Files
UAS_WEBGIS_MuhammadFarras_D…/WebGIS_PovertyMap/api_auth.php
T
2026-06-09 19:02:22 +07:00

83 lines
2.6 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
// ============================================================
// api_auth.php Autentikasi Pengguna dengan Role
// WebGIS Poverty Mapping
// ============================================================
require_once 'config.php';
// config.php sudah set header Content-Type & CORS.
// Jika OPTIONS preflight, sudah di-handle di config.php.
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['success' => false, 'message' => 'Method tidak diizinkan.']);
exit();
}
// Baca body JSON
$body = json_decode(file_get_contents('php://input'), true);
if (!$body) {
http_response_code(400);
echo json_encode(['success' => false, 'message' => 'Request body tidak valid.']);
exit();
}
$username = isset($body['username']) ? trim($body['username']) : '';
$password = isset($body['password']) ? $body['password'] : '';
$roleReq = isset($body['role']) ? trim($body['role']) : '';
// Validasi input
if (!$username || !$password || !$roleReq) {
echo json_encode(['success' => false, 'message' => 'Username, password, dan role wajib diisi.']);
exit();
}
$validRoles = ['admin', 'pengurus', 'walikota'];
if (!in_array($roleReq, $validRoles)) {
echo json_encode(['success' => false, 'message' => 'Role tidak dikenali.']);
exit();
}
// ── Cari user di database ──────────────────────────────────
$db = getDB();
$stmt = $db->prepare(
"SELECT id, username, nama_lengkap, role, password_hash
FROM users
WHERE username = ? AND role = ?
LIMIT 1"
);
$stmt->bind_param('ss', $username, $roleReq);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 0) {
$stmt->close();
$db->close();
echo json_encode(['success' => false, 'message' => 'Username, password, atau peran tidak sesuai.']);
exit();
}
$user = $result->fetch_assoc();
$stmt->close();
$db->close();
// ── Verifikasi password ────────────────────────────────────
if (!password_verify($password, $user['password_hash'])) {
echo json_encode(['success' => false, 'message' => 'Username, password, atau peran tidak sesuai.']);
exit();
}
// ── Login berhasil ─────────────────────────────────────────
echo json_encode([
'success' => true,
'message' => 'Login berhasil.',
'user' => [
'id' => (int)$user['id'],
'username' => $user['username'],
'nama' => $user['nama_lengkap'],
'role' => $user['role']
]
]);
?>