username) && !empty($data->password)) { try { $stmt = $conn->prepare("SELECT id, username, password, role FROM users WHERE username = :username LIMIT 1"); $stmt->bindValue(':username', $data->username); $stmt->execute(); if($stmt->rowCount() > 0) { $user = $stmt->fetch(PDO::FETCH_ASSOC); // Verifikasi hash password if(password_verify($data->password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; echo json_encode(["pesan" => "Login Berhasil!", "user" => $user['username']]); } else { http_response_code(401); echo json_encode(["error" => "Password salah."]); } } else { http_response_code(404); echo json_encode(["error" => "Username tidak ditemukan."]); } } catch(PDOException $e) { http_response_code(500); echo json_encode(["error" => "Database Error: " . $e->getMessage()]); } } else { http_response_code(400); echo json_encode(["error" => "Username dan Password wajib diisi."]); } ?>