83 lines
2.6 KiB
PHP
83 lines
2.6 KiB
PHP
<?php
|
||
// ============================================================
|
||
// api_auth.php – Autentikasi Pengguna dengan Role
|
||
// WebGIS Poverty Mapping
|
||
// ============================================================
|
||
|
||
require_once 'config.php';
|
||
|
||
// config.php sudah set header Content-Type & CORS.
|
||
// Jika OPTIONS preflight, sudah di-handle di config.php.
|
||
|
||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||
http_response_code(405);
|
||
echo json_encode(['success' => false, 'message' => 'Method tidak diizinkan.']);
|
||
exit();
|
||
}
|
||
|
||
// Baca body JSON
|
||
$body = json_decode(file_get_contents('php://input'), true);
|
||
if (!$body) {
|
||
http_response_code(400);
|
||
echo json_encode(['success' => false, 'message' => 'Request body tidak valid.']);
|
||
exit();
|
||
}
|
||
|
||
$username = isset($body['username']) ? trim($body['username']) : '';
|
||
$password = isset($body['password']) ? $body['password'] : '';
|
||
$roleReq = isset($body['role']) ? trim($body['role']) : '';
|
||
|
||
// Validasi input
|
||
if (!$username || !$password || !$roleReq) {
|
||
echo json_encode(['success' => false, 'message' => 'Username, password, dan role wajib diisi.']);
|
||
exit();
|
||
}
|
||
|
||
$validRoles = ['admin', 'pengurus', 'walikota'];
|
||
if (!in_array($roleReq, $validRoles)) {
|
||
echo json_encode(['success' => false, 'message' => 'Role tidak dikenali.']);
|
||
exit();
|
||
}
|
||
|
||
// ── Cari user di database ──────────────────────────────────
|
||
$db = getDB();
|
||
$stmt = $db->prepare(
|
||
"SELECT id, username, nama_lengkap, role, password_hash
|
||
FROM users
|
||
WHERE username = ? AND role = ?
|
||
LIMIT 1"
|
||
);
|
||
$stmt->bind_param('ss', $username, $roleReq);
|
||
$stmt->execute();
|
||
$result = $stmt->get_result();
|
||
|
||
if ($result->num_rows === 0) {
|
||
$stmt->close();
|
||
$db->close();
|
||
echo json_encode(['success' => false, 'message' => 'Username, password, atau peran tidak sesuai.']);
|
||
exit();
|
||
}
|
||
|
||
$user = $result->fetch_assoc();
|
||
$stmt->close();
|
||
$db->close();
|
||
|
||
// ── Verifikasi password ────────────────────────────────────
|
||
if (!password_verify($password, $user['password_hash'])) {
|
||
echo json_encode(['success' => false, 'message' => 'Username, password, atau peran tidak sesuai.']);
|
||
exit();
|
||
}
|
||
|
||
// ── Login berhasil ─────────────────────────────────────────
|
||
echo json_encode([
|
||
'success' => true,
|
||
'message' => 'Login berhasil.',
|
||
'user' => [
|
||
'id' => (int)$user['id'],
|
||
'username' => $user['username'],
|
||
'nama' => $user['nama_lengkap'],
|
||
'role' => $user['role']
|
||
]
|
||
]);
|
||
?>
|