Add authentication, roles, dashboard and access control
This commit is contained in:
@@ -2,14 +2,30 @@
|
||||
error_reporting(0);
|
||||
ini_set('display_errors', 0);
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
|
||||
include 'auth.php'; // Middleware auth
|
||||
include 'koneksi.php';
|
||||
|
||||
if (!$conn) {
|
||||
echo json_encode(array("status" => "error", "message" => "Gagal konek DB"));
|
||||
exit;
|
||||
}
|
||||
|
||||
$isAdmin = isAdminPemerintah();
|
||||
$userIbadahId = getUserIbadahId();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$res = array("ibadah" => array(), "penduduk" => array());
|
||||
$qI = mysqli_query($conn, "SELECT id, nama, latitude, longitude, radius FROM tabel_ibadah");
|
||||
|
||||
// Filter ibadah: admin pemerintah lihat semua, admin ibadah lihat miliknya saja
|
||||
$sqlIbadah = "SELECT id, nama, latitude, longitude, radius FROM tabel_ibadah";
|
||||
if (!$isAdmin && $userIbadahId > 0) {
|
||||
$sqlIbadah .= " WHERE id = $userIbadahId";
|
||||
} else if (!$isAdmin) {
|
||||
$sqlIbadah .= " WHERE id = 0"; // Jika tidak ada id_rumah_ibadah, jangan tampilkan apa-apa
|
||||
}
|
||||
|
||||
$qI = mysqli_query($conn, $sqlIbadah);
|
||||
if($qI){
|
||||
while($r = mysqli_fetch_assoc($qI)) {
|
||||
$res["ibadah"][] = array(
|
||||
@@ -21,7 +37,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
);
|
||||
}
|
||||
}
|
||||
$qP = mysqli_query($conn, "SELECT id, nama, latitude, longitude, status_warna FROM tabel_penduduk");
|
||||
|
||||
// Ambil data penduduk (termasuk status_bantuan)
|
||||
$qP = mysqli_query($conn, "SELECT id, nama, latitude, longitude, status_warna, status_bantuan FROM tabel_penduduk");
|
||||
if($qP){
|
||||
while($r = mysqli_fetch_assoc($qP)) {
|
||||
$res["penduduk"][] = array(
|
||||
@@ -29,32 +47,56 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
"nama_penduduk" => $r['nama'],
|
||||
"latitude" => (float)$r['latitude'],
|
||||
"longitude" => (float)$r['longitude'],
|
||||
"status_warna" => $r['status_warna']
|
||||
"status_warna" => $r['status_warna'],
|
||||
"status_bantuan" => $r['status_bantuan'] ?? 'Belum'
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
echo json_encode($res);
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
// Tambah Ibadah (Hanya Admin Rumah Ibadah)
|
||||
if (isset($_POST['type']) && $_POST['type'] === 'ibadah') {
|
||||
if ($isAdmin) {
|
||||
echo json_encode(array("status" => "error", "message" => "Hanya Admin Rumah Ibadah yang dapat menambah data ini")); exit;
|
||||
}
|
||||
|
||||
// Opsional: cegah jika admin ibadah sudah punya rumah ibadah
|
||||
if (isset($_SESSION['id_rumah_ibadah']) && $_SESSION['id_rumah_ibadah'] > 0) {
|
||||
echo json_encode(array("status" => "error", "message" => "Anda sudah mengelola satu rumah ibadah. Hapus yang lama terlebih dahulu jika ingin mengganti.")); exit;
|
||||
}
|
||||
|
||||
$nama = mysqli_real_escape_string($conn, $_POST['nama_ibadah']);
|
||||
$lat = (float)$_POST['latitude'];
|
||||
$lng = (float)$_POST['longitude'];
|
||||
$rad = (int)$_POST['radius'];
|
||||
|
||||
$sql = "INSERT INTO tabel_ibadah (nama, latitude, longitude, radius) VALUES ('$nama', $lat, $lng, $rad)";
|
||||
if (mysqli_query($conn, $sql)) {
|
||||
echo json_encode(array("status" => "success", "message" => "Berhasil Simpan"));
|
||||
$new_id = mysqli_insert_id($conn);
|
||||
$user_id = $_SESSION['user_id'];
|
||||
mysqli_query($conn, "UPDATE users SET id_rumah_ibadah = $new_id WHERE id = $user_id");
|
||||
$_SESSION['id_rumah_ibadah'] = $new_id;
|
||||
|
||||
echo json_encode(array("status" => "success", "message" => "Berhasil Simpan Rumah Ibadah"));
|
||||
} else {
|
||||
echo json_encode(array("status" => "error", "message" => mysqli_error($conn)));
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
// Tambah Penduduk (Hanya Admin Pemerintah)
|
||||
if (isset($_POST['type']) && $_POST['type'] === 'penduduk') {
|
||||
if (!$isAdmin) {
|
||||
echo json_encode(array("status" => "error", "message" => "Tidak ada akses")); exit;
|
||||
}
|
||||
$nama = mysqli_real_escape_string($conn, $_POST['nama_penduduk']);
|
||||
$lat = (float)$_POST['latitude'];
|
||||
$lng = (float)$_POST['longitude'];
|
||||
$sql = "INSERT INTO tabel_penduduk (nama, latitude, longitude, status_warna) VALUES ('$nama', $lat, $lng, 'Merah')";
|
||||
$sql = "INSERT INTO tabel_penduduk (nama, latitude, longitude, status_warna, status_bantuan) VALUES ('$nama', $lat, $lng, 'Merah', 'Belum')";
|
||||
if (mysqli_query($conn, $sql)) {
|
||||
echo json_encode(array("status" => "success", "message" => "Berhasil Simpan"));
|
||||
} else {
|
||||
@@ -62,6 +104,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
// Update Warna (Boleh siapa saja, otomatis oleh sistem radius.php)
|
||||
if (isset($_POST['action']) && $_POST['action'] === 'update_warna') {
|
||||
$id = (int)$_POST['id'];
|
||||
$warna = mysqli_real_escape_string($conn, $_POST['status_warna']);
|
||||
@@ -73,19 +117,82 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
// Hapus Data
|
||||
if (isset($_POST['action']) && $_POST['action'] === 'hapus') {
|
||||
|
||||
// Update Radius Ibadah
|
||||
if (isset($_POST['action']) && $_POST['action'] === 'update_radius') {
|
||||
$id = (int)$_POST['id'];
|
||||
$type = $_POST['type_hapus'];
|
||||
$table = ($type === 'ibadah') ? 'tabel_ibadah' : 'tabel_penduduk';
|
||||
$rad = (int)$_POST['radius'];
|
||||
|
||||
$sql = "DELETE FROM $table WHERE id = $id";
|
||||
// Hanya Admin Ibadah untuk miliknya
|
||||
if ($isAdmin) {
|
||||
echo json_encode(array("status" => "error", "message" => "Admin Pemerintah tidak bisa mengubah radius")); exit;
|
||||
}
|
||||
if ($id !== $userIbadahId) {
|
||||
echo json_encode(array("status" => "error", "message" => "Akses ditolak")); exit;
|
||||
}
|
||||
|
||||
$sql = "UPDATE tabel_ibadah SET radius = $rad WHERE id = $id";
|
||||
if (mysqli_query($conn, $sql)) {
|
||||
echo json_encode(array("status" => "success", "message" => "Data berhasil dihapus"));
|
||||
echo json_encode(array("status" => "success", "message" => "Radius berhasil diubah"));
|
||||
} else {
|
||||
echo json_encode(array("status" => "error", "message" => mysqli_error($conn)));
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
// Konfirmasi Penyaluran Bantuan
|
||||
if (isset($_POST['action']) && $_POST['action'] === 'konfirmasi_bantuan') {
|
||||
$id = (int)$_POST['id'];
|
||||
// Hanya admin ibadah yg biasa mengonfirmasi (atau pemerintah juga boleh)
|
||||
$sql = "UPDATE tabel_penduduk SET status_bantuan = 'Sudah' WHERE id = $id";
|
||||
if (mysqli_query($conn, $sql)) {
|
||||
echo json_encode(array("status" => "success", "message" => "Bantuan berhasil dikonfirmasi"));
|
||||
} else {
|
||||
echo json_encode(array("status" => "error", "message" => mysqli_error($conn)));
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
// Hapus Data
|
||||
if (isset($_POST['action']) && $_POST['action'] === 'hapus') {
|
||||
$id = (int)$_POST['id'];
|
||||
$type = $_POST['type_hapus'];
|
||||
|
||||
if ($type === 'ibadah') {
|
||||
// Hanya Admin Ibadah yang bisa menghapus rumah ibadah miliknya
|
||||
if ($isAdmin) {
|
||||
echo json_encode(array("status" => "error", "message" => "Admin Pemerintah tidak diizinkan menghapus data rumah ibadah")); exit;
|
||||
}
|
||||
if ($id !== (int)$_SESSION['id_rumah_ibadah']) {
|
||||
echo json_encode(array("status" => "error", "message" => "Tidak ada akses untuk menghapus rumah ibadah ini")); exit;
|
||||
}
|
||||
$table = 'tabel_ibadah';
|
||||
|
||||
$sql = "DELETE FROM $table WHERE id = $id";
|
||||
if (mysqli_query($conn, $sql)) {
|
||||
// Jika yang hapus adalah admin ibadah (pemilik), hapus keterkaitannya
|
||||
if (!$isAdmin) {
|
||||
$user_id = $_SESSION['user_id'];
|
||||
mysqli_query($conn, "UPDATE users SET id_rumah_ibadah = NULL WHERE id = $user_id");
|
||||
$_SESSION['id_rumah_ibadah'] = null;
|
||||
}
|
||||
echo json_encode(array("status" => "success", "message" => "Data berhasil dihapus"));
|
||||
} else {
|
||||
echo json_encode(array("status" => "error", "message" => mysqli_error($conn)));
|
||||
}
|
||||
} else {
|
||||
// Hapus penduduk hanya untuk admin pemerintah
|
||||
if (!$isAdmin) {
|
||||
echo json_encode(array("status" => "error", "message" => "Tidak ada akses menghapus data penduduk")); exit;
|
||||
}
|
||||
$table = 'tabel_penduduk';
|
||||
$sql = "DELETE FROM $table WHERE id = $id";
|
||||
if (mysqli_query($conn, $sql)) {
|
||||
echo json_encode(array("status" => "success", "message" => "Data berhasil dihapus"));
|
||||
} else {
|
||||
echo json_encode(array("status" => "error", "message" => mysqli_error($conn)));
|
||||
}
|
||||
}
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user