First commit

This commit is contained in:
2026-06-09 19:02:22 +07:00
commit c2c0774b3b
36 changed files with 10493 additions and 0 deletions
+82
View File
@@ -0,0 +1,82 @@
<?php
// ============================================================
// api_auth.php Autentikasi Pengguna dengan Role
// WebGIS Poverty Mapping
// ============================================================
require_once 'config.php';
// config.php sudah set header Content-Type & CORS.
// Jika OPTIONS preflight, sudah di-handle di config.php.
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['success' => false, 'message' => 'Method tidak diizinkan.']);
exit();
}
// Baca body JSON
$body = json_decode(file_get_contents('php://input'), true);
if (!$body) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Request body tidak valid.']);
exit();
}
$username = isset($body['username']) ? trim($body['username']) : '';
$password = isset($body['password']) ? $body['password'] : '';
$roleReq = isset($body['role']) ? trim($body['role']) : '';
// Validasi input
if (!$username || !$password || !$roleReq) {
echo json_encode(['success' => false, 'message' => 'Username, password, dan role wajib diisi.']);
exit();
}
$validRoles = ['admin', 'pengurus', 'walikota'];
if (!in_array($roleReq, $validRoles)) {
echo json_encode(['success' => false, 'message' => 'Role tidak dikenali.']);
exit();
}
// ── Cari user di database ──────────────────────────────────
$db = getDB();
$stmt = $db->prepare(
"SELECT id, username, nama_lengkap, role, password_hash
FROM users
WHERE username = ? AND role = ?
LIMIT 1"
);
$stmt->bind_param('ss', $username, $roleReq);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 0) {
$stmt->close();
$db->close();
echo json_encode(['success' => false, 'message' => 'Username, password, atau peran tidak sesuai.']);
exit();
}
$user = $result->fetch_assoc();
$stmt->close();
$db->close();
// ── Verifikasi password ────────────────────────────────────
if (!password_verify($password, $user['password_hash'])) {
echo json_encode(['success' => false, 'message' => 'Username, password, atau peran tidak sesuai.']);
exit();
}
// ── Login berhasil ─────────────────────────────────────────
echo json_encode([
'success' => true,
'message' => 'Login berhasil.',
'user' => [
'id' => (int)$user['id'],
'username' => $user['username'],
'nama' => $user['nama_lengkap'],
'role' => $user['role']
]
]);
?>