32 lines
797 B
PHP
32 lines
797 B
PHP
<?php
|
|
session_start();
|
|
|
|
// Tolak akses jika bukan admin
|
|
if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') {
|
|
http_response_code(403); // Status Forbidden
|
|
echo "Akses ditolak! Anda bukan operator.";
|
|
exit;
|
|
}
|
|
|
|
include 'koneksi.php';
|
|
|
|
// Ambil data dari metode POST
|
|
$nama = $_POST['nama'];
|
|
$latitude = $_POST['latitude'];
|
|
$longitude = $_POST['longitude'];
|
|
|
|
// Gunakan Prepared Statement untuk mencegah SQL Injection
|
|
$query = $conn->prepare("INSERT INTO rumah_ibadah (nama, lat, lng) VALUES (?, ?, ?)");
|
|
$query->bind_param("sdd", $nama, $latitude, $longitude);
|
|
|
|
// Eksekusi dan kirim respon ke Javascript
|
|
if ($query->execute()) {
|
|
echo "Data Rumah Ibadah berhasil disimpan!";
|
|
} else {
|
|
echo "Gagal menyimpan data: " . $conn->error;
|
|
}
|
|
|
|
$query->close();
|
|
$conn->close();
|
|
?>
|