From 15c5ae63d78ca6e4377dc4abaa12e1e6b15d1a68 Mon Sep 17 00:00:00 2001 From: SatryaIrvannurYudha Date: Sat, 6 Jun 2026 22:02:14 +0700 Subject: [PATCH] Add authentication, roles, dashboard and access control --- ambil.php | 131 ++++++++++++++++++++++++++++++---- auth.php | 58 +++++++++++++++ dashboard.php | 141 +++++++++++++++++++++++++++++++++++++ database/migrate_users.sql | 24 +++++++ hapus_jalan.php | 2 + hapus_parsil.php | 2 + hapus_spbu.php | 2 + hash.php | 4 ++ index.php | 13 ++++ login.php | 105 +++++++++++++++++++++++++++ logout.php | 7 ++ radius.php | 121 +++++++++++++++++++++++++++++-- simpan_jalan.php | 2 + simpan_parsil.php | 2 + simpan_spbu.php | 2 + test_hash.php | 11 +++ update_posisi.php | 2 + 17 files changed, 612 insertions(+), 17 deletions(-) create mode 100644 auth.php create mode 100644 dashboard.php create mode 100644 database/migrate_users.sql create mode 100644 hash.php create mode 100644 login.php create mode 100644 logout.php create mode 100644 test_hash.php diff --git a/ambil.php b/ambil.php index cb31dce..049c103 100644 --- a/ambil.php +++ b/ambil.php @@ -2,14 +2,30 @@ error_reporting(0); ini_set('display_errors', 0); header('Content-Type: application/json; charset=UTF-8'); + +include 'auth.php'; // Middleware auth include 'koneksi.php'; + if (!$conn) { echo json_encode(array("status" => "error", "message" => "Gagal konek DB")); exit; } + +$isAdmin = isAdminPemerintah(); +$userIbadahId = getUserIbadahId(); + if ($_SERVER['REQUEST_METHOD'] === 'GET') { $res = array("ibadah" => array(), "penduduk" => array()); - $qI = mysqli_query($conn, "SELECT id, nama, latitude, longitude, radius FROM tabel_ibadah"); + + // Filter ibadah: admin pemerintah lihat semua, admin ibadah lihat miliknya saja + $sqlIbadah = "SELECT id, nama, latitude, longitude, radius FROM tabel_ibadah"; + if (!$isAdmin && $userIbadahId > 0) { + $sqlIbadah .= " WHERE id = $userIbadahId"; + } else if (!$isAdmin) { + $sqlIbadah .= " WHERE id = 0"; // Jika tidak ada id_rumah_ibadah, jangan tampilkan apa-apa + } + + $qI = mysqli_query($conn, $sqlIbadah); if($qI){ while($r = mysqli_fetch_assoc($qI)) { $res["ibadah"][] = array( @@ -21,7 +37,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ); } } - $qP = mysqli_query($conn, "SELECT id, nama, latitude, longitude, status_warna FROM tabel_penduduk"); + + // Ambil data penduduk (termasuk status_bantuan) + $qP = mysqli_query($conn, "SELECT id, nama, latitude, longitude, status_warna, status_bantuan FROM tabel_penduduk"); if($qP){ while($r = mysqli_fetch_assoc($qP)) { $res["penduduk"][] = array( @@ -29,32 +47,56 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { "nama_penduduk" => $r['nama'], "latitude" => (float)$r['latitude'], "longitude" => (float)$r['longitude'], - "status_warna" => $r['status_warna'] + "status_warna" => $r['status_warna'], + "status_bantuan" => $r['status_bantuan'] ?? 'Belum' ); } } + echo json_encode($res); exit; } + if ($_SERVER['REQUEST_METHOD'] === 'POST') { + // Tambah Ibadah (Hanya Admin Rumah Ibadah) if (isset($_POST['type']) && $_POST['type'] === 'ibadah') { + if ($isAdmin) { + echo json_encode(array("status" => "error", "message" => "Hanya Admin Rumah Ibadah yang dapat menambah data ini")); exit; + } + + // Opsional: cegah jika admin ibadah sudah punya rumah ibadah + if (isset($_SESSION['id_rumah_ibadah']) && $_SESSION['id_rumah_ibadah'] > 0) { + echo json_encode(array("status" => "error", "message" => "Anda sudah mengelola satu rumah ibadah. Hapus yang lama terlebih dahulu jika ingin mengganti.")); exit; + } + $nama = mysqli_real_escape_string($conn, $_POST['nama_ibadah']); $lat = (float)$_POST['latitude']; $lng = (float)$_POST['longitude']; $rad = (int)$_POST['radius']; + $sql = "INSERT INTO tabel_ibadah (nama, latitude, longitude, radius) VALUES ('$nama', $lat, $lng, $rad)"; if (mysqli_query($conn, $sql)) { - echo json_encode(array("status" => "success", "message" => "Berhasil Simpan")); + $new_id = mysqli_insert_id($conn); + $user_id = $_SESSION['user_id']; + mysqli_query($conn, "UPDATE users SET id_rumah_ibadah = $new_id WHERE id = $user_id"); + $_SESSION['id_rumah_ibadah'] = $new_id; + + echo json_encode(array("status" => "success", "message" => "Berhasil Simpan Rumah Ibadah")); } else { echo json_encode(array("status" => "error", "message" => mysqli_error($conn))); } exit; } + + // Tambah Penduduk (Hanya Admin Pemerintah) if (isset($_POST['type']) && $_POST['type'] === 'penduduk') { + if (!$isAdmin) { + echo json_encode(array("status" => "error", "message" => "Tidak ada akses")); exit; + } $nama = mysqli_real_escape_string($conn, $_POST['nama_penduduk']); $lat = (float)$_POST['latitude']; $lng = (float)$_POST['longitude']; - $sql = "INSERT INTO tabel_penduduk (nama, latitude, longitude, status_warna) VALUES ('$nama', $lat, $lng, 'Merah')"; + $sql = "INSERT INTO tabel_penduduk (nama, latitude, longitude, status_warna, status_bantuan) VALUES ('$nama', $lat, $lng, 'Merah', 'Belum')"; if (mysqli_query($conn, $sql)) { echo json_encode(array("status" => "success", "message" => "Berhasil Simpan")); } else { @@ -62,6 +104,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { } exit; } + + // Update Warna (Boleh siapa saja, otomatis oleh sistem radius.php) if (isset($_POST['action']) && $_POST['action'] === 'update_warna') { $id = (int)$_POST['id']; $warna = mysqli_real_escape_string($conn, $_POST['status_warna']); @@ -73,19 +117,82 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { } exit; } - - // Hapus Data - if (isset($_POST['action']) && $_POST['action'] === 'hapus') { + + // Update Radius Ibadah + if (isset($_POST['action']) && $_POST['action'] === 'update_radius') { $id = (int)$_POST['id']; - $type = $_POST['type_hapus']; - $table = ($type === 'ibadah') ? 'tabel_ibadah' : 'tabel_penduduk'; + $rad = (int)$_POST['radius']; - $sql = "DELETE FROM $table WHERE id = $id"; + // Hanya Admin Ibadah untuk miliknya + if ($isAdmin) { + echo json_encode(array("status" => "error", "message" => "Admin Pemerintah tidak bisa mengubah radius")); exit; + } + if ($id !== $userIbadahId) { + echo json_encode(array("status" => "error", "message" => "Akses ditolak")); exit; + } + + $sql = "UPDATE tabel_ibadah SET radius = $rad WHERE id = $id"; if (mysqli_query($conn, $sql)) { - echo json_encode(array("status" => "success", "message" => "Data berhasil dihapus")); + echo json_encode(array("status" => "success", "message" => "Radius berhasil diubah")); } else { echo json_encode(array("status" => "error", "message" => mysqli_error($conn))); } exit; } + + // Konfirmasi Penyaluran Bantuan + if (isset($_POST['action']) && $_POST['action'] === 'konfirmasi_bantuan') { + $id = (int)$_POST['id']; + // Hanya admin ibadah yg biasa mengonfirmasi (atau pemerintah juga boleh) + $sql = "UPDATE tabel_penduduk SET status_bantuan = 'Sudah' WHERE id = $id"; + if (mysqli_query($conn, $sql)) { + echo json_encode(array("status" => "success", "message" => "Bantuan berhasil dikonfirmasi")); + } else { + echo json_encode(array("status" => "error", "message" => mysqli_error($conn))); + } + exit; + } + + // Hapus Data + if (isset($_POST['action']) && $_POST['action'] === 'hapus') { + $id = (int)$_POST['id']; + $type = $_POST['type_hapus']; + + if ($type === 'ibadah') { + // Hanya Admin Ibadah yang bisa menghapus rumah ibadah miliknya + if ($isAdmin) { + echo json_encode(array("status" => "error", "message" => "Admin Pemerintah tidak diizinkan menghapus data rumah ibadah")); exit; + } + if ($id !== (int)$_SESSION['id_rumah_ibadah']) { + echo json_encode(array("status" => "error", "message" => "Tidak ada akses untuk menghapus rumah ibadah ini")); exit; + } + $table = 'tabel_ibadah'; + + $sql = "DELETE FROM $table WHERE id = $id"; + if (mysqli_query($conn, $sql)) { + // Jika yang hapus adalah admin ibadah (pemilik), hapus keterkaitannya + if (!$isAdmin) { + $user_id = $_SESSION['user_id']; + mysqli_query($conn, "UPDATE users SET id_rumah_ibadah = NULL WHERE id = $user_id"); + $_SESSION['id_rumah_ibadah'] = null; + } + echo json_encode(array("status" => "success", "message" => "Data berhasil dihapus")); + } else { + echo json_encode(array("status" => "error", "message" => mysqli_error($conn))); + } + } else { + // Hapus penduduk hanya untuk admin pemerintah + if (!$isAdmin) { + echo json_encode(array("status" => "error", "message" => "Tidak ada akses menghapus data penduduk")); exit; + } + $table = 'tabel_penduduk'; + $sql = "DELETE FROM $table WHERE id = $id"; + if (mysqli_query($conn, $sql)) { + echo json_encode(array("status" => "success", "message" => "Data berhasil dihapus")); + } else { + echo json_encode(array("status" => "error", "message" => mysqli_error($conn))); + } + } + exit; + } } diff --git a/auth.php b/auth.php new file mode 100644 index 0000000..868df5e --- /dev/null +++ b/auth.php @@ -0,0 +1,58 @@ + diff --git a/dashboard.php b/dashboard.php new file mode 100644 index 0000000..9e2050e --- /dev/null +++ b/dashboard.php @@ -0,0 +1,141 @@ + 0) { + $idIb = getUserIbadahId(); + $qIb = mysqli_query($conn, "SELECT nama FROM tabel_ibadah WHERE id=$idIb"); + if ($qIb && mysqli_num_rows($qIb) > 0) { + $namaIbadah = mysqli_fetch_assoc($qIb)['nama']; + } +} + +$roleLabel = $isAdmin ? 'Admin Pemerintah' : 'Admin Rumah Ibadah'; +?> + + + + + + Dashboard — WebGIS Poverty Mapping + + + + + +
+
+ +

WebGIS Poverty Mapping

+
+
+ + Logout +
+
+
+
+

Selamat Datang, !

+

Anda login sebagai . Pilih menu di bawah untuk mulai mengelola data.

+
+ + 0): ?> +
+ +
+

+

Rumah ibadah yang Anda kelola

+
+
+ + + +
+
Rumah Ibadah
+
Penduduk Miskin
+
Tercakup
+
Belum Tercakup
+
+ + + + +
+ + diff --git a/database/migrate_users.sql b/database/migrate_users.sql new file mode 100644 index 0000000..b838f8a --- /dev/null +++ b/database/migrate_users.sql @@ -0,0 +1,24 @@ +-- ================================================================ +-- Migration: Autentikasi & Otorisasi WebGIS +-- Jalankan di database: webgis +-- ================================================================ + +-- 1. Ubah kolom role dari enum('admin','operator') ke enum baru +ALTER TABLE `users` + MODIFY `role` enum('admin_pemerintah','admin_ibadah') NOT NULL DEFAULT 'admin_ibadah'; + +-- 2. Tambah kolom id_rumah_ibadah (nullable, untuk menghubungkan admin_ibadah ke rumah ibadah) +ALTER TABLE `users` + ADD COLUMN `id_rumah_ibadah` INT(11) DEFAULT NULL AFTER `role`; + +-- 3. Migrasi data user lama +UPDATE `users` SET `role` = 'admin_pemerintah' WHERE `username` = 'admin'; +UPDATE `users` SET `role` = 'admin_ibadah' WHERE `username` = 'operator'; + +-- 4. Tambah kolom status_bantuan di tabel_penduduk untuk fitur konfirmasi penyaluran bantuan +ALTER TABLE `tabel_penduduk` + ADD COLUMN `status_bantuan` ENUM('Belum','Sudah') NOT NULL DEFAULT 'Belum'; + +-- 5. (Opsional) Hubungkan user operator ke rumah ibadah tertentu +-- Jalankan setelah tabel_ibadah memiliki data, ganti ID sesuai kebutuhan +-- UPDATE `users` SET `id_rumah_ibadah` = 1 WHERE `username` = 'operator'; diff --git a/hapus_jalan.php b/hapus_jalan.php index 96a0513..7e89106 100644 --- a/hapus_jalan.php +++ b/hapus_jalan.php @@ -1,4 +1,6 @@ diff --git a/index.php b/index.php index be39b19..4875072 100644 --- a/index.php +++ b/index.php @@ -1,4 +1,10 @@ @@ -143,6 +149,13 @@ include 'koneksi.php'; +
+ + Dashboard + + + Logout + diff --git a/login.php b/login.php new file mode 100644 index 0000000..165cb1a --- /dev/null +++ b/login.php @@ -0,0 +1,105 @@ + + + + + + + Login — WebGIS Poverty Mapping + + + + + +
+
+ +
+ + diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..ea82c68 --- /dev/null +++ b/logout.php @@ -0,0 +1,7 @@ + diff --git a/radius.php b/radius.php index 3db467d..a5b1de9 100644 --- a/radius.php +++ b/radius.php @@ -1,3 +1,10 @@ + @@ -160,12 +167,15 @@ - + + + +

Legenda

@@ -178,6 +188,13 @@ +
+ + Dashboard + + + Logout +
@@ -205,6 +222,11 @@ diff --git a/simpan_jalan.php b/simpan_jalan.php index c27e25a..5b378fd 100644 --- a/simpan_jalan.php +++ b/simpan_jalan.php @@ -1,4 +1,6 @@ diff --git a/update_posisi.php b/update_posisi.php index 58f7cf6..85239d8 100644 --- a/update_posisi.php +++ b/update_posisi.php @@ -1,4 +1,6 @@