prepare($sql); $stmt->execute($params); json_response(['success' => true, 'data' => $stmt->fetchAll()]); } if ($method === 'POST') { $data = get_json_input(); required_fields($data, ['jenis_musibah','tingkat_urgensi','tanggal_kejadian','deskripsi']); $keluargaId = clean_int($data['keluarga_id'] ?? 0); $alamat = clean_string($data['alamat'] ?? ''); $lat = $data['lat'] ?? ''; $lng = $data['lng'] ?? ''; if ($keluargaId > 0) { $stmtKel = $pdo->prepare('SELECT id, alamat, lat, lng FROM keluarga WHERE id = ? LIMIT 1'); $stmtKel->execute([$keluargaId]); $kel = $stmtKel->fetch(); if (!$kel) json_response(['success' => false, 'message' => 'Data keluarga tidak ditemukan.'], 404); if ($alamat === '') $alamat = $kel['alamat']; if ($lat === '' || $lng === '') { $lat = $kel['lat']; $lng = $kel['lng']; } } if ($alamat === '' || $lat === '' || $lng === '') { json_response(['success' => false, 'message' => 'Pilih keluarga terdata atau tentukan lokasi kejadian pada peta.'], 422); } $stmt = $pdo->prepare('INSERT INTO laporan_musibah (keluarga_id, pelapor_id, jenis_musibah, tingkat_urgensi, tanggal_kejadian, alamat, lat, lng, deskripsi, kebutuhan_mendesak, status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, "Baru")'); $stmt->execute([ $keluargaId > 0 ? $keluargaId : null, $user['id'], allowed_value($data['jenis_musibah'], ['Kebakaran','Banjir','Sakit Mendesak','Kehilangan Pekerjaan','Kematian Tulang Punggung Keluarga','Rumah Rusak','Lainnya'], 'Lainnya'), allowed_value($data['tingkat_urgensi'], ['Rendah','Sedang','Tinggi','Darurat'], 'Sedang'), clean_string($data['tanggal_kejadian']), $alamat, clean_float($lat), clean_float($lng), clean_string($data['deskripsi']), clean_string($data['kebutuhan_mendesak'] ?? '') ]); json_response(['success' => true, 'message' => 'Laporan musibah berhasil dikirim dan masuk antrian tindak lanjut.', 'id' => $pdo->lastInsertId()], 201); } if ($method === 'PUT') { api_require_role(['admin','dinas','relawan','rumah_ibadah']); $data = get_json_input(); required_fields($data, ['id','status']); $id = clean_int($data['id']); $status = allowed_value($data['status'], ['Baru','Diverifikasi','Diproses','Ditindaklanjuti','Selesai','Ditolak'], 'Baru'); $tindak = clean_string($data['tindak_lanjut'] ?? ''); if ($role === 'rumah_ibadah') { $stmtCheck = $pdo->prepare('SELECT lm.id FROM laporan_musibah lm LEFT JOIN keluarga k ON k.id = lm.keluarga_id WHERE lm.id = ? AND (k.rumah_ibadah_id = ? OR lm.pelapor_id = ?)'); $stmtCheck->execute([$id, (int)($user['rumah_ibadah_id'] ?? 0), (int)$user['id']]); if (!$stmtCheck->fetch()) json_response(['success' => false, 'message' => 'Akses laporan musibah ditolak.'], 403); } $stmt = $pdo->prepare('UPDATE laporan_musibah SET status = ?, tindak_lanjut = CONCAT(COALESCE(tindak_lanjut, ""), ?), handled_by = ?, updated_at = NOW() WHERE id = ?'); $tambahan = $tindak !== '' ? "\n[" . date('Y-m-d H:i') . "] " . $tindak : ''; $stmt->execute([$status, $tambahan, $user['id'], $id]); json_response(['success' => true, 'message' => 'Status laporan musibah berhasil diperbarui.']); } json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);