// ============================================================
    // Access-Level Destination helper functions
    // ============================================================

    /**
     * Returns an array of access_level IDs assigned to a user.
     */
    function getUserAccessLevelIds($user_id) {
        global $conn;
        try {
            $stmt = $conn->prepare(
                "SELECT access_level_id FROM user_access_levels WHERE user_id = :uid"
            );
            $stmt->execute(['uid' => $user_id]);
            return array_column($stmt->fetchAll(PDO::FETCH_ASSOC), 'access_level_id');
        } catch (PDOException $e) {
            return [];
        }
    }

    /**
     * Returns all destination IDs permitted by any of the user's access levels.
     */
    function getUserAllowedDestinationIds($user_id) {
        global $conn;
        try {
            $levelIds = getUserAccessLevelIds($user_id);
            if (empty($levelIds)) {
                return [];
            }
            $ph   = implode(',', array_fill(0, count($levelIds), '?'));
            $stmt = $conn->prepare(
                "SELECT DISTINCT destination_id FROM access_level_destinations WHERE access_level_id IN ($ph)"
            );
            $stmt->execute($levelIds);
            return array_column($stmt->fetchAll(PDO::FETCH_ASSOC), 'destination_id');
        } catch (PDOException $e) {
            return [];
        }
    }

    /**
     * Returns vacation packages whose access_level_id is in the user's access levels.
     */
    function getVacationPackagesForUser($user_id) {
        global $conn;
        try {
            $levelIds = getUserAccessLevelIds($user_id);
            if (empty($levelIds)) {
                return [];
            }
            $ph   = implode(',', array_fill(0, count($levelIds), '?'));
            $stmt = $conn->prepare(
                "SELECT id, name, description, access_level_id
                 FROM vacation_packages
                 WHERE access_level_id IN ($ph)
                 ORDER BY name ASC"
            );
            $stmt->execute($levelIds);
            return $stmt->fetchAll(PDO::FETCH_ASSOC);
        } catch (PDOException $e) {
            return [];
        }
    }

    /**
     * Returns the active destinations belonging to a vacation package.
     */
    function getVacationPackageDestinations($package_id) {
        global $conn;
        try {
            $stmt = $conn->prepare(
                "SELECT vd.*
                 FROM vacation_destinations vd
                 INNER JOIN vacation_package_destinations vpd ON vd.id = vpd.destination_id
                 WHERE vpd.package_id = :pid AND vd.status = 1
                 ORDER BY vd.country, vd.city_name"
            );
            $stmt->execute(['pid' => $package_id]);
            return $stmt->fetchAll(PDO::FETCH_ASSOC);
        } catch (PDOException $e) {
            return [];
        }
    }

    /**
     * Count of destinations marked is_featured = 1.
     */
    function getFeaturedDestinationCount() {
        global $conn;
        try {
            $stmt = $conn->query(
                "SELECT COUNT(*) FROM vacation_destinations WHERE is_featured = 1 AND status = 1"
            );
            return (int)$stmt->fetchColumn();
        } catch (PDOException $e) {
            return 7;
        }
    }

    /**
     * Count of all active vacation destinations.
     */
    function getAllActiveDestinationCount() {
        global $conn;
        try {
            $stmt = $conn->query(
                "SELECT COUNT(*) FROM vacation_destinations WHERE status = 1"
            );
            return (int)$stmt->fetchColumn();
        } catch (PDOException $e) {
            return 130;
        }
    }

    /**
     * Replace the destination list for an access level (used by admin).
     * Accepts the main \PDO \$conn or an alternate connection.
     */
    function setAccessLevelDestinations($access_level_id, $destination_ids, $db = null) {
        global $conn;
        $pdo = $db ?? $conn;
        $pdo->beginTransaction();
        try {
            $del = $pdo->prepare(
                "DELETE FROM access_level_destinations WHERE access_level_id = :alid"
            );
            $del->execute(['alid' => $access_level_id]);
            if (!empty($destination_ids)) {
                $ins = $pdo->prepare(
                    "INSERT IGNORE INTO access_level_destinations (access_level_id, destination_id)
                     VALUES (:alid, :did)"
                );
                foreach ($destination_ids as $did) {
                    $ins->execute(['alid' => $access_level_id, 'did' => (int)$did]);
                }
            }
            $pdo->commit();
            return true;
        } catch (Exception $e) {
            $pdo->rollBack();
            return false;
        }
    }

    /**
     * Replace the destination list for a vacation package (used by admin).
     */
    function setVacationPackageDestinations($package_id, $destination_ids, $db = null) {
        global $conn;
        $pdo = $db ?? $conn;
        $pdo->beginTransaction();
        try {
            $del = $pdo->prepare(
                "DELETE FROM vacation_package_destinations WHERE package_id = :pid"
            );
            $del->execute(['pid' => $package_id]);
            if (!empty($destination_ids)) {
                $ins = $pdo->prepare(
                    "INSERT IGNORE INTO vacation_package_destinations (package_id, destination_id)
                     VALUES (:pid, :did)"
                );
                foreach ($destination_ids as $did) {
                    $ins->execute(['pid' => $package_id, 'did' => (int)$did]);
                }
            }
            $pdo->commit();
            return true;
        } catch (Exception $e) {
            $pdo->rollBack();
            return false;
        }
    }
  <br />
<b>Warning</b>:  Cannot modify header information - headers already sent by (output started at /var/www/give.vacations/db_connection.php:376) in <b>/var/www/give.vacations/index.php</b> on line <b>33</b><br />