add files

This commit is contained in:
luthfihadinugroho79
2026-06-10 19:42:59 +07:00
parent 7bf3c98e59
commit e950468760
3541 changed files with 0 additions and 0 deletions
+309
View File
@@ -0,0 +1,309 @@
<?php
// api/auth.php
header('Content-Type: application/json; charset=utf-8');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit; }
require_once '../includes/config.php';
startSession();
$method = $_SERVER['REQUEST_METHOD'];
$action = $_GET['action'] ?? '';
// ── GET: statistik publik untuk halaman login ─────────────
if ($method === 'GET' && $action === 'stats') {
$kk = $conn->query("SELECT COUNT(*) c FROM penduduk")->fetch_assoc()['c'];
$ibadah = $conn->query("SELECT COUNT(*) c FROM rumah_ibadah")->fetch_assoc()['c'];
$bantuan = $conn->query("SELECT COUNT(*) c FROM bantuan")->fetch_assoc()['c'];
jsonResponse(['kk'=>(int)$kk,'ibadah'=>(int)$ibadah,'bantuan'=>(int)$bantuan]);
}
// ── GET: cek sesi aktif ───────────────────────────────────
if ($method === 'GET' && $action === 'me') {
if (!empty($_SESSION['user_id'])) {
jsonResponse(['logged_in'=>true,'user'=>currentUser()]);
}
jsonResponse(['logged_in'=>false]);
}
// ── GET: logout ───────────────────────────────────────────
if ($method === 'GET' && $action === 'logout') {
$_SESSION = [];
session_destroy();
header('Location: ../login.php');
exit;
}
// ── GET: daftar pengurus pending (admin only) ─────────────
if ($method === 'GET' && $action === 'pending_list') {
requireLogin(['admin']);
$res = $conn->query("SELECT id,nama_lengkap,username,no_hp,email,nama_ibadah,jenis_ibadah,
latitude,longitude,alamat,kelurahan,kecamatan,radius,status,catatan_admin,created_at
FROM pengurus_pending ORDER BY created_at DESC");
$data = [];
while ($r = $res->fetch_assoc()) $data[] = $r;
jsonResponse($data);
}
// ── GET: daftar rumah ibadah tersedia untuk pendaftar ─────
if ($method === 'GET' && $action === 'ibadah_list') {
$res = $conn->query("SELECT id, nama, jenis, alamat, kelurahan, kecamatan FROM rumah_ibadah ORDER BY nama");
$data = [];
while ($r = $res->fetch_assoc()) $data[] = $r;
jsonResponse($data);
}
// ── POST: login ───────────────────────────────────────────
if ($method === 'POST' && ($action === '' || $action === 'login')) {
$raw = file_get_contents('php://input');
$d = json_decode($raw, true);
if (!$d) $d = $_POST;
$username = trim($d['username'] ?? '');
$password = $d['password'] ?? '';
$roleReq = $d['role'] ?? '';
if (!$username || !$password) {
jsonResponse(['success'=>false,'error'=>'Username dan kata sandi wajib diisi.'], 400);
}
$uname = $conn->real_escape_string($username);
$row = $conn->query(
"SELECT * FROM users WHERE (username='$uname' OR no_hp='$uname') AND is_active=1 LIMIT 1"
)->fetch_assoc();
if (!$row || !password_verify($password, $row['password_hash'])) {
jsonResponse(['success'=>false,'error'=>'Username atau kata sandi salah.'], 401);
}
// Validasi role jika dipilih
if ($roleReq && $row['role'] !== 'admin' && $row['role'] !== $roleReq) {
$roleLabel = ['masyarakat'=>'Masyarakat','pengurus_ibadah'=>'Pengurus Ibadah','pemerintah'=>'Pemerintah'];
jsonResponse(['success'=>false,'error'=>'Akun ini bukan akun '.($roleLabel[$roleReq] ?? $roleReq).'. Pilih tab yang sesuai.'], 403);
}
// Set session
session_regenerate_id(true);
$_SESSION['user_id'] = $row['id'];
$_SESSION['nama'] = $row['nama_lengkap'];
$_SESSION['role'] = $row['role'];
$_SESSION['id_rumah_ibadah'] = $row['id_rumah_ibadah'];
$_SESSION['id_penduduk'] = $row['id_penduduk'];
$_SESSION['login_time'] = time();
$uid = (int)$row['id'];
$conn->query("UPDATE users SET last_login=NOW() WHERE id=$uid");
logAktivitas($conn,'login','users',$uid,'Login dari '.$_SERVER['REMOTE_ADDR']);
$redirectMap = [
'admin' => 'dashboard/pengurus.php',
'pengurus_ibadah' => 'dashboard/pengurus.php',
'masyarakat' => 'dashboard/masyarakat.php',
'pemerintah' => 'dashboard/pemerintah.php',
];
$redirect = $redirectMap[$row['role']] ?? 'index.php';
jsonResponse(['success'=>true,'role'=>$row['role'],'redirect'=>$redirect,'nama'=>$row['nama_lengkap']]);
}
// ── POST: register masyarakat ─────────────────────────────
if ($method === 'POST' && $action === 'register') {
$raw = file_get_contents('php://input');
$d = json_decode($raw, true);
if (!$d) $d = $_POST;
$nama = trim($d['nama_lengkap'] ?? '');
$username = trim($d['username'] ?? '');
$no_hp = trim($d['no_hp'] ?? '');
$email = trim($d['email'] ?? '');
$password = $d['password'] ?? '';
$no_kk = trim($d['no_kk'] ?? '');
if (!$nama) jsonResponse(['success'=>false,'error'=>'Nama lengkap wajib diisi.'], 400);
if (!$username) jsonResponse(['success'=>false,'error'=>'Username wajib diisi.'], 400);
if (!$no_hp) jsonResponse(['success'=>false,'error'=>'Nomor HP wajib diisi.'], 400);
if (!$password) jsonResponse(['success'=>false,'error'=>'Kata sandi wajib diisi.'], 400);
if (strlen($username) < 4) jsonResponse(['success'=>false,'error'=>'Username minimal 4 karakter.'], 400);
if (strlen($password) < 6) jsonResponse(['success'=>false,'error'=>'Kata sandi minimal 6 karakter.'], 400);
if (preg_match('/\s/', $username)) jsonResponse(['success'=>false,'error'=>'Username tidak boleh mengandung spasi.'], 400);
$uname_e = $conn->real_escape_string($username);
$hp_e = $conn->real_escape_string($no_hp);
$cekUser = $conn->query("SELECT id FROM users WHERE username='$uname_e' LIMIT 1")->fetch_assoc();
if ($cekUser) jsonResponse(['success'=>false,'error'=>'Username sudah digunakan, coba username lain.'], 409);
$cekHp = $conn->query("SELECT id FROM users WHERE no_hp='$hp_e' LIMIT 1")->fetch_assoc();
if ($cekHp) jsonResponse(['success'=>false,'error'=>'Nomor HP sudah terdaftar.'], 409);
$hash = password_hash($password, PASSWORD_DEFAULT);
$nama_e = $conn->real_escape_string($nama);
$email_e = $conn->real_escape_string($email);
$hash_e = $conn->real_escape_string($hash);
$id_penduduk = 'NULL';
if ($no_kk) {
$kk_e = $conn->real_escape_string($no_kk);
$kk = $conn->query("SELECT id FROM penduduk WHERE no_kk='$kk_e' LIMIT 1")->fetch_assoc();
if ($kk) $id_penduduk = (int)$kk['id'];
}
$sql = "INSERT INTO users (nama_lengkap, username, no_hp, email, password_hash, role, id_penduduk)
VALUES ('$nama_e', '$uname_e', '$hp_e', '$email_e', '$hash_e', 'masyarakat', $id_penduduk)";
if ($conn->query($sql)) {
$newId = $conn->insert_id;
logAktivitas($conn,'register','users',$newId,"Daftar baru: $username");
jsonResponse(['success'=>true,'message'=>'Akun berhasil dibuat. Silakan login dengan username dan kata sandi Anda.']);
} else {
jsonResponse(['success'=>false,'error'=>'Gagal membuat akun: '.$conn->error], 500);
}
}
// ── POST: register pengurus ibadah (langsung aktif, tanpa pending) ────────
if ($method === 'POST' && $action === 'register_pengurus') {
$raw = file_get_contents('php://input');
$d = json_decode($raw, true);
if (!$d) $d = $_POST;
// Validasi bidang akun
$nama = trim($d['nama_lengkap'] ?? '');
$username = trim($d['username'] ?? '');
$no_hp = trim($d['no_hp'] ?? '');
$email = trim($d['email'] ?? '');
$password = $d['password'] ?? '';
// Validasi bidang rumah ibadah
$nama_ibadah = trim($d['nama_ibadah'] ?? '');
$jenis = $d['jenis_ibadah'] ?? 'Masjid';
$lat = (float)($d['latitude'] ?? 0);
$lon = (float)($d['longitude'] ?? 0);
$alamat = trim($d['alamat'] ?? '');
$kelurahan = trim($d['kelurahan'] ?? '');
$kecamatan = trim($d['kecamatan'] ?? '');
$radius = max(50, min(2000, (int)($d['radius'] ?? 300)));
// Cek wajib
if (!$nama) jsonResponse(['success'=>false,'error'=>'Nama lengkap wajib diisi.'], 400);
if (!$username) jsonResponse(['success'=>false,'error'=>'Username wajib diisi.'], 400);
if (!$no_hp) jsonResponse(['success'=>false,'error'=>'Nomor HP wajib diisi.'], 400);
if (!$password) jsonResponse(['success'=>false,'error'=>'Kata sandi wajib diisi.'], 400);
if (!$nama_ibadah) jsonResponse(['success'=>false,'error'=>'Nama rumah ibadah wajib diisi.'], 400);
if (!$lat || !$lon) jsonResponse(['success'=>false,'error'=>'Lokasi rumah ibadah wajib ditentukan.'], 400);
if (strlen($username) < 4) jsonResponse(['success'=>false,'error'=>'Username minimal 4 karakter.'], 400);
if (strlen($password) < 6) jsonResponse(['success'=>false,'error'=>'Kata sandi minimal 6 karakter.'], 400);
if (preg_match('/\s/', $username)) jsonResponse(['success'=>false,'error'=>'Username tidak boleh mengandung spasi.'], 400);
$valid_jenis = ['Masjid','Gereja','Vihara','Pura','Klenteng','Lainnya'];
if (!in_array($jenis, $valid_jenis)) $jenis = 'Masjid';
$uname_e = $conn->real_escape_string($username);
$hp_e = $conn->real_escape_string($no_hp);
// Cek duplikat di users
if ($conn->query("SELECT id FROM users WHERE username='$uname_e' LIMIT 1")->fetch_assoc())
jsonResponse(['success'=>false,'error'=>'Username sudah digunakan.'], 409);
if ($conn->query("SELECT id FROM users WHERE no_hp='$hp_e' LIMIT 1")->fetch_assoc())
jsonResponse(['success'=>false,'error'=>'Nomor HP sudah terdaftar.'], 409);
// Siapkan data
$hash = password_hash($password, PASSWORD_DEFAULT);
$nama_e = $conn->real_escape_string($nama);
$email_e = $conn->real_escape_string($email);
$hash_e = $conn->real_escape_string($hash);
$nibd_e = $conn->real_escape_string($nama_ibadah);
$jenis_e = $conn->real_escape_string($jenis);
$alamat_e = $conn->real_escape_string($alamat);
$kel_e = $conn->real_escape_string($kelurahan);
$kec_e = $conn->real_escape_string($kecamatan);
// Buat rumah ibadah dan akun pengguna dalam transaksi agar atomic
$conn->begin_transaction();
$ok = $conn->query("INSERT INTO rumah_ibadah (nama,jenis,kontak,email,latitude,longitude,alamat,kelurahan,kecamatan,radius)
VALUES ('$nibd_e','$jenis_e','$hp_e','$email_e',$lat,$lon,'$alamat_e','$kel_e','$kec_e',$radius)");
if (!$ok) {
$conn->rollback();
jsonResponse(['success'=>false,'error'=>'Gagal membuat rumah ibadah: '.$conn->error], 500);
}
$ibadahId = $conn->insert_id;
$ok = $conn->query("INSERT INTO users (nama_lengkap,username,no_hp,email,password_hash,role,id_rumah_ibadah,is_active)
VALUES ('$nama_e','$uname_e','$hp_e','$email_e','$hash_e','pengurus_ibadah',$ibadahId,1)");
if (!$ok) {
$conn->rollback();
jsonResponse(['success'=>false,'error'=>'Gagal membuat akun pengurus: '.$conn->error], 500);
}
$userId = $conn->insert_id;
$conn->commit();
logAktivitas($conn,'register_pengurus','users',$userId,"Pengurus baru langsung aktif: $username, ibadah $ibadahId");
jsonResponse([
'success' => true,
'message' => 'Pendaftaran berhasil. Akun pengurus dan rumah ibadah telah dibuat dan aktif.',
'user_id' => (int)$userId,
'ibadah_id' => (int)$ibadahId
]);
}
// ── PUT: approve / reject pengurus pending (admin) ────────
if ($method === 'PUT' && $action === 'approve_pengurus') {
requireLogin(['admin']);
$d = json_decode(file_get_contents('php://input'), true);
$id = (int)($d['id'] ?? 0);
$status = $d['status'] ?? ''; // 'approved' | 'rejected'
$catatan = $conn->real_escape_string($d['catatan'] ?? '');
if (!$id || !in_array($status, ['approved','rejected']))
jsonResponse(['success'=>false,'error'=>'Parameter tidak valid.'], 400);
$pending = $conn->query("SELECT * FROM pengurus_pending WHERE id=$id AND status='pending' LIMIT 1")->fetch_assoc();
if (!$pending) jsonResponse(['success'=>false,'error'=>'Data pendaftaran tidak ditemukan.'], 404);
if ($status === 'approved') {
// Buat rumah ibadah baru
$ni = $conn->real_escape_string($pending['nama_ibadah']);
$ji = $conn->real_escape_string($pending['jenis_ibadah']);
$hp = $conn->real_escape_string($pending['no_hp']);
$em = $conn->real_escape_string($pending['email']);
$al = $conn->real_escape_string($pending['alamat']);
$ke = $conn->real_escape_string($pending['kelurahan']);
$kc = $conn->real_escape_string($pending['kecamatan']);
$lat = (float)$pending['latitude'];
$lon = (float)$pending['longitude'];
$rad = (int)$pending['radius'];
$conn->query("INSERT INTO rumah_ibadah (nama,jenis,kontak,email,latitude,longitude,alamat,kelurahan,kecamatan,radius)
VALUES ('$ni','$ji','$hp','$em',$lat,$lon,'$al','$ke','$kc',$rad)");
$ibadahId = $conn->insert_id;
// Buat user pengurus
$un = $conn->real_escape_string($pending['username']);
$nm = $conn->real_escape_string($pending['nama_lengkap']);
$pw = $conn->real_escape_string($pending['password_hash']);
$eme = $conn->real_escape_string($pending['email']);
$hpe = $conn->real_escape_string($pending['no_hp']);
$conn->query("INSERT INTO users (nama_lengkap,username,no_hp,email,password_hash,role,id_rumah_ibadah,is_active)
VALUES ('$nm','$un','$hpe','$eme','$pw','pengurus_ibadah',$ibadahId,1)");
$userId = $conn->insert_id;
logAktivitas($conn,'approve_pengurus','pengurus_pending',$id,"Approved → user $userId, ibadah $ibadahId");
}
$conn->query("UPDATE pengurus_pending SET status='$status', catatan_admin='$catatan' WHERE id=$id");
jsonResponse([
'success' => true,
'message' => $status === 'approved' ? 'Pendaftaran disetujui. Akun dan rumah ibadah berhasil dibuat.' : 'Pendaftaran ditolak.'
]);
}
// Fallback
jsonResponse(['error'=>'Endpoint tidak valid'], 404);
?>