false, 'message' => 'Method tidak diizinkan.']); exit(); } // Baca body JSON $body = json_decode(file_get_contents('php://input'), true); if (!$body) { http_response_code(400); echo json_encode(['success' => false, 'message' => 'Request body tidak valid.']); exit(); } $username = isset($body['username']) ? trim($body['username']) : ''; $password = isset($body['password']) ? $body['password'] : ''; $roleReq = isset($body['role']) ? trim($body['role']) : ''; // Validasi input if (!$username || !$password || !$roleReq) { echo json_encode(['success' => false, 'message' => 'Username, password, dan role wajib diisi.']); exit(); } $validRoles = ['admin', 'pengurus', 'walikota']; if (!in_array($roleReq, $validRoles)) { echo json_encode(['success' => false, 'message' => 'Role tidak dikenali.']); exit(); } // ── Cari user di database ────────────────────────────────── $db = getDB(); $stmt = $db->prepare( "SELECT id, username, nama_lengkap, role, password_hash FROM users WHERE username = ? AND role = ? LIMIT 1" ); $stmt->bind_param('ss', $username, $roleReq); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows === 0) { $stmt->close(); $db->close(); echo json_encode(['success' => false, 'message' => 'Username, password, atau peran tidak sesuai.']); exit(); } $user = $result->fetch_assoc(); $stmt->close(); $db->close(); // ── Verifikasi password ──────────────────────────────────── if (!password_verify($password, $user['password_hash'])) { echo json_encode(['success' => false, 'message' => 'Username, password, atau peran tidak sesuai.']); exit(); } // ── Login berhasil ───────────────────────────────────────── echo json_encode([ 'success' => true, 'message' => 'Login berhasil.', 'user' => [ 'id' => (int)$user['id'], 'username' => $user['username'], 'nama' => $user['nama_lengkap'], 'role' => $user['role'] ] ]); ?>