query('SELECT id, nama, email, role, rumah_ibadah_id, status_akun, kontak, alamat, nama_instansi, kategori_instansi, catatan_pengajuan, lat, lng, verified_at, created_at FROM users ORDER BY FIELD(status_akun, "Menunggu Verifikasi", "Aktif", "Ditolak"), created_at DESC'); json_response(['success' => true, 'data' => $stmt->fetchAll()]); } if ($method === 'PUT') { $data = get_json_input(); required_fields($data, ['id','action']); $id = clean_int($data['id']); $action = clean_string($data['action']); if ($id <= 0) { json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422); } if ($id === (int)$admin['id'] && $action !== 'approve') { json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat ditolak atau dihapus dari sini.'], 422); } $stmt = $pdo->prepare('SELECT * FROM users WHERE id = ? LIMIT 1'); $stmt->execute([$id]); $user = $stmt->fetch(); if (!$user) { json_response(['success' => false, 'message' => 'Akun tidak ditemukan.'], 404); } if ($action === 'reject') { $stmt = $pdo->prepare('UPDATE users SET status_akun = "Ditolak", verified_by = ?, verified_at = NOW() WHERE id = ?'); $stmt->execute([$admin['id'], $id]); json_response(['success' => true, 'message' => 'Pengajuan akun ditolak.']); } if ($action === 'approve') { $rumahIbadahId = $user['rumah_ibadah_id'] ? (int)$user['rumah_ibadah_id'] : null; if ($user['role'] === 'rumah_ibadah' && !$rumahIbadahId) { if (empty($user['nama_instansi']) || empty($user['alamat']) || empty($user['kategori_instansi']) || $user['lat'] === null || $user['lng'] === null) { json_response(['success' => false, 'message' => 'Data rumah ibadah pada pengajuan belum lengkap.'], 422); } $stmt = $pdo->prepare('INSERT INTO rumah_ibadah (nama, alamat, kategori, pengurus, kontak, dana_sosial, kuota, radius, lat, lng, status, created_by) VALUES (?, ?, ?, ?, ?, 0, 0, 500, ?, ?, "Aktif", ?)'); $stmt->execute([ $user['nama_instansi'], $user['alamat'], in_array($user['kategori_instansi'], ['Masjid','Gereja','Vihara','Klenteng','Pura','Lainnya'], true) ? $user['kategori_instansi'] : 'Lainnya', $user['nama'], $user['kontak'] ?? '', $user['lat'], $user['lng'], $admin['id'] ]); $rumahIbadahId = (int)$pdo->lastInsertId(); } $stmt = $pdo->prepare('UPDATE users SET status_akun = "Aktif", rumah_ibadah_id = ?, verified_by = ?, verified_at = NOW() WHERE id = ?'); $stmt->execute([$rumahIbadahId, $admin['id'], $id]); json_response(['success' => true, 'message' => 'Akun berhasil disetujui.']); } json_response(['success' => false, 'message' => 'Aksi tidak dikenal.'], 422); } if ($method === 'DELETE') { $id = clean_int($_GET['id'] ?? 0); if ($id <= 0) json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422); if ($id === (int)$admin['id']) json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat dihapus.'], 422); $stmt = $pdo->prepare('DELETE FROM users WHERE id = ?'); $stmt->execute([$id]); json_response(['success' => true, 'message' => 'Akun berhasil dihapus.']); } json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);