Files
2026-06-13 01:07:22 +07:00

219 lines
9.5 KiB
PHP

<?php
session_set_cookie_params(['path' => '/']);
session_start();
$is_public_action = ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'simpan_pelaporan');
$is_public_get = ($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['data']));
require 'db.php';
// Helper function to execute query and handle JSON error
function executeQuery($conn, $sql) {
if (!$conn->query($sql)) {
echo json_encode(["status" => "error", "message" => "Terjadi kesalahan database: " . $conn->error]);
exit;
}
}
$role = $_SESSION['role'] ?? 'warga';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$act = $_POST['action'] ?? '';
$edit_id = (int)($_POST['edit_id'] ?? 0);
// Role validation
$allowed_infra_actions = ['simpan_spbu', 'simpan_jalan', 'simpan_parsil'];
$allowed_infra_tables = ['spbu', 'jalan', 'parsil'];
$allowed_sosial_actions = ['simpan_warga', 'simpan_masjid', 'simpan_pelaporan'];
$allowed_sosial_tables = ['warga', 'rumah_ibadah', 'pelaporan'];
$is_authorized = true; // Bypassed for demo/user request
if (in_array($role, ['admin', 'admin_infra', 'admin_sosial'])) {
$is_authorized = true;
} elseif ($role === 'warga' && $act === 'simpan_pelaporan') {
$is_authorized = true;
}
if (!$is_authorized) {
header('Content-Type: application/json');
echo json_encode(["status" => "error", "message" => "Akses ditolak. Anda tidak memiliki izin untuk tindakan atau data ini."]);
exit;
}
if ($act == "simpan_warga") {
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
$jkk = !empty($_POST['jumlah_kk']) ? (int)$_POST['jumlah_kk'] : 0;
$alamat = $conn->real_escape_string($_POST['alamat'] ?? '');
$lat = $conn->real_escape_string($_POST['lat'] ?? '');
$lng = $conn->real_escape_string($_POST['lng'] ?? '');
$tgl_lahir = !empty($_POST['tanggal_lahir']) ? "'" . $conn->real_escape_string($_POST['tanggal_lahir']) . "'" : "NULL";
$pend = $conn->real_escape_string($_POST['pendidikan'] ?? '');
$penyakit = $conn->real_escape_string($_POST['riwayat_penyakit'] ?? '');
$bantuan = $conn->real_escape_string($_POST['histori_bantuan'] ?? '');
$status_bantuan = $conn->real_escape_string($_POST['status_bantuan'] ?? 'Belum');
if ($edit_id > 0) {
$sql = "UPDATE warga SET nama='$nama', jumlah_kk=$jkk, alamat='$alamat', latitude='$lat', longitude='$lng', tanggal_lahir=$tgl_lahir, pendidikan='$pend', riwayat_penyakit='$penyakit', status_bantuan='$status_bantuan', histori_bantuan='$bantuan' WHERE id=$edit_id";
} else {
$sql = "INSERT INTO warga (nama, jumlah_kk, alamat, latitude, longitude, tanggal_lahir, pendidikan, riwayat_penyakit, status_bantuan, histori_bantuan)
VALUES ('$nama', $jkk, '$alamat', '$lat', '$lng', $tgl_lahir, '$pend', '$penyakit', '$status_bantuan', '$bantuan')";
}
executeQuery($conn, $sql);
}
elseif ($act == "simpan_pelaporan") {
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
$laporan = $conn->real_escape_string($_POST['laporan'] ?? '');
$lat = $conn->real_escape_string($_POST['lat'] ?? '');
$lng = $conn->real_escape_string($_POST['lng'] ?? '');
if ($edit_id > 0) {
$sql = "UPDATE pelaporan SET nama_pelapor='$nama', isi_laporan='$laporan', latitude='$lat', longitude='$lng' WHERE id=$edit_id";
} else {
$sql = "INSERT INTO pelaporan (nama_pelapor, isi_laporan, latitude, longitude) VALUES ('$nama', '$laporan', '$lat', '$lng')";
}
executeQuery($conn, $sql);
}
elseif ($act == "simpan_spbu") {
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
$no_hp = $conn->real_escape_string($_POST['no_hp'] ?? '');
$kategori = $conn->real_escape_string($_POST['kategori'] ?? '24jam');
$lat = $conn->real_escape_string($_POST['lat'] ?? '');
$lng = $conn->real_escape_string($_POST['lng'] ?? '');
if ($edit_id > 0) {
$sql = "UPDATE spbu SET nama='$nama', no_hp='$no_hp', kategori='$kategori', latitude='$lat', longitude='$lng' WHERE id=$edit_id";
} else {
$sql = "INSERT INTO spbu (nama, no_hp, kategori, latitude, longitude) VALUES ('$nama', '$no_hp', '$kategori', '$lat', '$lng')";
}
executeQuery($conn, $sql);
}
elseif ($act == "simpan_masjid") {
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
$jenis = $conn->real_escape_string($_POST['jenis'] ?? 'Masjid');
$pic = $conn->real_escape_string($_POST['pic'] ?? '');
$alamat = $conn->real_escape_string($_POST['alamat'] ?? '');
$lat = $conn->real_escape_string($_POST['lat'] ?? '');
$lng = $conn->real_escape_string($_POST['lng'] ?? '');
if ($edit_id > 0) {
$sql = "UPDATE rumah_ibadah SET nama='$nama', jenis='$jenis', pic='$pic', alamat='$alamat', latitude='$lat', longitude='$lng' WHERE id=$edit_id";
} else {
$sql = "INSERT INTO rumah_ibadah (nama, jenis, pic, alamat, latitude, longitude) VALUES ('$nama', '$jenis', '$pic', '$alamat', '$lat', '$lng')";
}
executeQuery($conn, $sql);
}
elseif ($act == "simpan_jalan") {
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
$status = $conn->real_escape_string($_POST['status_jalan'] ?? '');
$panjang = (float)($_POST['panjang'] ?? 0);
$koordinat = $conn->real_escape_string($_POST['koordinat'] ?? '');
if ($edit_id > 0) {
$sql = "UPDATE jalan SET nama_jalan='$nama', status_jalan='$status', panjang_m=$panjang, koordinat='$koordinat' WHERE id=$edit_id";
} else {
$sql = "INSERT INTO jalan (nama_jalan, status_jalan, panjang_m, koordinat) VALUES ('$nama', '$status', $panjang, '$koordinat')";
}
executeQuery($conn, $sql);
}
elseif ($act == "simpan_parsil") {
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
$status = $conn->real_escape_string($_POST['status_hak'] ?? '');
$koordinat = $conn->real_escape_string($_POST['koordinat'] ?? '');
if ($edit_id > 0) {
$sql = "UPDATE parsil SET nama_pemilik='$nama', status_hak='$status', koordinat='$koordinat' WHERE id=$edit_id";
} else {
$sql = "INSERT INTO parsil (nama_pemilik, status_hak, koordinat) VALUES ('$nama', '$status', '$koordinat')";
}
executeQuery($conn, $sql);
}
elseif ($act == "update_koordinat") {
$id = (int)($_POST['id'] ?? 0);
$tipe = $_POST['tipe'] ?? '';
$koordinat = $conn->real_escape_string($_POST['koordinat'] ?? '');
if ($id > 0) {
if ($tipe == 'jalan') {
if ($koordinat != '') {
$panjang = (float)($_POST['panjang_m'] ?? 0);
$sql = "UPDATE jalan SET koordinat='$koordinat', panjang_m=$panjang WHERE id=$id";
executeQuery($conn, $sql);
}
} elseif ($tipe == 'parsil') {
if ($koordinat != '') {
$sql = "UPDATE parsil SET koordinat='$koordinat' WHERE id=$id";
executeQuery($conn, $sql);
}
} else {
$lat = $conn->real_escape_string($_POST['lat'] ?? '');
$lng = $conn->real_escape_string($_POST['lng'] ?? '');
if ($lat != '' && $lng != '') {
$tabelMap = [
'warga' => 'warga',
'masjid' => 'rumah_ibadah',
'pelaporan' => 'pelaporan',
'spbu' => 'spbu'
];
$tabel = $tabelMap[$tipe] ?? '';
if ($tabel) {
$sql = "UPDATE $tabel SET latitude='$lat', longitude='$lng' WHERE id=$id";
executeQuery($conn, $sql);
}
}
}
}
}
elseif ($act == "hapus_data") {
$id = (int)($_POST['id'] ?? 0);
$tipe = $_POST['tipe'] ?? '';
$tabelMap = [
'warga' => 'warga',
'masjid' => 'rumah_ibadah',
'pelaporan' => 'pelaporan',
'spbu' => 'spbu',
'jalan' => 'jalan',
'parsil' => 'parsil'
];
$tabel = $tabelMap[$tipe] ?? '';
if($tabel && $id > 0) {
$sql = "DELETE FROM $tabel WHERE id='$id'";
executeQuery($conn, $sql);
}
}
echo json_encode(["status" => "ok"]);
exit;
}
// Handle GET for JSON data
if ($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['data'])) {
header('Content-Type: application/json');
// Public data
$masjid = $conn->query("SELECT * FROM rumah_ibadah")->fetch_all(MYSQLI_ASSOC);
$pelaporan = $conn->query("SELECT * FROM pelaporan ORDER BY waktu DESC")->fetch_all(MYSQLI_ASSOC);
$spbu = $conn->query("SELECT * FROM spbu")->fetch_all(MYSQLI_ASSOC);
$response = [
'masjid' => $masjid,
'pelaporan' => $pelaporan,
'spbu' => $spbu
];
$warga = $conn->query("SELECT * FROM warga")->fetch_all(MYSQLI_ASSOC);
$jalan = $conn->query("SELECT * FROM jalan")->fetch_all(MYSQLI_ASSOC);
$parsil = $conn->query("SELECT * FROM parsil")->fetch_all(MYSQLI_ASSOC);
$response['warga'] = $warga;
$response['jalan'] = $jalan;
$response['parsil'] = $parsil;
echo json_encode($response);
exit;
}
?>