fix: access create & update event admin only

app/Views/event/create.php

+<?php
+    session_start();
+    ob_start();
+    if (!isset($_SESSION["user_id"])) {
+        echo "here";
+        // User is not authenticated; redirect to login page
+        header("Location: /app/Views/login/login.php");
+        ob_end_flush();
+    }
+
+    require_once '../../Controllers/UserController.php';
+    $userController = new UserController();
+    $isAdmin = $userController->getUser($_SESSION['user_id'])['isAdmin'];
+    
+    // Allow only admin to access this page
+    if (!$isAdmin){
+        header("Location: /app/Views/home/home.php");
+        ob_end_flush();
+    }
+?>
+
 <!DOCTYPE html>
 <html lang="en">
 

app/Views/event/update.php

+<?php
+    session_start();
+    ob_start();
+    if (!isset($_SESSION["user_id"])) {
+        echo "here";
+        // User is not authenticated; redirect to login page
+        header("Location: /app/Views/login/login.php");
+        ob_end_flush();
+    }
+
+    require_once '../../Controllers/UserController.php';
+    $userController = new UserController();
+    $isAdmin = $userController->getUser($_SESSION['user_id'])['isAdmin'];
+    
+    // Allow only admin to access this page
+    if (!$isAdmin){
+        header("Location: /app/Views/home/home.php");
+        ob_end_flush();
+    }
+?>
+
 <!DOCTYPE html>
 <html lang="en">