Files
UAS_SIG/api/users.php
T
2026-06-02 03:14:08 +00:00

85 lines
3.7 KiB
PHP

<?php
require_once __DIR__ . '/_helpers.php';
api_require_login();
api_require_role(['admin']);
$method = $_SERVER['REQUEST_METHOD'];
$admin = current_user();
if ($method === 'GET') {
$stmt = $pdo->query('SELECT id, nama, email, role, rumah_ibadah_id, status_akun, kontak, alamat, nama_instansi, kategori_instansi, catatan_pengajuan, lat, lng, verified_at, created_at
FROM users
ORDER BY FIELD(status_akun, "Menunggu Verifikasi", "Aktif", "Ditolak"), created_at DESC');
json_response(['success' => true, 'data' => $stmt->fetchAll()]);
}
if ($method === 'PUT') {
$data = get_json_input();
required_fields($data, ['id','action']);
$id = clean_int($data['id']);
$action = clean_string($data['action']);
if ($id <= 0) {
json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422);
}
if ($id === (int)$admin['id'] && $action !== 'approve') {
json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat ditolak atau dihapus dari sini.'], 422);
}
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ? LIMIT 1');
$stmt->execute([$id]);
$user = $stmt->fetch();
if (!$user) {
json_response(['success' => false, 'message' => 'Akun tidak ditemukan.'], 404);
}
if ($action === 'reject') {
$stmt = $pdo->prepare('UPDATE users SET status_akun = "Ditolak", verified_by = ?, verified_at = NOW() WHERE id = ?');
$stmt->execute([$admin['id'], $id]);
json_response(['success' => true, 'message' => 'Pengajuan akun ditolak.']);
}
if ($action === 'approve') {
$rumahIbadahId = $user['rumah_ibadah_id'] ? (int)$user['rumah_ibadah_id'] : null;
if ($user['role'] === 'rumah_ibadah' && !$rumahIbadahId) {
if (empty($user['nama_instansi']) || empty($user['alamat']) || empty($user['kategori_instansi']) || $user['lat'] === null || $user['lng'] === null) {
json_response(['success' => false, 'message' => 'Data rumah ibadah pada pengajuan belum lengkap.'], 422);
}
$stmt = $pdo->prepare('INSERT INTO rumah_ibadah
(nama, alamat, kategori, pengurus, kontak, dana_sosial, kuota, radius, lat, lng, status, created_by)
VALUES (?, ?, ?, ?, ?, 0, 0, 500, ?, ?, "Aktif", ?)');
$stmt->execute([
$user['nama_instansi'],
$user['alamat'],
in_array($user['kategori_instansi'], ['Masjid','Gereja','Vihara','Klenteng','Pura','Lainnya'], true) ? $user['kategori_instansi'] : 'Lainnya',
$user['nama'],
$user['kontak'] ?? '',
$user['lat'],
$user['lng'],
$admin['id']
]);
$rumahIbadahId = (int)$pdo->lastInsertId();
}
$stmt = $pdo->prepare('UPDATE users SET status_akun = "Aktif", rumah_ibadah_id = ?, verified_by = ?, verified_at = NOW() WHERE id = ?');
$stmt->execute([$rumahIbadahId, $admin['id'], $id]);
json_response(['success' => true, 'message' => 'Akun berhasil disetujui.']);
}
json_response(['success' => false, 'message' => 'Aksi tidak dikenal.'], 422);
}
if ($method === 'DELETE') {
$id = clean_int($_GET['id'] ?? 0);
if ($id <= 0) json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422);
if ($id === (int)$admin['id']) json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat dihapus.'], 422);
$stmt = $pdo->prepare('DELETE FROM users WHERE id = ?');
$stmt->execute([$id]);
json_response(['success' => true, 'message' => 'Akun berhasil dihapus.']);
}
json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);