
+        if ($error === '' && $nonEmptyCount > 5) {
+            $error = 'Please attach up to 5 files per request.';
+        }
+
+        if ($error === '') {
+            $requestIdForFiles = portalGenerateUniqueRequestId();
+            $uploadBase = __DIR__ . '/data/project-attachments';
+            $uploadDir = $uploadBase . '/' . preg_replace('/[^A-Za-z0-9_-]/', '', $requestIdForFiles);
+            if (!is_dir($uploadDir) && !mkdir($uploadDir, 0755, true)) {
+                $error = 'Unable to save attachments right now. Please submit again without files or contact support.';
+            } else {
+                foreach ($fileNames as $idx => $originalName) {
+                    $originalName = trim((string)$originalName);
+                    $tmp = (string)($tmpNames[$idx] ?? '');
+                    $err = (int)($fileErrors[$idx] ?? UPLOAD_ERR_NO_FILE);
+                    if ($originalName === '' || $err === UPLOAD_ERR_NO_FILE) {
+                        continue;
+                    }
+                    $safeOriginal = preg_replace('/[^A-Za-z0-9._-]/', '_', basename($originalName));
+                    $safeOriginal = trim((string)$safeOriginal, '._');
+                    if ($safeOriginal === '') {
+                        $safeOriginal = 'attachment';
+                    }
+                    $storedName = date('His') . '-' . bin2hex(random_bytes(4)) . '.upload';
+                    $storedPath = $uploadDir . '/' . $storedName;
+                    if (!move_uploaded_file($tmp, $storedPath)) {
+                        $error = 'Unable to save one of the attachments. Please try again.';
+                        break;
+                    }
+                    $savedAttachments[] = [
+                        'original_name' => $safeOriginal,
+                        'stored_name' => $storedName,
+                        'stored_path' => 'data/project-attachments/' . basename($uploadDir) . '/' . $storedName,
+                        'uploaded_at' => date('c'),
+                    ];
+                }
+            }
+
+            if ($error === '') {
+                $requestId = $requestIdForFiles;
+            }
+        }
+    }
+
+    if ($error === '' && !isset($requestId)) {
         $requestId = portalGenerateUniqueRequestId();
+    }
+
+    if ($error === '') {
         $request = [
             'id' => bin2hex(random_bytes(8)),
             'request_id' => $requestId,
@@ -107,19 +175,19 @@
             'email' => $form['email'],
             'phone' => $form['phone'],
             'company' => $form['company'],
-            'project_title' => $form['project_title'],
+            'project_title' => $form['request_type'],
             'project_type' => $form['request_type'],
             'request_type' => $form['request_type'],
             'description' => $form['description'],
-            'problem_to_solve' => $form['problem_to_solve'],
+            'problem_to_solve' => $form['description'],
             'existing_assets' => $form['existing_assets'],
             'repo_link' => $form['repo_link'],
             'budget_range' => $form['budget_range'],
             'budget_comfort' => $form['budget_range'],
             'desired_timeline' => $form['desired_timeline'],
             'timeline' => $form['desired_timeline'],
-            'contact_method' => $form['contact_method'],
-            'preferred_contact_method' => $form['contact_method'],
+            'contact_method' => 'Email',
+            'preferred_contact_method' => 'Email',
             'review_acknowledged' => true,
             'status' => 'new',
             'estimated_cost_range' => '',
@@ -129,6 +197,7 @@
             'internal_notes' => '',
             'proposal_ids' => [],
             'agreement_ids' => [],
+            'attachments' => $savedAttachments,
             'created_at' => date('c'),
         ];
 
@@ -139,10 +208,9 @@
             $submitted = $request;
             $subject = 'Start Project Request Received - ' . $requestId;
             $body = "Hello {$form['name']},\n\n"
-                . "Every project starts with a conversation.\n\n"
-                . "We received your Start Project request.\n\n"
+                . "We received your Start Project request and will review it shortly.\n\n"
                 . "Request ID:\n{$requestId}\n\n"
-                . "This is a request for review, not a final quote. Runlevel Systems will review the request first and then respond with an estimate, proposal, or next step.\n\n"
+                . "After review, we will share recommendations, estimated timeline, and pricing options.\n\n"
                 . "Runlevel Systems\n"
                 . "DESIGN • DEBUG • DEPLOY\n";
             send_email($form['email'], $subject, $body);
@@ -170,11 +238,8 @@
         <div class="container">
             <p class="service-kicker">Start Project</p>
             <h1>Start A Project</h1>
-            <p class="service-lead">Tell us what you need built, fixed, improved, or launched.</p>
-            <p class="service-sublead">Every project starts with a conversation.</p>
-            <p class="service-sublead">Whether you need a small fix, a website, a mobile app, a business tool, a training simulator, or a larger commercial system, tell us what you need and Runlevel Systems will review the request.</p>
-            <p class="service-sublead">This does not commit you to anything.</p>
-            <p class="service-sublead">We review the request first, then provide an estimate, proposal, or next step.</p>
+            <p class="service-lead">Tell us what you need and we will review your request.</p>
+            <p class="service-sublead">Simple request form. No commitment. No charge to submit.</p>
             <p class="hero-tagline">DESIGN • DEBUG • DEPLOY</p>
         </div>
     </section>
@@ -186,10 +251,10 @@
                     <h2>Project Request Received</h2>
                     <p>Your request has been saved for review.</p>
                     <div class="request-id"><?php echo pe($submitted['request_id']); ?></div>
-                    <p>This is a request for review and not a final quote. Runlevel Systems will respond with an estimate, proposal, or next step after review.</p>
+                    <p>We will review your request and follow up with recommendations, timeline guidance, and pricing options.</p>
                     <div class="service-actions">
                         <a class="core-action primary" href="/start-project.php">Submit Another Request</a>
-                        <a class="core-action secondary" href="/payments.php">Read Payment Details</a>
+                        <a class="core-action secondary" href="/dashboard.php">Open Dashboard</a>
                         <a class="core-action secondary" href="/contact.php">Contact Runlevel Systems</a>
                     </div>
                 </div>
@@ -199,15 +264,19 @@
                 <?php endif; ?>
 
                 <div class="request-section-card">
-                    <h2>Tell Us About The Work</h2>
-                    <p class="request-helper">Use this form to request a quote, submit an idea, ask for help, begin a project, or create a work request for Runlevel Systems to review.</p>
-                    <form method="post" class="request-shell">
+                    <h2>Submit Project Request</h2>
+                    <p class="request-helper">Share the essentials and our team will take it from there.</p>
+                    <form method="post" class="request-shell" enctype="multipart/form-data">
                         <input type="hidden" name="submit_request" value="1">
                         <div class="request-form-grid">
                             <div class="request-field">
                                 <label for="name">Name *</label>
                                 <input id="name" type="text" name="name" value="<?php echo pe($form['name']); ?>" required>
                             </div>
+                            <div class="request-field">
+                                <label for="company">Company</label>
+                                <input id="company" type="text" name="company" value="<?php echo pe($form['company']); ?>">
+                            </div>
                             <div class="request-field">
                                 <label for="email">Email *</label>
                                 <input id="email" type="email" name="email" value="<?php echo pe($form['email']); ?>" required>
@@ -217,58 +286,33 @@
                                 <input id="phone" type="text" name="phone" value="<?php echo pe($form['phone']); ?>">
                             </div>
                             <div class="request-field">
-                                <label for="company">Company / Organization</label>
-                                <input id="company" type="text" name="company" value="<?php echo pe($form['company']); ?>">
-                            </div>
-                            <div class="request-field request-field-full">
-                                <label for="project_title">Project title *</label>
-                                <input id="project_title" type="text" name="project_title" value="<?php echo pe($form['project_title']); ?>" required>
-                            </div>
-                            <div class="request-field">
-                                <label for="request_type">Request type *</label>
+                                <label for="request_type">Project Type *</label>
                                 <select id="request_type" name="request_type" required>
-                                    <option value="">Select a request type</option>
+                                    <option value="">Select a project type</option>
                                     <?php foreach ($requestTypes as $type): ?>
                                         <option value="<?php echo pe($type); ?>" <?php echo $form['request_type'] === $type ? 'selected' : ''; ?>><?php echo pe($type); ?></option>
                                     <?php endforeach; ?>
                                 </select>
                             </div>
                             <div class="request-field">
-                                <label for="contact_method">Preferred contact method *</label>
-                                <select id="contact_method" name="contact_method" required>
-                                    <option value="">Select a contact method</option>
-                                    <?php foreach ($contactOptions as $option): ?>
-                                        <option value="<?php echo pe($option); ?>" <?php echo $form['contact_method'] === $option ? 'selected' : ''; ?>><?php echo pe($option); ?></option>
+                                <label for="existing_assets">Do You Already Have Existing Assets? *</label>
+                                <select id="existing_assets" name="existing_assets" required>
+                                    <option value="">Select one option</option>
+                                    <?php foreach ($assetOptions as $option): ?>
+                                        <option value="<?php echo pe($option); ?>" <?php echo $form['existing_assets'] === $option ? 'selected' : ''; ?>><?php echo pe($option); ?></option>
                                     <?php endforeach; ?>
                                 </select>
                             </div>
                             <div class="request-field request-field-full">
-                                <label for="description">Describe what you need *</label>
-                                <textarea id="description" name="description" required><?php echo pe($form['description']); ?></textarea>
+                                <label for="description">Tell Us About Your Project *</label>
+                                <textarea id="description" name="description" required placeholder="New website, existing software issue, mobile app, multiplayer game, infrastructure, training simulator, or custom development."><?php echo pe($form['description']); ?></textarea>
                             </div>
                             <div class="request-field request-field-full">
-                                <label for="problem_to_solve">What problem are you trying to solve? *</label>
-                                <textarea id="problem_to_solve" name="problem_to_solve" required><?php echo pe($form['problem_to_solve']); ?></textarea>
-                            </div>
-                            <div class="request-field request-field-full">
-                                <label for="existing_assets">Do you already have files, code, a website, repo, or project? *</label>
-                                <textarea id="existing_assets" name="existing_assets" required><?php echo pe($form['existing_assets']); ?></textarea>
-                            </div>
-                            <div class="request-field request-field-full">
-                                <label for="repo_link">Link to repo / site / files</label>
+                                <label for="repo_link">Repository / Website Link</label>
                                 <input id="repo_link" type="url" name="repo_link" value="<?php echo pe($form['repo_link']); ?>" placeholder="https://github.com/example/project">
                             </div>
                             <div class="request-field">
-                                <label for="budget_range">Approximate budget range *</label>
-                                <select id="budget_range" name="budget_range" required>
-                                    <option value="">Select a budget range</option>
-                                    <?php foreach ($budgetRanges as $range): ?>
-                                        <option value="<?php echo pe($range); ?>" <?php echo $form['budget_range'] === $range ? 'selected' : ''; ?>><?php echo pe($range); ?></option>
-                                    <?php endforeach; ?>
-                                </select>
-                            </div>
-                            <div class="request-field">
-                                <label for="desired_timeline">Desired timeline *</label>
+                                <label for="desired_timeline">Desired Timeline *</label>
                                 <select id="desired_timeline" name="desired_timeline" required>
                                     <option value="">Select a timeline</option>
                                     <?php foreach ($timelineOptions as $option): ?>
@@ -276,16 +320,24 @@
                                     <?php endforeach; ?>
                                 </select>
                             </div>
+                            <div class="request-field">
+                                <label for="budget_range">Budget Range *</label>
+                                <select id="budget_range" name="budget_range" required>
+                                    <option value="">Select a budget range</option>
+                                    <?php foreach ($budgetRanges as $range): ?>
+                                        <option value="<?php echo pe($range); ?>" <?php echo $form['budget_range'] === $range ? 'selected' : ''; ?>><?php echo pe($range); ?></option>
+                                    <?php endforeach; ?>
+                                </select>
+                            </div>
                             <div class="request-field request-field-full">
-                                <label class="request-check" for="review_acknowledged">
-                                    <input id="review_acknowledged" type="checkbox" name="review_acknowledged" value="1" <?php echo $form['review_acknowledged'] === '1' ? 'checked' : ''; ?>>
-                                    <span>I understand this is a request for review and not a final quote.</span>
-                                </label>
+                                <label for="attachments">Optional Attachments</label>
+                                <input id="attachments" type="file" name="attachments[]" multiple>
+                                <p class="request-helper" style="margin:.45rem 0 0;">Up to 5 files, 10MB each. Supported: PDF, DOC, images, ZIP, CSV/XLSX.</p>
                             </div>
                         </div>
                         <div class="service-actions">
                             <button type="submit" class="core-action primary">Submit Project Request</button>
-                            <a class="core-action secondary" href="/payments.php">Read Payment Details</a>
+                            <a class="core-action secondary" href="/contact.php">Need Help?</a>
                         </div>
                     </form>
                 </div>
@@ -296,33 +348,9 @@
     <section class="service-section alt">
         <div class="container">
             <h2>What Might It Cost?</h2>
-            <p class="section-intro">Every project is different, but we want customers to have a realistic idea before submitting a request.</p>
-            <div class="cost-grid">
-                <article class="service-card-item"><h3>Quick Fixes</h3><div class="cost-card-price">$20 - $40</div><p>Small bug fixes, config issues, small code changes, animation problems, or minor website edits.</p></article>
-                <article class="service-card-item"><h3>Small Development Tasks</h3><div class="cost-card-price">$30 - $100</div><p>Small features, scripts, game logic fixes, mod adjustments, automation tasks, or project cleanup.</p></article>
-                <article class="service-card-item"><h3>Starter Websites</h3><div class="cost-card-price">$40 - $100</div><p>Simple landing pages, basic business pages, project pages, or contact pages.</p></article>
-                <article class="service-card-item"><h3>Website Improvements</h3><div class="cost-card-price">$20 - $150</div><p>Layout fixes, content updates, mobile improvements, new pages, or simple forms.</p></article>
-                <article class="service-card-item"><h3>Mobile / Build Help</h3><div class="cost-card-price">$40 - $150</div><p>Android builds, iOS preparation, store publishing help, or build troubleshooting.</p></article>
-                <article class="service-card-item"><h3>Project Rescue</h3><div class="cost-card-price">Quoted After Review</div><p>Broken projects, inherited code, build failures, unknown bugs, or messy systems.</p></article>
-                <article class="service-card-item"><h3>Commercial Projects</h3><div class="cost-card-price">Custom Quote</div><p>Business applications, training simulations, backend systems, infrastructure platforms, mobile apps, or ongoing development work.</p></article>
-            </div>
-            <p class="section-intro" style="margin-top: 1rem;">These are typical starting ranges. Final pricing depends on the project condition, requested work, testing needs, and timeline.</p>
-        </div>
-    </section>
-
-    <section class="service-section">
-        <div class="container cta-block">
-            <h2>How Payment Works</h2>
-            <p>You submit a request first.</p>
-            <p>We review it and provide an estimate or proposal.</p>
-            <p>For small jobs, payment may be required before work begins.</p>
-            <p>For larger jobs, we may use a deposit, milestone payment, or written project agreement.</p>
-            <p>Payments can be handled through PayPal invoice or payment link.</p>
-            <p>Payment allows work to begin, but final acceptance happens after the agreed work is delivered and reviewed according to the proposal or project agreement.</p>
-            <div class="service-actions">
-                <a class="core-action primary" href="/payments.php">Read Payment Details</a>
-                <a class="core-action secondary" href="/contact.php">Contact Runlevel Systems</a>
-            </div>
+            <p class="section-intro">Every project is unique.</p>
+            <p class="section-intro">After reviewing your request, we will provide recommendations, estimated timelines, and pricing options.</p>
+            <p class="section-intro">There is no obligation and no charge for submitting a project request.</p>
         </div>
     </section>
 </main>