From ef48c16bd53787196f031eb74da5adb40f43a269 Mon Sep 17 00:00:00 2001
From: FlashL3opard <69573060+Flashl3opard@users.noreply.github.com>
Date: Wed, 8 Apr 2026 22:36:52 +0530
Subject: [PATCH 1/2] fix: prevent duplicate submissions and harden join
 idempotency

---
 public/course.html | 428 +++++++++++++++++----------------
 public/login.html  | 288 +++++++++++++----------
 public/teach.html  | 574 ++++++++++++++++++++++++---------------------
 src/worker.py      |  10 +-
 4 files changed, 714 insertions(+), 586 deletions(-)

diff --git a/public/course.html b/public/course.html
index fd3cbb6..47ab49e 100644
--- a/public/course.html
+++ b/public/course.html
@@ -1,233 +1,267 @@
 <!DOCTYPE html>
 <html lang="en">
+
 <head>
   <meta charset="UTF-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
   <title>Activity - Alpha One Labs</title>
   <link rel="icon" type="image/png" href="/images/logo.png" />
   <script src="https://cdn.tailwindcss.com"></script>
-  <script>tailwind.config = { theme: { extend: { colors: { brand:{ DEFAULT:'#4F46E5', dark:'#3730A3' } } } } };</script>
+  <script>tailwind.config = { theme: { extend: { colors: { brand: { DEFAULT: '#4F46E5', dark: '#3730A3' } } } } };</script>
   <style>
-    .hidden { display: none !important; }
-    .gradient-hero { background: linear-gradient(135deg,#4F46E5 0%,#7C3AED 50%,#2563EB 100%); }
-    .badge { display:inline-block; padding:2px 10px; border-radius:9999px; font-size:.75rem; font-weight:600; }
+    .hidden {
+      display: none !important;
+    }
+
+    .gradient-hero {
+      background: linear-gradient(135deg, #4F46E5 0%, #7C3AED 50%, #2563EB 100%);
+    }
+
+    .badge {
+      display: inline-block;
+      padding: 2px 10px;
+      border-radius: 9999px;
+      font-size: .75rem;
+      font-weight: 600;
+    }
   </style>
 </head>
+
 <body class="bg-slate-50 text-slate-800 font-sans">
 
-<nav class="bg-white shadow-sm sticky top-0 z-50">
-  <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 flex items-center justify-between h-16">
-    <a href="/" class="flex items-center gap-2">
-      <img src="/images/logo.png" alt="Alpha One Labs" class="h-8 w-auto" />
-      <span class="font-bold text-xl text-slate-800">Alpha One Labs</span>
-    </a>
-    <div id="nav-auth" class="flex items-center gap-3"></div>
-  </div>
-</nav>
+  <nav class="bg-white shadow-sm sticky top-0 z-50">
+    <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 flex items-center justify-between h-16">
+      <a href="/" class="flex items-center gap-2">
+        <img src="/images/logo.png" alt="Alpha One Labs" class="h-8 w-auto" />
+        <span class="font-bold text-xl text-slate-800">Alpha One Labs</span>
+      </a>
+      <div id="nav-auth" class="flex items-center gap-3"></div>
+    </div>
+  </nav>
 
-<div class="gradient-hero text-white py-12 px-4">
-  <div class="max-w-7xl mx-auto">
-    <div class="text-indigo-200 text-sm mb-3">
-      <a href="/" class="hover:text-white">Activities</a> &rsaquo; <span id="crumb-title">Loading...</span>
+  <div class="gradient-hero text-white py-12 px-4">
+    <div class="max-w-7xl mx-auto">
+      <div class="text-indigo-200 text-sm mb-3">
+        <a href="/" class="hover:text-white">Activities</a> &rsaquo; <span id="crumb-title">Loading...</span>
+      </div>
+      <h1 id="act-title" class="text-3xl font-extrabold mb-2">Loading...</h1>
+      <p class="text-indigo-200 text-sm mb-4" id="act-meta"></p>
+      <div id="act-badges" class="flex flex-wrap gap-2 mb-5"></div>
+      <div id="act-action"></div>
     </div>
-    <h1 id="act-title" class="text-3xl font-extrabold mb-2">Loading...</h1>
-    <p class="text-indigo-200 text-sm mb-4" id="act-meta"></p>
-    <div id="act-badges" class="flex flex-wrap gap-2 mb-5"></div>
-    <div id="act-action"></div>
   </div>
-</div>
-
-<main class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-10">
-  <div class="flex flex-col lg:flex-row gap-8">
-
-    <!-- Sidebar: details + sessions -->
-    <aside class="lg:w-80 shrink-0 space-y-4">
-      <!-- About card -->
-      <div class="bg-white rounded-2xl shadow-sm border border-slate-100 p-6">
-        <h2 class="font-bold text-slate-800 text-sm mb-4">About this Activity</h2>
-        <p id="act-description" class="text-slate-500 text-sm leading-relaxed">Loading...</p>
-        <div class="mt-4 space-y-2 text-sm" id="act-details"></div>
-        <div id="act-tags" class="flex flex-wrap gap-1.5 mt-4"></div>
-      </div>
 
-      <!-- Sessions list -->
-      <div class="bg-white rounded-2xl shadow-sm border border-slate-100 overflow-hidden" id="sessions-card">
-        <div class="px-5 py-4 border-b border-slate-100 flex items-center justify-between">
-          <h2 class="font-bold text-slate-800 text-sm">Sessions</h2>
-          <span id="sessions-count" class="text-xs text-slate-400"></span>
+  <main class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-10">
+    <div class="flex flex-col lg:flex-row gap-8">
+
+      <!-- Sidebar: details + sessions -->
+      <aside class="lg:w-80 shrink-0 space-y-4">
+        <!-- About card -->
+        <div class="bg-white rounded-2xl shadow-sm border border-slate-100 p-6">
+          <h2 class="font-bold text-slate-800 text-sm mb-4">About this Activity</h2>
+          <p id="act-description" class="text-slate-500 text-sm leading-relaxed">Loading...</p>
+          <div class="mt-4 space-y-2 text-sm" id="act-details"></div>
+          <div id="act-tags" class="flex flex-wrap gap-1.5 mt-4"></div>
         </div>
-        <ul id="sessions-list" class="divide-y divide-slate-50 max-h-[50vh] overflow-y-auto">
-          <li class="px-5 py-4 text-sm text-slate-400">Loading...</li>
-        </ul>
-      </div>
-    </aside>
-
-    <!-- Main content -->
-    <div class="flex-1 min-w-0">
-
-      <!-- Not joined CTA -->
-      <div id="join-cta" class="hidden bg-gradient-to-br from-indigo-50 to-purple-50 border border-indigo-100 rounded-2xl p-8 text-center mb-6">
-        <p class="text-4xl mb-3">&#128274;</p>
-        <h3 class="font-bold text-slate-800 text-lg mb-2">Join to access session details</h3>
-        <p class="text-slate-500 text-sm mb-4">Session locations and descriptions are encrypted and only revealed to participants.</p>
-        <button id="btn-join" onclick="joinActivity()"
-          class="bg-brand text-white font-bold px-8 py-2.5 rounded-xl hover:bg-brand-dark transition text-sm">Join Activity - Free</button>
-      </div>
 
-      <!-- Participation card (shown when enrolled) -->
-      <div id="member-card" class="hidden bg-white rounded-2xl shadow-sm border border-slate-100 p-6 mb-6">
-        <h2 class="font-bold text-slate-800 text-base mb-3">Your Participation</h2>
-        <div class="flex flex-wrap gap-3 text-sm" id="enr-details"></div>
-      </div>
+        <!-- Sessions list -->
+        <div class="bg-white rounded-2xl shadow-sm border border-slate-100 overflow-hidden" id="sessions-card">
+          <div class="px-5 py-4 border-b border-slate-100 flex items-center justify-between">
+            <h2 class="font-bold text-slate-800 text-sm">Sessions</h2>
+            <span id="sessions-count" class="text-xs text-slate-400"></span>
+          </div>
+          <ul id="sessions-list" class="divide-y divide-slate-50 max-h-[50vh] overflow-y-auto">
+            <li class="px-5 py-4 text-sm text-slate-400">Loading...</li>
+          </ul>
+        </div>
+      </aside>
+
+      <!-- Main content -->
+      <div class="flex-1 min-w-0">
+
+        <!-- Not joined CTA -->
+        <div id="join-cta"
+          class="hidden bg-gradient-to-br from-indigo-50 to-purple-50 border border-indigo-100 rounded-2xl p-8 text-center mb-6">
+          <p class="text-4xl mb-3">&#128274;</p>
+          <h3 class="font-bold text-slate-800 text-lg mb-2">Join to access session details</h3>
+          <p class="text-slate-500 text-sm mb-4">Session locations and descriptions are encrypted and only revealed to
+            participants.</p>
+          <button id="btn-join" onclick="joinActivity()"
+            class="bg-brand text-white font-bold px-8 py-2.5 rounded-xl hover:bg-brand-dark transition text-sm">Join
+            Activity - Free</button>
+        </div>
+
+        <!-- Participation card (shown when enrolled) -->
+        <div id="member-card" class="hidden bg-white rounded-2xl shadow-sm border border-slate-100 p-6 mb-6">
+          <h2 class="font-bold text-slate-800 text-base mb-3">Your Participation</h2>
+          <div class="flex flex-wrap gap-3 text-sm" id="enr-details"></div>
+        </div>
 
-      <!-- Welcome card -->
-      <div id="welcome-card" class="bg-white rounded-2xl shadow-sm border border-slate-100 p-8">
-        <h2 class="font-bold text-slate-800 text-lg mb-3">Welcome!</h2>
-        <p class="text-slate-500 text-sm leading-relaxed" id="welcome-text">Select an activity and join to see full details including session locations and descriptions.</p>
+        <!-- Welcome card -->
+        <div id="welcome-card" class="bg-white rounded-2xl shadow-sm border border-slate-100 p-8">
+          <h2 class="font-bold text-slate-800 text-lg mb-3">Welcome!</h2>
+          <p class="text-slate-500 text-sm leading-relaxed" id="welcome-text">Select an activity and join to see full
+            details including session locations and descriptions.</p>
+        </div>
       </div>
+
     </div>
+  </main>
 
-  </div>
-</main>
-
-<footer class="bg-slate-800 text-slate-400 py-6 text-center text-sm mt-8">
-  <p>&copy; 2024&ndash;2026 Alpha One Labs &middot; Session details encrypted at rest &middot; <a href="/" class="hover:text-white">Home</a></p>
-</footer>
-
-<script>
-  const API = '';
-  const token = localStorage.getItem('edu_token');
-  const user  = JSON.parse(localStorage.getItem('edu_user') || 'null');
-  function esc(s) { return String(s).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;'); }
-  function logout() { localStorage.clear(); window.location.href = '/login.html'; }
-
-  // Nav
-  const nav = document.getElementById('nav-auth');
-  if (token && user) {
-    nav.innerHTML =
-      '<span class="text-slate-600 text-sm hidden sm:block">Hi, ' + esc(user.username) + '</span>' +
-      '<a href="/dashboard.html" class="bg-brand text-white text-sm font-semibold px-4 py-1.5 rounded-lg hover:bg-brand-dark transition">Dashboard</a>' +
-      '<button onclick="logout()" class="text-slate-400 text-sm hover:text-red-500">Logout</button>';
-  } else {
-    nav.innerHTML =
-      '<a href="/login.html" class="text-slate-600 text-sm font-medium hover:text-brand">Login</a>' +
-      '<a href="/login.html?tab=register" class="bg-brand text-white text-sm font-semibold px-4 py-1.5 rounded-lg hover:bg-brand-dark transition">Register</a>';
-  }
-
-  const typeIcon  = { course:'📚', meetup:'🤝', workshop:'🔧', seminar:'🎤', other:'✨' };
-  const typeColor = { course:'bg-indigo-100 text-indigo-700', meetup:'bg-pink-100 text-pink-700', workshop:'bg-orange-100 text-orange-700', seminar:'bg-teal-100 text-teal-700', other:'bg-slate-100 text-slate-600' };
-  const fmtLabel  = { live:'Live', self_paced:'Self-paced', hybrid:'Hybrid' };
-  const fmtColor  = { live:'bg-red-100 text-red-700', self_paced:'bg-emerald-100 text-emerald-700', hybrid:'bg-purple-100 text-purple-700' };
-  const schedLabel = { one_time:'One-time', multi_session:'Multi-session', recurring:'Recurring', ongoing:'Ongoing' };
-
-  const params  = new URLSearchParams(location.search);
-  const actId   = params.get('id');
-
-  async function loadActivity() {
-    const headers = token ? { Authorization: 'Bearer ' + token } : {};
-    const res     = await fetch('/api/activities/' + actId, { headers });
-    const data    = await res.json();
-    if (!res.ok) { document.getElementById('act-title').textContent = 'Activity not found'; return; }
-
-    const a = data.activity;
-    document.title = a.title + ' - Alpha One Labs';
-    document.getElementById('crumb-title').textContent   = a.title;
-    document.getElementById('act-title').textContent     = a.title;
-    document.getElementById('act-description').textContent = a.description;
-    document.getElementById('act-meta').textContent =
-      'by ' + a.host_name + '  ·  ' + a.participant_count + ' participants  ·  ' +
-      (data.sessions.length) + ' sessions';
-
-    const tc = typeColor[a.type] || 'bg-slate-100 text-slate-600';
-    const fc = fmtColor[a.format] || 'bg-slate-100 text-slate-600';
-    const ic = typeIcon[a.type] || '✨';
-    document.getElementById('act-badges').innerHTML =
-      '<span class="badge ' + tc + '">' + ic + ' ' + esc(a.type) + '</span>' +
-      '<span class="badge ' + fc + '">' + fmtLabel[a.format] + '</span>' +
-      '<span class="badge bg-white/20 text-white">' + schedLabel[a.schedule_type] + '</span>';
-
-    document.getElementById('act-details').innerHTML =
-      '<div class="flex items-center gap-2 text-slate-600"><span>📋</span><span><strong>Type:</strong> ' + esc(a.type) + '</span></div>' +
-      '<div class="flex items-center gap-2 text-slate-600"><span>📡</span><span><strong>Format:</strong> ' + fmtLabel[a.format] + '</span></div>' +
-      '<div class="flex items-center gap-2 text-slate-600"><span>🗓</span><span><strong>Schedule:</strong> ' + schedLabel[a.schedule_type] + '</span></div>' +
-      '<div class="flex items-center gap-2 text-slate-600"><span>👥</span><span><strong>Participants:</strong> ' + a.participant_count + '</span></div>';
-
-    if (a.tags && a.tags.length) {
-      document.getElementById('act-tags').innerHTML =
-        a.tags.map(t => '<span class="badge bg-slate-100 text-slate-600">' + esc(t) + '</span>').join('');
+  <footer class="bg-slate-800 text-slate-400 py-6 text-center text-sm mt-8">
+    <p>&copy; 2024&ndash;2026 Alpha One Labs &middot; Session details encrypted at rest &middot; <a href="/"
+        class="hover:text-white">Home</a></p>
+  </footer>
+
+  <script>
+    const API = '';
+    const token = localStorage.getItem('edu_token');
+    const user = JSON.parse(localStorage.getItem('edu_user') || 'null');
+    const inFlight = new Set();
+
+    async function withActionLock(key, action) {
+      if (inFlight.has(key)) return;
+      inFlight.add(key);
+      try {
+        await action();
+      } finally {
+        inFlight.delete(key);
+      }
     }
 
-    // Sessions
-    const sessCard = document.getElementById('sessions-card');
-    document.getElementById('sessions-count').textContent = data.sessions.length + ' sessions';
-    const ul = document.getElementById('sessions-list');
-    if (!data.sessions.length) {
-      sessCard.classList.add('hidden');
+    function esc(s) { return String(s).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;'); }
+    function logout() { localStorage.clear(); window.location.href = '/login.html'; }
+
+    // Nav
+    const nav = document.getElementById('nav-auth');
+    if (token && user) {
+      nav.innerHTML =
+        '<span class="text-slate-600 text-sm hidden sm:block">Hi, ' + esc(user.username) + '</span>' +
+        '<a href="/dashboard.html" class="bg-brand text-white text-sm font-semibold px-4 py-1.5 rounded-lg hover:bg-brand-dark transition">Dashboard</a>' +
+        '<button onclick="logout()" class="text-slate-400 text-sm hover:text-red-500">Logout</button>';
     } else {
-      ul.innerHTML = data.sessions.map(s => {
-        const locked = !data.is_enrolled && !data.is_host;
-        return '<li class="px-5 py-3">' +
-          '<p class="font-semibold text-slate-800 text-sm">' + esc(s.title || 'Session') + '</p>' +
-          (s.start_time ? '<p class="text-xs text-slate-500 mt-0.5">&#128197; ' + esc(s.start_time) + (s.end_time ? ' – ' + esc(s.end_time) : '') + '</p>' : '') +
-          (locked ? '<p class="text-xs text-slate-400 mt-0.5">&#128274; Join to see location and details</p>' :
-            (s.location ? '<p class="text-xs text-emerald-600 mt-0.5">&#128205; ' + esc(s.location) + '</p>' : '') +
-            (s.description ? '<p class="text-xs text-slate-500 mt-0.5">' + esc(s.description) + '</p>' : '')) +
-          '</li>';
-      }).join('');
+      nav.innerHTML =
+        '<a href="/login.html" class="text-slate-600 text-sm font-medium hover:text-brand">Login</a>' +
+        '<a href="/login.html?tab=register" class="bg-brand text-white text-sm font-semibold px-4 py-1.5 rounded-lg hover:bg-brand-dark transition">Register</a>';
     }
 
-    // Actions + member card
-    if (data.is_host) {
-      document.getElementById('act-action').innerHTML =
-        '<a href="/teach.html?activity_id=' + esc(a.id) + '" class="bg-white text-brand font-bold px-6 py-2.5 rounded-xl shadow hover:bg-indigo-50 transition text-sm">Manage Activity</a>';
-      document.getElementById('welcome-card').querySelector('#welcome-text').textContent =
-        'You are the host of this activity. Use the Manage button to add sessions and update details.';
-    } else if (data.is_enrolled) {
-      document.getElementById('join-cta').classList.add('hidden');
-      document.getElementById('member-card').classList.remove('hidden');
-      const enr = data.enrollment;
-      const rc  = { participant:'bg-slate-100 text-slate-600', instructor:'bg-purple-100 text-purple-700', organizer:'bg-amber-100 text-amber-700' };
-      const sc  = { active:'bg-emerald-100 text-emerald-700', cancelled:'bg-red-100 text-red-700', completed:'bg-blue-100 text-blue-700' };
-      document.getElementById('enr-details').innerHTML =
-        '<span class="badge ' + (rc[enr.role]||'bg-slate-100 text-slate-600') + '">' + esc(enr.role) + '</span>' +
-        '<span class="badge ' + (sc[enr.status]||'bg-slate-100 text-slate-600') + '">' + esc(enr.status) + '</span>' +
-        '<span class="text-slate-500">You have full access to session details.</span>';
-      document.getElementById('act-action').innerHTML = '<span class="text-indigo-200 text-sm">✅ Joined</span>';
-      document.getElementById('welcome-card').querySelector('#welcome-text').textContent =
-        'You are participating in this activity. Session locations and details are visible above.';
-    } else {
-      if (token) {
-        document.getElementById('join-cta').classList.remove('hidden');
+    const typeIcon = { course: '📚', meetup: '🤝', workshop: '🔧', seminar: '🎤', other: '✨' };
+    const typeColor = { course: 'bg-indigo-100 text-indigo-700', meetup: 'bg-pink-100 text-pink-700', workshop: 'bg-orange-100 text-orange-700', seminar: 'bg-teal-100 text-teal-700', other: 'bg-slate-100 text-slate-600' };
+    const fmtLabel = { live: 'Live', self_paced: 'Self-paced', hybrid: 'Hybrid' };
+    const fmtColor = { live: 'bg-red-100 text-red-700', self_paced: 'bg-emerald-100 text-emerald-700', hybrid: 'bg-purple-100 text-purple-700' };
+    const schedLabel = { one_time: 'One-time', multi_session: 'Multi-session', recurring: 'Recurring', ongoing: 'Ongoing' };
+
+    const params = new URLSearchParams(location.search);
+    const actId = params.get('id');
+
+    async function loadActivity() {
+      const headers = token ? { Authorization: 'Bearer ' + token } : {};
+      const res = await fetch('/api/activities/' + actId, { headers });
+      const data = await res.json();
+      if (!res.ok) { document.getElementById('act-title').textContent = 'Activity not found'; return; }
+
+      const a = data.activity;
+      document.title = a.title + ' - Alpha One Labs';
+      document.getElementById('crumb-title').textContent = a.title;
+      document.getElementById('act-title').textContent = a.title;
+      document.getElementById('act-description').textContent = a.description;
+      document.getElementById('act-meta').textContent =
+        'by ' + a.host_name + '  ·  ' + a.participant_count + ' participants  ·  ' +
+        (data.sessions.length) + ' sessions';
+
+      const tc = typeColor[a.type] || 'bg-slate-100 text-slate-600';
+      const fc = fmtColor[a.format] || 'bg-slate-100 text-slate-600';
+      const ic = typeIcon[a.type] || '✨';
+      document.getElementById('act-badges').innerHTML =
+        '<span class="badge ' + tc + '">' + ic + ' ' + esc(a.type) + '</span>' +
+        '<span class="badge ' + fc + '">' + fmtLabel[a.format] + '</span>' +
+        '<span class="badge bg-white/20 text-white">' + schedLabel[a.schedule_type] + '</span>';
+
+      document.getElementById('act-details').innerHTML =
+        '<div class="flex items-center gap-2 text-slate-600"><span>📋</span><span><strong>Type:</strong> ' + esc(a.type) + '</span></div>' +
+        '<div class="flex items-center gap-2 text-slate-600"><span>📡</span><span><strong>Format:</strong> ' + fmtLabel[a.format] + '</span></div>' +
+        '<div class="flex items-center gap-2 text-slate-600"><span>🗓</span><span><strong>Schedule:</strong> ' + schedLabel[a.schedule_type] + '</span></div>' +
+        '<div class="flex items-center gap-2 text-slate-600"><span>👥</span><span><strong>Participants:</strong> ' + a.participant_count + '</span></div>';
+
+      if (a.tags && a.tags.length) {
+        document.getElementById('act-tags').innerHTML =
+          a.tags.map(t => '<span class="badge bg-slate-100 text-slate-600">' + esc(t) + '</span>').join('');
+      }
+
+      // Sessions
+      const sessCard = document.getElementById('sessions-card');
+      document.getElementById('sessions-count').textContent = data.sessions.length + ' sessions';
+      const ul = document.getElementById('sessions-list');
+      if (!data.sessions.length) {
+        sessCard.classList.add('hidden');
       } else {
+        ul.innerHTML = data.sessions.map(s => {
+          const locked = !data.is_enrolled && !data.is_host;
+          return '<li class="px-5 py-3">' +
+            '<p class="font-semibold text-slate-800 text-sm">' + esc(s.title || 'Session') + '</p>' +
+            (s.start_time ? '<p class="text-xs text-slate-500 mt-0.5">&#128197; ' + esc(s.start_time) + (s.end_time ? ' – ' + esc(s.end_time) : '') + '</p>' : '') +
+            (locked ? '<p class="text-xs text-slate-400 mt-0.5">&#128274; Join to see location and details</p>' :
+              (s.location ? '<p class="text-xs text-emerald-600 mt-0.5">&#128205; ' + esc(s.location) + '</p>' : '') +
+              (s.description ? '<p class="text-xs text-slate-500 mt-0.5">' + esc(s.description) + '</p>' : '')) +
+            '</li>';
+        }).join('');
+      }
+
+      // Actions + member card
+      if (data.is_host) {
         document.getElementById('act-action').innerHTML =
-          '<a href="/login.html" class="bg-white text-brand font-bold px-6 py-2.5 rounded-xl shadow hover:bg-indigo-50 transition text-sm">Login to Join</a>';
+          '<a href="/teach.html?activity_id=' + esc(a.id) + '" class="bg-white text-brand font-bold px-6 py-2.5 rounded-xl shadow hover:bg-indigo-50 transition text-sm">Manage Activity</a>';
+        document.getElementById('welcome-card').querySelector('#welcome-text').textContent =
+          'You are the host of this activity. Use the Manage button to add sessions and update details.';
+      } else if (data.is_enrolled) {
+        document.getElementById('join-cta').classList.add('hidden');
+        document.getElementById('member-card').classList.remove('hidden');
+        const enr = data.enrollment;
+        const rc = { participant: 'bg-slate-100 text-slate-600', instructor: 'bg-purple-100 text-purple-700', organizer: 'bg-amber-100 text-amber-700' };
+        const sc = { active: 'bg-emerald-100 text-emerald-700', cancelled: 'bg-red-100 text-red-700', completed: 'bg-blue-100 text-blue-700' };
+        document.getElementById('enr-details').innerHTML =
+          '<span class="badge ' + (rc[enr.role] || 'bg-slate-100 text-slate-600') + '">' + esc(enr.role) + '</span>' +
+          '<span class="badge ' + (sc[enr.status] || 'bg-slate-100 text-slate-600') + '">' + esc(enr.status) + '</span>' +
+          '<span class="text-slate-500">You have full access to session details.</span>';
+        document.getElementById('act-action').innerHTML = '<span class="text-indigo-200 text-sm">✅ Joined</span>';
+        document.getElementById('welcome-card').querySelector('#welcome-text').textContent =
+          'You are participating in this activity. Session locations and details are visible above.';
+      } else {
+        if (token) {
+          document.getElementById('join-cta').classList.remove('hidden');
+        } else {
+          document.getElementById('act-action').innerHTML =
+            '<a href="/login.html" class="bg-white text-brand font-bold px-6 py-2.5 rounded-xl shadow hover:bg-indigo-50 transition text-sm">Login to Join</a>';
+        }
       }
     }
-  }
-
-  async function joinActivity() {
-    if (!token) { window.location.href = '/login.html'; return; }
-    const btn = document.getElementById('btn-join');
-    btn.textContent = 'Joining...'; btn.disabled = true;
-    try {
-      const res  = await fetch('/api/join', {
-        method:'POST', headers:{ 'Content-Type':'application/json', Authorization:'Bearer ' + token },
-        body: JSON.stringify({ activity_id: actId })
+
+    async function joinActivity() {
+      if (!token) { window.location.href = '/login.html'; return; }
+      await withActionLock('join-activity:' + actId, async () => {
+        const btn = document.getElementById('btn-join');
+        btn.textContent = 'Joining...'; btn.disabled = true;
+        try {
+          const res = await fetch('/api/join', {
+            method: 'POST', headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + token },
+            body: JSON.stringify({ activity_id: actId })
+          });
+          const data = await res.json();
+          if (!res.ok) throw new Error(data.error || 'Failed');
+          window.location.reload();
+        } catch (e) {
+          alert(e.message);
+          btn.textContent = 'Join Activity - Free'; btn.disabled = false;
+        }
       });
-      const data = await res.json();
-      if (!res.ok) throw new Error(data.error || 'Failed');
-      window.location.reload();
-    } catch (e) {
-      alert(e.message);
-      btn.textContent = 'Join Activity - Free'; btn.disabled = false;
     }
-  }
-
-  if (!actId) {
-    document.getElementById('act-title').textContent = 'No activity selected';
-  } else {
-    loadActivity().catch(e => { document.getElementById('act-title').textContent = 'Error: ' + e.message; });
-  }
-</script>
+
+    if (!actId) {
+      document.getElementById('act-title').textContent = 'No activity selected';
+    } else {
+      loadActivity().catch(e => { document.getElementById('act-title').textContent = 'Error: ' + e.message; });
+    }
+  </script>
 </body>
+
 </html>
\ No newline at end of file
diff --git a/public/login.html b/public/login.html
index b7d8c23..5031096 100644
--- a/public/login.html
+++ b/public/login.html
@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <html lang="en">
+
 <head>
   <meta charset="UTF-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
@@ -8,140 +9,177 @@
   <script src="https://cdn.tailwindcss.com"></script>
   <script>tailwind.config = { theme: { extend: { colors: { brand: { DEFAULT: '#4F46E5', dark: '#3730A3' } } } } };</script>
   <style>
-    .hidden { display: none !important; }
-    .gradient-hero { background: linear-gradient(135deg, #4F46E5 0%, #7C3AED 50%, #2563EB 100%); }
+    .hidden {
+      display: none !important;
+    }
+
+    .gradient-hero {
+      background: linear-gradient(135deg, #4F46E5 0%, #7C3AED 50%, #2563EB 100%);
+    }
   </style>
 </head>
-<body class="min-h-screen bg-slate-50 flex items-center justify-center px-4">
 
-<div class="w-full max-w-md">
-  <div class="text-center mb-8">
-    <a href="/" class="inline-flex items-center gap-2">
-      <img src="/images/logo.png" alt="Alpha One Labs" class="h-10 w-auto" />
-      <span class="font-bold text-2xl text-slate-800">Alpha One Labs</span>
-    </a>
-    <p class="text-slate-500 text-sm mt-2">All user data encrypted at rest - zero plaintext PII stored</p>
-  </div>
+<body class="min-h-screen bg-slate-50 flex items-center justify-center px-4">
 
-  <div class="bg-white rounded-2xl shadow-sm border border-slate-100 overflow-hidden">
-    <div class="flex border-b border-slate-100">
-      <button id="tab-login" onclick="switchTab('login')"
-        class="flex-1 py-4 text-sm font-semibold border-b-2 border-brand text-brand transition">Login</button>
-      <button id="tab-register" onclick="switchTab('register')"
-        class="flex-1 py-4 text-sm font-semibold border-b-2 border-transparent text-slate-400 hover:text-slate-600 transition">Register</button>
+  <div class="w-full max-w-md">
+    <div class="text-center mb-8">
+      <a href="/" class="inline-flex items-center gap-2">
+        <img src="/images/logo.png" alt="Alpha One Labs" class="h-10 w-auto" />
+        <span class="font-bold text-2xl text-slate-800">Alpha One Labs</span>
+      </a>
+      <p class="text-slate-500 text-sm mt-2">All user data encrypted at rest - zero plaintext PII stored</p>
     </div>
 
-    <div id="panel-login" class="p-8">
-      <h2 class="text-xl font-bold text-slate-800 mb-6">Welcome back!</h2>
-      <form id="form-login" class="space-y-4" novalidate>
-        <div>
-          <label class="block text-sm font-medium text-slate-700 mb-1">Username</label>
-          <input id="l-username" type="text" autocomplete="username" required
-            class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="your_username" />
-        </div>
-        <div>
-          <label class="block text-sm font-medium text-slate-700 mb-1">Password</label>
-          <input id="l-password" type="password" autocomplete="current-password" required
-            class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="..." />
-        </div>
-        <p id="login-err" class="text-red-500 text-sm hidden"></p>
-        <button type="submit" class="w-full bg-brand text-white font-semibold py-2.5 rounded-xl hover:bg-brand-dark transition text-sm">Sign In</button>
-      </form>
-      <p class="text-center text-slate-400 text-sm mt-6">
-        Demo: <code class="bg-slate-100 px-1 rounded">alice / password123</code>
-        or <code class="bg-slate-100 px-1 rounded">charlie / password123</code>
-      </p>
-    </div>
+    <div class="bg-white rounded-2xl shadow-sm border border-slate-100 overflow-hidden">
+      <div class="flex border-b border-slate-100">
+        <button id="tab-login" onclick="switchTab('login')"
+          class="flex-1 py-4 text-sm font-semibold border-b-2 border-brand text-brand transition">Login</button>
+        <button id="tab-register" onclick="switchTab('register')"
+          class="flex-1 py-4 text-sm font-semibold border-b-2 border-transparent text-slate-400 hover:text-slate-600 transition">Register</button>
+      </div>
 
-    <div id="panel-register" class="p-8 hidden">
-      <h2 class="text-xl font-bold text-slate-800 mb-6">Create your account</h2>
-      <form id="form-register" class="space-y-4" novalidate>
-        <div>
-          <label class="block text-sm font-medium text-slate-700 mb-1">Display Name</label>
-          <input id="r-name" type="text" autocomplete="name"
-            class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="Your Full Name" />
-        </div>
-        <div>
-          <label class="block text-sm font-medium text-slate-700 mb-1">Username</label>
-          <input id="r-username" type="text" autocomplete="username" required
-            class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="choose_a_username" />
-        </div>
-        <div>
-          <label class="block text-sm font-medium text-slate-700 mb-1">Email</label>
-          <input id="r-email" type="email" autocomplete="email" required
-            class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="you@example.com" />
-        </div>
-        <div>
-          <label class="block text-sm font-medium text-slate-700 mb-1">Password</label>
-          <input id="r-password" type="password" autocomplete="new-password" required minlength="6"
-            class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="min 6 characters" />
-        </div>
-        <p id="register-err" class="text-red-500 text-sm hidden"></p>
-        <button type="submit" class="w-full bg-brand text-white font-semibold py-2.5 rounded-xl hover:bg-brand-dark transition text-sm">Create Account</button>
-      </form>
+      <div id="panel-login" class="p-8">
+        <h2 class="text-xl font-bold text-slate-800 mb-6">Welcome back!</h2>
+        <form id="form-login" class="space-y-4" novalidate>
+          <div>
+            <label class="block text-sm font-medium text-slate-700 mb-1">Username</label>
+            <input id="l-username" type="text" autocomplete="username" required
+              class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
+              placeholder="your_username" />
+          </div>
+          <div>
+            <label class="block text-sm font-medium text-slate-700 mb-1">Password</label>
+            <input id="l-password" type="password" autocomplete="current-password" required
+              class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
+              placeholder="..." />
+          </div>
+          <p id="login-err" class="text-red-500 text-sm hidden"></p>
+          <button type="submit"
+            class="w-full bg-brand text-white font-semibold py-2.5 rounded-xl hover:bg-brand-dark transition text-sm">Sign
+            In</button>
+        </form>
+        <p class="text-center text-slate-400 text-sm mt-6">
+          Demo: <code class="bg-slate-100 px-1 rounded">alice / password123</code>
+          or <code class="bg-slate-100 px-1 rounded">charlie / password123</code>
+        </p>
+      </div>
+
+      <div id="panel-register" class="p-8 hidden">
+        <h2 class="text-xl font-bold text-slate-800 mb-6">Create your account</h2>
+        <form id="form-register" class="space-y-4" novalidate>
+          <div>
+            <label class="block text-sm font-medium text-slate-700 mb-1">Display Name</label>
+            <input id="r-name" type="text" autocomplete="name"
+              class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
+              placeholder="Your Full Name" />
+          </div>
+          <div>
+            <label class="block text-sm font-medium text-slate-700 mb-1">Username</label>
+            <input id="r-username" type="text" autocomplete="username" required
+              class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
+              placeholder="choose_a_username" />
+          </div>
+          <div>
+            <label class="block text-sm font-medium text-slate-700 mb-1">Email</label>
+            <input id="r-email" type="email" autocomplete="email" required
+              class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
+              placeholder="you@example.com" />
+          </div>
+          <div>
+            <label class="block text-sm font-medium text-slate-700 mb-1">Password</label>
+            <input id="r-password" type="password" autocomplete="new-password" required minlength="6"
+              class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
+              placeholder="min 6 characters" />
+          </div>
+          <p id="register-err" class="text-red-500 text-sm hidden"></p>
+          <button type="submit"
+            class="w-full bg-brand text-white font-semibold py-2.5 rounded-xl hover:bg-brand-dark transition text-sm">Create
+            Account</button>
+        </form>
+      </div>
     </div>
+
+    <p class="text-center text-slate-400 text-xs mt-6">
+      <a href="/" class="hover:text-brand">Back to activities</a>
+    </p>
   </div>
 
-  <p class="text-center text-slate-400 text-xs mt-6">
-    <a href="/" class="hover:text-brand">Back to activities</a>
-  </p>
-</div>
-
-<script>
-  const API = '';
-  function switchTab(tab) {
-    const isLogin = tab === 'login';
-    document.getElementById('panel-login').classList.toggle('hidden', !isLogin);
-    document.getElementById('panel-register').classList.toggle('hidden', isLogin);
-    document.getElementById('tab-login').className    = 'flex-1 py-4 text-sm font-semibold border-b-2 transition ' + (isLogin ? 'border-brand text-brand' : 'border-transparent text-slate-400 hover:text-slate-600');
-    document.getElementById('tab-register').className = 'flex-1 py-4 text-sm font-semibold border-b-2 transition ' + (!isLogin ? 'border-brand text-brand' : 'border-transparent text-slate-400 hover:text-slate-600');
-  }
-  const params = new URLSearchParams(location.search);
-  if (params.get('tab') === 'register') switchTab('register');
-
-  function storeAuth(data) {
-    localStorage.setItem('edu_token', data.token);
-    localStorage.setItem('edu_user',  JSON.stringify(data.user));
-    window.location.href = '/dashboard.html';
-  }
-  function showErr(id, msg) { const el = document.getElementById(id); el.textContent = msg; el.classList.remove('hidden'); }
-
-  document.getElementById('form-login').addEventListener('submit', async e => {
-    e.preventDefault();
-    document.getElementById('login-err').classList.add('hidden');
-    const btn = e.target.querySelector('button[type=submit]');
-    btn.textContent = 'Signing in...'; btn.disabled = true;
-    try {
-      const res  = await fetch('/api/login', { method:'POST', headers:{'Content-Type':'application/json'},
-        body: JSON.stringify({ username: document.getElementById('l-username').value.trim(), password: document.getElementById('l-password').value }) });
-      const data = await res.json();
-      if (!res.ok) throw new Error(data.error || 'Login failed');
-      storeAuth(data.data);
-    } catch (err) { showErr('login-err', err.message); }
-    finally { btn.textContent = 'Sign In'; btn.disabled = false; }
-  });
-
-  document.getElementById('form-register').addEventListener('submit', async e => {
-    e.preventDefault();
-    document.getElementById('register-err').classList.add('hidden');
-    const btn  = e.target.querySelector('button[type=submit]');
-    btn.textContent = 'Creating...'; btn.disabled = true;
-    try {
-      const res  = await fetch('/api/register', { method:'POST', headers:{'Content-Type':'application/json'},
-        body: JSON.stringify({
-          name:     document.getElementById('r-name').value.trim(),
-          username: document.getElementById('r-username').value.trim(),
-          email:    document.getElementById('r-email').value.trim(),
-          password: document.getElementById('r-password').value,
-        }) });
-      const data = await res.json();
-      if (!res.ok) throw new Error(data.error || 'Registration failed');
-      storeAuth(data.data);
-    } catch (err) { showErr('register-err', err.message); }
-    finally { btn.textContent = 'Create Account'; btn.disabled = false; }
-  });
-
-  if (localStorage.getItem('edu_token')) window.location.href = '/dashboard.html';
-</script>
+  <script>
+    const API = '';
+    const inFlight = new Set();
+
+    async function withActionLock(key, action) {
+      if (inFlight.has(key)) return;
+      inFlight.add(key);
+      try {
+        await action();
+      } finally {
+        inFlight.delete(key);
+      }
+    }
+
+    function switchTab(tab) {
+      const isLogin = tab === 'login';
+      document.getElementById('panel-login').classList.toggle('hidden', !isLogin);
+      document.getElementById('panel-register').classList.toggle('hidden', isLogin);
+      document.getElementById('tab-login').className = 'flex-1 py-4 text-sm font-semibold border-b-2 transition ' + (isLogin ? 'border-brand text-brand' : 'border-transparent text-slate-400 hover:text-slate-600');
+      document.getElementById('tab-register').className = 'flex-1 py-4 text-sm font-semibold border-b-2 transition ' + (!isLogin ? 'border-brand text-brand' : 'border-transparent text-slate-400 hover:text-slate-600');
+    }
+    const params = new URLSearchParams(location.search);
+    if (params.get('tab') === 'register') switchTab('register');
+
+    function storeAuth(data) {
+      localStorage.setItem('edu_token', data.token);
+      localStorage.setItem('edu_user', JSON.stringify(data.user));
+      window.location.href = '/dashboard.html';
+    }
+    function showErr(id, msg) { const el = document.getElementById(id); el.textContent = msg; el.classList.remove('hidden'); }
+
+    document.getElementById('form-login').addEventListener('submit', e => {
+      e.preventDefault();
+      withActionLock('login', async () => {
+        document.getElementById('login-err').classList.add('hidden');
+        const btn = e.target.querySelector('button[type=submit]');
+        btn.textContent = 'Signing in...'; btn.disabled = true;
+        try {
+          const res = await fetch('/api/login', {
+            method: 'POST', headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ username: document.getElementById('l-username').value.trim(), password: document.getElementById('l-password').value })
+          });
+          const data = await res.json();
+          if (!res.ok) throw new Error(data.error || 'Login failed');
+          storeAuth(data.data);
+        } catch (err) { showErr('login-err', err.message); }
+        finally { btn.textContent = 'Sign In'; btn.disabled = false; }
+      });
+    });
+
+    document.getElementById('form-register').addEventListener('submit', e => {
+      e.preventDefault();
+      withActionLock('register', async () => {
+        document.getElementById('register-err').classList.add('hidden');
+        const btn = e.target.querySelector('button[type=submit]');
+        btn.textContent = 'Creating...'; btn.disabled = true;
+        try {
+          const res = await fetch('/api/register', {
+            method: 'POST', headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+              name: document.getElementById('r-name').value.trim(),
+              username: document.getElementById('r-username').value.trim(),
+              email: document.getElementById('r-email').value.trim(),
+              password: document.getElementById('r-password').value,
+            })
+          });
+          const data = await res.json();
+          if (!res.ok) throw new Error(data.error || 'Registration failed');
+          storeAuth(data.data);
+        } catch (err) { showErr('register-err', err.message); }
+        finally { btn.textContent = 'Create Account'; btn.disabled = false; }
+      });
+    });
+
+    if (localStorage.getItem('edu_token')) window.location.href = '/dashboard.html';
+  </script>
 </body>
+
 </html>
\ No newline at end of file
diff --git a/public/teach.html b/public/teach.html
index 8c00bff..646edfb 100644
--- a/public/teach.html
+++ b/public/teach.html
@@ -1,319 +1,367 @@
 <!DOCTYPE html>
 <html lang="en">
+
 <head>
   <meta charset="UTF-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
   <title>Host Hub - Alpha One Labs</title>
   <link rel="icon" type="image/png" href="/images/logo.png" />
   <script src="https://cdn.tailwindcss.com"></script>
-  <script>tailwind.config = { theme: { extend: { colors: { brand:{ DEFAULT:'#4F46E5', dark:'#3730A3' } } } } };</script>
+  <script>tailwind.config = { theme: { extend: { colors: { brand: { DEFAULT: '#4F46E5', dark: '#3730A3' } } } } };</script>
   <style>
-    .hidden { display: none !important; }
-    .gradient-hero { background: linear-gradient(135deg,#4F46E5 0%,#7C3AED 50%,#2563EB 100%); }
-    .badge { display:inline-block; padding:2px 10px; border-radius:9999px; font-size:.75rem; font-weight:600; }
+    .hidden {
+      display: none !important;
+    }
+
+    .gradient-hero {
+      background: linear-gradient(135deg, #4F46E5 0%, #7C3AED 50%, #2563EB 100%);
+    }
+
+    .badge {
+      display: inline-block;
+      padding: 2px 10px;
+      border-radius: 9999px;
+      font-size: .75rem;
+      font-weight: 600;
+    }
   </style>
 </head>
+
 <body class="bg-slate-50 text-slate-800 font-sans">
 
-<nav class="bg-white shadow-sm sticky top-0 z-50">
-  <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 flex items-center justify-between h-16">
-    <a href="/" class="flex items-center gap-2">
-      <img src="/images/logo.png" alt="Alpha One Labs" class="h-8 w-auto" />
-      <span class="font-bold text-xl text-slate-800">Alpha One Labs</span>
-    </a>
-    <div class="hidden md:flex items-center gap-6 text-sm font-medium text-slate-600">
-      <a href="/" class="hover:text-brand">Activities</a>
-      <a href="/dashboard.html" class="hover:text-brand">Dashboard</a>
-      <a href="/teach.html" class="text-brand font-semibold">Host Hub</a>
-    </div>
-    <div class="flex items-center gap-3">
-      <span class="text-slate-600 text-sm hidden sm:block" id="nav-user"></span>
-      <button onclick="logout()" class="text-slate-400 text-sm hover:text-red-500">Logout</button>
+  <nav class="bg-white shadow-sm sticky top-0 z-50">
+    <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 flex items-center justify-between h-16">
+      <a href="/" class="flex items-center gap-2">
+        <img src="/images/logo.png" alt="Alpha One Labs" class="h-8 w-auto" />
+        <span class="font-bold text-xl text-slate-800">Alpha One Labs</span>
+      </a>
+      <div class="hidden md:flex items-center gap-6 text-sm font-medium text-slate-600">
+        <a href="/" class="hover:text-brand">Activities</a>
+        <a href="/dashboard.html" class="hover:text-brand">Dashboard</a>
+        <a href="/teach.html" class="text-brand font-semibold">Host Hub</a>
+      </div>
+      <div class="flex items-center gap-3">
+        <span class="text-slate-600 text-sm hidden sm:block" id="nav-user"></span>
+        <button onclick="logout()" class="text-slate-400 text-sm hover:text-red-500">Logout</button>
+      </div>
     </div>
-  </div>
-</nav>
+  </nav>
 
-<!-- Main content -->
-<div id="host-content" class="hidden">
+  <!-- Main content -->
+  <div id="host-content" class="hidden">
 
-  <div class="gradient-hero text-white py-12 px-4">
-    <div class="max-w-7xl mx-auto">
-      <h1 class="text-3xl font-extrabold mb-1">Host Hub</h1>
-      <p class="text-indigo-200">Create and manage your activities and sessions.</p>
+    <div class="gradient-hero text-white py-12 px-4">
+      <div class="max-w-7xl mx-auto">
+        <h1 class="text-3xl font-extrabold mb-1">Host Hub</h1>
+        <p class="text-indigo-200">Create and manage your activities and sessions.</p>
+      </div>
     </div>
-  </div>
 
-  <main class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-10">
-    <div class="grid grid-cols-1 lg:grid-cols-2 gap-8">
+    <main class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-10">
+      <div class="grid grid-cols-1 lg:grid-cols-2 gap-8">
 
-      <!-- Create Activity -->
-      <section class="bg-white rounded-2xl shadow-sm border border-slate-100 overflow-hidden">
-        <div class="px-6 py-4 border-b border-slate-100 bg-gradient-to-r from-indigo-50 to-purple-50">
-          <h2 class="font-bold text-slate-800">&#127775; Create New Activity</h2>
-          <p class="text-slate-500 text-xs mt-0.5">Descriptions are encrypted at rest in D1.</p>
-        </div>
-        <div class="p-6">
-          <form id="form-activity" class="space-y-4" novalidate>
-            <div>
-              <label class="block text-sm font-medium text-slate-700 mb-1">Title *</label>
-              <input id="a-title" type="text" required
-                class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="e.g. Python for Beginners" />
-            </div>
-            <div>
-              <label class="block text-sm font-medium text-slate-700 mb-1">Description</label>
-              <textarea id="a-desc" rows="3"
-                class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm resize-none" placeholder="What will participants gain?"></textarea>
-            </div>
-            <div class="grid grid-cols-3 gap-3">
+        <!-- Create Activity -->
+        <section class="bg-white rounded-2xl shadow-sm border border-slate-100 overflow-hidden">
+          <div class="px-6 py-4 border-b border-slate-100 bg-gradient-to-r from-indigo-50 to-purple-50">
+            <h2 class="font-bold text-slate-800">&#127775; Create New Activity</h2>
+            <p class="text-slate-500 text-xs mt-0.5">Descriptions are encrypted at rest in D1.</p>
+          </div>
+          <div class="p-6">
+            <form id="form-activity" class="space-y-4" novalidate>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">Type</label>
-                <select id="a-type" class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
-                  <option value="course">📚 Course</option>
-                  <option value="meetup">🤝 Meetup</option>
-                  <option value="workshop">🔧 Workshop</option>
-                  <option value="seminar">🎤 Seminar</option>
-                  <option value="other">✨ Other</option>
-                </select>
+                <label class="block text-sm font-medium text-slate-700 mb-1">Title *</label>
+                <input id="a-title" type="text" required
+                  class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
+                  placeholder="e.g. Python for Beginners" />
               </div>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">Format</label>
-                <select id="a-format" class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
-                  <option value="self_paced">Self-paced</option>
-                  <option value="live">Live</option>
-                  <option value="hybrid">Hybrid</option>
-                </select>
+                <label class="block text-sm font-medium text-slate-700 mb-1">Description</label>
+                <textarea id="a-desc" rows="3"
+                  class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm resize-none"
+                  placeholder="What will participants gain?"></textarea>
+              </div>
+              <div class="grid grid-cols-3 gap-3">
+                <div>
+                  <label class="block text-sm font-medium text-slate-700 mb-1">Type</label>
+                  <select id="a-type"
+                    class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
+                    <option value="course">📚 Course</option>
+                    <option value="meetup">🤝 Meetup</option>
+                    <option value="workshop">🔧 Workshop</option>
+                    <option value="seminar">🎤 Seminar</option>
+                    <option value="other">✨ Other</option>
+                  </select>
+                </div>
+                <div>
+                  <label class="block text-sm font-medium text-slate-700 mb-1">Format</label>
+                  <select id="a-format"
+                    class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
+                    <option value="self_paced">Self-paced</option>
+                    <option value="live">Live</option>
+                    <option value="hybrid">Hybrid</option>
+                  </select>
+                </div>
+                <div>
+                  <label class="block text-sm font-medium text-slate-700 mb-1">Schedule</label>
+                  <select id="a-schedule"
+                    class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
+                    <option value="ongoing">Ongoing</option>
+                    <option value="one_time">One-time</option>
+                    <option value="multi_session">Multi-session</option>
+                    <option value="recurring">Recurring</option>
+                  </select>
+                </div>
               </div>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">Schedule</label>
-                <select id="a-schedule" class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
-                  <option value="ongoing">Ongoing</option>
-                  <option value="one_time">One-time</option>
-                  <option value="multi_session">Multi-session</option>
-                  <option value="recurring">Recurring</option>
-                </select>
+                <label class="block text-sm font-medium text-slate-700 mb-1">Tags (comma-separated)</label>
+                <input id="a-tags" type="text"
+                  class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
+                  placeholder="Python, Beginners, Data Science" />
               </div>
-            </div>
-            <div>
-              <label class="block text-sm font-medium text-slate-700 mb-1">Tags (comma-separated)</label>
-              <input id="a-tags" type="text"
-                class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="Python, Beginners, Data Science" />
-            </div>
-            <p id="act-err" class="text-red-500 text-sm hidden"></p>
-            <p id="act-ok" class="text-emerald-600 text-sm hidden"></p>
-            <button type="submit" class="w-full bg-brand text-white font-semibold py-2.5 rounded-xl hover:bg-brand-dark transition text-sm">Create Activity</button>
-          </form>
-        </div>
-      </section>
+              <p id="act-err" class="text-red-500 text-sm hidden"></p>
+              <p id="act-ok" class="text-emerald-600 text-sm hidden"></p>
+              <button type="submit"
+                class="w-full bg-brand text-white font-semibold py-2.5 rounded-xl hover:bg-brand-dark transition text-sm">Create
+                Activity</button>
+            </form>
+          </div>
+        </section>
 
-      <!-- Create Session -->
-      <section class="bg-white rounded-2xl shadow-sm border border-slate-100 overflow-hidden">
-        <div class="px-6 py-4 border-b border-slate-100 bg-gradient-to-r from-emerald-50 to-teal-50">
-          <h2 class="font-bold text-slate-800">&#128197; Add Session</h2>
-          <p class="text-slate-500 text-xs mt-0.5">Location and description are encrypted at rest.</p>
-        </div>
-        <div class="p-6">
-          <form id="form-session" class="space-y-4" novalidate>
-            <div>
-              <label class="block text-sm font-medium text-slate-700 mb-1">Activity *</label>
-              <select id="s-activity" class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
-                <option value="">Select one of your activities...</option>
-              </select>
-            </div>
-            <div>
-              <label class="block text-sm font-medium text-slate-700 mb-1">Session Title *</label>
-              <input id="s-title" type="text" required
-                class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="e.g. Week 1 - Introduction" />
-            </div>
-            <div class="grid grid-cols-2 gap-3">
+        <!-- Create Session -->
+        <section class="bg-white rounded-2xl shadow-sm border border-slate-100 overflow-hidden">
+          <div class="px-6 py-4 border-b border-slate-100 bg-gradient-to-r from-emerald-50 to-teal-50">
+            <h2 class="font-bold text-slate-800">&#128197; Add Session</h2>
+            <p class="text-slate-500 text-xs mt-0.5">Location and description are encrypted at rest.</p>
+          </div>
+          <div class="p-6">
+            <form id="form-session" class="space-y-4" novalidate>
+              <div>
+                <label class="block text-sm font-medium text-slate-700 mb-1">Activity *</label>
+                <select id="s-activity"
+                  class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
+                  <option value="">Select one of your activities...</option>
+                </select>
+              </div>
+              <div>
+                <label class="block text-sm font-medium text-slate-700 mb-1">Session Title *</label>
+                <input id="s-title" type="text" required
+                  class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
+                  placeholder="e.g. Week 1 - Introduction" />
+              </div>
+              <div class="grid grid-cols-2 gap-3">
+                <div>
+                  <label class="block text-sm font-medium text-slate-700 mb-1">Start Time</label>
+                  <input id="s-start" type="datetime-local"
+                    class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" />
+                </div>
+                <div>
+                  <label class="block text-sm font-medium text-slate-700 mb-1">End Time</label>
+                  <input id="s-end" type="datetime-local"
+                    class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" />
+                </div>
+              </div>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">Start Time</label>
-                <input id="s-start" type="datetime-local"
-                  class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" />
+                <label class="block text-sm font-medium text-slate-700 mb-1">Location (encrypted)</label>
+                <input id="s-location" type="text"
+                  class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
+                  placeholder="e.g. Room 101 or Zoom link" />
               </div>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">End Time</label>
-                <input id="s-end" type="datetime-local"
-                  class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" />
+                <label class="block text-sm font-medium text-slate-700 mb-1">Description (encrypted)</label>
+                <textarea id="s-desc" rows="2"
+                  class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm resize-none"
+                  placeholder="What will be covered in this session?"></textarea>
               </div>
-            </div>
-            <div>
-              <label class="block text-sm font-medium text-slate-700 mb-1">Location (encrypted)</label>
-              <input id="s-location" type="text"
-                class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="e.g. Room 101 or Zoom link" />
-            </div>
-            <div>
-              <label class="block text-sm font-medium text-slate-700 mb-1">Description (encrypted)</label>
-              <textarea id="s-desc" rows="2"
-                class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm resize-none" placeholder="What will be covered in this session?"></textarea>
-            </div>
-            <p id="ses-err" class="text-red-500 text-sm hidden"></p>
-            <p id="ses-ok" class="text-emerald-600 text-sm hidden"></p>
-            <button type="submit" class="w-full bg-emerald-600 text-white font-semibold py-2.5 rounded-xl hover:bg-emerald-700 transition text-sm">Add Session</button>
-          </form>
+              <p id="ses-err" class="text-red-500 text-sm hidden"></p>
+              <p id="ses-ok" class="text-emerald-600 text-sm hidden"></p>
+              <button type="submit"
+                class="w-full bg-emerald-600 text-white font-semibold py-2.5 rounded-xl hover:bg-emerald-700 transition text-sm">Add
+                Session</button>
+            </form>
+          </div>
+        </section>
+
+      </div>
+
+      <!-- My Activities list -->
+      <section class="mt-8 bg-white rounded-2xl shadow-sm border border-slate-100 overflow-hidden">
+        <div class="px-6 py-4 border-b border-slate-100 flex items-center justify-between">
+          <h2 class="font-bold text-slate-800">My Hosted Activities</h2>
+          <span id="hosted-count" class="text-xs text-slate-400"></span>
+        </div>
+        <div id="hosted-list" class="divide-y divide-slate-50">
+          <p class="px-6 py-4 text-sm text-slate-400 animate-pulse">Loading...</p>
         </div>
       </section>
+    </main>
 
-    </div>
+    <footer class="bg-slate-800 text-slate-400 py-6 text-center text-sm mt-8">
+      <p>&copy; 2024&ndash;2026 Alpha One Labs &middot; Activity descriptions and session details encrypted at rest</p>
+    </footer>
 
-    <!-- My Activities list -->
-    <section class="mt-8 bg-white rounded-2xl shadow-sm border border-slate-100 overflow-hidden">
-      <div class="px-6 py-4 border-b border-slate-100 flex items-center justify-between">
-        <h2 class="font-bold text-slate-800">My Hosted Activities</h2>
-        <span id="hosted-count" class="text-xs text-slate-400"></span>
-      </div>
-      <div id="hosted-list" class="divide-y divide-slate-50">
-        <p class="px-6 py-4 text-sm text-slate-400 animate-pulse">Loading...</p>
-      </div>
-    </section>
-  </main>
+  </div><!-- /#host-content -->
 
-  <footer class="bg-slate-800 text-slate-400 py-6 text-center text-sm mt-8">
-    <p>&copy; 2024&ndash;2026 Alpha One Labs &middot; Activity descriptions and session details encrypted at rest</p>
-  </footer>
+  <script>
+    const API = '';
+    const token = localStorage.getItem('edu_token');
+    const user = JSON.parse(localStorage.getItem('edu_user') || 'null');
+    const inFlight = new Set();
 
-</div><!-- /#host-content -->
+    async function withActionLock(key, action) {
+      if (inFlight.has(key)) return;
+      inFlight.add(key);
+      try {
+        await action();
+      } finally {
+        inFlight.delete(key);
+      }
+    }
 
-<script>
-  const API   = '';
-  const token = localStorage.getItem('edu_token');
-  const user  = JSON.parse(localStorage.getItem('edu_user') || 'null');
-  function esc(s) { return String(s).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;'); }
-  function logout() { localStorage.clear(); window.location.href = '/login.html'; }
+    function esc(s) { return String(s).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;'); }
+    function logout() { localStorage.clear(); window.location.href = '/login.html'; }
 
-  if (!token || !user) {
-    window.location.href = '/login.html';
-  } else {
-    document.getElementById('nav-user').textContent = 'Hi, ' + user.username;
-    document.getElementById('host-content').classList.remove('hidden');
-    init();
-  }
+    if (!token || !user) {
+      window.location.href = '/login.html';
+    } else {
+      document.getElementById('nav-user').textContent = 'Hi, ' + user.username;
+      document.getElementById('host-content').classList.remove('hidden');
+      init();
+    }
 
-  const typeIcon  = { course:'📚', meetup:'🤝', workshop:'🔧', seminar:'🎤', other:'✨' };
-  const typeColor = { course:'bg-indigo-100 text-indigo-700', meetup:'bg-pink-100 text-pink-700', workshop:'bg-orange-100 text-orange-700', seminar:'bg-teal-100 text-teal-700', other:'bg-slate-100 text-slate-600' };
-  const fmtLabel  = { live:'Live', self_paced:'Self-paced', hybrid:'Hybrid' };
+    const typeIcon = { course: '📚', meetup: '🤝', workshop: '🔧', seminar: '🎤', other: '✨' };
+    const typeColor = { course: 'bg-indigo-100 text-indigo-700', meetup: 'bg-pink-100 text-pink-700', workshop: 'bg-orange-100 text-orange-700', seminar: 'bg-teal-100 text-teal-700', other: 'bg-slate-100 text-slate-600' };
+    const fmtLabel = { live: 'Live', self_paced: 'Self-paced', hybrid: 'Hybrid' };
 
-  let hostedActivities = [];
+    let hostedActivities = [];
+    let hostedLoadVersion = 0;
 
-  async function init() {
-    await loadHostedActivities();
-    const params = new URLSearchParams(location.search);
-    const preselect = params.get('activity_id');
-    if (preselect) {
-      const sel = document.getElementById('s-activity');
-      const opt = sel.querySelector('option[value="' + esc(preselect) + '"]');
-      if (opt) opt.selected = true;
+    async function init() {
+      await loadHostedActivities();
+      const params = new URLSearchParams(location.search);
+      const preselect = params.get('activity_id');
+      if (preselect) {
+        const sel = document.getElementById('s-activity');
+        const opt = sel.querySelector('option[value="' + esc(preselect) + '"]');
+        if (opt) opt.selected = true;
+      }
     }
-  }
 
-  async function loadHostedActivities() {
-    const res  = await fetch('/api/dashboard', { headers:{ Authorization:'Bearer ' + token } });
-    const data = await res.json();
-    hostedActivities = data.hosted_activities || [];
-    document.getElementById('hosted-count').textContent = hostedActivities.length + ' activities';
+    async function loadHostedActivities() {
+      const loadVersion = ++hostedLoadVersion;
+      const res = await fetch('/api/dashboard', { headers: { Authorization: 'Bearer ' + token } });
+      const data = await res.json();
+      if (loadVersion !== hostedLoadVersion) return;
+      hostedActivities = data.hosted_activities || [];
+      document.getElementById('hosted-count').textContent = hostedActivities.length + ' activities';
 
-    const sel = document.getElementById('s-activity');
-    sel.innerHTML = '<option value="">Select one of your activities...</option>' +
-      hostedActivities.map(a =>
-        '<option value="' + esc(a.id) + '">' + esc(a.title) + '</option>'
-      ).join('');
+      const sel = document.getElementById('s-activity');
+      sel.innerHTML = '<option value="">Select one of your activities...</option>' +
+        hostedActivities.map(a =>
+          '<option value="' + esc(a.id) + '">' + esc(a.title) + '</option>'
+        ).join('');
 
-    const list = document.getElementById('hosted-list');
-    if (!hostedActivities.length) {
-      list.innerHTML = '<p class="px-6 py-8 text-sm text-slate-400 text-center">No activities yet. Create one above!</p>';
-      return;
-    }
-    list.innerHTML = hostedActivities.map(a => {
-      const tc  = typeColor[a.type] || 'bg-slate-100 text-slate-600';
-      const ic  = typeIcon[a.type]  || '✨';
-      const tags = (a.tags||[]).slice(0,4).map(t =>
-        '<span class="badge bg-slate-100 text-slate-500">' + esc(t) + '</span>').join('');
-      return '<div class="px-6 py-4 flex items-center justify-between gap-4 hover:bg-slate-50 transition">' +
-        '<div class="flex-1 min-w-0">' +
+      const list = document.getElementById('hosted-list');
+      if (!hostedActivities.length) {
+        list.innerHTML = '<p class="px-6 py-8 text-sm text-slate-400 text-center">No activities yet. Create one above!</p>';
+        return;
+      }
+      list.innerHTML = hostedActivities.map(a => {
+        const tc = typeColor[a.type] || 'bg-slate-100 text-slate-600';
+        const ic = typeIcon[a.type] || '✨';
+        const tags = (a.tags || []).slice(0, 4).map(t =>
+          '<span class="badge bg-slate-100 text-slate-500">' + esc(t) + '</span>').join('');
+        return '<div class="px-6 py-4 flex items-center justify-between gap-4 hover:bg-slate-50 transition">' +
+          '<div class="flex-1 min-w-0">' +
           '<p class="font-semibold text-slate-800 text-sm truncate">' + ic + ' ' + esc(a.title) + '</p>' +
           '<div class="flex flex-wrap items-center gap-2 mt-1 text-xs text-slate-400">' +
-            '<span class="badge ' + tc + '">' + esc(a.type) + '</span>' +
-            '<span>' + (fmtLabel[a.format]||a.format) + '</span>' +
-            '<span>👥 ' + a.participant_count + '</span>' +
-            '<span>🗓 ' + a.session_count + ' sessions</span>' +
-            tags +
+          '<span class="badge ' + tc + '">' + esc(a.type) + '</span>' +
+          '<span>' + (fmtLabel[a.format] || a.format) + '</span>' +
+          '<span>👥 ' + a.participant_count + '</span>' +
+          '<span>🗓 ' + a.session_count + ' sessions</span>' +
+          tags +
           '</div>' +
-        '</div>' +
-        '<div class="flex gap-2 shrink-0">' +
+          '</div>' +
+          '<div class="flex gap-2 shrink-0">' +
           '<a href="/course.html?id=' + esc(a.id) + '" class="text-xs text-brand font-semibold border border-brand/30 px-3 py-1.5 rounded-lg hover:bg-indigo-50">View</a>' +
-        '</div>' +
-      '</div>';
-    }).join('');
-  }
+          '</div>' +
+          '</div>';
+      }).join('');
+    }
 
-  function showMsg(id, msg, isErr) {
-    const el = document.getElementById(id);
-    el.textContent = msg;
-    el.classList.remove('hidden');
-    setTimeout(() => el.classList.add('hidden'), 4000);
-  }
+    function showMsg(id, msg, isErr) {
+      const el = document.getElementById(id);
+      el.textContent = msg;
+      el.classList.remove('hidden');
+      setTimeout(() => el.classList.add('hidden'), 4000);
+    }
 
-  document.getElementById('form-activity').addEventListener('submit', async e => {
-    e.preventDefault();
-    document.getElementById('act-err').classList.add('hidden');
-    document.getElementById('act-ok').classList.add('hidden');
-    const btn = e.target.querySelector('button[type=submit]');
-    btn.textContent = 'Creating...'; btn.disabled = true;
-    const rawTags = document.getElementById('a-tags').value;
-    const tags = rawTags ? rawTags.split(',').map(t => t.trim()).filter(Boolean) : [];
-    try {
-      const res  = await fetch('/api/activities', {
-        method:'POST', headers:{ 'Content-Type':'application/json', Authorization:'Bearer ' + token },
-        body: JSON.stringify({
-          title:         document.getElementById('a-title').value.trim(),
-          description:   document.getElementById('a-desc').value.trim(),
-          type:          document.getElementById('a-type').value,
-          format:        document.getElementById('a-format').value,
-          schedule_type: document.getElementById('a-schedule').value,
-          tags,
-        })
+    document.getElementById('form-activity').addEventListener('submit', e => {
+      e.preventDefault();
+      withActionLock('create-activity', async () => {
+        document.getElementById('act-err').classList.add('hidden');
+        document.getElementById('act-ok').classList.add('hidden');
+        const btn = e.target.querySelector('button[type=submit]');
+        btn.textContent = 'Creating...'; btn.disabled = true;
+        const rawTags = document.getElementById('a-tags').value;
+        const tags = rawTags ? rawTags.split(',').map(t => t.trim()).filter(Boolean) : [];
+        try {
+          const res = await fetch('/api/activities', {
+            method: 'POST', headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + token },
+            body: JSON.stringify({
+              title: document.getElementById('a-title').value.trim(),
+              description: document.getElementById('a-desc').value.trim(),
+              type: document.getElementById('a-type').value,
+              format: document.getElementById('a-format').value,
+              schedule_type: document.getElementById('a-schedule').value,
+              tags,
+            })
+          });
+          const data = await res.json();
+          if (!res.ok) throw new Error(data.error || 'Failed');
+          showMsg('act-ok', 'Activity created: ' + data.data.title, false);
+          e.target.reset();
+          await loadHostedActivities();
+        } catch (err) { showMsg('act-err', err.message, true); }
+        finally { btn.textContent = 'Create Activity'; btn.disabled = false; }
       });
-      const data = await res.json();
-      if (!res.ok) throw new Error(data.error || 'Failed');
-      showMsg('act-ok', 'Activity created: ' + data.data.title, false);
-      e.target.reset();
-      await loadHostedActivities();
-    } catch (err) { showMsg('act-err', err.message, true); }
-    finally { btn.textContent = 'Create Activity'; btn.disabled = false; }
-  });
+    });
 
-  document.getElementById('form-session').addEventListener('submit', async e => {
-    e.preventDefault();
-    document.getElementById('ses-err').classList.add('hidden');
-    document.getElementById('ses-ok').classList.add('hidden');
-    const btn = e.target.querySelector('button[type=submit]');
-    const actId = document.getElementById('s-activity').value;
-    if (!actId) { showMsg('ses-err', 'Please select an activity', true); return; }
-    btn.textContent = 'Adding...'; btn.disabled = true;
-    const fmt = v => v ? v.replace('T',' ') : '';
-    try {
-      const res  = await fetch('/api/sessions', {
-        method:'POST', headers:{ 'Content-Type':'application/json', Authorization:'Bearer ' + token },
-        body: JSON.stringify({
-          activity_id: actId,
-          title:       document.getElementById('s-title').value.trim(),
-          description: document.getElementById('s-desc').value.trim(),
-          start_time:  fmt(document.getElementById('s-start').value),
-          end_time:    fmt(document.getElementById('s-end').value),
-          location:    document.getElementById('s-location').value.trim(),
-        })
+    document.getElementById('form-session').addEventListener('submit', e => {
+      e.preventDefault();
+      withActionLock('create-session', async () => {
+        document.getElementById('ses-err').classList.add('hidden');
+        document.getElementById('ses-ok').classList.add('hidden');
+        const btn = e.target.querySelector('button[type=submit]');
+        const actId = document.getElementById('s-activity').value;
+        if (!actId) { showMsg('ses-err', 'Please select an activity', true); return; }
+        btn.textContent = 'Adding...'; btn.disabled = true;
+        const fmt = v => v ? v.replace('T', ' ') : '';
+        try {
+          const res = await fetch('/api/sessions', {
+            method: 'POST', headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + token },
+            body: JSON.stringify({
+              activity_id: actId,
+              title: document.getElementById('s-title').value.trim(),
+              description: document.getElementById('s-desc').value.trim(),
+              start_time: fmt(document.getElementById('s-start').value),
+              end_time: fmt(document.getElementById('s-end').value),
+              location: document.getElementById('s-location').value.trim(),
+            })
+          });
+          const data = await res.json();
+          if (!res.ok) throw new Error(data.error || 'Failed');
+          showMsg('ses-ok', 'Session added successfully!', false);
+          document.getElementById('s-title').value = '';
+          document.getElementById('s-desc').value = '';
+          document.getElementById('s-start').value = '';
+          document.getElementById('s-end').value = '';
+          document.getElementById('s-location').value = '';
+          await loadHostedActivities();
+        } catch (err) { showMsg('ses-err', err.message, true); }
+        finally { btn.textContent = 'Add Session'; btn.disabled = false; }
       });
-      const data = await res.json();
-      if (!res.ok) throw new Error(data.error || 'Failed');
-      showMsg('ses-ok', 'Session added successfully!', false);
-      document.getElementById('s-title').value    = '';
-      document.getElementById('s-desc').value     = '';
-      document.getElementById('s-start').value    = '';
-      document.getElementById('s-end').value      = '';
-      document.getElementById('s-location').value = '';
-      await loadHostedActivities();
-    } catch (err) { showMsg('ses-err', err.message, true); }
-    finally { btn.textContent = 'Add Session'; btn.disabled = false; }
-  });
-</script>
+    });
+  </script>
 </body>
+
 </html>
\ No newline at end of file
diff --git a/src/worker.py b/src/worker.py
index a0296a6..c99b9f2 100644
--- a/src/worker.py
+++ b/src/worker.py
@@ -976,13 +976,21 @@ async def api_join(req, env):
     if not act:
         return err("Activity not found", 404)
 
+    existing = await env.DB.prepare(
+        "SELECT id FROM enrollments WHERE activity_id=? AND user_id=?"
+    ).bind(act_id, user["id"]).first()
+    if existing:
+        return ok(None, "Already joined activity")
+
     enr_id = new_id()
     try:
         await env.DB.prepare(
-            "INSERT OR IGNORE INTO enrollments (id,activity_id,user_id,role)"
+            "INSERT INTO enrollments (id,activity_id,user_id,role)"
             " VALUES (?,?,?,?)"
         ).bind(enr_id, act_id, user["id"], role).run()
     except Exception as e:
+        if "UNIQUE" in str(e):
+            return ok(None, "Already joined activity")
         capture_exception(e, req, env, "api_join.insert_enrollment")
         return err("Failed to join activity — please try again", 500)
 

From f3f11e933d9d21c92745407426328f8cc964b5a5 Mon Sep 17 00:00:00 2001
From: FlashL3opard <69573060+Flashl3opard@users.noreply.github.com>
Date: Wed, 8 Apr 2026 22:58:09 +0530
Subject: [PATCH 2/2] fix: address review feedback for idempotency and
 accessibility

---
 public/course.html |   2 +-
 public/login.html  |  16 +++----
 public/teach.html  | 113 ++++++++++++++++++++++++++-------------------
 src/worker.py      |  11 +++--
 4 files changed, 83 insertions(+), 59 deletions(-)

diff --git a/public/course.html b/public/course.html
index 47ab49e..2e03939 100644
--- a/public/course.html
+++ b/public/course.html
@@ -86,7 +86,7 @@ <h2 class="font-bold text-slate-800 text-sm">Sessions</h2>
           <h3 class="font-bold text-slate-800 text-lg mb-2">Join to access session details</h3>
           <p class="text-slate-500 text-sm mb-4">Session locations and descriptions are encrypted and only revealed to
             participants.</p>
-          <button id="btn-join" onclick="joinActivity()"
+          <button type="button" id="btn-join" onclick="joinActivity()"
             class="bg-brand text-white font-bold px-8 py-2.5 rounded-xl hover:bg-brand-dark transition text-sm">Join
             Activity - Free</button>
         </div>
diff --git a/public/login.html b/public/login.html
index 5031096..cac2b24 100644
--- a/public/login.html
+++ b/public/login.html
@@ -32,9 +32,9 @@
 
     <div class="bg-white rounded-2xl shadow-sm border border-slate-100 overflow-hidden">
       <div class="flex border-b border-slate-100">
-        <button id="tab-login" onclick="switchTab('login')"
+        <button type="button" id="tab-login" onclick="switchTab('login')"
           class="flex-1 py-4 text-sm font-semibold border-b-2 border-brand text-brand transition">Login</button>
-        <button id="tab-register" onclick="switchTab('register')"
+        <button type="button" id="tab-register" onclick="switchTab('register')"
           class="flex-1 py-4 text-sm font-semibold border-b-2 border-transparent text-slate-400 hover:text-slate-600 transition">Register</button>
       </div>
 
@@ -42,13 +42,13 @@
         <h2 class="text-xl font-bold text-slate-800 mb-6">Welcome back!</h2>
         <form id="form-login" class="space-y-4" novalidate>
           <div>
-            <label class="block text-sm font-medium text-slate-700 mb-1">Username</label>
+            <label for="l-username" class="block text-sm font-medium text-slate-700 mb-1">Username</label>
             <input id="l-username" type="text" autocomplete="username" required
               class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
               placeholder="your_username" />
           </div>
           <div>
-            <label class="block text-sm font-medium text-slate-700 mb-1">Password</label>
+            <label for="l-password" class="block text-sm font-medium text-slate-700 mb-1">Password</label>
             <input id="l-password" type="password" autocomplete="current-password" required
               class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
               placeholder="..." />
@@ -68,25 +68,25 @@ <h2 class="text-xl font-bold text-slate-800 mb-6">Welcome back!</h2>
         <h2 class="text-xl font-bold text-slate-800 mb-6">Create your account</h2>
         <form id="form-register" class="space-y-4" novalidate>
           <div>
-            <label class="block text-sm font-medium text-slate-700 mb-1">Display Name</label>
+            <label for="r-name" class="block text-sm font-medium text-slate-700 mb-1">Display Name</label>
             <input id="r-name" type="text" autocomplete="name"
               class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
               placeholder="Your Full Name" />
           </div>
           <div>
-            <label class="block text-sm font-medium text-slate-700 mb-1">Username</label>
+            <label for="r-username" class="block text-sm font-medium text-slate-700 mb-1">Username</label>
             <input id="r-username" type="text" autocomplete="username" required
               class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
               placeholder="choose_a_username" />
           </div>
           <div>
-            <label class="block text-sm font-medium text-slate-700 mb-1">Email</label>
+            <label for="r-email" class="block text-sm font-medium text-slate-700 mb-1">Email</label>
             <input id="r-email" type="email" autocomplete="email" required
               class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
               placeholder="you@example.com" />
           </div>
           <div>
-            <label class="block text-sm font-medium text-slate-700 mb-1">Password</label>
+            <label for="r-password" class="block text-sm font-medium text-slate-700 mb-1">Password</label>
             <input id="r-password" type="password" autocomplete="new-password" required minlength="6"
               class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
               placeholder="min 6 characters" />
diff --git a/public/teach.html b/public/teach.html
index 646edfb..650a750 100644
--- a/public/teach.html
+++ b/public/teach.html
@@ -69,20 +69,20 @@ <h2 class="font-bold text-slate-800">&#127775; Create New Activity</h2>
           <div class="p-6">
             <form id="form-activity" class="space-y-4" novalidate>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">Title *</label>
+                <label for="a-title" class="block text-sm font-medium text-slate-700 mb-1">Title *</label>
                 <input id="a-title" type="text" required
                   class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
                   placeholder="e.g. Python for Beginners" />
               </div>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">Description</label>
+                <label for="a-desc" class="block text-sm font-medium text-slate-700 mb-1">Description</label>
                 <textarea id="a-desc" rows="3"
                   class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm resize-none"
                   placeholder="What will participants gain?"></textarea>
               </div>
               <div class="grid grid-cols-3 gap-3">
                 <div>
-                  <label class="block text-sm font-medium text-slate-700 mb-1">Type</label>
+                  <label for="a-type" class="block text-sm font-medium text-slate-700 mb-1">Type</label>
                   <select id="a-type"
                     class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
                     <option value="course">📚 Course</option>
@@ -93,7 +93,7 @@ <h2 class="font-bold text-slate-800">&#127775; Create New Activity</h2>
                   </select>
                 </div>
                 <div>
-                  <label class="block text-sm font-medium text-slate-700 mb-1">Format</label>
+                  <label for="a-format" class="block text-sm font-medium text-slate-700 mb-1">Format</label>
                   <select id="a-format"
                     class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
                     <option value="self_paced">Self-paced</option>
@@ -102,7 +102,7 @@ <h2 class="font-bold text-slate-800">&#127775; Create New Activity</h2>
                   </select>
                 </div>
                 <div>
-                  <label class="block text-sm font-medium text-slate-700 mb-1">Schedule</label>
+                  <label for="a-schedule" class="block text-sm font-medium text-slate-700 mb-1">Schedule</label>
                   <select id="a-schedule"
                     class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
                     <option value="ongoing">Ongoing</option>
@@ -113,7 +113,7 @@ <h2 class="font-bold text-slate-800">&#127775; Create New Activity</h2>
                 </div>
               </div>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">Tags (comma-separated)</label>
+                <label for="a-tags" class="block text-sm font-medium text-slate-700 mb-1">Tags (comma-separated)</label>
                 <input id="a-tags" type="text"
                   class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
                   placeholder="Python, Beginners, Data Science" />
@@ -136,38 +136,40 @@ <h2 class="font-bold text-slate-800">&#128197; Add Session</h2>
           <div class="p-6">
             <form id="form-session" class="space-y-4" novalidate>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">Activity *</label>
+                <label for="s-activity" class="block text-sm font-medium text-slate-700 mb-1">Activity *</label>
                 <select id="s-activity"
                   class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm">
                   <option value="">Select one of your activities...</option>
                 </select>
               </div>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">Session Title *</label>
+                <label for="s-title" class="block text-sm font-medium text-slate-700 mb-1">Session Title *</label>
                 <input id="s-title" type="text" required
                   class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
                   placeholder="e.g. Week 1 - Introduction" />
               </div>
               <div class="grid grid-cols-2 gap-3">
                 <div>
-                  <label class="block text-sm font-medium text-slate-700 mb-1">Start Time</label>
+                  <label for="s-start" class="block text-sm font-medium text-slate-700 mb-1">Start Time</label>
                   <input id="s-start" type="datetime-local"
                     class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" />
                 </div>
                 <div>
-                  <label class="block text-sm font-medium text-slate-700 mb-1">End Time</label>
+                  <label for="s-end" class="block text-sm font-medium text-slate-700 mb-1">End Time</label>
                   <input id="s-end" type="datetime-local"
                     class="w-full px-3 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" />
                 </div>
               </div>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">Location (encrypted)</label>
+                <label for="s-location" class="block text-sm font-medium text-slate-700 mb-1">Location
+                  (encrypted)</label>
                 <input id="s-location" type="text"
                   class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm"
                   placeholder="e.g. Room 101 or Zoom link" />
               </div>
               <div>
-                <label class="block text-sm font-medium text-slate-700 mb-1">Description (encrypted)</label>
+                <label for="s-desc" class="block text-sm font-medium text-slate-700 mb-1">Description
+                  (encrypted)</label>
                 <textarea id="s-desc" rows="2"
                   class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm resize-none"
                   placeholder="What will be covered in this session?"></textarea>
@@ -248,44 +250,61 @@ <h2 class="font-bold text-slate-800">My Hosted Activities</h2>
 
     async function loadHostedActivities() {
       const loadVersion = ++hostedLoadVersion;
-      const res = await fetch('/api/dashboard', { headers: { Authorization: 'Bearer ' + token } });
-      const data = await res.json();
-      if (loadVersion !== hostedLoadVersion) return;
-      hostedActivities = data.hosted_activities || [];
-      document.getElementById('hosted-count').textContent = hostedActivities.length + ' activities';
+      try {
+        const res = await fetch('/api/dashboard', { headers: { Authorization: 'Bearer ' + token } });
+        let data = null;
+        try {
+          data = await res.json();
+        } catch {
+          data = null;
+        }
+        if (!res.ok) {
+          const msg = (data && data.error) ? data.error : 'Failed to load hosted activities';
+          throw new Error(msg);
+        }
+        if (loadVersion !== hostedLoadVersion) return;
+        hostedActivities = data.hosted_activities || [];
+        document.getElementById('hosted-count').textContent = hostedActivities.length + ' activities';
 
-      const sel = document.getElementById('s-activity');
-      sel.innerHTML = '<option value="">Select one of your activities...</option>' +
-        hostedActivities.map(a =>
-          '<option value="' + esc(a.id) + '">' + esc(a.title) + '</option>'
-        ).join('');
+        const sel = document.getElementById('s-activity');
+        sel.innerHTML = '<option value="">Select one of your activities...</option>' +
+          hostedActivities.map(a =>
+            '<option value="' + esc(a.id) + '">' + esc(a.title) + '</option>'
+          ).join('');
 
-      const list = document.getElementById('hosted-list');
-      if (!hostedActivities.length) {
-        list.innerHTML = '<p class="px-6 py-8 text-sm text-slate-400 text-center">No activities yet. Create one above!</p>';
-        return;
+        const list = document.getElementById('hosted-list');
+        if (!hostedActivities.length) {
+          list.innerHTML = '<p class="px-6 py-8 text-sm text-slate-400 text-center">No activities yet. Create one above!</p>';
+          return;
+        }
+        list.innerHTML = hostedActivities.map(a => {
+          const tc = typeColor[a.type] || 'bg-slate-100 text-slate-600';
+          const ic = typeIcon[a.type] || '✨';
+          const tags = (a.tags || []).slice(0, 4).map(t =>
+            '<span class="badge bg-slate-100 text-slate-500">' + esc(t) + '</span>').join('');
+          return '<div class="px-6 py-4 flex items-center justify-between gap-4 hover:bg-slate-50 transition">' +
+            '<div class="flex-1 min-w-0">' +
+            '<p class="font-semibold text-slate-800 text-sm truncate">' + ic + ' ' + esc(a.title) + '</p>' +
+            '<div class="flex flex-wrap items-center gap-2 mt-1 text-xs text-slate-400">' +
+            '<span class="badge ' + tc + '">' + esc(a.type) + '</span>' +
+            '<span>' + (fmtLabel[a.format] || a.format) + '</span>' +
+            '<span>👥 ' + a.participant_count + '</span>' +
+            '<span>🗓 ' + a.session_count + ' sessions</span>' +
+            tags +
+            '</div>' +
+            '</div>' +
+            '<div class="flex gap-2 shrink-0">' +
+            '<a href="/course.html?id=' + esc(a.id) + '" class="text-xs text-brand font-semibold border border-brand/30 px-3 py-1.5 rounded-lg hover:bg-indigo-50">View</a>' +
+            '</div>' +
+            '</div>';
+        }).join('');
+      } catch (err) {
+        if (loadVersion !== hostedLoadVersion) return;
+        hostedActivities = [];
+        document.getElementById('hosted-count').textContent = 'Unable to load';
+        document.getElementById('s-activity').innerHTML = '<option value="">Select one of your activities...</option>';
+        document.getElementById('hosted-list').innerHTML = '<p class="px-6 py-8 text-sm text-red-500 text-center">' + esc(err.message || 'Failed to load hosted activities') + '</p>';
       }
-      list.innerHTML = hostedActivities.map(a => {
-        const tc = typeColor[a.type] || 'bg-slate-100 text-slate-600';
-        const ic = typeIcon[a.type] || '✨';
-        const tags = (a.tags || []).slice(0, 4).map(t =>
-          '<span class="badge bg-slate-100 text-slate-500">' + esc(t) + '</span>').join('');
-        return '<div class="px-6 py-4 flex items-center justify-between gap-4 hover:bg-slate-50 transition">' +
-          '<div class="flex-1 min-w-0">' +
-          '<p class="font-semibold text-slate-800 text-sm truncate">' + ic + ' ' + esc(a.title) + '</p>' +
-          '<div class="flex flex-wrap items-center gap-2 mt-1 text-xs text-slate-400">' +
-          '<span class="badge ' + tc + '">' + esc(a.type) + '</span>' +
-          '<span>' + (fmtLabel[a.format] || a.format) + '</span>' +
-          '<span>👥 ' + a.participant_count + '</span>' +
-          '<span>🗓 ' + a.session_count + ' sessions</span>' +
-          tags +
-          '</div>' +
-          '</div>' +
-          '<div class="flex gap-2 shrink-0">' +
-          '<a href="/course.html?id=' + esc(a.id) + '" class="text-xs text-brand font-semibold border border-brand/30 px-3 py-1.5 rounded-lg hover:bg-indigo-50">View</a>' +
-          '</div>' +
-          '</div>';
-      }).join('');
     }
 
     function showMsg(id, msg, isErr) {
diff --git a/src/worker.py b/src/worker.py
index c99b9f2..83adc8f 100644
--- a/src/worker.py
+++ b/src/worker.py
@@ -985,15 +985,20 @@ async def api_join(req, env):
     enr_id = new_id()
     try:
         await env.DB.prepare(
-            "INSERT INTO enrollments (id,activity_id,user_id,role)"
+            "INSERT OR IGNORE INTO enrollments (id,activity_id,user_id,role)"
             " VALUES (?,?,?,?)"
         ).bind(enr_id, act_id, user["id"], role).run()
     except Exception as e:
-        if "UNIQUE" in str(e):
-            return ok(None, "Already joined activity")
         capture_exception(e, req, env, "api_join.insert_enrollment")
         return err("Failed to join activity — please try again", 500)
 
+    # Distinguish fresh join vs concurrent duplicate using the row that now exists.
+    current = await env.DB.prepare(
+        "SELECT id FROM enrollments WHERE activity_id=? AND user_id=?"
+    ).bind(act_id, user["id"]).first()
+    if current and current.id != enr_id:
+        return ok(None, "Already joined activity")
+
     return ok(None, "Joined activity successfully")