diff --git a/app/admin/app-documentation.php b/app/admin/app-documentation.php
index cf7ea8a..b260370 100644
--- a/app/admin/app-documentation.php
+++ b/app/admin/app-documentation.php
@@ -3,200 +3,5 @@
 
 	$GLOBALS['page_title'] = $Translation['app documentation'];
 	include(__DIR__ . '/incHeader.php');
-?>
-<div class="page-header"><h1><?php echo APP_TITLE . ' ' . $Translation['app documentation']; ?></h1></div>
-<div class="row">
-	<div class="col-md-3 col-lg-2" id="toc-section">
-		<nav class="hidden-print hidden-xs hidden-sm affix">
-			<ul class="nav">
-				<li>
-					<a href="#content-section"><?php echo APP_TITLE; ?></a>
-					<ul class="nav">
-						<li>
-							<a href="#table-customers">Customers</a>
-							<ul class="nav">
-								<li><a href="#field-customers-TotalSales">Total Sales</a></li>
-							</ul>
-						</li>
-						<li>
-							<a href="#table-employees">Employees</a>
-							<ul class="nav">
-								<li><a href="#field-employees-Age">Age</a></li>
-								<li><a href="#field-employees-TotalSales">Total Sales</a></li>
-							</ul>
-						</li>
-						<li>
-							<a href="#table-orders">Orders</a>
-							<ul class="nav">
-								<li><a href="#field-orders-status">Status</a></li>
-								<li><a href="#field-orders-total">Total</a></li>
-							</ul>
-						</li>
-						<li>
-							<a href="#table-order_details">Order Items</a>
-							<ul class="nav">
-								<li><a href="#field-order_details-Subtotal">Subtotal</a></li>
-							</ul>
-						</li>
-						<li>
-							<a href="#table-shippers">Shippers</a>
-							<ul class="nav">
-								<li><a href="#field-shippers-NumOrders">Number of orders shipped</a></li>
-							</ul>
-						</li>
-					</ul>
-				</li>
-			</ul>
-			<a class="back-to-top" href="#content-section"><?php echo $Translation['back to top']; ?></a>
-		</nav>
-	</div>
-
-	<div class="col-md-9 col-lg-8" id="content-section">
-		<p class="app-documentation" id="app-title">
-
-This is the Northwind demo app, showing a sample, relatively sophisticated, app that can be created by AppGini.
-
-		</p>
-
-		<h2 class="table-documentation" id="table-customers">Customers</h2>
-		<p class="table-documentation">
-
-
-
-		</p>
-
-		<h3 class="field-documentation" id="field-customers-TotalSales">Total Sales</h3>
-		<p class="field-documentation">
-
-<p>This is an automatically calculated field that uses this SQL query:</p>
-<pre>SELECT SUM(`order_details`.`UnitPrice` * `order_details`.`Quantity` - `order_details`.`Discount`) FROM `customers` 
-LEFT JOIN `orders` ON `orders`.`CustomerID`=`customers`.`CustomerID` 
-LEFT JOIN `order_details` ON `orders`.`OrderID`=`order_details`.`OrderID` 
-WHERE `customers`.`CustomerID`='%ID%'</pre>
-
-		</p>
-		<h2 class="table-documentation" id="table-employees">Employees</h2>
-		<p class="table-documentation">
-
-
-
-		</p>
-
-		<h3 class="field-documentation" id="field-employees-Age">Age</h3>
-		<p class="field-documentation">
-
-<p>This field is <a href="https://bigprof.com/appgini/help/calculated-fields">Automatically calculated</a>. The SQL query used for calculation is:</p>
-
-<pre>SELECT FLOOR(DATEDIFF(NOW(), `employees`.`BirthDate`) / 365) FROM `employees` 
-WHERE `employees`.`EmployeeID`='%ID%'</pre>
-
-<p><code>DATEDIFF</code> returns the difference between 2 dates <i>in days</i>, so we should divide by 365 to get years. Using <code>FLOOR</code> rounds down age to the nearest year ... That is, if someone is 32.4 years old, her age would display as <i>32</i>. Also, if someone is 36.9 years old, she'd show as <i>36</i> years old since she's, technically, not 37 yet ;)</p>
-
-		</p>
-		<h3 class="field-documentation" id="field-employees-TotalSales">Total Sales</h3>
-		<p class="field-documentation">
-
-<p>This field calculates the total sales made by current employee using this SQL query:</p>
-
-<pre>SELECT SUM(`order_details`.`UnitPrice` * `order_details`.`Quantity` - `order_details`.`Discount`) FROM `employees` 
-LEFT JOIN `orders` ON `orders`.`EmployeeID`=`employees`.`EmployeeID` 
-LEFT JOIN `order_details` ON `orders`.`OrderID`=`order_details`.`OrderID` 
-WHERE `employees`.`EmployeeID`='%ID%'</pre>
-
-		</p>
-		<h2 class="table-documentation" id="table-orders">Orders</h2>
-		<p class="table-documentation">
-
-
-
-		</p>
-
-		<h3 class="field-documentation" id="field-orders-status">Status</h3>
-		<p class="field-documentation">
-
-<p>This is a <a href="">calculated field</a> based on the following SQL query</p>
-<pre>SELECT
-IF(
-    `orders`.`ShippedDate`, 
-        '&lt;span class="text-success">Shipped&lt;/span>', 
-        /* else */
-        IF(
-           `orders`.`RequiredDate` < now(), 
-                '&lt;span class="text-danger">Late&lt;/span>', 
-                /* else */
-                '&lt;span class="text-warning">Pending&lt;/span>'
-        )
-) 
-FROM `orders` 
-WHERE `orders`.`OrderID`='%ID%'</pre>
-<p>For late orders, a <span class="text-danger">Late</span> status would be displayed.
-For orders not yet shipped, but not late, a <span class="text-warning">Pending</span> status would be displayed.
-And for shipped orders, <span class="text-success">Shipped</span> will be displayed.</p>
-
-		</p>
-		<h3 class="field-documentation" id="field-orders-total">Total</h3>
-		<p class="field-documentation">
-
-<p>This field is <a href="https://bigprof.com/appgini/help/calculated-fields">automatically calculated</a> using the following SQL query:</p>
-<pre>SELECT SUM(`order_details`.`UnitPrice` * `order_details`.`Quantity`) + `orders`.`Freight` FROM `orders` 
-LEFT JOIN `order_details` ON `order_details`.`OrderID`=`orders`.`OrderID` 
-WHERE `orders`.`OrderID`='%ID%'</pre>
-
-		</p>
-		<h2 class="table-documentation" id="table-order_details">Order Items</h2>
-		<p class="table-documentation">
-
-
-
-		</p>
-
-		<h3 class="field-documentation" id="field-order_details-Subtotal">Subtotal</h3>
-		<p class="field-documentation">
-
-<p>This field is <a href="https://bigprof.com/appgini/help/calculated-fields">automatically calculated</a> using the following query:</p>
-
-<pre>SELECT `order_details`.`UnitPrice` * `order_details`.`Quantity` - `order_details`.`Discount` FROM `order_details` 
-WHERE `order_details`.`odID`='%ID%'</pre>
-
-<p>The formula above calculates the subtotal of this invoice line by multiplying unit price by quantity and then subtracting discount amount.</p>
-
-		</p>
-		<h2 class="table-documentation" id="table-shippers">Shippers</h2>
-		<p class="table-documentation">
-
-
-
-		</p>
-
-		<h3 class="field-documentation" id="field-shippers-NumOrders">Number of orders shipped</h3>
-		<p class="field-documentation">
-
-<p>This field is <a href="https://bigprof.com/appgini/help/calculated-fields">Automatically calculated</a>. The SQL query used is:</p>
-
-<pre>SELECT COUNT(1) FROM `shippers` 
-LEFT JOIN `orders` ON `orders`.`ShipVia`=`shippers`.`ShipperID` 
-WHERE `shippers`.`ShipperID`='%ID%'</pre>
-
-		</p>
-	</div>
-</div>
-
-<style>
-	body { position: relative; }
-	#toc-section ul.nav:nth-child(2) {
-		margin-left: 1.5em;
-	}
-	#content-section { border-left: 1px dotted #ddd; padding-top: 6em; }
-	h2.table-documentation, h3.field-documentation { padding-top: 3em; }
-	#toc-section li.active { font-weight: bold; }
-	#toc-section li:not(.active) { font-weight: normal; }
-</style>
-
-<script>
-	$j(function() {
-		$j('body').scrollspy({ target: '#toc-section', offset: 80 });
-	})
-</script>
-
-<?php
+	
 	include(__DIR__ . '/incFooter.php');
diff --git a/app/admin/getUsers.php b/app/admin/getUsers.php
index ff68f6d..9242fca 100644
--- a/app/admin/getUsers.php
+++ b/app/admin/getUsers.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 /*
diff --git a/app/admin/incFunctions.php b/app/admin/incFunctions.php
index 8b9cc22..796d0c4 100644
--- a/app/admin/incFunctions.php
+++ b/app/admin/incFunctions.php
@@ -733,6 +733,10 @@ function errorMsg($msg) {
 	########################################################################
 	function redirect($url, $absolute = false) {
 		$fullURL = ($absolute ? $url : application_url($url));
+
+		// append browser window id to url (check if it should be preceded by ? or &)
+		$fullURL .= (strpos($fullURL, '?') === false ? '?' : '&') . WindowMessages::windowIdQuery();
+
 		if(!headers_sent()) header("Location: {$fullURL}");
 
 		echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;url={$fullURL}\">";
@@ -1638,6 +1642,107 @@ function get_table_fields($tn = null) {
 
 		return isset($schema[$tn]) ? $schema[$tn] : [];
 	}
+	########################################################################
+	function updateField($tn, $fn, $dataType, $notNull = false, $default = null, $extra = null) {
+		$sqlNull = $notNull ? 'NOT NULL' : 'NULL';
+		$sqlDefault = $default === null ? '' : "DEFAULT '" . makeSafe($default) . "'";
+		$sqlExtra = $extra === null ? '' : $extra;
+
+		// get current field definition
+		$col = false;
+		$eo = ['silentErrors' => true];
+		$res = sql("SHOW COLUMNS FROM `{$tn}` LIKE '{$fn}'", $eo);
+		if($res) $col = db_fetch_assoc($res);
+
+		// if field does not exist, create it
+		if(!$col) {
+			sql("ALTER TABLE `{$tn}` ADD COLUMN `{$fn}` {$dataType} {$sqlNull} {$sqlDefault} {$sqlExtra}", $eo);
+			return;
+		}
+
+		// if field exists, alter it if needed
+		if(
+			strtolower($col['Type']) != strtolower($dataType) ||
+			(strtolower($col['Null']) == 'yes' && $notNull) ||
+			(strtolower($col['Null']) == 'no' && !$notNull) ||
+			(strtolower($col['Default']) != strtolower($default)) ||
+			(strtolower($col['Extra']) != strtolower($extra))
+		) {
+			sql("ALTER TABLE `{$tn}` CHANGE COLUMN `{$fn}` `{$fn}` {$dataType} {$sqlNull} {$sqlDefault} {$sqlExtra}", $eo);
+		}
+	}
+
+	########################################################################
+	function addIndex($tn, $fields, $unique = false) {
+		// if $fields is a string, convert it to an array
+		if(!is_array($fields)) $fields = [$fields];
+
+		// reshape fields so that key is field name and value is index length or null for full length
+		$fields2 = [];
+		foreach($fields as $k => $v) {
+			if(is_numeric($k)) {
+				$fields2[$v] = null; // $v is field name and index length is full length
+				continue;
+			}
+
+			$fields2[$k] = $v; // $k is field name and $v is index length
+		}
+		unset($fields); $fields = $fields2;
+
+		// prepare index name and sql
+		$index_name = implode('_', array_keys($fields));
+		$sql = "ALTER TABLE `{$tn}` ADD " . ($unique ? 'UNIQUE ' : '') . "INDEX `{$index_name}` (";
+		foreach($fields as $field => $length)
+			$sql .= "`$field`" . ($length === null ? '' : "($length)") . ',';
+		$sql = rtrim($sql, ',') . ')';
+
+		// get current indexes
+		$eo = ['silentErrors' => true];
+		$res = sql("SHOW INDEXES FROM `{$tn}`", $eo);
+		$indexes = [];
+		while($row = db_fetch_assoc($res))
+			$indexes[$row['Key_name']][$row['Seq_in_index']] = $row;
+
+		// if index does not exist, create it
+		if(!isset($indexes[$index_name])) {
+			sql($sql, $eo);
+			return;
+		}
+
+		// if index exists, alter it if needed
+		$index = $indexes[$index_name];
+		$index_changed = false;
+		$index_fields = [];
+		foreach($index as $seq_in_index => $info)
+			$index_fields[$seq_in_index] = $info['Column_name'];
+
+		if(count($index_fields) != count($fields)) $index_changed = true;
+		foreach($fields as $field => $length) {
+			// check if field exists in index
+			$seq_in_index = array_search($field, $index_fields);
+			if($seq_in_index === false) {
+				$index_changed = true;
+				break;
+			}
+
+			// check if field length is different
+			if($length !== null && $length != $index[$seq_in_index]['Sub_part']) {
+				$index_changed = true;
+				break;
+			}
+
+			// check index uniqueness
+			if(($unique && $index[$seq_in_index]['Non_unique'] == 1) || (!$unique && $index[$seq_in_index]['Non_unique'] == 0)) {
+				$index_changed = true;
+				break;
+			}
+		}
+		if(!$index_changed) return;
+
+		sql("ALTER TABLE `{$tn}` DROP INDEX `{$index_name}`", $eo);
+		sql($sql, $eo);
+	}
+
 	########################################################################
 	function update_membership_groups() {
 		$tn = 'membership_groups';
@@ -1655,9 +1760,9 @@ function update_membership_groups() {
 			) CHARSET " . mysql_charset,
 		$eo);
 
-		sql("ALTER TABLE `{$tn}` CHANGE COLUMN `name` `name` VARCHAR(100) NOT NULL", $eo);
-		sql("ALTER TABLE `{$tn}` ADD UNIQUE INDEX `name` (`name`)", $eo);
-		sql("ALTER TABLE `{$tn}` ADD COLUMN `allowCSVImport` TINYINT NOT NULL DEFAULT '0'", $eo);
+		updateField($tn, 'name', 'VARCHAR(100)', true);
+		addIndex($tn, 'name', true);
+		updateField($tn, 'allowCSVImport', 'TINYINT', true, '0');
 	}
 	########################################################################
 	function update_membership_users() {
@@ -1688,14 +1793,14 @@ function update_membership_users() {
 			) CHARSET " . mysql_charset,
 		$eo);
 
-		sql("ALTER TABLE `{$tn}` ADD COLUMN `pass_reset_key` VARCHAR(100)", $eo);
-		sql("ALTER TABLE `{$tn}` ADD COLUMN `pass_reset_expiry` INT UNSIGNED", $eo);
-		sql("ALTER TABLE `{$tn}` CHANGE COLUMN `passMD5` `passMD5` VARCHAR(255)", $eo);
-		sql("ALTER TABLE `{$tn}` CHANGE COLUMN `memberID` `memberID` VARCHAR(100) NOT NULL", $eo);
-		sql("ALTER TABLE `{$tn}` ADD INDEX `groupID` (`groupID`)", $eo);
-		sql("ALTER TABLE `{$tn}` ADD COLUMN `flags` TEXT", $eo);
-		sql("ALTER TABLE `{$tn}` ADD COLUMN `allowCSVImport` TINYINT NOT NULL DEFAULT '0'", $eo);
-		sql("ALTER TABLE `{$tn}` ADD COLUMN `data` LONGTEXT", $eo);
+		updateField($tn, 'pass_reset_key', 'VARCHAR(100)');
+		updateField($tn, 'pass_reset_expiry', 'INT UNSIGNED');
+		updateField($tn, 'passMD5', 'VARCHAR(255)');
+		updateField($tn, 'memberID', 'VARCHAR(100)', true);
+		addIndex($tn, 'groupID');
+		updateField($tn, 'flags', 'TEXT');
+		updateField($tn, 'allowCSVImport', 'TINYINT', true, '0');
+		updateField($tn, 'data', 'LONGTEXT');
 	}
 	########################################################################
 	function update_membership_userrecords() {
@@ -1720,12 +1825,12 @@ function update_membership_userrecords() {
 			) CHARSET " . mysql_charset,
 		$eo);
 
-		sql("ALTER TABLE `{$tn}` ADD UNIQUE INDEX `tableName_pkValue` (`tableName`, `pkValue`(100))", $eo);
-		sql("ALTER TABLE `{$tn}` ADD INDEX `pkValue` (`pkValue`)", $eo);
-		sql("ALTER TABLE `{$tn}` ADD INDEX `tableName` (`tableName`)", $eo);
-		sql("ALTER TABLE `{$tn}` ADD INDEX `memberID` (`memberID`)", $eo);
-		sql("ALTER TABLE `{$tn}` ADD INDEX `groupID` (`groupID`)", $eo);
-		sql("ALTER TABLE `{$tn}` CHANGE COLUMN `memberID` `memberID` VARCHAR(100)", $eo);
+		addIndex($tn, ['tableName' => null, 'pkValue' => 100], true);
+		addIndex($tn, 'pkValue');
+		addIndex($tn, 'tableName');
+		addIndex($tn, 'memberID');
+		addIndex($tn, 'groupID');
+		updateField($tn, 'memberID', 'VARCHAR(100)');
 	}
 	########################################################################
 	function update_membership_grouppermissions() {
@@ -1745,7 +1850,7 @@ function update_membership_grouppermissions() {
 			) CHARSET " . mysql_charset,
 		$eo);
 
-		sql("ALTER TABLE `{$tn}` ADD UNIQUE INDEX `groupID_tableName` (`groupID`, `tableName`)", $eo);
+		addIndex($tn, ['groupID', 'tableName'], true);
 	}
 	########################################################################
 	function update_membership_userpermissions() {
@@ -1765,8 +1870,8 @@ function update_membership_userpermissions() {
 			) CHARSET " . mysql_charset,
 		$eo);
 
-		sql("ALTER TABLE `{$tn}` CHANGE COLUMN `memberID` `memberID` VARCHAR(100) NOT NULL", $eo);
-		sql("ALTER TABLE `{$tn}` ADD UNIQUE INDEX `memberID_tableName` (`memberID`, `tableName`)", $eo);
+		updateField($tn, 'memberID', 'VARCHAR(100)', true);
+		addIndex($tn, ['memberID', 'tableName'], true);
 	}
 	########################################################################
 	function update_membership_usersessions() {
@@ -1795,11 +1900,11 @@ function update_membership_cache() {
 				`request` VARCHAR(100) NOT NULL,
 				`request_ts` INT,
 				`response` LONGTEXT,
-				PRIMARY KEY (`request`))
+				PRIMARY KEY (`request`)
 			) CHARSET " . mysql_charset,
 		$eo);
 
-		sql("ALTER TABLE `{$tn}` CHANGE COLUMN `response` `response` LONGTEXT", $eo);
+		updateField($tn, 'response', 'LONGTEXT');
 	}
 	########################################################################
 	function thisOr($this_val, $or = '&nbsp;') {
@@ -3149,3 +3254,107 @@ function ctype_alnum($str) {
 			return preg_match('/^[a-zA-Z0-9]+$/', $str);
 		}
 	}
+
+	/**
+	 * Perform an HTTP request and return the response, including headers and body, with support to cookies
+	 * 
+	 * @param string $url  URL to request
+	 * @param array $payload  payload to send with the request
+	 * @param array $headers  headers to send with the request, in the format ['header' => 'value']
+	 * @param string $type  request type, either 'GET' or 'POST'
+	 * @param string $cookieJar  path to a file to read/store cookies in
+	 * 
+	 * @return array  response, including `'headers'` and `'body'`, or error info if request failed
+	 */
+	function httpRequest($url, $payload = [], $headers = [], $type = 'GET', $cookieJar = null) {
+		// prep raw headers
+		if(!isset($headers['User-Agent'])) $headers['User-Agent'] = $_SERVER['HTTP_USER_AGENT'];
+		if(!isset($headers['Accept'])) $headers['Accept'] = $_SERVER['HTTP_ACCEPT'];
+		$rawHeaders = [];
+		foreach($headers as $k => $v) $rawHeaders[] = "$k: $v";
+
+		$payloadQuery = http_build_query($payload);
+
+		// for GET requests, append payload to url
+		if($type == 'GET' && strlen($payloadQuery)) $url .= "?$payloadQuery";
+
+		$respHeaders = [];
+		$ch = curl_init();
+		$options = [
+			CURLOPT_URL => $url,
+			CURLOPT_POST => ($type == 'POST'),
+			CURLOPT_POSTFIELDS => ($type == 'POST' && strlen($payloadQuery) ? $payloadQuery : null),
+			CURLOPT_HEADER => false,
+			CURLOPT_HEADERFUNCTION => function($curl, $header) use (&$respHeaders) {
+				list($k, $v) = explode(': ', $header);
+				$respHeaders[trim($k)] = trim($v);
+				return strlen($header);
+			},
+			CURLOPT_HTTPHEADER => $rawHeaders,
+			CURLOPT_FOLLOWLOCATION => true,
+			CURLOPT_RETURNTRANSFER => true,
+		];
+
+		/* if this is a localhost request, no need to verify SSL */
+		if(preg_match('/^https?:\/\/(localhost|127\.0\.0\.1)/i', $url)) {
+			$options[CURLOPT_SSL_VERIFYPEER] = false;
+			$options[CURLOPT_SSL_VERIFYHOST] = false;
+		}
+
+		if($cookieJar) {
+			$options[CURLOPT_COOKIEJAR] = $cookieJar;
+			$options[CURLOPT_COOKIEFILE] = $cookieJar;
+		}
+
+		if(defined('CURLOPT_TCP_FASTOPEN')) $options[CURLOPT_TCP_FASTOPEN] = true;
+		if(defined('CURLOPT_UNRESTRICTED_AUTH')) $options[CURLOPT_UNRESTRICTED_AUTH] = true;
+
+		curl_setopt_array($ch, $options);
+
+		$respBody = curl_exec($ch);
+
+		if($respBody === false) return [
+			'error' => curl_error($ch),
+			'info' => curl_getinfo($ch),
+		];
+
+		curl_close($ch);
+
+		// wait for 0.05 seconds after launching request
+		usleep(50000);
+
+		return [
+			'headers' => $respHeaders,
+			'body' => $respBody,
+		];
+	}
+
+	/**
+	 * @brief Retrieve owner username of the record with the given primary key value
+	 * 
+	 * @param $tn string table name
+	 * @param $pkValue string primary key value
+	 * @return string|null username of the record owner, or null if not found
+	 */
+	function getRecordOwner($tn, $pkValue) {
+		$tn = makeSafe($tn);
+		$pkValue = makeSafe($pkValue);
+		$owner = sqlValue("SELECT `memberID` FROM `membership_userrecords` WHERE `tableName`='{$tn}' AND `pkValue`='$pkValue'");
+
+		if(!strlen($owner)) return null;
+		return $owner;
+	}
+
+	/**
+	 * @brief Retrieve lookup field name that determines record owner of the given table
+	 * 
+	 * @param $tn string table name
+	 * @return string|null lookup field name, or null if default (record owner is user that creates the record)
+	 */
+	function tableRecordOwner($tn) {
+		$owners = [
+		];
+
+		return $owners[$tn] ?? null;
+	}
+
diff --git a/app/admin/incHeader.php b/app/admin/incHeader.php
index 5a29d00..677780a 100644
--- a/app/admin/incHeader.php
+++ b/app/admin/incHeader.php
@@ -203,10 +203,10 @@ function hideDialogs() {
 							<li><a href="pageServerStatus.php"><i class="glyphicon menu-item-icon text-info glyphicon-hdd"></i> <?php echo $Translation['server status']; ?></a></li>
 							<li><a href="pageTranslation.php"><i class="glyphicon menu-item-icon text-info glyphicon-globe"></i> <?php echo $Translation['translation tool']; ?></a></li>
 							<li class="divider"></li>
-							<li><a href="pageTransferOwnership.php"><i class="glyphicon menu-item-icon text-info glyphicon-transfer"></i> <?php echo $Translation['batch transfer']; ?></a></li>
+							<li><a href="pageTransferOwnership.php"><i class="glyphicon menu-item-icon text-info glyphicon-transfer"></i> <?php echo $Translation['ownership batch transfer']; ?></a></li>
 							<li><a href="pageRebuildFields.php"><i class="glyphicon menu-item-icon text-info glyphicon-refresh"></i> <?php echo  $Translation['view or rebuild fields']; ?></a></li>
 							<li><a href="pageBackupRestore.php"><i class="glyphicon menu-item-icon text-info glyphicon-tasks"></i> <?php echo $Translation['database backups']; ?></a></li>
-							<li><a href="pageUploadCSV.php"><i class="glyphicon menu-item-icon text-info glyphicon-upload"></i> <?php echo $Translation['import CSV']; ?></a></li>
+							<li><a href="../import-csv.php"><i class="glyphicon menu-item-icon text-info glyphicon-upload"></i> <?php echo $Translation['import CSV']; ?></a></li>
 							<li><a href="pageQueryLogs.php"><i class="glyphicon menu-item-icon text-info glyphicon-book"></i> <?php echo $Translation['Query logs']; ?></a></li>
 							<li><a href="pageSQL.php"><i class="glyphicon menu-item-icon text-danger glyphicon-console"></i> <?php echo $Translation['Interactive SQL queries tool']; ?></a></li>
 							<li><a href="pageUpdateCalculatedFields.php"><i class="glyphicon menu-item-icon text-info glyphicon-refresh"></i> <?php echo $Translation['update calculated fields']; ?></a></li>
@@ -217,21 +217,36 @@ function hideDialogs() {
 
 					<?php $plugins = get_plugins(); ?>
 
-					<?php if(count($plugins)) { ?>
-						<li class="dropdown">
-							<a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="glyphicon glyphicon-plus"></i> <?php echo $Translation["plugins"] ; ?> <b class="caret"></b></a>
-							<ul class="dropdown-menu">
-								<?php foreach($plugins as $plugin) { ?>
-									<?php
-										$plugin_icon = '';
-										if($plugin['glyphicon']) $plugin_icon = "<i class=\"glyphicon glyphicon-{$plugin['glyphicon']}\"></i> ";
-										if($plugin['icon']) $plugin_icon = "<img class=\"rspacer-md\" src=\"{$plugin['admin_path']}/{$plugin['icon']}\"> ";
-									?>
-									<li><a target="_blank" href="<?php echo $plugin['admin_path']; ?>"><?php echo $plugin_icon . $plugin['title']; ?></a></li>
-								<?php } ?>
-							</ul>
-						</li>
-					<?php } ?>
+					<li class="dropdown">
+						<a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="glyphicon glyphicon-plus"></i> <?php echo $Translation["plugins"] ; ?> <b class="caret"></b></a>
+						<ul class="dropdown-menu">
+							<li>
+								<a href="pageInstallPlugin.php">
+									<i class="glyphicon menu-item-icon text-info glyphicon-download-alt"></i>
+									<?php echo $Translation['Install a plugin']; ?>
+								</a>
+							</li>
+							<li>
+								<a target="_blank" href="https://bigprof.com/shop-discount-offers/">
+									<i class="glyphicon menu-item-icon text-info glyphicon-new-window"></i>
+									<?php echo $Translation['Explore more plugins']; ?>
+								</a>
+							</li>
+							<?php foreach($plugins as $plugin) { ?>
+								<?php
+									if(empty($pluginsSeparator)) {
+										echo '<li class="divider"></li>';
+										$pluginsSeparator = true;
+									}
+
+									$plugin_icon = '';
+									if($plugin['glyphicon']) $plugin_icon = "<i class=\"glyphicon glyphicon-{$plugin['glyphicon']}\"></i> ";
+									if($plugin['icon']) $plugin_icon = "<img class=\"rspacer-md\" src=\"{$plugin['admin_path']}/{$plugin['icon']}\"> ";
+								?>
+								<li><a target="_blank" href="<?php echo $plugin['admin_path']; ?>"><?php echo $plugin_icon . $plugin['title']; ?></a></li>
+							<?php } ?>
+						</ul>
+					</li>
 				</ul>
 
 				<div class="navbar-right">
diff --git a/app/admin/pageFixRecordOwners.php b/app/admin/pageFixRecordOwners.php
new file mode 100644
index 0000000..364e34b
--- /dev/null
+++ b/app/admin/pageFixRecordOwners.php
@@ -0,0 +1,357 @@
+<?php
+	require(__DIR__ . '/incCommon.php');
+	define('TIME_LIMIT', 1.0); // seconds
+	define('BATCH_READ_SIZE', 500); // number of records to read in each batch
+
+	// GET request: show app page
+	if($_SERVER['REQUEST_METHOD'] == 'GET') showAppPage();
+
+	// POST request containing `tn`: continue (or begin) batch process of fixing record owners
+	if(Request::val('tn')) batchProcess();
+
+	function showAppPage() {
+		global $Translation;
+
+		$tables = getTableList();
+		// remove tables that don't have a record owner set
+		foreach($tables as $tn => $tc) {
+			if(!tableRecordOwner($tn)) unset($tables[$tn]);
+		}
+
+		// clear session variables from previous runs
+		foreach($tables as $tn => $tc) {
+			unset($_SESSION['fixRecordOwners_' . $tn]);
+		}
+
+		$GLOBALS['page_title'] = $Translation['fix record owners'];
+		include(__DIR__ . '/incHeader.php');
+		?>
+
+		<div class="page-header"><h1>
+			<span class="glyphicon glyphicon-user"></span>
+			<?php echo $Translation['fix record owners']; ?>
+		</h1></div>
+
+		<p class="lead"><?php echo $Translation['fix record owners description']; ?></p>
+
+		<?php if(!count($tables)) { ?>
+			<div class="alert alert-warning"><?php echo $Translation['no tables to fix record owners']; ?></div>
+		<?php } else { ?>
+
+			<?php echo csrf_token(); ?>
+			<div class="text-right bspacer-lg">
+				<button type="button" class="btn btn-primary btn-lg" id="start">
+					<span class="glyphicon glyphicon-play"></span> <?php echo $Translation['start']; ?>
+				</button>
+			</div>
+
+			<div class="panel panel-default">
+				<div class="panel-body bg-info">
+					<label class="text-info"><?php echo $Translation['number of runs']; ?></label>
+					<div class="progress">
+						<div class="progress-bar progress-bar-striped progress-bar-runs" style="width: 0%; min-width: 3em;">0 / <?php echo count($tables); ?></div>
+					</div>
+				</div>
+				<ul class="list-group">
+					<?php
+					// list each table and a progress bar set to 0% initially
+					foreach($tables as $tn => $tc) { ?>
+						<li class="list-group-item">
+							<label><img src="../<?php echo $tc[2]; ?>"> <?php echo $tc[0]; ?></label>
+							<div class="progress">
+								<div class="progress-bar progress-bar-striped progress-bar-table" style="width: 0%; min-width: 2em;" data-tn="<?php echo $tn; ?>">0%</div>
+							</div>
+							<div class="text-muted"><?php echo $Translation['records updated:']; ?><span class="total-records" id="total-records-<?php echo $tn; ?>">0</span></div>
+						</li>
+					<?php } ?>
+				</ul>
+			</div>
+
+			<?php echo batchRunnerJSCode(); ?>
+
+		<?php } ?> 
+
+		<style>
+			#start {
+				width: 100%;
+				max-width: 20em;
+			}
+		</style>
+
+		<?php
+		include(__DIR__ . '/incFooter.php');
+	}
+
+	function batchRunnerJSCode() {
+		global $Translation;
+
+		ob_start(); ?>
+
+		<script>$j(() => {
+			$j('#start').on('click', () => {
+				$j('#start')
+					.prop('disabled', true)
+					.html('<span class="glyphicon glyphicon-refresh loop-rotate"></span> ' + <?php echo json_encode($Translation['fixing record owners']); ?>)
+					.addClass('disabled');
+
+				// get list of tables to fix by retrieving the `data-tn` attribute of each progress bar
+				const tables = $j('.progress-bar-table').map(function() { return $j(this).data('tn'); }).get();
+
+				// promises array, an array of runs, each run is an array of batch promises
+				const promises = [[]];
+
+				const batch = (tn, run) => {
+					const progressBar = $j(`.progress-bar[data-tn="${tn}"]`);
+					progressBar.addClass('active');
+
+					// send POST request, add promise to array
+					promises[run] = promises[run] || [];
+					promises[run].push($j.ajax({
+						url: 'pageFixRecordOwners.php',
+						method: 'POST',
+						data: { tn, run, csrf_token: $j('#csrf_token').val() },
+						dataType: 'json',
+						success: resp => {
+							const data = resp.data;
+
+							// update table progress bar
+							progressBar.css('width', data.progress + '%').html(data.progress + '%');
+
+							// add affected records to total
+							$j(`#total-records-${tn}`).html(parseInt($j(`#total-records-${tn}`).html()) + data.affectedRecords);
+
+							if(data.progress == 100) {
+								// TODO: if there are more runs ... ???
+								progressBar.removeClass('progress-bar-striped active');
+								progressBar.html(<?php echo json_encode($Translation['done']); ?>);
+								return;
+							}
+
+							// if there are more records to process, continue
+							batch(tn, run);
+						},
+						error: (jqxhr) => {
+							let error;
+							try {
+								error = JSON.parse(jqxhr.responseText).message;
+							} catch(e) {
+								error = jqxhr.responseText;
+							}
+							progressBar.removeClass('progress-bar-striped');
+							progressBar.html(<?php echo json_encode($Translation['error:']); ?> + ' ' + error);
+						}
+					}));
+				};
+
+				const nextRun = (run = 0) => {
+					if(run >= tables.length) return;
+
+					const runsProgressBar = $j('.progress-bar-runs');
+
+					runsProgressBar.addClass('active');
+					tables.forEach(tn => {
+						// reset table progress bar
+						$j(`.progress-bar-table[data-tn="${tn}"]`)
+							.css('width', '0%')
+							.addClass('progress-bar-striped active')
+							.html('0%');
+
+						// reset total records
+						$j(`#total-records-${tn}`).html('0');
+
+						batch(tn, run); 
+					});
+
+					// keep watching until all table progress bars are done, then start next run
+					const interval = setInterval(() => {
+						// if there are still active progress bars, keep watching
+						if($j('.progress-bar-table.progress-bar-striped').length > 0) return; 
+
+						// all progress bars are done, clear interval to stop watching
+						clearInterval(interval);
+
+						// update runs progress bar
+						const runsProgress = Math.round((run + 1) / tables.length * 100);
+						runsProgressBar.css('width', runsProgress + '%').html((run + 1) + ' / ' + tables.length);
+
+						// if there are no more runs, we're finished fixing record owners
+						if(runsProgress == 100) {
+							runsProgressBar.removeClass('progress-bar-striped');
+
+							// update start button
+							$j('#start')
+								.html('<span class="glyphicon glyphicon-ok"></span> ' + <?php echo json_encode($Translation['done']); ?>)
+								.removeClass('disabled btn-primary')
+								.addClass('btn-success');
+
+							return;
+						}
+
+						// otherwise, start next run
+						nextRun(run + 1);
+					}, 100);
+				};
+
+				nextRun();
+			});
+		})</script>
+
+		<?php return ob_get_clean();
+	}
+
+	function withinTimeLimit() {
+		static $start = null;
+		if($start === null) $start = microtime(true);
+		$elapsed = round(microtime(true) - $start, 3);
+
+		return $elapsed < TIME_LIMIT;
+	}
+
+	function parentTable($tn, $lookupField) {
+		$pts = get_parent_tables($tn); // [pt1 => [lookup1, lookup2, ...], pt2 => [...], ...]
+		foreach($pts as $pt => $lookups) {
+			if(in_array($lookupField, $lookups)) return $pt;
+		}
+		return false;
+	}
+
+	function cleanupSessionData($tn) {
+		unset($_SESSION['fixRecordOwners_' . $tn]);
+	}
+
+	function storeRecordsInfoToSession($tn, $lookupField) {
+		$processId = 'fixRecordOwners_' . $tn;
+		$_SESSION[$processId] = $_SESSION[$processId] ?? [];
+		$store =& $_SESSION[$processId];
+
+		if(!empty($store['lookupOwnersDone']) && !empty($store['recordsDone'])) return; // already done
+
+		// parent table name
+		$ptn = parentTable($tn, $lookupField);
+
+		$eo = ['silentErrors' => true];
+
+		// init
+		$store += [
+			'lookupOwners' => [],
+			'records' => [],
+			'lookupOwnersDone' => false,
+			'recordsDone' => false,
+			'totalRecords' => INF, // assume infinite number of records initially
+		];
+
+		// get all distinct lookup values as keys and their corresponding record owners as values, [lookupValue => recordOwner]
+		while(withinTimeLimit() && !$store['lookupOwnersDone']) {
+			$start = count($store['lookupOwners']);
+			$res = sql(" 
+				SELECT `pkValue` AS `lookupValue`, `memberID` AS `recordOwner`
+				FROM `membership_userrecords` 
+				WHERE `tableName` = '{$ptn}'
+				ORDER BY `pkValue`
+				LIMIT {$start}, " . BATCH_READ_SIZE, $eo
+			);
+
+			// no more records to read?
+			if(!db_num_rows($res)) {
+				$store['lookupOwnersDone'] = true;
+				break;
+			}
+
+			while($row = db_fetch_assoc($res)) {
+				$store['lookupOwners'][$row['lookupValue']] = $row['recordOwner'];
+			}
+		}
+
+		// get all records of the table [id => lookupValue]
+		$pk = getPKFieldName($tn);
+		while(withinTimeLimit() && !$store['recordsDone']) {
+			$start = count($store['records']);
+			$res = sql(" 
+				SELECT `{$pk}` AS `id`, `{$lookupField}` AS `lookupValue` 
+				FROM `{$tn}` 
+				WHERE `{$lookupField}` IS NOT NULL
+				ORDER BY `{$lookupField}`
+				LIMIT {$start}, " . BATCH_READ_SIZE, $eo
+			);
+
+			// no more records to read?
+			if(!db_num_rows($res)) {
+				$store['recordsDone'] = true;
+				$store['totalRecords'] = count($store['records']);
+				break;
+			}
+
+			while($row = db_fetch_assoc($res)) {
+				$store['records'][$row['id']] = $row['lookupValue'];
+			}
+		}
+	}
+
+	function updateRecordOwners($tn) {
+		$store =& $_SESSION['fixRecordOwners_' . $tn];
+		$affectedRecords = 0;
+
+		while(withinTimeLimit() && count($store['records'])) {
+			// get a single record [id => lookupValue] off the array
+			$record = array_slice($store['records'], 0, 1, true); // [id => lookupValue]
+			$id = array_keys($record)[0];
+			$owner = $store['lookupOwners'][$record[$id]];
+
+			$insertSet = prepare_sql_set([
+				'tableName' => $tn,
+				'pkValue' => $id,
+				'memberID' => $owner,
+				'groupID' => get_group_id($owner),
+				'dateAdded' => time(),
+			]);
+			$updateSet = prepare_sql_set([
+				'memberID' => $owner,
+				'groupID' => get_group_id($owner),
+			]);
+
+			// insert or update record owner
+			$eo = ['silentErrors' => true];
+			sql("INSERT INTO `membership_userrecords` SET $insertSet ON DUPLICATE KEY UPDATE $updateSet", $eo);
+
+			// get affected rows
+			$affectedRecords += db_affected_rows();
+
+			// remove record from array
+			unset($store['records'][$id]);
+		}
+
+		return $affectedRecords;
+	}
+
+	function batchProcess() {
+		global $Translation;
+
+		$tn = Request::val('tn');
+		$run = intval(Request::val('run', 0));
+		if(!csrf_token(true)) json_response($Translation['invalid security token'], true);
+
+		$lookupField = tableRecordOwner($tn);
+		if(!$lookupField) json_response($Translation['record owner not configured for this table'], true);
+
+		storeRecordsInfoToSession($tn, $lookupField);
+		$affectedRecords = updateRecordOwners($tn);
+
+		$store =& $_SESSION['fixRecordOwners_' . $tn];
+
+		if($store['totalRecords'] === INF) {
+			$progress = 0;
+		} elseif(count($store['records']) === 0) {
+			$progress = 100;
+			cleanupSessionData($tn);
+		} else {
+			$progress = min(100, round((1 - count($store['records']) / $store['totalRecords']) * 100));
+		}
+
+		json_response([
+			'tn' => $tn,
+			'progress' => $progress,
+			'totalRecords' => $store['totalRecords'],
+			'affectedRecords' => $affectedRecords,
+			'run' => $run,
+		]);
+	}
diff --git a/app/admin/pageInstallPlugin.php b/app/admin/pageInstallPlugin.php
new file mode 100644
index 0000000..83ec16a
--- /dev/null
+++ b/app/admin/pageInstallPlugin.php
@@ -0,0 +1,550 @@
+<?php
+	require(__DIR__ . '/incCommon.php');
+
+	/*
+		Requests that can be handled by this file:
+		1. normal GET request => display the HTML page
+		2. Ajax POST request containing `email` and `orderNum` => perform order login, process response HTML to extract download links, parse plugin names from links, and send list of plugin names as JSON response
+		3. Ajax POST request containing `installPlugin` which is a plugin name => install the plugin and send JSON response indicating success or failure with reason
+		4. Ajax POST request containing `installPlugin` which is a plugin name and `confirmReinstall` => install the plugin, overwriting pre-installed files, and send JSON response indicating success or failure with reason
+	*/
+
+	// if this is a GET request, display the HTML page
+	if($_SERVER['REQUEST_METHOD'] == 'GET')
+		showPage(); // exits after displaying the page
+
+	// validate csrf token
+	if(!csrf_token(true))
+		if(is_ajax())
+			die(json_response($Translation['csrf token expired or invalid'], true));
+		else
+			die($Translation['csrf token expired or invalid']);
+
+	// if we have an email and order number, handle order login logic
+	if(Request::val('email') && Request::val('orderNum'))
+		die(handleOrderLogin());
+
+	// if we have a plugin name, handle plugin installation logic
+	if(Request::val('installPlugin'))
+		die(handlePluginInstall());
+
+	// if we get here, we have an invalid request
+	die('Invalid request');
+
+	// function to display the HTML page
+	function showPage() {
+		global $Translation;
+		$missing = missingDependencies();
+
+		include(__DIR__ . '/incHeader.php');
+		?>
+		<div class="page-header"><h1>
+			<small class="glyphicon glyphicon-download-alt"></small>
+			<?php echo $Translation['Install a plugin']; ?>
+		</h1></div>
+
+		<?php if($missing) { ?>
+			<div class="alert alert-danger">
+				<p>
+					<?php echo $Translation['missing dependencies']; ?>
+				</p>
+				<ul>
+					<?php foreach($missing as $dep) { ?>
+						<li><?php echo $dep; ?></li>
+					<?php } ?>
+				</ul>
+			</div>
+			<?php include(__DIR__ . '/incFooter.php');
+		} ?>
+
+		<!-- collapseable accordion with 3 panels representing 3 steps -->
+		<div class="panel-group" id="accordion">
+
+			<!-- step 1: order login form -->
+			<div class="panel panel-default" id="step1">
+				<div class="panel-heading">
+					<h4 class="panel-title">
+						<span class="glyphicon glyphicon-chevron-down"></span>
+						<span class="glyphicon glyphicon-chevron-right"></span>
+						<?php echo $Translation['step 1']; ?>
+						<?php echo $Translation['plugin check instructions']; ?>
+					</h4>
+				</div>
+				<div class="panel-body hidden">
+					<!-- order login form -->
+					<form id="order-login-form">
+						<div class="alert alert-danger hidden" id="order-login-error"></div>
+
+						<div class="form-group">
+							<label for="email" class="control-label"><?php echo $Translation['email']; ?></label>
+							<input type="email" class="form-control" id="email" name="email" required>
+						</div>
+						<div class="form-group">
+							<label for="orderNum" class="control-label"><?php echo $Translation['order number']; ?></label>
+							<input type="text" class="form-control" id="orderNum" name="orderNum" required>
+						</div>
+						<button type="button" class="btn btn-lg btn-primary">
+							<span class="glyphicon glyphicon-refresh loop-rotate hidden"></span>
+							<span class="glyphicon glyphicon-play-circle"></span>
+							<?php echo $Translation['view available plugins']; ?>
+						</button>
+					</form>
+				</div>
+			</div>
+
+			<!-- step 2: plugin selection -->
+			<div class="panel panel-default" id="step2">
+				<div class="panel-heading">
+					<h4 class="panel-title">
+						<span class="glyphicon glyphicon-chevron-down"></span>
+						<span class="glyphicon glyphicon-chevron-right"></span>
+						<?php echo $Translation['step 2']; ?>
+						<?php echo $Translation['select plugins to install']; ?>
+					</h4>
+				</div>
+				<div class="panel-body hidden"></div>
+			</div>
+
+			<!-- step 3: plugins installation progress -->
+			<div class="panel panel-default" id="step3">
+				<div class="panel-heading">
+					<h4 class="panel-title">
+						<span class="glyphicon glyphicon-chevron-down"></span>
+						<span class="glyphicon glyphicon-chevron-right"></span>
+						<?php echo $Translation['step 3']; ?>
+						<?php echo $Translation['plugins install progress']; ?>
+					</h4>
+				</div>
+				<div class="panel-body hidden"></div>
+			</div>
+
+		</div>
+
+		<?php echo pageJS(); ?>
+
+		<style>
+			.panel-group { max-width: 70em; }
+			.panel-title { padding: 1em; }
+			.panel.expanded .panel-title > .glyphicon-chevron-down { display: inline; }
+			.panel.expanded .panel-title > .glyphicon-chevron-right { display: none; }
+			.panel:not(.expanded) .panel-title > .glyphicon-chevron-down { display: none; }
+			.panel:not(.expanded) .panel-title > .glyphicon-chevron-right { display: inline; }
+
+			.progress { height: 3em; }
+			.progress-bar { line-height: 3em; }
+			.progress-bar.text-left { padding-left: 1em; text-align: left !important; }
+		</style>
+		<?php
+		include(__DIR__ . '/incFooter.php');
+	}
+
+	function pageJS() {
+		global $Translation;
+
+		ob_start(); ?>
+		<script>
+			$j(() => {
+				const numSteps = $j('#accordion .panel').length;
+				const csrf_token = '<?php echo csrf_token(false, true); ?>';
+
+				const expandStep = (step) => {
+					$j(`#step${step}`).addClass('expanded').children('.panel-body').removeClass('hidden');
+
+					for(let i = 1; i <= numSteps; i++) {
+						if(i === step) continue;
+						$j(`#step${i}`).removeClass('expanded').children('.panel-body').addClass('hidden');
+					}
+				};
+
+				const populatePlugins = (plugins) => {
+					// populate step 2 with plugin names (plugin.name) and add plugin.url as data attribute
+					$j('#step2 .panel-body').html(plugins.map(plugin => `
+						<div class="checkbox">
+							<label>
+								<input type="checkbox" name="plugins" value="${plugin.slug}" data-url="${plugin.url}">
+								${plugin.name}
+								${plugin.installed ? `<span class="label label-warning">${'<?php echo $Translation['already installed']; ?>'.replace('%s', plugin.installDate)}</span>` : ''}
+							</label>
+						</div>
+					`).join(''));
+
+					// append 'Install selected plugins' button to step 2
+					$j('#step2 .panel-body').append(`
+						<button type="button" class="btn btn-lg btn-primary">
+							<span class="glyphicon glyphicon-refresh loop-rotate hidden"></span>
+							<span class="glyphicon glyphicon-play-circle"></span>
+							<?php echo $Translation['install selected plugins']; ?>
+						</button>
+					`);
+
+					expandStep(2);
+				}
+
+				// if email and order number are stored in localStorage, populate form with them
+				$j('#email').val(localStorage.getItem('AppGini.plugins.email'));
+				$j('#orderNum').val(localStorage.getItem('AppGini.plugins.orderNum'));
+
+				// expand step 1 by default
+				expandStep(1);
+
+				// POST order login form on clicking the button of step 1
+				$j(document).on('click', '#step1 button', () => {
+					// get email and order number
+					let email = $j('#email').val();
+					let orderNum = $j('#orderNum').val();
+
+					let hasError = false;
+
+					// remove error status from email and order number fields
+					$j('#email').parent().removeClass('has-error');
+					$j('#orderNum').parent().removeClass('has-error');
+					$j('#order-login-error').addClass('hidden');
+
+					// if order number is not alpha-numeric and hyphens only, 5-20 characters, apply error status to order number field and return
+					if(!/^[a-z0-9\-]{5,20}$/i.test(orderNum)) {
+						$j('#orderNum').parent().addClass('has-error');
+						$j('#order-login-error').html(`<?php echo $Translation['invalid order number']; ?>`).removeClass('hidden');
+						$j('#orderNum')[0].focus();
+						hasError = true;
+					}
+
+					// if email invalid, apply error status to email field and return
+					if($j('#email')[0].checkValidity() === false) {
+						$j('#email').parent().addClass('has-error');
+						$j('#order-login-error').html(`<?php echo $Translation['invalid email']; ?>`).removeClass('hidden');
+						$j('#email')[0].focus();
+						hasError = true;
+					}
+
+					// if there's an error, return
+					if(hasError) return;
+
+					// show loading icon
+					$j('#step1 button .glyphicon-play-circle').addClass('hidden');
+					$j('#step1 button .glyphicon-refresh').removeClass('hidden');
+
+					// POST the email and order number to this page
+					$j.ajax({
+						url: window.location.href,
+						method: 'POST',
+						data: { email, orderNum, csrf_token },
+						dataType: 'json',
+						success: resp => {
+							// if response is an error, show error message and return
+							if(resp.status === 'error') {
+								$j('#order-login-error').html(resp.message).removeClass('hidden');
+								return;
+							}
+
+							// if response is not an array, show error message and return
+							if(!Array.isArray(resp.data)) {
+								$j('#order-login-error').html(`<?php echo $Translation['invalid order login']; ?>`).removeClass('hidden');
+								return;
+							}
+
+							// if response is an empty array, show error message and return
+							if(!resp.data.length) {
+								$j('#order-login-error').html(`<?php echo $Translation['no plugins available']; ?>`).removeClass('hidden');
+								return;
+							}
+
+							// hide error message
+							$j('#order-login-error').addClass('hidden');
+
+							// store email and order number in localStorage for future use
+							localStorage.setItem('AppGini.plugins.email', email);
+							localStorage.setItem('AppGini.plugins.orderNum', orderNum);
+
+							populatePlugins(resp.data);
+						},
+						error: (xhr, status, error) => {
+							// parse response to see if it contains an error message
+							let resp = JSON.parse(xhr.responseText);
+
+							// if unable to parse, show default error message
+							if(!resp || !resp.message) {
+								$j('#order-login-error').html(`<?php echo $Translation['invalid order login']; ?>`).removeClass('hidden');
+								return;
+							}
+
+							// show error message
+							$j('#order-login-error').html(resp.message).removeClass('hidden');
+						},
+						complete: () => {
+							// hide loading icon
+							$j('#accordion .panel:nth-child(1) button .glyphicon-play-circle').removeClass('hidden');
+							$j('#accordion .panel:nth-child(1) button .glyphicon-refresh').addClass('hidden');
+						}
+					});
+				});
+
+				// Send request to install selected plugins
+				$j(document).on('click', '#step2 button', () => {
+					// get selected plugins
+					const plugins = $j('#step2 input[type="checkbox"]:checked');
+
+					// if no plugins selected, return
+					if(!plugins.length) return;
+
+					expandStep(3);                    
+
+					// POST each plugin separately
+					plugins.each((i, plugin) => {
+						plugin = $j(plugin);
+
+						// get plugin slug and url
+						const pluginSlug = plugin.val();
+						const pluginUrl = plugin.data('url');
+						const pluginName = plugin.parent().text().trim();
+
+						// render an animated striped progress bar for this plugin (warning color)
+						// after plugin is installed, stop animation and change color to green
+						// if plugin fails to install, change color to red and show error message
+						$j('#step3 .panel-body').append(`
+							<div class="progress" id="${pluginSlug}-progress">
+								<div class="progress-bar progress-bar-striped progress-bar-warning active" style="width: 100%;">
+									<span class="glyphicon glyphicon-ok hidden"></span>
+									<span class="glyphicon glyphicon-remove hidden"></span>
+									<span class="text-bold">${pluginName}</span>
+								</div>
+							</div>
+						`);
+
+						const pluginError = (msg) => {
+							$j(`#${pluginSlug}-progress .progress-bar`).removeClass('progress-bar-striped progress-bar-warning active').addClass('progress-bar-danger text-left');
+							$j(`#${pluginSlug}-progress .progress-bar .glyphicon-remove`).removeClass('hidden');
+							$j(`#${pluginSlug}-progress .progress-bar`).append(`<span class="text-italic hspacer-lg">${msg}</span>`);
+						};
+
+						// POST the plugin slug and url to this page
+						$j.ajax({
+							url: window.location.href,
+							method: 'POST',
+							data: { installPlugin: pluginSlug, pluginUrl, csrf_token },
+							dataType: 'json',
+							success: resp => {
+								// if response is an error, show error message and return
+								if(resp.status === 'error') {
+									pluginError(resp.message);
+									return;
+								}
+
+								// show success in progress bar
+								$j(`#${pluginSlug}-progress .progress-bar`).removeClass('progress-bar-striped progress-bar-warning active').addClass('progress-bar-success text-left');
+								$j(`#${pluginSlug}-progress .progress-bar .glyphicon-ok`).removeClass('hidden');
+								$j(`#${pluginSlug}-progress .progress-bar`).append(`<span class="text-italic hspacer-lg">${<?php echo json_encode($Translation['plugin installed successfully']); ?>}</span>`);
+
+								// set progress bar as a link to the plugin's page (open in new tab)
+								$j(`#${pluginSlug}-progress .progress-bar`).wrap(`<a href="../plugins/${pluginSlug}" target="_blank"></a>`);
+							},
+							error: (xhr, status, error) => {
+								// parse response to see if it contains an error message
+								let resp = JSON.parse(xhr.responseText);
+
+								// if unable to parse, show default
+								if(!resp || !resp.message) {
+									pluginError(`<?php echo $Translation['plugin install failed']; ?>`);
+									return;
+								}
+
+								// show error message
+								pluginError(resp.message);
+							},
+							complete: () => {
+							}
+						});
+					});
+				});
+			})
+		</script>
+		<?php
+		return ob_get_clean();
+	}
+
+	function missingDependencies() {
+		$pluginsFolder = __DIR__ . '/../plugins';
+		// create plugin folder if it doesn't exist
+		if(!is_dir($pluginsFolder))
+			@mkdir($pluginsFolder, 0777, true);
+
+		$dependencies = [
+			// ZipArchive is required for extracting zip files
+			'ZipArchive not enabled' => class_exists('ZipArchive'),
+			// cURL is required for making HTTP requests
+			'cURL extension not enabled' => function_exists('curl_init'),
+			// 'plugins' folder is writable
+			'Plugins folder not writable' => is_writable($pluginsFolder),
+		];
+
+		// if all dependencies are met, return false
+		if(!in_array(false, $dependencies, true))
+			return false;
+
+		// return missing dependencies
+		return array_keys(array_filter($dependencies, function($v) { return !$v; }));
+	}
+
+	// function to handle order login logic
+	function handleOrderLogin() {
+		global $Translation;
+
+		// get the email and order number
+		$email = Request::val('email');
+		$order = Request::val('orderNum');
+
+		// validate the email
+		if(!isEmail($email))
+			die(json_response($Translation['invalid email'], true));
+
+		// validate the order number (alpha-numeric and hyphens only, 5-20 characters)
+		if(!preg_match('/^[a-z0-9\-]{5,20}$/i', $order))
+			die(json_response($Translation['invalid order number'], true));
+
+		// POST the email and order number to the order login page
+		// first, set referer header to https://bigprof.com/appgini/download-plugins
+		$headers = ['Referer' => 'https://bigprof.com/appgini/download-plugins'];
+		$resp = httpRequest('https://bigprof.com/appgini/download-plugins', compact('email', 'order'), $headers, 'POST');
+		if(empty($resp['body']))
+			echo json_response($Translation['invalid order login'], true);
+
+		// use regex to find .download-link lines, get next <a> tag (could be on same or next line), get href attribute value
+		$regex = '/<div class="download-link">.*?<\/div>/s';
+		preg_match_all($regex, $resp['body'], $matches);
+		$links = [];
+		foreach ($matches[0] as $match) {
+			$regex = '/<a.*?href="([a-z0-9_\/\.]*)"/s';
+			preg_match($regex, $match, $subMatches);
+			if(!empty($subMatches[1]))
+				$links[] = $subMatches[1];
+		}
+
+		// if no links found, return error
+		if(!count($links))
+			die(json_response($Translation['no plugins available'], true));
+
+		// parse plugin names from links
+		$plugins = [];
+		foreach($links as $link) {
+			// get plugin name from link
+			$slug = basename($link, '.zip');
+			$pluginName = ucfirst($slug);
+			$pluginName = str_replace(['-', '_'], ' ', $pluginName);
+
+			// plugin already installed?
+			$infoFile = __DIR__ . "/../plugins/{$slug}/plugin-info.json";
+			$installed = is_file($infoFile);
+			$installDate = $installed ? date('Y-m-d', filemtime($infoFile)) : '';
+
+			// if plugin name is not empty, add it to the list of plugins
+			if($pluginName) $plugins[] = ['name' => $pluginName, 'url' => $link, 'installed' => $installed, 'installDate' => $installDate, 'slug' => $slug];
+		}
+
+		// if no plugins found, return error
+		if(!count($plugins))
+			die(json_response($Translation['no plugins available'], true));
+
+		// return list of plugins
+		die(json_response($plugins));
+	}
+
+	// function to handle plugin installation logic
+	function handlePluginInstall() {
+		global $Translation;
+
+		// get the plugin name and url
+		$pluginSlug = Request::val('installPlugin');
+		$pluginUrl = 'https://bigprof.com' . Request::val('pluginUrl');
+
+		// validate the plugin name (alpha-numeric and hyphens only, 3-30 characters)
+		if(!preg_match('/^[a-z0-9\-_]{3,30}$/i', $pluginSlug))
+			die(json_response($Translation['plugin install failed'] . ' LINE# ' . __LINE__, true));
+
+		// validate the plugin url
+		if(!filter_var($pluginUrl, FILTER_VALIDATE_URL))
+			die(json_response($Translation['plugin install failed'] . ' LINE# ' . __LINE__, true));
+
+		// create a tmp folder if it doesn't exist
+		if(!is_dir(APP_DIR . '/tmp'))
+			@mkdir(APP_DIR . '/tmp', 0777);
+
+		// add .htaccess file to tmp folder to prevent directory access
+		if(!is_file(APP_DIR . '/tmp/.htaccess'))
+			file_put_contents(APP_DIR . '/tmp/.htaccess', 'deny from all');
+
+		// download the plugin zip file
+		if(!copy($pluginUrl, APP_DIR . "/tmp/{$pluginSlug}.zip"))
+			die(json_response($Translation['plugin install failed'] . ' LINE# ' . __LINE__, true));
+
+		$errorLog = [];
+		$res = unzip(APP_DIR . "/tmp/{$pluginSlug}.zip", APP_DIR, $errorLog);
+
+		// delete the zip file
+		@unlink(APP_DIR . "/tmp/{$pluginSlug}.zip");
+
+		// if unzip failed, return error
+		// TODO: include errorLog
+		if(!$res)
+			die(json_response($Translation['plugin install failed'] . ' LINE# ' . __LINE__, true));
+
+		// return success
+		die(json_response($Translation['plugin installed successfully']));
+	}
+
+	function unzip($zipFilePath, $outputPath, &$errorLog) {
+		$errorLog = [];
+
+		// Check if zip extraction is supported by PHP
+		if(!class_exists('ZipArchive')) {
+			$errorLog[] = 'ZipArchive class not found';
+			return false;
+		}
+
+		// Check if the output path is writable
+		if(!is_writable($outputPath)) {
+			$errorLog[] = 'Output path not writable';
+			return false;
+		}
+
+		// Create a new instance of ZipArchive
+		$zip = new ZipArchive;
+
+		// Open the zip file
+		if(!$zip->open($zipFilePath) === true) {
+			$errorLog[] = 'Unable to open zip file';
+			return false;
+		}
+
+		// Extract each file from the archive, and if newer than existing file (or no existing file), overwrite it
+		for($i = 0; $i < $zip->numFiles; $i++) {
+			$filename = $zip->getNameIndex($i);
+			$extractedFile = rtrim($outputPath, '/') . '/' . $filename;
+
+			// Check if extracted file is newer than existing file (or no existing file)
+			if(is_file($extractedFile) && filemtime($extractedFile) >= $zip->statIndex($i)['mtime']) {
+				$errorLog[] = "File {$filename} already exists, skipping ...";
+				continue;
+			}
+
+			// Create the directories if necessary
+			$dir = dirname($extractedFile);
+			if(!is_dir($dir))
+				@mkdir($dir, 0777, true);
+
+			// Extract the file if dir exists
+			if(!is_dir($dir)) {
+				$dirError = "Unable to create subdirectory {$dir}";
+				// if errorLog doesn't already contain this error, add it
+				if(!in_array($dirError, $errorLog))
+					$errorLog[] = $dirError;
+				continue;
+			}
+
+			if(!$zip->extractTo($outputPath, [$filename]))
+				$errorLog[] = "Unable to extract file {$filename}";
+		}
+
+		// Close the zip file
+		$zip->close();
+
+		return true;
+	}
diff --git a/app/admin/pageServerStatus.php b/app/admin/pageServerStatus.php
index 05f593b..e9f6e0d 100644
--- a/app/admin/pageServerStatus.php
+++ b/app/admin/pageServerStatus.php
@@ -1,6 +1,6 @@
 <?php
-	$appgini_version = '23.16.1515';
-	$generated_ts = '18/10/2023 18:30:46';
+	$appgini_version = '24.11.1591';
+	$generated_ts = '24/03/2024 15:31:30';
 
 	require(__DIR__ . '/incCommon.php');
 
diff --git a/app/admin/pageSettings.php b/app/admin/pageSettings.php
index 4a2406a..a88f8e2 100644
--- a/app/admin/pageSettings.php
+++ b/app/admin/pageSettings.php
@@ -84,7 +84,7 @@
 			'appURI' => formatUri(preg_replace('/admin$/', '', dirname($_SERVER['SCRIPT_NAME']))),
 			'host' => config('host'),
 
-			'adminConfig' => [
+			'adminConfig' => array_merge([
 				'adminUsername' => strtolower($post['adminUsername']),
 				'adminPassword' => $adminPassword,
 				'notifyAdminNewMembers' => intval($post['notifyAdminNewMembers']),
@@ -115,7 +115,9 @@
 				'smtp_pass' => $post['smtp_pass'],
 				'googleAPIKey' => $post['googleAPIKey'],
 				'baseUploadPath' => ($post['baseUploadPath'] ? $post['baseUploadPath'] : 'images'),
-			]
+			],
+			LDAP::postToSettings($post)
+			),
 		];
 
 		// save changes
@@ -295,6 +297,7 @@ function settings_checkbox($name, $label, $value, $set_value, $hint = '') {
 		<li><a href="#mail-settings" data-toggle="tab"><i class="glyphicon glyphicon-envelope"></i> <?php echo $Translation['Mail']; ?></a></li>
 		<li><a href="#users-settings" data-toggle="tab"><i class="glyphicon glyphicon-user"></i> <?php echo $Translation['Preconfigured users and groups']; ?></a></li>
 		<li><a href="#app-settings" data-toggle="tab"><i class="glyphicon glyphicon-cog"></i> <?php echo $Translation['Application']; ?></a></li>
+		<?php echo LDAP::settingsTab(); ?>
 	</ul>
 
 	<!-- Tab panes -->
@@ -409,6 +412,8 @@ function settings_checkbox($name, $label, $value, $set_value, $hint = '') {
 				'</div>'
 			); ?>
 		</div>
+
+		<?php echo LDAP::settingsTabContent(); ?>
 	</div>
 </form>
 
diff --git a/app/ajax_combo.php b/app/ajax_combo.php
index 74e5e8b..5f42d0a 100644
--- a/app/ajax_combo.php
+++ b/app/ajax_combo.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 /*
@@ -340,15 +340,6 @@
 		/* return json */
 		header('Content-type: application/json');
 
-		/* if unique text (ut=1), we don't care about IDs and can group by text */
-		if($uniqueText && !preg_match('/\bgroup by\b/i', $combo->Query)) {
-			// do we have an order by?
-			if(preg_match('/\border by\b/i', $combo->Query))
-				$combo->Query = preg_replace('/\b(order by)\b/i', ' GROUP BY 2 $1', $combo->Query);
-			else
-				$combo->Query .= ' GROUP BY 2 ';
-		}
-
 		if(!preg_match('/ limit .+/i', $combo->Query)) {
 			if(!$search_id) $combo->Query .= " LIMIT {$skip}, {$results_per_page}";
 			if($search_id) $combo->Query .= " LIMIT 1";
@@ -374,12 +365,25 @@
 
 			$eo = ['silentErrors' => true];
 
+			/* 
+			if unique text (ut=1), we don't care about IDs and can group by text.
+			initiate array to hold unique texts.
+			*/
+			if($uniqueText) $uniqueArr = [];
+
 			$res = sql($combo->Query, $eo);
 			if($res) while($row = db_fetch_row($res)) {
+				// Add initial empty value if field is not required and this is the first page of results
 				if(empty($prepared_data) && $page == 1 && !$search_id && !$field['not_null']) {
 					$prepared_data[] = ['id' => empty_lookup_value, 'text' => to_utf8("<{$Translation['none']}>")];
 				}
 
+				// if unique text, add to uniqueArr and skip if already exists
+				if($uniqueText) {
+					if(in_array($row[1], $uniqueArr)) continue;
+					$uniqueArr[] = $row[1];
+				}
+
 				$prepared_data[] = ['id' => to_utf8($row[0]), 'text' => to_utf8($xss->xss_clean($row[1]))];
 			}
 		}
diff --git a/app/categories_autofill.php b/app/categories_autofill.php
index 3207ce0..0f4b73b 100644
--- a/app/categories_autofill.php
+++ b/app/categories_autofill.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
diff --git a/app/categories_dml.php b/app/categories_dml.php
index d4ece40..5d53e8c 100644
--- a/app/categories_dml.php
+++ b/app/categories_dml.php
@@ -2,7 +2,7 @@
 
 // Data functions (insert, update, delete, form) for table categories
 
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 function categories_insert(&$error_message = '') {
@@ -68,7 +68,9 @@ function categories_insert(&$error_message = '') {
 	}
 
 	// mm: save ownership data
-	set_record_owner('categories', $recID, getLoggedMemberID());
+	// record owner is current user
+	$recordOwner = getLoggedMemberID();
+	set_record_owner('categories', $recID, $recordOwner);
 
 	// if this record is a copy of another record, copy children if applicable
 	if(strlen(Request::val('SelectedID'))) categories_copy_children($recID, Request::val('SelectedID'));
@@ -241,8 +243,8 @@ function categories_update(&$selected_id, &$error_message = '') {
 		if(!categories_after_update($data, getMemberInfo(), $args)) return;
 	}
 
-	// mm: update ownership data
-	sql("UPDATE `membership_userrecords` SET `dateUpdated`='" . time() . "' WHERE `tableName`='categories' AND `pkValue`='" . makeSafe($selected_id) . "'", $eo);
+	// mm: update record update timestamp
+	set_record_owner('categories', $selected_id);
 }
 
 function categories_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $separateDV = 0, $TemplateDV = '', $TemplateDVP = '') {
diff --git a/app/categories_view.php b/app/categories_view.php
index a6a498d..0c3e8ee 100644
--- a/app/categories_view.php
+++ b/app/categories_view.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
@@ -74,6 +74,7 @@
 	$x->AllowPrinting = 1;
 	$x->AllowPrintingDV = 1;
 	$x->AllowCSV = 1;
+	$x->AllowAdminShowSQL = 0;
 	$x->RecordsPerPage = 5;
 	$x->QuickSearch = 1;
 	$x->QuickSearchText = $Translation['quick search'];
diff --git a/app/common.js b/app/common.js
index eefd24f..1ae3582 100644
--- a/app/common.js
+++ b/app/common.js
@@ -1,6 +1,6 @@
 var AppGini = AppGini || {};
 
-AppGini.version = 23.16;
+AppGini.version = 24.11;
 
 /* initials and fixes */
 jQuery(function() {
@@ -310,6 +310,25 @@ jQuery(function() {
 		condition: () => AppGini.Translate !== undefined,
 		action: () => moment.locale(AppGini.Translate._map['datetimepicker locale'])
 	})
+
+	// if upload toolbox is empty, hide it
+	$j('.upload-toolbox').toggleClass('hidden', !$j('.upload-toolbox').children().not('.hidden').length)
+
+	// on clicking .sql-query-copier or .sql-query-container, copy the query to clipboard
+	// and set .sql-query-copier to 'copied' for 1 second
+	$j(document).on('click', '.sql-query-copier', function() {
+		const query = $j(this).siblings('.sql-query-container').text().trim();
+		if(!query) return;
+
+		AppGini.copyToClipboard(query);
+
+		$j(this).text(AppGini.Translate._map['copied']);
+		setTimeout(() => $j(this).text(AppGini.Translate._map['click to copy']), 1000);
+	})
+	$j(document).on('click', '.sql-query-container', function() {
+		$j(this).siblings('.sql-query-copier').click();
+	})
+
 });
 
 /* show/hide TV action buttons based on whether records are selected or not */
@@ -1875,6 +1894,11 @@ AppGini.sortSelect2ByRelevence = function(res, cont, qry) {
 			if(aStart && !bStart) return false;
 			if(!aStart && bStart) return true;
 		}
+
+		// if trimmed item is empty, always return it first
+		if(a.text.trim() == '') return false;
+		if(b.text.trim() == '') return true;
+
 		return a.text > b.text;
 	});
 }
@@ -1895,6 +1919,12 @@ AppGini.alterDVTitleLinkToBack = function() {
 	})
 }
 
+AppGini.isRecordUpdated = () => {
+	var url = new URL(window.location.href);
+	var params = new URLSearchParams(url.search);
+	return params.has('record-updated-ok') || params.has('record-added-ok');
+}
+
 AppGini.lockUpdatesOnUserRequest = function() {
 	// if this is not DV of existing record where editing and saving a copy are both enabled, skip
 	if(!$j('#update').length || !$j('#insert').length || !$j('input[name=SelectedID]').val().length) return;
@@ -1926,6 +1956,9 @@ AppGini.lockUpdatesOnUserRequest = function() {
 			locker.toggleClass('active');
 			locker.prop('title', AppGini.Translate._map[locker.hasClass('active') ? 'Enable' : 'Disable']);
 		})
+
+	// if record has just been added/updated, lock updates
+	if(AppGini.isRecordUpdated()) $j('.btn-update-locker').trigger('click');
 }
 
 /* function to focus a specific element of a form, given field name */
@@ -2518,3 +2551,23 @@ AppGini.updateChildrenCount = (scheduleNextCall = true) => {
 			setTimeout(AppGini.updateChildrenCount, elapsed > 2000 ? 60000 : 10000);
 	});
 }
+
+AppGini.copyToClipboard = (text) => {
+	if(navigator.clipboard) {
+	   navigator.clipboard.writeText(text);
+	   return;
+	}
+
+	const textArea = document.createElement('textarea');
+	textArea.value = text;
+	document.body.appendChild(textArea);
+	textArea.select();
+	document.execCommand('copy');
+	document.body.removeChild(textArea);
+}
+
+AppGini.htmlEntitiesToText = (html) => {
+	const txt = document.createElement('textarea');
+	txt.innerHTML = html;
+	return txt.value;
+}
diff --git a/app/customers_autofill.php b/app/customers_autofill.php
index 497e7fa..91aa26b 100644
--- a/app/customers_autofill.php
+++ b/app/customers_autofill.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
diff --git a/app/customers_dml.php b/app/customers_dml.php
index f89b5ef..8e5fbbc 100644
--- a/app/customers_dml.php
+++ b/app/customers_dml.php
@@ -2,7 +2,7 @@
 
 // Data functions (insert, update, delete, form) for table customers
 
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 function customers_insert(&$error_message = '') {
@@ -71,7 +71,9 @@ function customers_insert(&$error_message = '') {
 	}
 
 	// mm: save ownership data
-	set_record_owner('customers', $recID, getLoggedMemberID());
+	// record owner is current user
+	$recordOwner = getLoggedMemberID();
+	set_record_owner('customers', $recID, $recordOwner);
 
 	// if this record is a copy of another record, copy children if applicable
 	if(strlen(Request::val('SelectedID'))) customers_copy_children($recID, Request::val('SelectedID'));
@@ -222,11 +224,14 @@ function customers_update(&$selected_id, &$error_message = '') {
 		if(!customers_after_update($data, getMemberInfo(), $args)) return;
 	}
 
-	// mm: update ownership data
-	sql("UPDATE `membership_userrecords` SET `dateUpdated`='" . time() . "', `pkValue`='{$data['CustomerID']}' WHERE `tableName`='customers' AND `pkValue`='" . makeSafe($selected_id) . "'", $eo);
+	// mm: update record update timestamp
+	set_record_owner('customers', $selected_id);
 
-	// if PK value changed, update $selected_id
-	$selected_id = $newID;
+	// if PK value changed, update ownership and $selected_id
+	if($selected_id != $newID) {
+		update('membership_userrecords', ['pkValue' => $newID], ['pkValue' => $selected_id, 'tableName' => 'customers']);
+		$selected_id = $newID;
+	}
 }
 
 function customers_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $separateDV = 0, $TemplateDV = '', $TemplateDVP = '') {
@@ -297,7 +302,7 @@ function customers_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $
 		$filterField = Request::val('FilterField');
 		$filterOperator = Request::val('FilterOperator');
 		$filterValue = Request::val('FilterValue');
-		$combo_Country->SelectedText = (isset($filterField[1]) && $filterField[1] == '9' && $filterOperator[1] == '<=>' ? $filterValue[1] : '');
+		$combo_Country->SelectedText = (isset($filterField[1]) && $filterField[1] == '9' && $filterOperator[1] == '<=>' ? $filterValue[1] : entitiesToUTF8(''));
 	}
 	$combo_Country->Render();
 
diff --git a/app/customers_view.php b/app/customers_view.php
index 26c0359..11ceac6 100644
--- a/app/customers_view.php
+++ b/app/customers_view.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
@@ -116,6 +116,7 @@
 	$x->AllowPrinting = 1;
 	$x->AllowPrintingDV = 1;
 	$x->AllowCSV = (getLoggedAdmin() !== false);
+	$x->AllowAdminShowSQL = 0;
 	$x->RecordsPerPage = 10;
 	$x->QuickSearch = 1;
 	$x->QuickSearchText = $Translation['quick search'];
diff --git a/app/datalist.php b/app/datalist.php
index e3f9ec2..4b602f0 100644
--- a/app/datalist.php
+++ b/app/datalist.php
@@ -48,6 +48,7 @@ class DataList {
 		$AllowPrintingDV,
 		$HideTableView,
 		$AllowCSV,
+		$AllowAdminShowSQL,
 		$CSVSeparator,
 
 		$QuickSearch, // 0 to 3
@@ -96,6 +97,7 @@ function DataList() {     // Constructor function
 		$this->HideTableView = 0;
 		$this->QuickSearch = 0;
 		$this->AllowCSV = 0;
+		$this->AllowAdminShowSQL = 0;
 		$this->CSVSeparator = ',';
 
 		$this->AllowDVNavigation = true;
@@ -296,6 +298,9 @@ function Render() {
 					$url .= '&SelectedID=' . urlencode($SelectedID);
 			}
 
+			// append browser window id to url
+			$url .= (strpos($url, '?') === false ? '?' : '&') .  WindowMessages::windowIdQuery();
+
 			@header('Location: ' . $url);
 			$this->HTML .= "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;url=" . $url ."\">";
 
@@ -357,6 +362,10 @@ function Render() {
 			$filtersGET = substr($filtersGET, 1); // remove initial &
 
 			$redirectUrl = $this->ScriptFileName . '?SelectedID=' . urlencode($SelectedID) . '&' . $filtersGET . '&' . $update_status;
+
+			// append browser window id to url
+			$redirectUrl .= (strpos($redirectUrl, '?') === false ? '?' : '&') .  WindowMessages::windowIdQuery();
+
 			@header("Location: $redirectUrl");
 			$this->HTML .= '<META HTTP-EQUIV="Refresh" CONTENT="0;url='.$redirectUrl.'">';
 			return;
@@ -709,7 +718,7 @@ function Render() {
 			if($current_view == 'DV' && !$Embedded) {
 				$this->HTML .= '<div class="page-header">';
 					$this->HTML .= '<h1>';
-						$this->HTML .= '<a style="text-decoration: none; color: inherit;" href="' . $this->TableName . '_view.php"><img src="' . $this->TableIcon . '"> ' . $this->TableTitle . '</a>';
+						$this->HTML .= '<a style="text-decoration: none; color: inherit;" href="' . $this->TableName . '_view.php?' . WindowMessages::windowIdQuery() . '"><img src="' . $this->TableIcon . '"> ' . $this->TableTitle . '</a>';
 						/* show add new button if user can insert and there is a selected record */
 						if($SelectedID && $this->Permissions['insert'] && $this->SeparateDV && $this->AllowInsert) {
 							$this->HTML .= ' <button type="submit" id="addNew" name="addNew_x" value="1" class="btn btn-success"><i class="glyphicon glyphicon-plus-sign"></i> ' . $this->translation['Add New'] . '</button>';
@@ -800,7 +809,7 @@ function Render() {
 						$this->HTML .= '<h1>';
 							$this->HTML .= '<div class="row">';
 								$this->HTML .= '<div class="col-sm-8">';
-									$this->HTML .= '<a style="text-decoration: none; color: inherit;" href="' . $this->TableName . '_view.php"><img src="' . $this->TableIcon . '"> ' . $this->TableTitle . '</a>';
+									$this->HTML .= '<a style="text-decoration: none; color: inherit;" href="' . $this->TableName . '_view.php?' . WindowMessages::windowIdQuery() . '"><img src="' . $this->TableIcon . '"> ' . $this->TableTitle . '</a>';
 									/* show add new button if user can insert and there is a selected record */
 									if($SelectedID && $this->Permissions['insert'] && !$this->SeparateDV && $this->AllowInsert) {
 										$this->HTML .= ' <button type="submit" id="addNew" name="addNew_x" value="1" class="btn btn-success"><i class="glyphicon glyphicon-plus-sign"></i> ' . $this->translation['Add New'] . '</button>';
@@ -846,6 +855,11 @@ function Render() {
 
 			// begin table and display table title
 			if(!$this->HideTableView && !($dvprint_x && $this->AllowSelection && $SelectedID) && !$PrintDV && !$Embedded) {
+				if(getLoggedAdmin() && $this->AllowAdminShowSQL) {
+					$this->HTML .= '<button type="button" class="sql-query-copier btn btn-link btn-xs hidden">' . $this->translation['click to copy'] . '</button>';
+					$this->HTML .= '<pre class="sql-query-container hidden vspace-lg" title="' . html_attr($this->translation['click to copy']) . '">' . $this->getTVQuery($FirstRecord) . '</pre>';
+				}
+
 				$this->HTML .= '<div class="table-responsive"><table data-tablename="' . $this->TableName . '" class="table table-striped table-bordered table-hover">';
 
 				$this->HTML .= '<thead><tr>';
@@ -910,7 +924,7 @@ function Render() {
 
 						/* handle child info column header */
 						if($this->ColNumber[$i] == -1) {
-							[$childTable, $lookupField] = @explode('.', trim($this->ColFieldName[$i], '%'));
+							list($childTable, $lookupField) = @explode('.', trim($this->ColFieldName[$i], '%'));
 							$extraClasses = "child-{$childTable}-{$lookupField} child-records-info";
 							$extraAttributes = " data-table=\"{$childTable}\" data-lookup-field=\"{$lookupField}\"";
 							$extraHint = ' <button class="btn-link update-children-count" type="button" title="' . $this->translation['update'] . '"><i class="glyphicon glyphicon-refresh text-muted"></i></button>';
@@ -1139,7 +1153,9 @@ function Render() {
 				if($Print_x == '' && $i) { // TV
 					$this->HTML .= '<div class="row pagination-section">';
 						$this->HTML .= '<div class="col-xs-4 col-md-3 col-lg-2 vspacer-lg">';
-							if($FirstRecord > 1) $this->HTML .= '<button onClick="' . $resetSelection . ' document.myform.NoDV.value = 1; return true;" type="submit" name="Previous_x" id="Previous" value="1" class="btn btn-default btn-block"><i class="glyphicon glyphicon-chevron-left rtl-mirror"></i> <span class="hidden-xs">' . $this->translation['Previous'] . '</span></button>';
+						if($FirstRecord > 1) 
+							$this->HTML .= '<div class="visible-xs">&nbsp;</div>' .
+								'<button onClick="' . $resetSelection . ' document.myform.NoDV.value = 1; return true;" type="submit" name="Previous_x" id="Previous" value="1" class="btn btn-default btn-block"><i class="glyphicon glyphicon-chevron-left rtl-mirror"></i> <span class="hidden-xs">' . $this->translation['Previous'] . '</span></button>';
 						$this->HTML .= '</div>';
 
 						$this->HTML .= '<div class="col-xs-4 col-md-4 col-lg-2 col-md-offset-1 col-lg-offset-3 text-center vspacer-lg form-inline">';
@@ -1147,7 +1163,9 @@ function Render() {
 						$this->HTML .= '</div>';
 
 						$this->HTML .= '<div class="col-xs-4 col-md-3 col-lg-2 col-md-offset-1 col-lg-offset-3 text-right vspacer-lg">';
-							if($i < $RecordCount) $this->HTML .= '<button onClick="'.$resetSelection.' document.myform.NoDV.value = 1; return true;" type="submit" name="Next_x" id="Next" value="1" class="btn btn-default btn-block"><span class="hidden-xs">' . $this->translation['Next'] . '</span> <i class="glyphicon glyphicon-chevron-right rtl-mirror"></i></button>';
+						if($i < $RecordCount)
+							$this->HTML .= '<div class="visible-xs">&nbsp;</div>' .
+								'<button onClick="' . $resetSelection . ' document.myform.NoDV.value = 1; return true;" type="submit" name="Next_x" id="Next" value="1" class="btn btn-default btn-block"><span class="hidden-xs">' . $this->translation['Next'] . '</span> <i class="glyphicon glyphicon-chevron-right rtl-mirror"></i></button>';
 						$this->HTML .= '</div>';
 					$this->HTML .= '</div>';
 				}
@@ -1583,6 +1601,10 @@ function getTVButtons($print = false) {
 		if($this->AllowCSV)
 			$buttons .= '<button onClick="document.myform.NoDV.value = 1; <%%RESET_SELECTION%%> return true;" type="submit" name="CSV_x" id="CSV" value="1" class="btn btn-default"><i class="glyphicon glyphicon-download-alt"></i> <%%TRANSLATION(CSV)%%></button>';
 
+		// if admin and AllowAdminShowSQL, display SQL icon
+		if(getLoggedAdmin() && $this->AllowAdminShowSQL)
+			$buttons .= '<button onClick="$j(\'.sql-query-container, .sql-query-copier\').toggleClass(\'hidden\'); $j(this).toggleClass(\'active\');" type="button" id="ShowSQL" class="btn btn-default"><i class="glyphicon glyphicon-eye-open"></i> <%%TRANSLATION(SQL)%%></button>';
+
 		// display Filter icon
 		if($this->AllowFilters)
 			$buttons .= '<button onClick="document.myform.NoDV.value = 1; <%%RESET_SELECTION%%> return true;" type="submit" name="Filter_x" id="Filter" value="1" class="btn btn-default"><i class="glyphicon glyphicon-filter"></i> <%%TRANSLATION(filter)%%></button>';
@@ -1627,7 +1649,7 @@ function buildQuery($fieldsArray = false, $start = false, $length = false) {
 		]);
 	}
 
-	function getTVRevords($first) {
+	function getTVQuery($first) {
 		// TV/TVP query
 		$tvFields = $this->QueryFieldsTV;
 
@@ -1635,9 +1657,12 @@ function getTVRevords($first) {
 		if($this->PrimaryKey)
 			$tvFields["COALESCE($this->PrimaryKey)"] = str_replace('`', '', $this->PrimaryKey);
 
-		$tvQuery = $this->buildQuery($tvFields, $first - 1, $this->RecordsPerPage);
+		return $this->buildQuery($tvFields, $first - 1, $this->RecordsPerPage);
+	}
+
+	function getTVRevords($first) {
 		//$eo = ['silentErrors' => true];
-		$result = sql($tvQuery, $eo);
+		$result = sql($this->getTVQuery($first), $eo);
 		$tvRecords = [];
 		if(!$result) return $tvRecords;
 		while($row = db_fetch_array($result)) $tvRecords[] = $row;
@@ -1857,6 +1882,7 @@ private function isValidFilter($index) {
 			&& (
 				!empty($this->FilterValue[$index])
 				|| strpos($this->FilterOperator[$index], 'empty') !== false
+				|| $this->FilterValue[$index] === '0'
 			)
 		);
 	}
diff --git a/app/db.php b/app/db.php
index 317243d..92a34f3 100644
--- a/app/db.php
+++ b/app/db.php
@@ -34,6 +34,8 @@ function db_select_db($dbname, $link = NULL) {
 	}
 
 	function db_fetch_array($res) {
+		if(!$res) return false;
+
 		switch(DATABASE) {
 			case 'mysql':
 				return @mysql_fetch_array($res);
@@ -43,6 +45,8 @@ function db_fetch_array($res) {
 	}
 
 	function db_fetch_assoc($res) {
+		if(!$res) return false;
+
 		switch(DATABASE) {
 			case 'mysql':
 				return @mysql_fetch_assoc($res);
@@ -52,6 +56,8 @@ function db_fetch_assoc($res) {
 	}
 
 	function db_fetch_row($res) {
+		if(!$res) return false;
+
 		switch(DATABASE) {
 			case 'mysql':
 				return @mysql_fetch_row($res);
diff --git a/app/defaultLang.php b/app/defaultLang.php
index d3658d4..d834d97 100644
--- a/app/defaultLang.php
+++ b/app/defaultLang.php
@@ -830,4 +830,49 @@
 	'cli tool for updating calculated fields' => 'There is also a command-line tool for updating calculated fields. This is very handy if you want to automate the process of updating calculated fields, for instance by adding a cron job to run the command-line tool periodically. For help on using the command-line tool, please run the following command in your terminal:',
 	'start updating' => 'Start updating',
 	'captcha label' => 'Please enter the characters you see in the image',
+
+	// Added in 23.17
+	'Explore more plugins' => 'Explore more plugins',
+	'Install a plugin' => 'Install a plugin',
+	'invalid order number' => 'Invalid order number',
+	'invalid order login' => 'Could not find an order with the specified order number and email address.',
+	'order number' => 'Order Number',
+	'view available plugins' => 'View available plugins',
+	'plugin check instructions' => 'Please enter your email address and order number below to check for available plugins.',
+	'no plugins available' => 'No plugins available for this order number.',
+	'install selected plugins' => 'Install selected plugins',
+	'select plugins to install' => 'Select plugins to install',
+	'plugins install progress' => 'Install progress',
+	'already installed' => 'already installed on %s (check to re-install)',
+	'plugin install failed' => 'Plugin installation failed!',
+	'plugin installed successfully' => 'Plugin installed successfully! Click to launch.',
+	'missing dependencies' => 'Errors or missing dependecies found',
+
+	// Added in 24.10
+	'fix record owners' => 'Fix record owners',
+	'record owner not configured for this table' => 'Record owner is not configured for this table.',
+	'start' => 'Start',
+	'fixing record owners' => 'Fixing record owners ...',
+	'number of runs' => 'Number of runs',
+	'no tables to fix record owners' => 'No tables have record owners configured. Nothing to fix.',
+	'fix record owners description' => 'This tool enables you to update the record owners for pre-existing records in tables that have record owners configured. This is useful when you have recently configured record owners for one or more tables and wish to apply the updated configuration to the existing records.',
+	'records updated:' => 'Records updated: ',
+	'ldap disable user signup' => 'Disable (only admins can add users)',
+	'ldap settings' => 'LDAP settings',
+	'login method' => 'Login method',
+	'default' => 'Default',
+	'ldap' => 'LDAP',
+	'ldap server' => 'LDAP server',
+	'ldap version' => 'LDAP version',
+	'ldap username prefix' => 'LDAP username prefix',
+	'ldap username suffix' => 'LDAP username suffix',
+	'ldap default user group' => 'Default user group for new LDAP users',
+	'Examples: ' => 'Examples: ',
+	'Example: ' => 'Example: ',
+	'ldap admin user warning' => 'Before enabling LDAP login, make sure the admin username %s exists in the LDAP server. Otherwise, you will not be able to sign in as admin.',
+
+	// Added in 24.11
+	'SQL' => 'SQL',
+	'click to copy' => 'Click to copy',
+	'copied' => 'Copied!',
 ];
diff --git a/app/definitions.php b/app/definitions.php
index 4f4a1a5..cc089c9 100644
--- a/app/definitions.php
+++ b/app/definitions.php
@@ -3,7 +3,7 @@
 	@define('SESSION_NAME', 'Northwind');
 	@define('APP_TITLE', 'Northwind');
 	@define('APP_DIR', __DIR__);
-	@define('APP_VERSION', '23.16');
+	@define('APP_VERSION', '24.11');
 	@define('maxSortBy', 4);
 	@define('empty_lookup_value', '{empty_value}');
 	@define('MULTIPLE_SUPER_ADMINS', false);
diff --git a/app/dynamic.css b/app/dynamic.css
index bd783fe..cf72cd8 100644
--- a/app/dynamic.css
+++ b/app/dynamic.css
@@ -309,8 +309,12 @@ th:focus {
 	outline: thin dotted;
 }
 
+.nav .dropdown-menu img {
+	max-height: 1.25em;
+}
+
 .profile-menu li img {
-	height: 1.5em;
+	height: 1.5em !important;
 	vertical-align: text-bottom;
 	margin-left: -.4em;
 }
@@ -345,6 +349,7 @@ a[href="mailto:"] { display: none; }
 }
 .lookup-flex > .select2-container {
 	flex-grow: 1;
+	width: auto !important;
 }
 .lookup-flex > .view_parent,
 .lookup-flex > .add_new_parent {
@@ -360,7 +365,7 @@ a[href="mailto:"] { display: none; }
 	flex-grow: 1;
 }
 .date-flex > .btn {
-	flex-basis: 2.85em;
+	flex-basis: 3em;
 }
 .date-flex > select.form-control {
 	width: auto; display: unset;
@@ -429,3 +434,465 @@ dd.child-records-info > a.children-count {
 	direction: ltr;
 	text-align: right;
 }
+.sql-query-container {
+	white-space: pre-wrap;
+	word-break: break-word;
+	direction: ltr;
+	cursor: pointer;
+	padding-top: 2em;
+}
+.sql-query-copier {
+	position: absolute !important;
+	top: 0 !important;
+	right: 1em !important;
+}
+.theme-yeti {
+	.bg-primary, .bg-primary a,
+	.bg-primary.text-primary, .bg-primary .text-primary,
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.dark-text {
+		color: #222;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.dark-link {
+		color: #008cba;
+	}
+
+	.progress{
+		height: 2.5em;
+	}
+
+	.progress .progress-bar {
+		line-height: 2;
+		font-size: 1em;
+	}
+}
+
+.theme-united {
+	.bg-primary, .bg-primary a,
+	.bg-primary.text-primary, .bg-primary .text-primary,
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.dark-text {
+		color: #333;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.dark-link {
+		color: #dd4814;
+	}
+
+}
+
+.theme-superhero {
+	.bg-info, .bg-info a,
+	.bg-warning, .bg-warning a,
+	.bg-danger, .bg-danger a,
+	.bg-success, .bg-success a,
+	.bg-primary, .bg-primary a,
+
+	.bg-info.text-info, .bg-info .text-info,
+	.bg-warning.text-warning, .bg-warning .text-warning,
+	.bg-danger.text-danger, .bg-danger .text-danger,
+	.bg-success.text-success, .bg-success .text-success,
+	.bg-primary.text-primary, .bg-primary .text-primary,
+
+	.light-text {
+		color: #ebebeb;
+	}
+
+	.dark-text {
+		color: #ebebeb;
+	}
+
+	.dark-link {
+		color: #df691a;
+	}
+
+}
+
+.theme-spacelab {
+	.bg-primary, .bg-primary a,
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.dark-text {
+		color: #666;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.dark-link {
+		color: #3399f3;
+	}
+
+}
+
+.theme-slate {
+	.bg-danger, .bg-danger a,
+	.bg-primary, .bg-primary a,
+	.light-text {
+		color: #fff;
+	}
+
+	.dark-text {
+		color: #c8c8c8;
+	}
+
+	.dark-link {
+		color: #fff;
+	}
+
+}
+
+.theme-simplex {
+	.bg-primary, .bg-primary a,
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.dark-text {
+		color: #777;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.dark-link {
+		color: #d9230f;
+	}
+
+}
+
+.theme-sandstone {
+	.bg-primary, .bg-primary a,
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.dark-text {
+		color: #3e3f3a;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.dark-link {
+		color: #93c54b;
+	}
+
+}
+
+.theme-readable {
+	.bg-primary, .bg-primary a,
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.dark-text {
+		color: #333;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.dark-link {
+		color: #4582ec;
+	}
+
+}
+
+.theme-paper {
+	.bg-primary, .bg-primary a,
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.dark-text {
+		color: #666;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.dark-link {
+		color: #2196f3;
+	}
+
+	.progress{
+		height: 2em;
+	}
+
+	.progress .progress-bar {
+		line-height: 2;
+		font-size: 1em;
+	}
+}
+
+.theme-journal {
+	.bg-primary, .bg-primary a,
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.dark-text {
+		color: #777;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.dark-link {
+		color: #eb6864;
+	}
+
+}
+
+.theme-flatly {
+
+	.bg-info, .bg-info a,
+	.bg-warning, .bg-warning a,
+	.bg-danger, .bg-danger a,
+	.bg-success, .bg-success a,
+	.bg-primary, .bg-primary a,
+
+	.bg-info.text-info, .bg-info .text-info,
+	.bg-warning.text-warning, .bg-warning .text-warning,
+	.bg-danger.text-danger, .bg-danger .text-danger,
+	.bg-success.text-success, .bg-success .text-success,
+	.bg-primary.text-primary, .bg-primary .text-primary,
+
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-hover>tbody>tr.bg-success:hover, .table-hover>tbody>tr:hover .bg-success,
+	.table-hover>tbody>tr.bg-warning:hover, .table-hover>tbody>tr:hover .bg-warning,
+	.table-hover>tbody>tr.bg-info:hover, .table-hover>tbody>tr:hover .bg-info,
+	.table-hover>tbody>tr.bg-danger:hover, .table-hover>tbody>tr:hover .bg-danger,
+
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.table-striped>tbody>tr.bg-success:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-success,
+	.table-striped>tbody>tr.bg-warning:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-warning,
+	.table-striped>tbody>tr.bg-info:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-info,
+	.table-striped>tbody>tr.bg-danger:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-danger,
+
+	.dark-text {
+		color: #3c3c3c;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-hover>tbody>tr.bg-success:hover a, .table-hover>tbody>tr:hover .bg-success a,
+	.table-hover>tbody>tr.bg-warning:hover a, .table-hover>tbody>tr:hover .bg-warning a,
+	.table-hover>tbody>tr.bg-info:hover a, .table-hover>tbody>tr:hover .bg-info a,
+	.table-hover>tbody>tr.bg-danger:hover a, .table-hover>tbody>tr:hover .bg-danger a,
+
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.table-striped>tbody>tr.bg-success:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-success a,
+	.table-striped>tbody>tr.bg-warning:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-warning a,
+	.table-striped>tbody>tr.bg-info:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-info a,
+	.table-striped>tbody>tr.bg-danger:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-danger a,
+
+	.dark-link {
+		color: #18bc9c;
+	}
+
+	.progress{
+		height: 2em;
+	}
+
+	.progress .progress-bar {
+		line-height: 2;
+		font-size: 1em;
+	}
+}
+
+.theme-darkly {
+
+	.bg-info, .bg-info a,
+	.bg-warning, .bg-warning a,
+	.bg-danger, .bg-danger a,
+	.bg-success, .bg-success a,
+	.bg-primary, .bg-primary a,
+
+	.bg-info.text-info, .bg-info .text-info,
+	.bg-warning.text-warning, .bg-warning .text-warning,
+	.bg-danger.text-danger, .bg-danger .text-danger,
+	.bg-success.text-success, .bg-success .text-success,
+	.bg-primary.text-primary, .bg-primary .text-primary,
+
+	.light-text {
+		color: #fff;
+	}
+
+	.progress{
+		height: 2em;
+	}
+
+	.progress .progress-bar {
+		line-height: 2;
+		font-size: 1em;
+	}
+
+}
+
+.theme-cyborg {
+	.bg-info, .bg-info a,
+	.bg-warning, .bg-warning a,
+	.bg-danger, .bg-danger a,
+	.bg-success, .bg-success a,
+	.bg-primary, .bg-primary a,
+
+	.bg-info.text-info, .bg-info .text-info,
+	.bg-warning.text-warning, .bg-warning .text-warning,
+	.bg-danger.text-danger, .bg-danger .text-danger,
+	.bg-success.text-success, .bg-success .text-success,
+	.bg-primary.text-primary, .bg-primary .text-primary,
+
+	.light-text {
+		color: #fff;
+	}
+
+}
+
+.theme-cosmo {
+	.bg-info, .bg-info a,
+	.bg-warning, .bg-warning a,
+	.bg-danger, .bg-danger a,
+	.bg-success, .bg-success a,
+	.bg-primary, .bg-primary a,
+
+	.bg-info.text-info, .bg-info .text-info,
+	.bg-warning.text-warning, .bg-warning .text-warning,
+	.bg-danger.text-danger, .bg-danger .text-danger,
+	.bg-success.text-success, .bg-success .text-success,
+	.bg-primary.text-primary, .bg-primary .text-primary,
+
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-hover>tbody>tr.bg-success:hover, .table-hover>tbody>tr:hover .bg-success,
+	.table-hover>tbody>tr.bg-warning:hover, .table-hover>tbody>tr:hover .bg-warning,
+	.table-hover>tbody>tr.bg-info:hover, .table-hover>tbody>tr:hover .bg-info,
+	.table-hover>tbody>tr.bg-danger:hover, .table-hover>tbody>tr:hover .bg-danger,
+
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.table-striped>tbody>tr.bg-success:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-success,
+	.table-striped>tbody>tr.bg-warning:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-warning,
+	.table-striped>tbody>tr.bg-info:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-info,
+	.table-striped>tbody>tr.bg-danger:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-danger,
+
+	.dark-text {
+		color: #333;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-hover>tbody>tr.bg-success:hover a, .table-hover>tbody>tr:hover .bg-success a,
+	.table-hover>tbody>tr.bg-warning:hover a, .table-hover>tbody>tr:hover .bg-warning a,
+	.table-hover>tbody>tr.bg-info:hover a, .table-hover>tbody>tr:hover .bg-info a,
+	.table-hover>tbody>tr.bg-danger:hover a, .table-hover>tbody>tr:hover .bg-danger a,
+
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.table-striped>tbody>tr.bg-success:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-success a,
+	.table-striped>tbody>tr.bg-warning:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-warning a,
+	.table-striped>tbody>tr.bg-info:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-info a,
+	.table-striped>tbody>tr.bg-danger:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-danger a,
+
+	.dark-link {
+		color: #2780e3;
+	}
+
+	.progress{
+		height: 2em;
+	}
+
+	.progress .progress-bar {
+		line-height: 2;
+		font-size: 1em;
+	}
+}
+
+.theme-cerulean {
+	.bg-primary, .bg-primary a,
+	.bg-primary.text-primary, .bg-primary .text-primary,
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-hover>tbody>tr.bg-success:hover, .table-hover>tbody>tr:hover .bg-success,
+	.table-hover>tbody>tr.bg-warning:hover, .table-hover>tbody>tr:hover .bg-warning,
+	.table-hover>tbody>tr.bg-info:hover, .table-hover>tbody>tr:hover .bg-info,
+	.table-hover>tbody>tr.bg-danger:hover, .table-hover>tbody>tr:hover .bg-danger,
+
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.table-striped>tbody>tr.bg-success:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-success,
+	.table-striped>tbody>tr.bg-warning:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-warning,
+	.table-striped>tbody>tr.bg-info:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-info,
+	.table-striped>tbody>tr.bg-danger:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-danger,
+
+	.dark-text {
+		color: #555;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-hover>tbody>tr.bg-success:hover a, .table-hover>tbody>tr:hover .bg-success a,
+	.table-hover>tbody>tr.bg-warning:hover a, .table-hover>tbody>tr:hover .bg-warning a,
+	.table-hover>tbody>tr.bg-info:hover a, .table-hover>tbody>tr:hover .bg-info a,
+	.table-hover>tbody>tr.bg-danger:hover a, .table-hover>tbody>tr:hover .bg-danger a,
+
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.table-striped>tbody>tr.bg-success:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-success a,
+	.table-striped>tbody>tr.bg-warning:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-warning a,
+	.table-striped>tbody>tr.bg-info:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-info a,
+	.table-striped>tbody>tr.bg-danger:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-danger a,
+
+	.dark-link {
+		color: #2fa4e7;
+	}
+
+}
+
+.theme-bootstrap {
+	.bg-primary, .bg-primary a,
+	.bg-primary.text-primary, .bg-primary .text-primary,
+	.light-text {
+		color: #fff;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover, .table-hover>tbody>tr:hover .bg-primary,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1), .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary,
+	.dark-text {
+		color: #333;
+	}
+
+	.table-hover>tbody>tr.bg-primary:hover a, .table-hover>tbody>tr:hover .bg-primary a,
+	.table-striped>tbody>tr.bg-primary:nth-of-type(2n+1) a, .table-striped>tbody>tr:nth-of-type(2n+1) .bg-primary a,
+	.dark-link {
+		color: #337ab7;
+	}
+
+}
diff --git a/app/employees_autofill.php b/app/employees_autofill.php
index d2943ba..7f6883f 100644
--- a/app/employees_autofill.php
+++ b/app/employees_autofill.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
diff --git a/app/employees_dml.php b/app/employees_dml.php
index 6b5da7f..368e515 100644
--- a/app/employees_dml.php
+++ b/app/employees_dml.php
@@ -2,7 +2,7 @@
 
 // Data functions (insert, update, delete, form) for table employees
 
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 function employees_insert(&$error_message = '') {
@@ -80,7 +80,9 @@ function employees_insert(&$error_message = '') {
 	}
 
 	// mm: save ownership data
-	set_record_owner('employees', $recID, getLoggedMemberID());
+	// record owner is current user
+	$recordOwner = getLoggedMemberID();
+	set_record_owner('employees', $recID, $recordOwner);
 
 	// if this record is a copy of another record, copy children if applicable
 	if(strlen(Request::val('SelectedID'))) employees_copy_children($recID, Request::val('SelectedID'));
@@ -284,8 +286,8 @@ function employees_update(&$selected_id, &$error_message = '') {
 		if(!employees_after_update($data, getMemberInfo(), $args)) return;
 	}
 
-	// mm: update ownership data
-	sql("UPDATE `membership_userrecords` SET `dateUpdated`='" . time() . "' WHERE `tableName`='employees' AND `pkValue`='" . makeSafe($selected_id) . "'", $eo);
+	// mm: update record update timestamp
+	set_record_owner('employees', $selected_id);
 }
 
 function employees_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $separateDV = 0, $TemplateDV = '', $TemplateDVP = '') {
@@ -378,7 +380,7 @@ function employees_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $
 		$filterField = Request::val('FilterField');
 		$filterOperator = Request::val('FilterOperator');
 		$filterValue = Request::val('FilterValue');
-		$combo_Country->SelectedText = (isset($filterField[1]) && $filterField[1] == '13' && $filterOperator[1] == '<=>' ? $filterValue[1] : '');
+		$combo_Country->SelectedText = (isset($filterField[1]) && $filterField[1] == '13' && $filterOperator[1] == '<=>' ? $filterValue[1] : entitiesToUTF8(''));
 		$combo_ReportsTo->SelectedData = $filterer_ReportsTo;
 	}
 	$combo_Country->Render();
diff --git a/app/employees_view.php b/app/employees_view.php
index 3ea3c08..25a58b2 100644
--- a/app/employees_view.php
+++ b/app/employees_view.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
@@ -147,6 +147,7 @@
 	$x->AllowPrinting = 1;
 	$x->AllowPrintingDV = 1;
 	$x->AllowCSV = 1;
+	$x->AllowAdminShowSQL = 0;
 	$x->RecordsPerPage = 5;
 	$x->QuickSearch = 1;
 	$x->QuickSearchText = $Translation['quick search'];
diff --git a/app/footer.php b/app/footer.php
index bb3f6d8..6165a5b 100644
--- a/app/footer.php
+++ b/app/footer.php
@@ -9,7 +9,7 @@
 				<div style="height: 60px;" class="hidden-print"></div>
 				<nav class="navbar navbar-default navbar-fixed-bottom" role="navigation">
 					<p class="navbar-text"><small>
-						Powered by <a class="navbar-link" href="https://bigprof.com/appgini/" target="_blank">BigProf AppGini 23.16</a>
+						Powered by <a class="navbar-link" href="https://bigprof.com/appgini/" target="_blank">BigProf AppGini 24.11</a>
 					</small></p>
 				</nav>
 			<?php } ?>
diff --git a/app/header.php b/app/header.php
index 520e5ca..75f2ce2 100644
--- a/app/header.php
+++ b/app/header.php
@@ -108,6 +108,8 @@
 				<div style="min-height: 70px;" class="hidden-print top-margin-adjuster"></div>
 			<?php } ?>
 
+			<?php echo WindowMessages::getHtml(); ?>
+
 			<?php if(class_exists('Notification', false)) echo Notification::placeholder(); ?>
 
 			<?php 
diff --git a/app/language.php b/app/language.php
index 287cf1f..63dc558 100644
--- a/app/language.php
+++ b/app/language.php
@@ -857,4 +857,49 @@
 	'cli tool for updating calculated fields' => 'There is also a command-line tool for updating calculated fields. This is very handy if you want to automate the process of updating calculated fields, for instance by adding a cron job to run the command-line tool periodically. For help on using the command-line tool, please run the following command in your terminal:',
 	'start updating' => 'Start updating',
 	'captcha label' => 'Please enter the characters you see in the image',
+
+	// Added in 23.17
+	'Explore more plugins' => 'Explore more plugins',
+	'Install a plugin' => 'Install a plugin',
+	'invalid order number' => 'Invalid order number',
+	'invalid order login' => 'Could not find an order with the specified order number and email address.',
+	'order number' => 'Order Number',
+	'view available plugins' => 'View available plugins',
+	'plugin check instructions' => 'Please enter your email address and order number below to check for available plugins.',
+	'no plugins available' => 'No plugins available for this order number.',
+	'install selected plugins' => 'Install selected plugins',
+	'select plugins to install' => 'Select plugins to install',
+	'plugins install progress' => 'Install progress',
+	'already installed' => 'already installed on %s (check to re-install)',
+	'plugin install failed' => 'Plugin installation failed!',
+	'plugin installed successfully' => 'Plugin installed successfully! Click to launch.',
+	'missing dependencies' => 'Errors or missing dependecies found',
+
+	// Added in 24.10
+	'fix record owners' => 'Fix record owners',
+	'record owner not configured for this table' => 'Record owner is not configured for this table.',
+	'start' => 'Start',
+	'fixing record owners' => 'Fixing record owners ...',
+	'number of runs' => 'Number of runs',
+	'no tables to fix record owners' => 'No tables have record owners configured. Nothing to fix.',
+	'fix record owners description' => 'This tool enables you to update the record owners for pre-existing records in tables that have record owners configured. This is useful when you have recently configured record owners for one or more tables and wish to apply the updated configuration to the existing records.',
+	'records updated:' => 'Records updated: ',
+	'ldap disable user signup' => 'Disable (only admins can add users)',
+	'ldap settings' => 'LDAP settings',
+	'login method' => 'Login method',
+	'default' => 'Default',
+	'ldap' => 'LDAP',
+	'ldap server' => 'LDAP server',
+	'ldap version' => 'LDAP version',
+	'ldap username prefix' => 'LDAP username prefix',
+	'ldap username suffix' => 'LDAP username suffix',
+	'ldap default user group' => 'Default user group for new LDAP users',
+	'Examples: ' => 'Examples: ',
+	'Example: ' => 'Example: ',
+	'ldap admin user warning' => 'Before enabling LDAP login, make sure the admin username %s exists in the LDAP server. Otherwise, you will not be able to sign in as admin.',
+
+	// Added in 24.11
+	'SQL' => 'SQL',
+	'click to copy' => 'Click to copy',
+	'copied' => 'Copied!',
 ];
\ No newline at end of file
diff --git a/app/lib.php b/app/lib.php
index 4267a0f..cc71ecd 100644
--- a/app/lib.php
+++ b/app/lib.php
@@ -1,5 +1,5 @@
 <?php
-	// This script and data application were generated by AppGini 23.16
+	// This script and data application was generated by AppGini, https://bigprof.com/appgini
 	// Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/settings-manager.php');
@@ -11,7 +11,7 @@
 
 	checkAppRequirements();
 
-	ob_start();
+	ob_start('WindowMessages::injectWindowId');
 	initSession();
 
 	// check if membership system exists
diff --git a/app/order_details_autofill.php b/app/order_details_autofill.php
index d894527..2f6d407 100644
--- a/app/order_details_autofill.php
+++ b/app/order_details_autofill.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
diff --git a/app/order_details_dml.php b/app/order_details_dml.php
index 27fe933..6c85607 100644
--- a/app/order_details_dml.php
+++ b/app/order_details_dml.php
@@ -2,7 +2,7 @@
 
 // Data functions (insert, update, delete, form) for table order_details
 
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 function order_details_insert(&$error_message = '') {
@@ -56,7 +56,9 @@ function order_details_insert(&$error_message = '') {
 	}
 
 	// mm: save ownership data
-	set_record_owner('order_details', $recID, getLoggedMemberID());
+	// record owner is current user
+	$recordOwner = getLoggedMemberID();
+	set_record_owner('order_details', $recID, $recordOwner);
 
 	// if this record is a copy of another record, copy children if applicable
 	if(strlen(Request::val('SelectedID'))) order_details_copy_children($recID, Request::val('SelectedID'));
@@ -171,8 +173,8 @@ function order_details_update(&$selected_id, &$error_message = '') {
 		if(!order_details_after_update($data, getMemberInfo(), $args)) return;
 	}
 
-	// mm: update ownership data
-	sql("UPDATE `membership_userrecords` SET `dateUpdated`='" . time() . "' WHERE `tableName`='order_details' AND `pkValue`='" . makeSafe($selected_id) . "'", $eo);
+	// mm: update record update timestamp
+	set_record_owner('order_details', $selected_id);
 }
 
 function order_details_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $separateDV = 0, $TemplateDV = '', $TemplateDVP = '') {
@@ -267,7 +269,7 @@ function OrderID_reload__RAND__() {
 						url: 'ajax_combo.php',
 						dataType: 'json',
 						<?php if(!$selected_id && !$filterer_OrderID) { ?>
-							data: { text: '0', t: 'order_details', f: 'OrderID' },
+							data: { text: AppGini.htmlEntitiesToText('0'), t: 'order_details', f: 'OrderID' },
 						<?php } else { ?>
 							data: { id: AppGini.current_OrderID__RAND__.value, t: 'order_details', f: 'OrderID' },
 						<?php } ?>
@@ -349,7 +351,7 @@ function ProductID_reload__RAND__() {
 						url: 'ajax_combo.php',
 						dataType: 'json',
 						<?php if(!$selected_id && !$filterer_ProductID) { ?>
-							data: { text: '0', t: 'order_details', f: 'ProductID' },
+							data: { text: AppGini.htmlEntitiesToText('0'), t: 'order_details', f: 'ProductID' },
 						<?php } else { ?>
 							data: { id: AppGini.current_ProductID__RAND__.value, t: 'order_details', f: 'ProductID' },
 						<?php } ?>
diff --git a/app/order_details_view.php b/app/order_details_view.php
index b053d4a..b3537f1 100644
--- a/app/order_details_view.php
+++ b/app/order_details_view.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
@@ -96,6 +96,7 @@
 	$x->AllowPrinting = 1;
 	$x->AllowPrintingDV = 1;
 	$x->AllowCSV = (getLoggedAdmin() !== false);
+	$x->AllowAdminShowSQL = 0;
 	$x->RecordsPerPage = 10;
 	$x->QuickSearch = 1;
 	$x->QuickSearchText = $Translation['quick search'];
diff --git a/app/orders_autofill.php b/app/orders_autofill.php
index ad21aa3..bfa2fc2 100644
--- a/app/orders_autofill.php
+++ b/app/orders_autofill.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
diff --git a/app/orders_dml.php b/app/orders_dml.php
index 1dcf8aa..4cf557e 100644
--- a/app/orders_dml.php
+++ b/app/orders_dml.php
@@ -2,7 +2,7 @@
 
 // Data functions (insert, update, delete, form) for table orders
 
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 function orders_insert(&$error_message = '') {
@@ -66,7 +66,9 @@ function orders_insert(&$error_message = '') {
 	}
 
 	// mm: save ownership data
-	set_record_owner('orders', $recID, getLoggedMemberID());
+	// record owner is current user
+	$recordOwner = getLoggedMemberID();
+	set_record_owner('orders', $recID, $recordOwner);
 
 	// if this record is a copy of another record, copy children if applicable
 	if(strlen(Request::val('SelectedID'))) orders_copy_children($recID, Request::val('SelectedID'));
@@ -208,8 +210,8 @@ function orders_update(&$selected_id, &$error_message = '') {
 		if(!orders_after_update($data, getMemberInfo(), $args)) return;
 	}
 
-	// mm: update ownership data
-	sql("UPDATE `membership_userrecords` SET `dateUpdated`='" . time() . "' WHERE `tableName`='orders' AND `pkValue`='" . makeSafe($selected_id) . "'", $eo);
+	// mm: update record update timestamp
+	set_record_owner('orders', $selected_id);
 }
 
 function orders_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $separateDV = 0, $TemplateDV = '', $TemplateDVP = '') {
@@ -503,7 +505,7 @@ function ShipVia_reload__RAND__() {
 						url: 'ajax_combo.php',
 						dataType: 'json',
 						<?php if(!$selected_id && !$filterer_ShipVia) { ?>
-							data: { text: 'Federal Shipping', t: 'orders', f: 'ShipVia' },
+							data: { text: AppGini.htmlEntitiesToText('Federal Shipping'), t: 'orders', f: 'ShipVia' },
 						<?php } else { ?>
 							data: { id: AppGini.current_ShipVia__RAND__.value, t: 'orders', f: 'ShipVia' },
 						<?php } ?>
diff --git a/app/orders_view.php b/app/orders_view.php
index 0898ff7..dce8a98 100644
--- a/app/orders_view.php
+++ b/app/orders_view.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
@@ -151,6 +151,7 @@
 	$x->AllowPrinting = 1;
 	$x->AllowPrintingDV = 1;
 	$x->AllowCSV = (getLoggedAdmin() !== false);
+	$x->AllowAdminShowSQL = 0;
 	$x->RecordsPerPage = 10;
 	$x->QuickSearch = 1;
 	$x->QuickSearchText = $Translation['quick search'];
diff --git a/app/parent-children.php b/app/parent-children.php
index bb7ffb0..736473f 100644
--- a/app/parent-children.php
+++ b/app/parent-children.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	/* Parent/children config array has moved to incCommon.php#getLookupFields() */
diff --git a/app/products_autofill.php b/app/products_autofill.php
index b3bc58c..f793169 100644
--- a/app/products_autofill.php
+++ b/app/products_autofill.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
diff --git a/app/products_dml.php b/app/products_dml.php
index a496f9a..b104b37 100644
--- a/app/products_dml.php
+++ b/app/products_dml.php
@@ -2,7 +2,7 @@
 
 // Data functions (insert, update, delete, form) for table products
 
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 function products_insert(&$error_message = '') {
@@ -73,7 +73,9 @@ function products_insert(&$error_message = '') {
 	}
 
 	// mm: save ownership data
-	set_record_owner('products', $recID, getLoggedMemberID());
+	// record owner is current user
+	$recordOwner = getLoggedMemberID();
+	set_record_owner('products', $recID, $recordOwner);
 
 	// if this record is a copy of another record, copy children if applicable
 	if(strlen(Request::val('SelectedID'))) products_copy_children($recID, Request::val('SelectedID'));
@@ -240,8 +242,8 @@ function products_update(&$selected_id, &$error_message = '') {
 		if(!products_after_update($data, getMemberInfo(), $args)) return;
 	}
 
-	// mm: update ownership data
-	sql("UPDATE `membership_userrecords` SET `dateUpdated`='" . time() . "' WHERE `tableName`='products' AND `pkValue`='" . makeSafe($selected_id) . "'", $eo);
+	// mm: update record update timestamp
+	set_record_owner('products', $selected_id);
 }
 
 function products_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $separateDV = 0, $TemplateDV = '', $TemplateDVP = '') {
diff --git a/app/products_view.php b/app/products_view.php
index e5eea08..c9488b8 100644
--- a/app/products_view.php
+++ b/app/products_view.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
@@ -116,6 +116,7 @@
 	$x->AllowPrinting = 1;
 	$x->AllowPrintingDV = 1;
 	$x->AllowCSV = (getLoggedAdmin() !== false);
+	$x->AllowAdminShowSQL = 0;
 	$x->RecordsPerPage = 10;
 	$x->QuickSearch = 1;
 	$x->QuickSearchText = $Translation['quick search'];
diff --git a/app/resources/lib/Authentication.php b/app/resources/lib/Authentication.php
index 819fd64..d3d63ea 100644
--- a/app/resources/lib/Authentication.php
+++ b/app/resources/lib/Authentication.php
@@ -204,17 +204,29 @@ private static function processPostSignIn() {
 			// fail if no user/pass provided
 			if(!$username || !$password) self::exitFailedLogin();
 
-			// fail if password incorrect/user not found
-			$hash = self::passwordHash($username);
-			if(!password_match($password, $hash)) self::exitFailedLogin();
+			$loginMethod = config('adminConfig')['loginMethod'] ?? 'default';
 
-			// prepare session
-			self::signInAs($username);
+			switch($loginMethod) {
+				case 'ldap':
+					if(!LDAP::authenticate($username, $password))
+						self::exitFailedLogin();
+					break;
 
-			Request::val('rememberMe') == 1 ? RememberMe::login($username) : RememberMe::delete();
+				case 'default':
+				default:
+					// fail if password incorrect/user not found
+					$hash = self::passwordHash($username);
+					if(!password_match($password, $hash)) self::exitFailedLogin();
 
-			// harden user's password hash
-			password_harden($username, $password, $hash);
+					// prepare session
+					self::signInAs($username);
+
+					Request::val('rememberMe') == 1 ? RememberMe::login($username) : RememberMe::delete();
+
+					// harden user's password hash
+					password_harden($username, $password, $hash);
+					break;
+			}
 
 			// hook: login_ok
 			if(function_exists('login_ok')) {
diff --git a/app/resources/lib/Combo.php b/app/resources/lib/Combo.php
index df13df5..a5e81cf 100644
--- a/app/resources/lib/Combo.php
+++ b/app/resources/lib/Combo.php
@@ -44,6 +44,7 @@ function Render() {
 		global $Translation;
 		$this->HTML = '';
 
+		if(!is_array($this->ListData)) $this->ListData = [];
 		if(!is_array($this->ListItem)) $this->ListItem = $this->ListData;
 		$ArrayCount = count($this->ListItem);
 
diff --git a/app/resources/lib/LDAP.php b/app/resources/lib/LDAP.php
new file mode 100644
index 0000000..e466e14
--- /dev/null
+++ b/app/resources/lib/LDAP.php
@@ -0,0 +1,201 @@
+<?php
+
+// To allow LDAP login, the following keys and their values are expected in config.php under [adminConfig]:
+// 'loginMethod' => 'ldap',
+// 'ldapServer' => 'ldap.example.com',   // or 'ldaps://ldap.example.com' for SSL
+											// to include port: 'ldap.example.com:389' or 'ldaps://ldap.example.com:636'
+// 'ldapVersion' => 3,   // optional, default is 3
+// 'ldapUsernamePrefix' => 'FDC\\',   // or whatever prefix is needed to login to LDAP, if any
+// 'ldapUsernameSuffix' => ',ou=people,dc=ldapmock,dc=local',   // or whatever suffix is needed to login to LDAP, if any
+// 'ldapDefaultUserGroup' => false   // if ldap user not found in db, add to this group ID. false to reject login
+
+class LDAP {
+	private static $error = '';
+
+	private static function setError($msg) {
+		self::$error = $msg;
+		return false;
+	}
+
+	public static function getError() {
+		return self::$error;
+	}
+
+	public static function authenticate($username, $password) {
+		if (!self::enabled()) {
+			return self::setError('LDAP login not enabled');
+		}
+
+		$ldap = self::connect();
+		if (!$ldap) {
+			return self::setError('Invalid LDAP server address');
+		}
+
+		if (!self::bind($ldap, $username, $password)) {
+			return self::setError(ldap_error($ldap));
+		}
+
+		$memberInfo = Authentication::getMemberInfo($username);
+		if (!$memberInfo) {
+			if(!self::handleUserNotFound($username)) {
+				return false; // Error message already set by handleUserNotFound
+			}
+
+			$memberInfo = Authentication::getMemberInfo($username, true); // prevent caching
+		}
+
+		return self::finalizeAuthentication($memberInfo, $username);
+	}
+
+	public static function enabled() {
+		$conf = config('adminConfig');
+		return ($conf['loginMethod'] ?? '') == 'ldap' && self::supported();
+	}
+
+	public static function supported() {
+		return function_exists('ldap_connect');
+	}
+
+	private static function connect() {
+		$conf = config('adminConfig');
+		$ldap = @ldap_connect($conf['ldapServer'] ?? '');
+		if ($ldap) {
+			@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, $conf['ldapVersion'] ?? 3);
+		}
+		return $ldap;
+	}
+
+	private static function bind($ldap, $username, $password) {
+		$conf = config('adminConfig');
+		$ldapUser = ($conf['ldapUsernamePrefix'] ?? '') . $username . ($conf['ldapUsernameSuffix'] ?? '');
+		return @ldap_bind($ldap, $ldapUser, $password);
+	}
+
+	private static function handleUserNotFound($username) {
+		$conf = config('adminConfig');
+		if (!($conf['ldapDefaultUserGroup'] ?? false)) {
+			return self::setError('User not found in database');
+		}
+
+		return self::createNewUser($username);
+	}
+
+	private static function createNewUser($username) {
+		// Add user to default group
+		$conf = config('adminConfig');
+		$groupID = intval($conf['ldapDefaultUserGroup']);
+		if (!$groupID) {
+			return self::setError('Trying to add new user to non-existent group');
+		}
+
+		self::insertNewUser($username, $groupID);
+
+		// Check if user was successfully added
+		$memberInfo = Authentication::getMemberInfo($username, true); // prevent caching
+		if (!$memberInfo) {
+			return self::setError('Failed to add new user to database');
+		}
+
+		return true;
+	}
+
+	private static function insertNewUser($username, $groupID) {
+		insert('membership_users', [
+			'groupID' => $groupID,
+			'memberID' => strtolower($username),
+			'passMD5' => password_hash(random_bytes(20), PASSWORD_DEFAULT),
+			'email' => '',
+			'signupDate' => @date('Y-m-d'),
+			'comments' => 'LDAP user added automatically when logging in for the first time',
+			'isBanned' => 0,
+			'isApproved' => 1,
+		]);
+	}
+
+	private static function finalizeAuthentication($memberInfo, $username) {
+		if ($memberInfo['banned']) {
+			return self::setError('User is banned');
+		}
+
+		if (!$memberInfo['approved']) {
+			return self::setError('User is not approved');
+		}
+
+		// Prepare session
+		Authentication::signInAs($username);
+
+		return true;
+	}
+
+	private static function groups() {
+		global $Translation;
+		$adminConfig = config('adminConfig');
+
+		$groups = ['0' => $Translation['ldap disable user signup']];
+		$eo = ['silentErrors' => true];
+		$res = sql("SELECT `groupID`, `name` FROM `membership_groups` ORDER BY `name`", $eo);
+		while ($row = db_fetch_row($res)) {
+			if($row[1] == $adminConfig['anonymousGroup']) continue; // skip anonymous group
+			if($row[1] == 'Admins') continue; // skip admins group
+
+			$groups[$row[0]] = $row[1];
+		}
+
+		return $groups;
+	}
+
+	public static function settingsTab() {
+		if(!self::supported()) return ''; // LDAP not supported
+
+		global $Translation;
+		ob_start(); ?>
+		<li><a href="#ldap-settings" data-toggle="tab"><i class="glyphicon glyphicon-folder-open"></i> <?php echo $Translation['ldap settings']; ?></a></li>
+		<?php return ob_get_clean();
+	}
+
+	public static function settingsTabContent() {
+		if(!self::supported()) return ''; // LDAP not supported
+
+		global $Translation;
+		$adminConfig = config('adminConfig');
+
+		ob_start(); ?>
+		<div class="tab-pane" id="ldap-settings">
+			<div style="height: 3em;"></div>
+
+			<div class="alert alert-danger text-center">
+				<?php printf($Translation['ldap admin user warning'], "<code><b>{$adminConfig['adminUsername']}</b></code>"); ?>
+			</div>
+
+			<?php echo settings_radiogroup('loginMethod', $Translation['login method'], $adminConfig['loginMethod'] ?? 'default', [
+				'default' => $Translation['default'],
+				'ldap' => $Translation['ldap'],
+			]); ?>
+			<?php echo settings_textbox('ldapServer', $Translation['ldap server'], $adminConfig['ldapServer'] ?? '', $Translation['Examples: '] . '<code>ldap.example.com</code>, <code>ldaps://ldap.example.com</code>, <code>ldaps://ldap.example.com:636</code>, ...'); ?>
+			<?php echo settings_textbox('ldapVersion', $Translation['ldap version'], $adminConfig['ldapVersion'] ?? '', $Translation['Examples: '] . '<code>2</code>, <code>3</code>', 'number'); ?>
+			<?php echo settings_textbox('ldapUsernamePrefix', $Translation['ldap username prefix'], $adminConfig['ldapUsernamePrefix'] ?? '', $Translation['Examples: '] . '<code>FDC\\\\</code>, <code>cn=</code>, <code>uid=</code>, ...'); ?>
+			<?php echo settings_textbox('ldapUsernameSuffix', $Translation['ldap username suffix'], $adminConfig['ldapUsernameSuffix'] ?? '', $Translation['Example: '] . '<code>,ou=people,dc=ldap,dc=example,dc=com</code>'); ?>
+			<div id="ldapDefaultUserGroup-container">
+				<?php echo settings_radiogroup('ldapDefaultUserGroup', $Translation['ldap default user group'], $adminConfig['ldapDefaultUserGroup'] ?? 0, self::groups()); ?>
+			</div>
+		</div>
+		<style>
+			#ldapDefaultUserGroup-container .radio-inline {
+				display: block;
+				margin: 0;
+			}
+		</style>
+		<?php return ob_get_clean();
+	}
+
+	public static function postToSettings($post) {
+		return [
+			'loginMethod' => $post['loginMethod'] ?? '',
+			'ldapServer' => $post['ldapServer'] ?? '',
+			'ldapVersion' => $post['ldapVersion'] ?? '',
+			'ldapUsernamePrefix' => $post['ldapUsernamePrefix'] ?? '',
+			'ldapUsernameSuffix' => $post['ldapUsernameSuffix'] ?? '',
+			'ldapDefaultUserGroup' => $post['ldapDefaultUserGroup'] ?? '',
+		];
+	}
+}
\ No newline at end of file
diff --git a/app/resources/lib/WindowMessages.php b/app/resources/lib/WindowMessages.php
new file mode 100644
index 0000000..b7105ee
--- /dev/null
+++ b/app/resources/lib/WindowMessages.php
@@ -0,0 +1,214 @@
+<?php
+
+/**
+ * WindowMessages
+ * 
+ * A class for displaying messages to the user on the next page load.
+ * 
+ * Usage:
+ * 
+ * 1. To inject the window id into the output HTML, use output buffering, setting the callback to `WindowMessages::injectWindowId`:
+ * 
+ *    ```php
+ *    ob_start('WindowMessages::injectWindowId');
+ *    ```
+ * 
+ *    This will inject the window id into the output HTML, right after each `<form>` tag, as a hidden field.
+ * 
+ * 2. Add the following to your template file(s), where you want the messages to appear:
+ * 
+ *    ```
+ *    <?php echo WindowMessages::getHtml(); ?>
+ *    ```
+ * 
+ * 3. To add a message, use the `WindowMessages::add()` method:
+ * 
+ *    ```php
+ *    WindowMessages::add('Hello world!', 'alert alert-success');
+ *    ```
+ * 
+ *    The first parameter is the message to display, and the second parameter is the CSS classes to apply to the message <div> container.
+ *    The message(s) would be displayed on the next page load, and are specific to the current browser window.
+ *    That is, if you have multiple browser windows open, each window will have its own set of messages.
+ * 
+ *    To add a dismissable message, use the `WindowMessages::addDismissable()` method:
+ * 
+ *    ```php
+ *    WindowMessages::addDismissable('Hello world!', 'alert alert-success');
+ *    ```
+ * 
+ * 4. If you want to redirect the user to another page, without depending on the user submitting a form, 
+ *    you can use the `WindowMessages::windowIdQuery()` method to get the window id as a query string, and append it to the URL:
+ * 
+ *    ```php
+ *    $url .= (strpos($url, '?') === false ? '?' : '&') . WindowMessages::windowIdQuery();
+ *    header("Location: $url");
+ *    ```
+ */
+
+class WindowMessages {
+	private static function getExistingOrNewWindowId() {
+		$widFromRequest = Request::val('browser_window_id');
+		if($widFromRequest) return $widFromRequest;
+
+		// abort if ajax request
+		if(is_ajax()) return;
+
+		// generate a new window id, 12 characters long
+		$wid = md5(uniqid(rand(), true));
+		$wid = substr($wid, rand(0, 20), 12);
+
+		// inject it into the request
+		$_REQUEST['browser_window_id'] = $wid;
+
+		// and into the session
+		$_SESSION['window_messages'][$wid] = [];
+
+		return $wid;
+	}
+
+	/**
+	 * Injects the window id into the buffer, right after each <form> tag, as a hidden field.
+	 * 
+	 * @param string $buffer The original buffer.
+	 * @return string The buffer with the window id injected.
+	 * 
+	 * @example `ob_start('WindowMessages::injectWindowId');`
+	 */
+	public static function injectWindowId($buffer) {
+		$wid = self::getExistingOrNewWindowId();
+		
+		// if buffer already contains window id, do nothing
+		if(strpos($buffer, 'name="browser_window_id" value="' . $wid) !== false) return $buffer;
+
+		// inject window id into the buffer right after each <form> tag, as a hidden field
+		$matches = 0;
+		$buffer = preg_replace('/(<form[^>]*>)/i', '$1<input type="hidden" name="browser_window_id" value="' . $wid . '" />', $buffer, -1, $matches);
+
+		return $buffer;
+	}
+
+	/**
+	 * Adds a message specific to the current browser window to the session, to be displayed on the next page load.
+	 * 
+	 * @param string $msg The message to add.
+	 * @param string $classes The CSS classes to add to the message. Example: `alert alert-success text-center`.
+	 * 
+	 * @example `WindowMessages::add('Hello world!', 'success');`
+	 */
+	public static function add($msg, $classes = 'alert alert-info') {
+		$wid = self::getExistingOrNewWindowId();
+
+		// add message to the session
+		if($wid) $_SESSION['window_messages'][$wid][] = compact('msg', 'classes');
+	}
+
+	/**
+	 * Adds a dismissable message specific to the current browser window to the session, to be displayed on the next page load.
+	 * 
+	 * @param string $msg The message to add.
+	 * @param string $classes The CSS classes to add to the message. Example: `alert alert-success text-center`.
+	 * 
+	 * @example `WindowMessages::addDismissable('Hello world!', 'alert alert-success');`
+	 */
+	public static function addDismissable($msg, $classes = 'alert alert-info') {
+		// add alert-dismissible class if not already present
+		if(strpos($classes, 'alert-dismissible') === false) $classes .= ' alert-dismissible';
+
+		// add close button
+		$msg .= '<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>';
+
+		self::add($msg, $classes);
+	}
+
+	/**
+	 * Gets all messages specific to the current browser window from the session, and clears them from the session.
+	 * 
+	 * @return array An array of messages.
+	 * 
+	 * @example `$messages = WindowMessages::get();`
+	 */
+	public static function get() {
+		// abort if there is a redirection header in headers_list()
+		// this is to prevent messages from being cleared without being displayed
+		$headers = headers_list();
+		foreach($headers as $header) {
+			if(strpos($header, 'Location:') === 0) return [];
+		}
+
+		$wid = self::getExistingOrNewWindowId();
+
+		// get messages from the session
+		$messages = $_SESSION['window_messages'][$wid] ?? [];
+
+		// clear messages from the session
+		$_SESSION['window_messages'][$wid] = [];
+
+		return $messages;
+	}
+
+	/**
+	 * Gets all messages specific to the current browser window from the session, and clears them from the session.
+	 * 
+	 * @return string HTML containing all messages.
+	 * 
+	 * @example `$html = WindowMessages::getHtml();`
+	 */
+	public static function getHtml() {
+		// get messages from the session
+		$messages = self::get();
+		
+		// build html
+		$html = '';
+		foreach($messages as $message) {
+			$html .= '<div class="' . $message['classes'] . '">' . $message['msg'] . '</div>';
+		}
+		
+		return $html;
+	}
+
+	/**
+	 * Gets all messages specific to the current browser window from the session, without clearing them from the session.
+	 * 
+	 * @return array An array of messages.
+	 * 
+	 * @example `$messages = WindowMessages::peek();`
+	 */
+	public static function peek() {
+		$wid = self::getExistingOrNewWindowId();
+
+		// get messages from the session
+		$messages = $_SESSION['window_messages'][$wid] ?? [];
+
+		return $messages;
+	}
+
+	/**
+	 * Retrieves the window id from the request, or generates a new one if it doesn't exist.
+	 * 
+	 * @return string The window id.
+	 */
+	public static function windowId() {
+		return self::getExistingOrNewWindowId();
+	}
+
+	/**
+	 * Retrieves the window id as a hidden form field.
+	 * 
+	 * @return string The window id as a hidden form field.
+	 */
+	public static function includeWindowId() {
+		$wid = self::getExistingOrNewWindowId();
+		return '<input type="hidden" name="browser_window_id" value="' . $wid . '" />';
+	}
+
+	/**
+	 * Retrieves the window id as a query string, ready to be appended to a URL.
+	 * 
+	 * @return string The window id as a query string.
+	 */
+	public static function windowIdQuery() {
+		$wid = self::getExistingOrNewWindowId();
+		return 'browser_window_id=' . $wid;
+	}
+}
diff --git a/app/shippers_autofill.php b/app/shippers_autofill.php
index da9ff14..45867ed 100644
--- a/app/shippers_autofill.php
+++ b/app/shippers_autofill.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
diff --git a/app/shippers_dml.php b/app/shippers_dml.php
index 2f1511e..4d45b5a 100644
--- a/app/shippers_dml.php
+++ b/app/shippers_dml.php
@@ -2,7 +2,7 @@
 
 // Data functions (insert, update, delete, form) for table shippers
 
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 function shippers_insert(&$error_message = '') {
@@ -57,7 +57,9 @@ function shippers_insert(&$error_message = '') {
 	}
 
 	// mm: save ownership data
-	set_record_owner('shippers', $recID, getLoggedMemberID());
+	// record owner is current user
+	$recordOwner = getLoggedMemberID();
+	set_record_owner('shippers', $recID, $recordOwner);
 
 	// if this record is a copy of another record, copy children if applicable
 	if(strlen(Request::val('SelectedID'))) shippers_copy_children($recID, Request::val('SelectedID'));
@@ -192,8 +194,8 @@ function shippers_update(&$selected_id, &$error_message = '') {
 		if(!shippers_after_update($data, getMemberInfo(), $args)) return;
 	}
 
-	// mm: update ownership data
-	sql("UPDATE `membership_userrecords` SET `dateUpdated`='" . time() . "' WHERE `tableName`='shippers' AND `pkValue`='" . makeSafe($selected_id) . "'", $eo);
+	// mm: update record update timestamp
+	set_record_owner('shippers', $selected_id);
 }
 
 function shippers_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $separateDV = 0, $TemplateDV = '', $TemplateDVP = '') {
diff --git a/app/shippers_view.php b/app/shippers_view.php
index 3f518ca..82c7507 100644
--- a/app/shippers_view.php
+++ b/app/shippers_view.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
@@ -71,6 +71,7 @@
 	$x->AllowPrinting = 1;
 	$x->AllowPrintingDV = 1;
 	$x->AllowCSV = 1;
+	$x->AllowAdminShowSQL = 0;
 	$x->RecordsPerPage = 10;
 	$x->QuickSearch = 1;
 	$x->QuickSearchText = $Translation['quick search'];
diff --git a/app/suppliers_autofill.php b/app/suppliers_autofill.php
index e750661..dd8bb8e 100644
--- a/app/suppliers_autofill.php
+++ b/app/suppliers_autofill.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
diff --git a/app/suppliers_dml.php b/app/suppliers_dml.php
index c6216cb..80f69ee 100644
--- a/app/suppliers_dml.php
+++ b/app/suppliers_dml.php
@@ -2,7 +2,7 @@
 
 // Data functions (insert, update, delete, form) for table suppliers
 
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 function suppliers_insert(&$error_message = '') {
@@ -61,7 +61,9 @@ function suppliers_insert(&$error_message = '') {
 	}
 
 	// mm: save ownership data
-	set_record_owner('suppliers', $recID, getLoggedMemberID());
+	// record owner is current user
+	$recordOwner = getLoggedMemberID();
+	set_record_owner('suppliers', $recID, $recordOwner);
 
 	// if this record is a copy of another record, copy children if applicable
 	if(strlen(Request::val('SelectedID'))) suppliers_copy_children($recID, Request::val('SelectedID'));
@@ -200,8 +202,8 @@ function suppliers_update(&$selected_id, &$error_message = '') {
 		if(!suppliers_after_update($data, getMemberInfo(), $args)) return;
 	}
 
-	// mm: update ownership data
-	sql("UPDATE `membership_userrecords` SET `dateUpdated`='" . time() . "' WHERE `tableName`='suppliers' AND `pkValue`='" . makeSafe($selected_id) . "'", $eo);
+	// mm: update record update timestamp
+	set_record_owner('suppliers', $selected_id);
 }
 
 function suppliers_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $AllowDelete = 1, $separateDV = 0, $TemplateDV = '', $TemplateDVP = '') {
@@ -272,7 +274,7 @@ function suppliers_form($selected_id = '', $AllowUpdate = 1, $AllowInsert = 1, $
 		$filterField = Request::val('FilterField');
 		$filterOperator = Request::val('FilterOperator');
 		$filterValue = Request::val('FilterValue');
-		$combo_Country->SelectedText = (isset($filterField[1]) && $filterField[1] == '9' && $filterOperator[1] == '<=>' ? $filterValue[1] : '');
+		$combo_Country->SelectedText = (isset($filterField[1]) && $filterField[1] == '9' && $filterOperator[1] == '<=>' ? $filterValue[1] : entitiesToUTF8(''));
 	}
 	$combo_Country->Render();
 
diff --git a/app/suppliers_view.php b/app/suppliers_view.php
index cd1c768..d00b10b 100644
--- a/app/suppliers_view.php
+++ b/app/suppliers_view.php
@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 23.16
+// This script and data application was generated by AppGini, https://bigprof.com/appgini
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	include_once(__DIR__ . '/lib.php');
@@ -116,6 +116,7 @@
 	$x->AllowPrinting = 1;
 	$x->AllowPrintingDV = 1;
 	$x->AllowCSV = 1;
+	$x->AllowAdminShowSQL = 0;
 	$x->RecordsPerPage = 10;
 	$x->QuickSearch = 1;
 	$x->QuickSearchText = $Translation['quick search'];
diff --git a/app/templates/customers_templateDV.html b/app/templates/customers_templateDV.html
index fd7d19b..08bcad6 100644
--- a/app/templates/customers_templateDV.html
+++ b/app/templates/customers_templateDV.html
@@ -34,7 +34,7 @@
 				<!-- Field: Customer ID -->
 				<div class="form-group customers-CustomerID">
 					<hr class="hidden-md hidden-lg">
-					<label class="control-label col-lg-3" for="CustomerID">Customer ID</label>
+					<label class="control-label col-lg-3" for="CustomerID">Customer ID<span class="text-danger"><%%TRANSLATION(*)%%></span></label>
 					<div class="col-lg-9">
 						<input maxlength="5" type="text" class="form-control" name="CustomerID" id="CustomerID" value="<%%VALUE(CustomerID)%%>" required><div class="text-danger vspacer-md" id="CustomerID-uniqueness-note" style="display: none;"><%%TRANSLATION(unique field error)%%></div>
 					</div>