'/']); session_start(); $is_public_action = ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'simpan_pelaporan'); $is_public_get = ($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['data'])); require 'db.php'; // Helper function to execute query and handle JSON error function executeQuery($conn, $sql) { if (!$conn->query($sql)) { echo json_encode(["status" => "error", "message" => "Terjadi kesalahan database: " . $conn->error]); exit; } } $role = $_SESSION['role'] ?? 'warga'; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $act = $_POST['action'] ?? ''; $edit_id = (int)($_POST['edit_id'] ?? 0); // Role validation $allowed_infra_actions = ['simpan_spbu', 'simpan_jalan', 'simpan_parsil']; $allowed_infra_tables = ['spbu', 'jalan', 'parsil']; $allowed_sosial_actions = ['simpan_warga', 'simpan_masjid', 'simpan_pelaporan']; $allowed_sosial_tables = ['warga', 'rumah_ibadah', 'pelaporan']; $is_authorized = false; if (in_array($role, ['admin', 'admin_infra', 'admin_sosial'])) { $is_authorized = true; } elseif ($role === 'warga' && $act === 'simpan_pelaporan') { $is_authorized = true; } if (!$is_authorized) { header('Content-Type: application/json'); echo json_encode(["status" => "error", "message" => "Akses ditolak. Anda tidak memiliki izin untuk tindakan atau data ini."]); exit; } if ($act == "simpan_warga") { $nama = $conn->real_escape_string($_POST['nama'] ?? ''); $jkk = !empty($_POST['jumlah_kk']) ? (int)$_POST['jumlah_kk'] : 0; $alamat = $conn->real_escape_string($_POST['alamat'] ?? ''); $lat = $conn->real_escape_string($_POST['lat'] ?? ''); $lng = $conn->real_escape_string($_POST['lng'] ?? ''); $tgl_lahir = !empty($_POST['tanggal_lahir']) ? "'" . $conn->real_escape_string($_POST['tanggal_lahir']) . "'" : "NULL"; $pend = $conn->real_escape_string($_POST['pendidikan'] ?? ''); $penyakit = $conn->real_escape_string($_POST['riwayat_penyakit'] ?? ''); $bantuan = $conn->real_escape_string($_POST['histori_bantuan'] ?? ''); $status_bantuan = $conn->real_escape_string($_POST['status_bantuan'] ?? 'Belum'); if ($edit_id > 0) { $sql = "UPDATE warga SET nama='$nama', jumlah_kk=$jkk, alamat='$alamat', latitude='$lat', longitude='$lng', tanggal_lahir=$tgl_lahir, pendidikan='$pend', riwayat_penyakit='$penyakit', status_bantuan='$status_bantuan', histori_bantuan='$bantuan' WHERE id=$edit_id"; } else { $sql = "INSERT INTO warga (nama, jumlah_kk, alamat, latitude, longitude, tanggal_lahir, pendidikan, riwayat_penyakit, status_bantuan, histori_bantuan) VALUES ('$nama', $jkk, '$alamat', '$lat', '$lng', $tgl_lahir, '$pend', '$penyakit', '$status_bantuan', '$bantuan')"; } executeQuery($conn, $sql); } elseif ($act == "simpan_pelaporan") { $nama = $conn->real_escape_string($_POST['nama'] ?? ''); $laporan = $conn->real_escape_string($_POST['laporan'] ?? ''); $lat = $conn->real_escape_string($_POST['lat'] ?? ''); $lng = $conn->real_escape_string($_POST['lng'] ?? ''); if ($edit_id > 0) { $sql = "UPDATE pelaporan SET nama_pelapor='$nama', isi_laporan='$laporan', latitude='$lat', longitude='$lng' WHERE id=$edit_id"; } else { $sql = "INSERT INTO pelaporan (nama_pelapor, isi_laporan, latitude, longitude) VALUES ('$nama', '$laporan', '$lat', '$lng')"; } executeQuery($conn, $sql); } elseif ($act == "simpan_spbu") { $nama = $conn->real_escape_string($_POST['nama'] ?? ''); $no_hp = $conn->real_escape_string($_POST['no_hp'] ?? ''); $kategori = $conn->real_escape_string($_POST['kategori'] ?? '24jam'); $lat = $conn->real_escape_string($_POST['lat'] ?? ''); $lng = $conn->real_escape_string($_POST['lng'] ?? ''); if ($edit_id > 0) { $sql = "UPDATE spbu SET nama='$nama', no_hp='$no_hp', kategori='$kategori', latitude='$lat', longitude='$lng' WHERE id=$edit_id"; } else { $sql = "INSERT INTO spbu (nama, no_hp, kategori, latitude, longitude) VALUES ('$nama', '$no_hp', '$kategori', '$lat', '$lng')"; } executeQuery($conn, $sql); } elseif ($act == "simpan_masjid") { $nama = $conn->real_escape_string($_POST['nama'] ?? ''); $jenis = $conn->real_escape_string($_POST['jenis'] ?? 'Masjid'); $pic = $conn->real_escape_string($_POST['pic'] ?? ''); $alamat = $conn->real_escape_string($_POST['alamat'] ?? ''); $lat = $conn->real_escape_string($_POST['lat'] ?? ''); $lng = $conn->real_escape_string($_POST['lng'] ?? ''); if ($edit_id > 0) { $sql = "UPDATE rumah_ibadah SET nama='$nama', jenis='$jenis', pic='$pic', alamat='$alamat', latitude='$lat', longitude='$lng' WHERE id=$edit_id"; } else { $sql = "INSERT INTO rumah_ibadah (nama, jenis, pic, alamat, latitude, longitude) VALUES ('$nama', '$jenis', '$pic', '$alamat', '$lat', '$lng')"; } executeQuery($conn, $sql); } elseif ($act == "simpan_jalan") { $nama = $conn->real_escape_string($_POST['nama'] ?? ''); $status = $conn->real_escape_string($_POST['status_jalan'] ?? ''); $panjang = (float)($_POST['panjang'] ?? 0); $koordinat = $conn->real_escape_string($_POST['koordinat'] ?? ''); if ($edit_id > 0) { $sql = "UPDATE jalan SET nama_jalan='$nama', status_jalan='$status', panjang_m=$panjang, koordinat='$koordinat' WHERE id=$edit_id"; } else { $sql = "INSERT INTO jalan (nama_jalan, status_jalan, panjang_m, koordinat) VALUES ('$nama', '$status', $panjang, '$koordinat')"; } executeQuery($conn, $sql); } elseif ($act == "simpan_parsil") { $nama = $conn->real_escape_string($_POST['nama'] ?? ''); $status = $conn->real_escape_string($_POST['status_hak'] ?? ''); $koordinat = $conn->real_escape_string($_POST['koordinat'] ?? ''); if ($edit_id > 0) { $sql = "UPDATE parsil SET nama_pemilik='$nama', status_hak='$status', koordinat='$koordinat' WHERE id=$edit_id"; } else { $sql = "INSERT INTO parsil (nama_pemilik, status_hak, koordinat) VALUES ('$nama', '$status', '$koordinat')"; } executeQuery($conn, $sql); } elseif ($act == "update_koordinat") { $id = (int)($_POST['id'] ?? 0); $tipe = $_POST['tipe'] ?? ''; $koordinat = $conn->real_escape_string($_POST['koordinat'] ?? ''); if ($id > 0) { if ($tipe == 'jalan') { if ($koordinat != '') { $panjang = (float)($_POST['panjang_m'] ?? 0); $sql = "UPDATE jalan SET koordinat='$koordinat', panjang_m=$panjang WHERE id=$id"; executeQuery($conn, $sql); } } elseif ($tipe == 'parsil') { if ($koordinat != '') { $sql = "UPDATE parsil SET koordinat='$koordinat' WHERE id=$id"; executeQuery($conn, $sql); } } else { $lat = $conn->real_escape_string($_POST['lat'] ?? ''); $lng = $conn->real_escape_string($_POST['lng'] ?? ''); if ($lat != '' && $lng != '') { $tabelMap = [ 'warga' => 'warga', 'masjid' => 'rumah_ibadah', 'pelaporan' => 'pelaporan', 'spbu' => 'spbu' ]; $tabel = $tabelMap[$tipe] ?? ''; if ($tabel) { $sql = "UPDATE $tabel SET latitude='$lat', longitude='$lng' WHERE id=$id"; executeQuery($conn, $sql); } } } } } elseif ($act == "hapus_data") { $id = (int)($_POST['id'] ?? 0); $tipe = $_POST['tipe'] ?? ''; $tabelMap = [ 'warga' => 'warga', 'masjid' => 'rumah_ibadah', 'pelaporan' => 'pelaporan', 'spbu' => 'spbu', 'jalan' => 'jalan', 'parsil' => 'parsil' ]; $tabel = $tabelMap[$tipe] ?? ''; if($tabel && $id > 0) { $sql = "DELETE FROM $tabel WHERE id='$id'"; executeQuery($conn, $sql); } } echo json_encode(["status" => "ok"]); exit; } // Handle GET for JSON data if ($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['data'])) { header('Content-Type: application/json'); // Public data $masjid = $conn->query("SELECT * FROM rumah_ibadah")->fetch_all(MYSQLI_ASSOC); $pelaporan = $conn->query("SELECT * FROM pelaporan ORDER BY waktu DESC")->fetch_all(MYSQLI_ASSOC); $spbu = $conn->query("SELECT * FROM spbu")->fetch_all(MYSQLI_ASSOC); $response = [ 'masjid' => $masjid, 'pelaporan' => $pelaporan, 'spbu' => $spbu ]; $warga = $conn->query("SELECT * FROM warga")->fetch_all(MYSQLI_ASSOC); $jalan = $conn->query("SELECT * FROM jalan")->fetch_all(MYSQLI_ASSOC); $parsil = $conn->query("SELECT * FROM parsil")->fetch_all(MYSQLI_ASSOC); $response['warga'] = $warga; $response['jalan'] = $jalan; $response['parsil'] = $parsil; echo json_encode($response); exit; } ?>