Files
Abimanyu Ridho f8e627a27b update database
2026-06-11 15:08:33 +07:00

210 lines
9.5 KiB
PHP

<?php
// api/rumah_ibadah.php
require_once __DIR__ . '/config/database.php';
require_once __DIR__ . '/helpers/response.php';
// setCORSHeaders() dan checkRBAC() sudah dipanggil otomatis oleh response.php
$db = getDB();
$method = getMethod();
requireWriteAuth($method);
$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
switch ($method) {
// ── GET: ambil semua atau satu data ──────────────────────────────
case 'GET':
if ($id > 0) {
$stmt = $db->prepare(
"SELECT ri.id, ri.nama, ri.jenis, ri.alamat, ri.no_wa,
ri.latitude, ri.longitude, ri.radius_meter,
ri.created_at, u.username
FROM rumah_ibadah ri
LEFT JOIN users u ON u.rumah_ibadah_id = ri.id
WHERE ri.id = ?"
);
$stmt->bind_param('i', $id);
$stmt->execute();
$row = $stmt->get_result()->fetch_assoc();
if ($row) {
$row['latitude'] = (float)$row['latitude'];
$row['longitude'] = (float)$row['longitude'];
$row['radius_meter'] = (int)$row['radius_meter'];
}
$row ? sendSuccess($row) : sendError('Data tidak ditemukan', 404);
} else {
$sql = "SELECT ri.id, ri.nama, ri.jenis, ri.alamat, ri.no_wa,
ri.latitude, ri.longitude, ri.radius_meter,
ri.created_at, u.username
FROM rumah_ibadah ri
LEFT JOIN users u ON u.rumah_ibadah_id = ri.id
ORDER BY ri.created_at DESC";
$result = $db->query($sql);
$rows = [];
while ($r = $result->fetch_assoc()) {
$r['latitude'] = (float)$r['latitude'];
$r['longitude'] = (float)$r['longitude'];
$r['radius_meter'] = (int)$r['radius_meter'];
$rows[] = $r;
}
sendSuccess($rows);
}
break;
// ── POST: tambah data baru ────────────────────────────────────────
case 'POST':
$body = getBody();
$required = ['nama', 'jenis', 'latitude', 'longitude', 'radius_meter'];
foreach ($required as $field) {
if (empty($body[$field]) && $body[$field] !== 0) {
sendError("Field '$field' wajib diisi");
}
}
$db->begin_transaction();
try {
$stmt = $db->prepare(
"INSERT INTO rumah_ibadah
(nama, jenis, alamat, no_wa, latitude, longitude, radius_meter)
VALUES (?, ?, ?, ?, ?, ?, ?)"
);
$stmt->bind_param(
'ssssddi',
$body['nama'],
$body['jenis'],
$body['alamat'],
$body['no_wa'],
$body['latitude'],
$body['longitude'],
$body['radius_meter']
);
executeOrFail($stmt, 'Gagal menyimpan rumah ibadah');
$newId = $db->insert_id;
// Handle user account creation
$username = isset($body['username']) ? trim($body['username']) : '';
$password = isset($body['password']) ? trim($body['password']) : '';
if ($username !== '') {
// Check if username already exists
$stmtUserCheck = $db->prepare("SELECT id FROM users WHERE username = ?");
$stmtUserCheck->bind_param('s', $username);
$stmtUserCheck->execute();
if ($stmtUserCheck->get_result()->num_rows > 0) {
throw new Exception('Username sudah digunakan');
}
if ($password === '') {
throw new Exception('Password wajib diisi jika username ditentukan');
}
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
$stmtUser = $db->prepare(
"INSERT INTO users (username, password, password_plain, role, rumah_ibadah_id) VALUES (?, ?, ?, 'petugas_lapangan', ?)"
);
$stmtUser->bind_param('sssi', $username, $hashedPassword, $password, $newId);
executeOrFail($stmtUser, 'Gagal membuat akun petugas lapangan');
}
$db->commit();
sendSuccess(['id' => $newId], 'Rumah Ibadah dan Akun Petugas berhasil disimpan', 201);
} catch (Exception $e) {
$db->rollback();
sendError($e->getMessage());
}
break;
// ── PUT: update data ──────────────────────────────────────────────
case 'PUT':
if ($id <= 0) sendError('ID wajib disertakan');
$body = getBody();
$db->begin_transaction();
try {
$stmt = $db->prepare(
"UPDATE rumah_ibadah
SET nama=?, jenis=?, alamat=?, no_wa=?,
latitude=?, longitude=?, radius_meter=?
WHERE id=?"
);
$stmt->bind_param(
'ssssddii',
$body['nama'], $body['jenis'],
$body['alamat'], $body['no_wa'],
$body['latitude'], $body['longitude'],
$body['radius_meter'], $id
);
executeOrFail($stmt, 'Gagal memperbarui rumah ibadah');
// Handle user account creation/update (only if user is admin)
if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
$username = isset($body['username']) ? trim($body['username']) : '';
$password = isset($body['password']) ? trim($body['password']) : '';
if ($username !== '') {
// Check if username belongs to another user
$stmtUserCheck = $db->prepare("SELECT id, rumah_ibadah_id FROM users WHERE username = ?");
$stmtUserCheck->bind_param('s', $username);
$stmtUserCheck->execute();
$resUserCheck = $stmtUserCheck->get_result()->fetch_assoc();
if ($resUserCheck && (int)$resUserCheck['rumah_ibadah_id'] !== $id) {
throw new Exception('Username sudah digunakan oleh akun lain');
}
// Check if account already exists for this rumah_ibadah
$stmtExisting = $db->prepare("SELECT id FROM users WHERE rumah_ibadah_id = ?");
$stmtExisting->bind_param('i', $id);
$stmtExisting->execute();
$existing = $stmtExisting->get_result()->fetch_assoc();
if ($existing) {
// Update existing user
if ($password !== '') {
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
$stmtUpdate = $db->prepare("UPDATE users SET username = ?, password = ?, password_plain = ? WHERE id = ?");
$stmtUpdate->bind_param('sssi', $username, $hashedPassword, $password, $existing['id']);
} else {
$stmtUpdate = $db->prepare("UPDATE users SET username = ? WHERE id = ?");
$stmtUpdate->bind_param('si', $username, $existing['id']);
}
executeOrFail($stmtUpdate, 'Gagal memperbarui akun petugas lapangan');
} else {
// Create new user for this rumah ibadah
if ($password === '') {
throw new Exception('Password wajib diisi untuk pembuatan akun baru');
}
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
$stmtUser = $db->prepare(
"INSERT INTO users (username, password, password_plain, role, rumah_ibadah_id) VALUES (?, ?, ?, 'petugas_lapangan', ?)"
);
$stmtUser->bind_param('sssi', $username, $hashedPassword, $password, $id);
executeOrFail($stmtUser, 'Gagal membuat akun petugas lapangan');
}
} else {
// Delete the associated user account if username is cleared
$stmtDeleteUser = $db->prepare("DELETE FROM users WHERE rumah_ibadah_id = ?");
$stmtDeleteUser->bind_param('i', $id);
$stmtDeleteUser->execute();
}
}
$db->commit();
sendSuccess(null, 'Rumah Ibadah berhasil diperbarui');
} catch (Exception $e) {
$db->rollback();
sendError($e->getMessage());
}
break;
// ── DELETE: hapus data ────────────────────────────────────────────
case 'DELETE':
if ($id <= 0) sendError('ID wajib disertakan');
$stmt = $db->prepare("DELETE FROM rumah_ibadah WHERE id=?");
$stmt->bind_param('i', $id);
executeOrFail($stmt, 'Gagal menghapus rumah ibadah');
$stmt->affected_rows > 0
? sendSuccess(null, 'Rumah Ibadah berhasil dihapus')
: sendError('Data tidak ditemukan', 404);
break;
default:
sendError('Method tidak diizinkan', 405);
}