219 lines
9.4 KiB
PHP
219 lines
9.4 KiB
PHP
<?php
|
|
session_set_cookie_params(['path' => '/']);
|
|
session_start();
|
|
|
|
$is_public_action = ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'simpan_pelaporan');
|
|
$is_public_get = ($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['data']));
|
|
|
|
|
|
require 'db.php';
|
|
|
|
// Helper function to execute query and handle JSON error
|
|
function executeQuery($conn, $sql) {
|
|
if (!$conn->query($sql)) {
|
|
echo json_encode(["status" => "error", "message" => "Terjadi kesalahan database: " . $conn->error]);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
$role = $_SESSION['role'] ?? 'warga';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$act = $_POST['action'] ?? '';
|
|
$edit_id = (int)($_POST['edit_id'] ?? 0);
|
|
|
|
// Role validation
|
|
$allowed_infra_actions = ['simpan_spbu', 'simpan_jalan', 'simpan_parsil'];
|
|
$allowed_infra_tables = ['spbu', 'jalan', 'parsil'];
|
|
$allowed_sosial_actions = ['simpan_warga', 'simpan_masjid', 'simpan_pelaporan'];
|
|
$allowed_sosial_tables = ['warga', 'rumah_ibadah', 'pelaporan'];
|
|
|
|
$is_authorized = false;
|
|
|
|
if (in_array($role, ['admin', 'admin_infra', 'admin_sosial'])) {
|
|
$is_authorized = true;
|
|
} elseif ($role === 'warga' && $act === 'simpan_pelaporan') {
|
|
$is_authorized = true;
|
|
}
|
|
|
|
if (!$is_authorized) {
|
|
header('Content-Type: application/json');
|
|
echo json_encode(["status" => "error", "message" => "Akses ditolak. Anda tidak memiliki izin untuk tindakan atau data ini."]);
|
|
exit;
|
|
}
|
|
|
|
if ($act == "simpan_warga") {
|
|
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
|
|
$jkk = !empty($_POST['jumlah_kk']) ? (int)$_POST['jumlah_kk'] : 0;
|
|
$alamat = $conn->real_escape_string($_POST['alamat'] ?? '');
|
|
$lat = $conn->real_escape_string($_POST['lat'] ?? '');
|
|
$lng = $conn->real_escape_string($_POST['lng'] ?? '');
|
|
$tgl_lahir = !empty($_POST['tanggal_lahir']) ? "'" . $conn->real_escape_string($_POST['tanggal_lahir']) . "'" : "NULL";
|
|
$pend = $conn->real_escape_string($_POST['pendidikan'] ?? '');
|
|
$penyakit = $conn->real_escape_string($_POST['riwayat_penyakit'] ?? '');
|
|
$bantuan = $conn->real_escape_string($_POST['histori_bantuan'] ?? '');
|
|
$status_bantuan = $conn->real_escape_string($_POST['status_bantuan'] ?? 'Belum');
|
|
|
|
if ($edit_id > 0) {
|
|
$sql = "UPDATE warga SET nama='$nama', jumlah_kk=$jkk, alamat='$alamat', latitude='$lat', longitude='$lng', tanggal_lahir=$tgl_lahir, pendidikan='$pend', riwayat_penyakit='$penyakit', status_bantuan='$status_bantuan', histori_bantuan='$bantuan' WHERE id=$edit_id";
|
|
} else {
|
|
$sql = "INSERT INTO warga (nama, jumlah_kk, alamat, latitude, longitude, tanggal_lahir, pendidikan, riwayat_penyakit, status_bantuan, histori_bantuan)
|
|
VALUES ('$nama', $jkk, '$alamat', '$lat', '$lng', $tgl_lahir, '$pend', '$penyakit', '$status_bantuan', '$bantuan')";
|
|
}
|
|
executeQuery($conn, $sql);
|
|
}
|
|
elseif ($act == "simpan_pelaporan") {
|
|
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
|
|
$laporan = $conn->real_escape_string($_POST['laporan'] ?? '');
|
|
$lat = $conn->real_escape_string($_POST['lat'] ?? '');
|
|
$lng = $conn->real_escape_string($_POST['lng'] ?? '');
|
|
|
|
if ($edit_id > 0) {
|
|
$sql = "UPDATE pelaporan SET nama_pelapor='$nama', isi_laporan='$laporan', latitude='$lat', longitude='$lng' WHERE id=$edit_id";
|
|
} else {
|
|
$sql = "INSERT INTO pelaporan (nama_pelapor, isi_laporan, latitude, longitude) VALUES ('$nama', '$laporan', '$lat', '$lng')";
|
|
}
|
|
executeQuery($conn, $sql);
|
|
}
|
|
elseif ($act == "simpan_spbu") {
|
|
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
|
|
$no_hp = $conn->real_escape_string($_POST['no_hp'] ?? '');
|
|
$kategori = $conn->real_escape_string($_POST['kategori'] ?? '24jam');
|
|
$lat = $conn->real_escape_string($_POST['lat'] ?? '');
|
|
$lng = $conn->real_escape_string($_POST['lng'] ?? '');
|
|
|
|
if ($edit_id > 0) {
|
|
$sql = "UPDATE spbu SET nama='$nama', no_hp='$no_hp', kategori='$kategori', latitude='$lat', longitude='$lng' WHERE id=$edit_id";
|
|
} else {
|
|
$sql = "INSERT INTO spbu (nama, no_hp, kategori, latitude, longitude) VALUES ('$nama', '$no_hp', '$kategori', '$lat', '$lng')";
|
|
}
|
|
executeQuery($conn, $sql);
|
|
}
|
|
elseif ($act == "simpan_masjid") {
|
|
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
|
|
$jenis = $conn->real_escape_string($_POST['jenis'] ?? 'Masjid');
|
|
$pic = $conn->real_escape_string($_POST['pic'] ?? '');
|
|
$alamat = $conn->real_escape_string($_POST['alamat'] ?? '');
|
|
$lat = $conn->real_escape_string($_POST['lat'] ?? '');
|
|
$lng = $conn->real_escape_string($_POST['lng'] ?? '');
|
|
|
|
if ($edit_id > 0) {
|
|
$sql = "UPDATE rumah_ibadah SET nama='$nama', jenis='$jenis', pic='$pic', alamat='$alamat', latitude='$lat', longitude='$lng' WHERE id=$edit_id";
|
|
} else {
|
|
$sql = "INSERT INTO rumah_ibadah (nama, jenis, pic, alamat, latitude, longitude) VALUES ('$nama', '$jenis', '$pic', '$alamat', '$lat', '$lng')";
|
|
}
|
|
executeQuery($conn, $sql);
|
|
}
|
|
elseif ($act == "simpan_jalan") {
|
|
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
|
|
$status = $conn->real_escape_string($_POST['status_jalan'] ?? '');
|
|
$panjang = (float)($_POST['panjang'] ?? 0);
|
|
$koordinat = $conn->real_escape_string($_POST['koordinat'] ?? '');
|
|
|
|
if ($edit_id > 0) {
|
|
$sql = "UPDATE jalan SET nama_jalan='$nama', status_jalan='$status', panjang_m=$panjang, koordinat='$koordinat' WHERE id=$edit_id";
|
|
} else {
|
|
$sql = "INSERT INTO jalan (nama_jalan, status_jalan, panjang_m, koordinat) VALUES ('$nama', '$status', $panjang, '$koordinat')";
|
|
}
|
|
executeQuery($conn, $sql);
|
|
}
|
|
elseif ($act == "simpan_parsil") {
|
|
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
|
|
$status = $conn->real_escape_string($_POST['status_hak'] ?? '');
|
|
$koordinat = $conn->real_escape_string($_POST['koordinat'] ?? '');
|
|
|
|
if ($edit_id > 0) {
|
|
$sql = "UPDATE parsil SET nama_pemilik='$nama', status_hak='$status', koordinat='$koordinat' WHERE id=$edit_id";
|
|
} else {
|
|
$sql = "INSERT INTO parsil (nama_pemilik, status_hak, koordinat) VALUES ('$nama', '$status', '$koordinat')";
|
|
}
|
|
executeQuery($conn, $sql);
|
|
}
|
|
elseif ($act == "update_koordinat") {
|
|
$id = (int)($_POST['id'] ?? 0);
|
|
$tipe = $_POST['tipe'] ?? '';
|
|
$koordinat = $conn->real_escape_string($_POST['koordinat'] ?? '');
|
|
|
|
if ($id > 0) {
|
|
if ($tipe == 'jalan') {
|
|
if ($koordinat != '') {
|
|
$panjang = (float)($_POST['panjang_m'] ?? 0);
|
|
$sql = "UPDATE jalan SET koordinat='$koordinat', panjang_m=$panjang WHERE id=$id";
|
|
executeQuery($conn, $sql);
|
|
}
|
|
} elseif ($tipe == 'parsil') {
|
|
if ($koordinat != '') {
|
|
$sql = "UPDATE parsil SET koordinat='$koordinat' WHERE id=$id";
|
|
executeQuery($conn, $sql);
|
|
}
|
|
} else {
|
|
$lat = $conn->real_escape_string($_POST['lat'] ?? '');
|
|
$lng = $conn->real_escape_string($_POST['lng'] ?? '');
|
|
if ($lat != '' && $lng != '') {
|
|
$tabelMap = [
|
|
'warga' => 'warga',
|
|
'masjid' => 'rumah_ibadah',
|
|
'pelaporan' => 'pelaporan',
|
|
'spbu' => 'spbu'
|
|
];
|
|
$tabel = $tabelMap[$tipe] ?? '';
|
|
if ($tabel) {
|
|
$sql = "UPDATE $tabel SET latitude='$lat', longitude='$lng' WHERE id=$id";
|
|
executeQuery($conn, $sql);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
elseif ($act == "hapus_data") {
|
|
$id = (int)($_POST['id'] ?? 0);
|
|
$tipe = $_POST['tipe'] ?? '';
|
|
|
|
$tabelMap = [
|
|
'warga' => 'warga',
|
|
'masjid' => 'rumah_ibadah',
|
|
'pelaporan' => 'pelaporan',
|
|
'spbu' => 'spbu',
|
|
'jalan' => 'jalan',
|
|
'parsil' => 'parsil'
|
|
];
|
|
|
|
$tabel = $tabelMap[$tipe] ?? '';
|
|
if($tabel && $id > 0) {
|
|
$sql = "DELETE FROM $tabel WHERE id='$id'";
|
|
executeQuery($conn, $sql);
|
|
}
|
|
}
|
|
|
|
echo json_encode(["status" => "ok"]);
|
|
exit;
|
|
}
|
|
|
|
// Handle GET for JSON data
|
|
if ($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['data'])) {
|
|
header('Content-Type: application/json');
|
|
|
|
// Public data
|
|
$masjid = $conn->query("SELECT * FROM rumah_ibadah")->fetch_all(MYSQLI_ASSOC);
|
|
$pelaporan = $conn->query("SELECT * FROM pelaporan ORDER BY waktu DESC")->fetch_all(MYSQLI_ASSOC);
|
|
$spbu = $conn->query("SELECT * FROM spbu")->fetch_all(MYSQLI_ASSOC);
|
|
|
|
$response = [
|
|
'masjid' => $masjid,
|
|
'pelaporan' => $pelaporan,
|
|
'spbu' => $spbu
|
|
];
|
|
|
|
$warga = $conn->query("SELECT * FROM warga")->fetch_all(MYSQLI_ASSOC);
|
|
$jalan = $conn->query("SELECT * FROM jalan")->fetch_all(MYSQLI_ASSOC);
|
|
$parsil = $conn->query("SELECT * FROM parsil")->fetch_all(MYSQLI_ASSOC);
|
|
|
|
$response['warga'] = $warga;
|
|
$response['jalan'] = $jalan;
|
|
$response['parsil'] = $parsil;
|
|
|
|
echo json_encode($response);
|
|
exit;
|
|
}
|
|
?>
|