real_escape_string($_POST['nama'] ?? ''); $kategori = $conn->real_escape_string($_POST['kategori_bantuan'] ?? 'Makan'); $jumlah_jiwa = (int)($_POST['jumlah_jiwa'] ?? 1); $lat = (float)($_POST['lat'] ?? 0); $lng = (float)($_POST['lng'] ?? 0); } else { $data = json_decode(file_get_contents("php://input")); if ($data) { $nama = $conn->real_escape_string($data->nama ?? ''); $kategori = $conn->real_escape_string($data->kategori_bantuan ?? 'Makan'); $jumlah_jiwa = (int)($data->jumlah_jiwa ?? 1); $lat = (float)($data->lat ?? 0); $lng = (float)($data->lng ?? 0); } } // Validasi pengelola: hanya boleh tambah jika lokasi berada dalam radius ibadah yang dikelolanya $currentUser = getCurrentUser(); if ($currentUser && $currentUser['role'] === 'pengelola') { $ibadah_id = $currentUser['ibadah_id']; if (!$ibadah_id) { http_response_code(403); echo json_encode(['status' => 'error', 'message' => 'Akun pengelola tidak terhubung ke rumah ibadah manapun.']); exit; } // Ambil data ibadah (lat, lng, radius) $res = $conn->query("SELECT lat, lng, radius FROM rumah_ibadah WHERE id=$ibadah_id"); if (!$res || $res->num_rows === 0) { http_response_code(403); echo json_encode(['status' => 'error', 'message' => 'Rumah ibadah yang dikelola tidak ditemukan.']); exit; } $ib = $res->fetch_assoc(); // Hitung jarak menggunakan Haversine formula $R = 6371000; // meter $lat1 = deg2rad((float)$ib['lat']); $lat2 = deg2rad($lat); $dLat = $lat2 - $lat1; $dLng = deg2rad($lng - (float)$ib['lng']); $a = sin($dLat/2)*sin($dLat/2) + cos($lat1)*cos($lat2)*sin($dLng/2)*sin($dLng/2); $dist = $R * 2 * atan2(sqrt($a), sqrt(1-$a)); if ($dist > (float)$ib['radius']) { http_response_code(403); echo json_encode(['status' => 'error', 'message' => 'Lokasi penduduk di luar radius rumah ibadah Anda. Hanya boleh menambah penduduk dalam radius yang dikelola.']); exit; } } // Handle file upload $upload_dir = dirname(dirname(__DIR__)) . '/uploads/'; if (!file_exists($upload_dir)) { mkdir($upload_dir, 0777, true); } function uploadFileCreate($fileKey, $upload_dir) { if (isset($_FILES[$fileKey]) && $_FILES[$fileKey]['error'] === UPLOAD_ERR_OK) { $fileTmpPath = $_FILES[$fileKey]['tmp_name']; $fileName = $_FILES[$fileKey]['name']; $fileExtension = strtolower(pathinfo($fileName, PATHINFO_EXTENSION)); $allowedExtensions = ['jpg', 'jpeg', 'png', 'gif']; if (in_array($fileExtension, $allowedExtensions)) { $newFileName = uniqid() . '_' . preg_replace('/[^a-zA-Z0-9\\._-]/', '_', $fileName); if (move_uploaded_file($fileTmpPath, $upload_dir . $newFileName)) { return $newFileName; } } } return null; } $foto_rumah = uploadFileCreate('foto_rumah', $upload_dir); $foto_kk = uploadFileCreate('foto_kk', $upload_dir); $val_foto_rumah = $foto_rumah ? "'" . $conn->real_escape_string($foto_rumah) . "'" : "NULL"; $val_foto_kk = $foto_kk ? "'" . $conn->real_escape_string($foto_kk) . "'" : "NULL"; if ($lat != 0 && $lng != 0) { $query = "INSERT INTO penduduk_miskin (nama, kategori_bantuan, jumlah_jiwa, lat, lng, foto_rumah, foto_kk) VALUES ('$nama', '$kategori', $jumlah_jiwa, $lat, $lng, $val_foto_rumah, $val_foto_kk)"; if ($conn->query($query)) { echo json_encode(["status" => "success", "id" => $conn->insert_id, "message" => "Berhasil ditambahkan."]); } else { echo json_encode(["status" => "error", "message" => "Gagal: " . $conn->error]); } } else { echo json_encode(["status" => "error", "message" => "Data tidak lengkap."]); } ?>