feat: implement full authentication system and CRUD APIs for users, rumah ibadah, and penduduk miskin with database updates.
This commit is contained in:
@@ -0,0 +1,56 @@
|
||||
<?php
|
||||
if (session_status() === PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
|
||||
function isLoggedIn() {
|
||||
return isset($_SESSION['user_id']);
|
||||
}
|
||||
|
||||
function getCurrentUser() {
|
||||
if (!isLoggedIn()) {
|
||||
return null;
|
||||
}
|
||||
return [
|
||||
'id' => $_SESSION['user_id'],
|
||||
'username' => $_SESSION['username'],
|
||||
'role' => $_SESSION['role'],
|
||||
'ibadah_id' => $_SESSION['ibadah_id'] ? intval($_SESSION['ibadah_id']) : null
|
||||
];
|
||||
}
|
||||
|
||||
function requireLogin() {
|
||||
if (!isLoggedIn()) {
|
||||
header('HTTP/1.1 401 Unauthorized');
|
||||
echo json_encode(['status' => 'error', 'message' => 'Unauthorized: Silakan login terlebih dahulu.']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
function requireAdmin() {
|
||||
requireLogin();
|
||||
if ($_SESSION['role'] !== 'admin') {
|
||||
header('HTTP/1.1 403 Forbidden');
|
||||
echo json_encode(['status' => 'error', 'message' => 'Forbidden: Akses ditolak. Hanya Admin yang diizinkan.']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
function requireAdminOrPengelola() {
|
||||
requireLogin();
|
||||
if ($_SESSION['role'] !== 'admin' && $_SESSION['role'] !== 'pengelola') {
|
||||
header('HTTP/1.1 403 Forbidden');
|
||||
echo json_encode(['status' => 'error', 'message' => 'Forbidden: Akses ditolak.']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
function canManageIbadah($ibadah_id) {
|
||||
if (!isLoggedIn()) return false;
|
||||
if ($_SESSION['role'] === 'admin') return true;
|
||||
if ($_SESSION['role'] === 'pengelola') {
|
||||
return intval($_SESSION['ibadah_id']) === intval($ibadah_id);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
?>
|
||||
@@ -0,0 +1,27 @@
|
||||
<?php
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
|
||||
if (session_status() === PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
|
||||
if (isset($_SESSION['user_id'])) {
|
||||
echo json_encode([
|
||||
'status' => 'success',
|
||||
'isLoggedIn' => true,
|
||||
'data' => [
|
||||
'id' => intval($_SESSION['user_id']),
|
||||
'username' => $_SESSION['username'],
|
||||
'role' => $_SESSION['role'],
|
||||
'ibadah_id' => $_SESSION['ibadah_id'] ? intval($_SESSION['ibadah_id']) : null,
|
||||
'nama_ibadah' => $_SESSION['nama_ibadah'] ?? null
|
||||
]
|
||||
]);
|
||||
} else {
|
||||
echo json_encode([
|
||||
'status' => 'success',
|
||||
'isLoggedIn' => false,
|
||||
'data' => null
|
||||
]);
|
||||
}
|
||||
?>
|
||||
@@ -1,23 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
if(!empty($data->geom)) {
|
||||
$nama = $conn->real_escape_string($data->nama ?? 'Jalan Baru');
|
||||
$status = $conn->real_escape_string($data->status ?? 'Kabupaten');
|
||||
$panjang = (float)($data->panjang ?? 0);
|
||||
$geom = $conn->real_escape_string(json_encode($data->geom)); // GeoJSON string
|
||||
|
||||
$query = "INSERT INTO jalan (nama, status, panjang, geom) VALUES ('$nama', '$status', $panjang, ST_GeomFromGeoJSON('$geom'))";
|
||||
|
||||
if($conn->query($query)) {
|
||||
echo json_encode(["status" => "success", "id" => $conn->insert_id, "message" => "Jalan berhasil ditambahkan."]);
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Gagal menambahkan jalan: " . $conn->error]);
|
||||
}
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Data geometri tidak lengkap."]);
|
||||
}
|
||||
?>
|
||||
@@ -1,20 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
if(!empty($data->id)) {
|
||||
$id = (int)$data->id;
|
||||
|
||||
$query = "DELETE FROM jalan WHERE id=$id";
|
||||
|
||||
if($conn->query($query)) {
|
||||
echo json_encode(["status" => "success", "message" => "Jalan berhasil dihapus."]);
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Gagal hapus jalan: " . $conn->error]);
|
||||
}
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "ID tidak diberikan."]);
|
||||
}
|
||||
?>
|
||||
@@ -1,25 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$query = "SELECT id, nama, status, panjang, ST_AsGeoJSON(geom) as geom FROM jalan";
|
||||
$result = $conn->query($query);
|
||||
|
||||
$jalan_arr = array();
|
||||
|
||||
if($result->num_rows > 0) {
|
||||
while($row = $result->fetch_assoc()) {
|
||||
$jalan_item = array(
|
||||
"id" => $row['id'],
|
||||
"nama" => $row['nama'],
|
||||
"status" => $row['status'],
|
||||
"panjang" => (float)$row['panjang'],
|
||||
"geom" => json_decode($row['geom'])
|
||||
);
|
||||
array_push($jalan_arr, $jalan_item);
|
||||
}
|
||||
echo json_encode(["status" => "success", "data" => $jalan_arr]);
|
||||
} else {
|
||||
echo json_encode(["status" => "success", "data" => []]);
|
||||
}
|
||||
?>
|
||||
@@ -1,29 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
if(!empty($data->id)) {
|
||||
$id = (int)$data->id;
|
||||
$nama = $conn->real_escape_string($data->nama ?? '');
|
||||
$status = $conn->real_escape_string($data->status ?? 'Kabupaten');
|
||||
|
||||
// Jika ada update geometri
|
||||
if(!empty($data->geom)) {
|
||||
$panjang = (float)($data->panjang ?? 0);
|
||||
$geom = $conn->real_escape_string(json_encode($data->geom));
|
||||
$query = "UPDATE jalan SET nama='$nama', status='$status', panjang=$panjang, geom=ST_GeomFromGeoJSON('$geom') WHERE id=$id";
|
||||
} else {
|
||||
$query = "UPDATE jalan SET nama='$nama', status='$status' WHERE id=$id";
|
||||
}
|
||||
|
||||
if($conn->query($query)) {
|
||||
echo json_encode(["status" => "success", "message" => "Jalan berhasil diupdate."]);
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Gagal update jalan: " . $conn->error]);
|
||||
}
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "ID tidak diberikan."]);
|
||||
}
|
||||
?>
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
require_once '../auth_helper.php';
|
||||
requireAdminOrPengelola();
|
||||
require_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents('php://input'), true);
|
||||
@@ -10,6 +12,14 @@ $tipe_bantuan = trim($data['tipe_bantuan'] ?? '');
|
||||
$tanggal = trim($data['tanggal'] ?? '');
|
||||
$keterangan = trim($data['keterangan'] ?? '');
|
||||
|
||||
if ($_SESSION['role'] === 'pengelola') {
|
||||
if ($ibadah_id !== intval($_SESSION['ibadah_id'])) {
|
||||
header('HTTP/1.1 403 Forbidden');
|
||||
echo json_encode(['status' => 'error', 'message' => 'Forbidden: Anda tidak diizinkan membuat log untuk rumah ibadah lain.']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$miskin_id || !$ibadah_id || !$tipe_bantuan || !$tanggal) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Data tidak lengkap']);
|
||||
exit;
|
||||
|
||||
@@ -0,0 +1,55 @@
|
||||
<?php
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
require_once 'db_connect.php';
|
||||
|
||||
if (session_status() === PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
|
||||
$data = json_decode(file_get_contents('php://input'), true);
|
||||
$username = trim($data['username'] ?? '');
|
||||
$password = trim($data['password'] ?? '');
|
||||
|
||||
if (empty($username) || empty($password)) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Username dan password wajib diisi']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Cari user di database
|
||||
$sql = "SELECT u.*, ri.nama as nama_ibadah
|
||||
FROM users u
|
||||
LEFT JOIN rumah_ibadah ri ON u.ibadah_id = ri.id
|
||||
WHERE u.username = ?";
|
||||
$stmt = $conn->prepare($sql);
|
||||
$stmt->bind_param('s', $username);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
if ($result->num_rows === 1) {
|
||||
$user = $result->fetch_assoc();
|
||||
// Verifikasi password
|
||||
if (password_verify($password, $user['password'])) {
|
||||
$_SESSION['user_id'] = $user['id'];
|
||||
$_SESSION['username'] = $user['username'];
|
||||
$_SESSION['role'] = $user['role'];
|
||||
$_SESSION['ibadah_id'] = $user['ibadah_id'];
|
||||
$_SESSION['nama_ibadah'] = $user['nama_ibadah'];
|
||||
|
||||
echo json_encode([
|
||||
'status' => 'success',
|
||||
'message' => 'Login berhasil',
|
||||
'data' => [
|
||||
'id' => intval($user['id']),
|
||||
'username' => $user['username'],
|
||||
'role' => $user['role'],
|
||||
'ibadah_id' => $user['ibadah_id'] ? intval($user['ibadah_id']) : null,
|
||||
'nama_ibadah' => $user['nama_ibadah']
|
||||
]
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
echo json_encode(['status' => 'error', 'message' => 'Username atau password salah']);
|
||||
$conn->close();
|
||||
?>
|
||||
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
|
||||
if (session_status() === PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
|
||||
$_SESSION = array();
|
||||
|
||||
if (ini_get("session.use_cookies")) {
|
||||
$params = session_get_cookie_params();
|
||||
setcookie(session_name(), '', time() - 42000,
|
||||
$params["path"], $params["domain"],
|
||||
$params["secure"], $params["httponly"]
|
||||
);
|
||||
}
|
||||
|
||||
session_destroy();
|
||||
|
||||
echo json_encode(['status' => 'success', 'message' => 'Logout berhasil']);
|
||||
?>
|
||||
@@ -1,23 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
if(!empty($data->geom)) {
|
||||
$nama = $conn->real_escape_string($data->nama ?? '');
|
||||
$status = $conn->real_escape_string($data->status ?? 'SHM');
|
||||
$luas = (float)($data->luas ?? 0);
|
||||
$geom = $conn->real_escape_string(json_encode($data->geom)); // GeoJSON string
|
||||
|
||||
$query = "INSERT INTO parsil (nama, status, luas, geom) VALUES ('$nama', '$status', $luas, ST_GeomFromGeoJSON('$geom'))";
|
||||
|
||||
if($conn->query($query)) {
|
||||
echo json_encode(["status" => "success", "id" => $conn->insert_id, "message" => "Parsil berhasil ditambahkan."]);
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Gagal menambahkan parsil: " . $conn->error]);
|
||||
}
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Data geometri tidak lengkap."]);
|
||||
}
|
||||
?>
|
||||
@@ -1,20 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
if(!empty($data->id)) {
|
||||
$id = (int)$data->id;
|
||||
|
||||
$query = "DELETE FROM parsil WHERE id=$id";
|
||||
|
||||
if($conn->query($query)) {
|
||||
echo json_encode(["status" => "success", "message" => "Parsil berhasil dihapus."]);
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Gagal hapus parsil: " . $conn->error]);
|
||||
}
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "ID tidak diberikan."]);
|
||||
}
|
||||
?>
|
||||
@@ -1,25 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$query = "SELECT id, nama, status, luas, ST_AsGeoJSON(geom) as geom FROM parsil";
|
||||
$result = $conn->query($query);
|
||||
|
||||
$parsil_arr = array();
|
||||
|
||||
if($result->num_rows > 0) {
|
||||
while($row = $result->fetch_assoc()) {
|
||||
$parsil_item = array(
|
||||
"id" => $row['id'],
|
||||
"nama" => $row['nama'],
|
||||
"status" => $row['status'],
|
||||
"luas" => (float)$row['luas'],
|
||||
"geom" => json_decode($row['geom'])
|
||||
);
|
||||
array_push($parsil_arr, $parsil_item);
|
||||
}
|
||||
echo json_encode(["status" => "success", "data" => $parsil_arr]);
|
||||
} else {
|
||||
echo json_encode(["status" => "success", "data" => []]);
|
||||
}
|
||||
?>
|
||||
@@ -1,29 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
if(!empty($data->id)) {
|
||||
$id = (int)$data->id;
|
||||
$nama = $conn->real_escape_string($data->nama ?? '');
|
||||
$status = $conn->real_escape_string($data->status ?? 'SHM');
|
||||
|
||||
// Jika ada update geometri
|
||||
if(!empty($data->geom)) {
|
||||
$luas = (float)($data->luas ?? 0);
|
||||
$geom = $conn->real_escape_string(json_encode($data->geom));
|
||||
$query = "UPDATE parsil SET nama='$nama', status='$status', luas=$luas, geom=ST_GeomFromGeoJSON('$geom') WHERE id=$id";
|
||||
} else {
|
||||
$query = "UPDATE parsil SET nama='$nama', status='$status' WHERE id=$id";
|
||||
}
|
||||
|
||||
if($conn->query($query)) {
|
||||
echo json_encode(["status" => "success", "message" => "Parsil berhasil diupdate."]);
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Gagal update parsil: " . $conn->error]);
|
||||
}
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "ID tidak diberikan."]);
|
||||
}
|
||||
?>
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
require_once '../auth_helper.php';
|
||||
requireAdminOrPengelola();
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
@@ -1,18 +1,70 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
require_once '../auth_helper.php';
|
||||
requireAdminOrPengelola();
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
$nama = '';
|
||||
$kategori = 'Makan';
|
||||
$jumlah_jiwa = 1;
|
||||
$lat = 0.0;
|
||||
$lng = 0.0;
|
||||
|
||||
if (!empty($data->lat) && !empty($data->lng)) {
|
||||
$nama = $conn->real_escape_string($data->nama ?? '');
|
||||
$kategori = $conn->real_escape_string($data->kategori_bantuan ?? 'Makan');
|
||||
$jumlah_jiwa = (int)($data->jumlah_jiwa ?? 1);
|
||||
$lat = (float)$data->lat;
|
||||
$lng = (float)$data->lng;
|
||||
if (!empty($_POST)) {
|
||||
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
|
||||
$kategori = $conn->real_escape_string($_POST['kategori_bantuan'] ?? 'Makan');
|
||||
$jumlah_jiwa = (int)($_POST['jumlah_jiwa'] ?? 1);
|
||||
$lat = (float)($_POST['lat'] ?? 0);
|
||||
$lng = (float)($_POST['lng'] ?? 0);
|
||||
} else {
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
if ($data) {
|
||||
$nama = $conn->real_escape_string($data->nama ?? '');
|
||||
$kategori = $conn->real_escape_string($data->kategori_bantuan ?? 'Makan');
|
||||
$jumlah_jiwa = (int)($data->jumlah_jiwa ?? 1);
|
||||
$lat = (float)($data->lat ?? 0);
|
||||
$lng = (float)($data->lng ?? 0);
|
||||
}
|
||||
}
|
||||
|
||||
$query = "INSERT INTO penduduk_miskin (nama, kategori_bantuan, jumlah_jiwa, lat, lng)
|
||||
VALUES ('$nama', '$kategori', $jumlah_jiwa, $lat, $lng)";
|
||||
if ($lat != 0 && $lng != 0) {
|
||||
$upload_dir = "../../uploads/";
|
||||
if (!file_exists($upload_dir)) {
|
||||
mkdir($upload_dir, 0777, true);
|
||||
}
|
||||
|
||||
$foto_rumah = null;
|
||||
$foto_kk = null;
|
||||
|
||||
function uploadFile($fileKey, $upload_dir) {
|
||||
if (isset($_FILES[$fileKey]) && $_FILES[$fileKey]['error'] === UPLOAD_ERR_OK) {
|
||||
$fileTmpPath = $_FILES[$fileKey]['tmp_name'];
|
||||
$fileName = $_FILES[$fileKey]['name'];
|
||||
|
||||
$fileNameCmps = explode(".", $fileName);
|
||||
$fileExtension = strtolower(end($fileNameCmps));
|
||||
|
||||
$allowedfileExtensions = array('jpg', 'jpeg', 'png', 'gif');
|
||||
if (in_array($fileExtension, $allowedfileExtensions)) {
|
||||
$newFileName = uniqid() . '_' . preg_replace('/[^a-zA-Z0-9\._-]/', '_', $fileName);
|
||||
$dest_path = $upload_dir . $newFileName;
|
||||
|
||||
if (move_uploaded_file($fileTmpPath, $dest_path)) {
|
||||
return $newFileName;
|
||||
}
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
$foto_rumah = uploadFile('foto_rumah', $upload_dir);
|
||||
$foto_kk = uploadFile('foto_kk', $upload_dir);
|
||||
|
||||
$val_foto_rumah = $foto_rumah ? "'$foto_rumah'" : "NULL";
|
||||
$val_foto_kk = $foto_kk ? "'$foto_kk'" : "NULL";
|
||||
|
||||
$query = "INSERT INTO penduduk_miskin (nama, kategori_bantuan, jumlah_jiwa, lat, lng, foto_rumah, foto_kk)
|
||||
VALUES ('$nama', '$kategori', $jumlah_jiwa, $lat, $lng, $val_foto_rumah, $val_foto_kk)";
|
||||
|
||||
if ($conn->query($query)) {
|
||||
echo json_encode(["status" => "success", "id" => $conn->insert_id, "message" => "Berhasil ditambahkan."]);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
require_once '../auth_helper.php';
|
||||
requireAdminOrPengelola();
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
@@ -15,7 +15,9 @@ if($result->num_rows > 0) {
|
||||
"kategori_bantuan" => $row['kategori_bantuan'],
|
||||
"jumlah_jiwa" => isset($row['jumlah_jiwa']) ? (int)$row['jumlah_jiwa'] : 1,
|
||||
"lat" => (float)$row['lat'],
|
||||
"lng" => (float)$row['lng']
|
||||
"lng" => (float)$row['lng'],
|
||||
"foto_rumah" => $row['foto_rumah'],
|
||||
"foto_kk" => $row['foto_kk']
|
||||
);
|
||||
array_push($arr, $item);
|
||||
}
|
||||
|
||||
@@ -1,20 +1,100 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
require_once '../auth_helper.php';
|
||||
requireAdminOrPengelola();
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
$id = 0;
|
||||
$nama = '';
|
||||
$kategori = 'Makan';
|
||||
$jumlah_jiwa = 1;
|
||||
$lat = 0.0;
|
||||
$lng = 0.0;
|
||||
|
||||
if (!empty($data->id)) {
|
||||
$id = (int)$data->id;
|
||||
$nama = $conn->real_escape_string($data->nama ?? '');
|
||||
$kategori = $conn->real_escape_string($data->kategori_bantuan ?? 'Makan');
|
||||
$jumlah_jiwa = (int)($data->jumlah_jiwa ?? 1);
|
||||
$lat = (float)$data->lat;
|
||||
$lng = (float)$data->lng;
|
||||
if (!empty($_POST)) {
|
||||
$id = (int)($_POST['id'] ?? 0);
|
||||
$nama = $conn->real_escape_string($_POST['nama'] ?? '');
|
||||
$kategori = $conn->real_escape_string($_POST['kategori_bantuan'] ?? 'Makan');
|
||||
$jumlah_jiwa = (int)($_POST['jumlah_jiwa'] ?? 1);
|
||||
$lat = (float)($_POST['lat'] ?? 0);
|
||||
$lng = (float)($_POST['lng'] ?? 0);
|
||||
} else {
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
if ($data) {
|
||||
$id = (int)($data->id ?? 0);
|
||||
$nama = $conn->real_escape_string($data->nama ?? '');
|
||||
$kategori = $conn->real_escape_string($data->kategori_bantuan ?? 'Makan');
|
||||
$jumlah_jiwa = (int)($data->jumlah_jiwa ?? 1);
|
||||
$lat = (float)($data->lat ?? 0);
|
||||
$lng = (float)($data->lng ?? 0);
|
||||
}
|
||||
}
|
||||
|
||||
$query = "UPDATE penduduk_miskin
|
||||
SET nama='$nama', kategori_bantuan='$kategori', jumlah_jiwa=$jumlah_jiwa, lat=$lat, lng=$lng
|
||||
WHERE id=$id";
|
||||
if ($id > 0) {
|
||||
// Get current files to delete them if updated
|
||||
$old_foto_rumah = null;
|
||||
$old_foto_kk = null;
|
||||
$res = $conn->query("SELECT foto_rumah, foto_kk FROM penduduk_miskin WHERE id=$id");
|
||||
if ($res && $row = $res->fetch_assoc()) {
|
||||
$old_foto_rumah = $row['foto_rumah'];
|
||||
$old_foto_kk = $row['foto_kk'];
|
||||
}
|
||||
|
||||
$upload_dir = "../../uploads/";
|
||||
if (!file_exists($upload_dir)) {
|
||||
mkdir($upload_dir, 0777, true);
|
||||
}
|
||||
|
||||
$foto_rumah = null;
|
||||
$foto_kk = null;
|
||||
|
||||
function uploadFile($fileKey, $upload_dir) {
|
||||
if (isset($_FILES[$fileKey]) && $_FILES[$fileKey]['error'] === UPLOAD_ERR_OK) {
|
||||
$fileTmpPath = $_FILES[$fileKey]['tmp_name'];
|
||||
$fileName = $_FILES[$fileKey]['name'];
|
||||
|
||||
$fileNameCmps = explode(".", $fileName);
|
||||
$fileExtension = strtolower(end($fileNameCmps));
|
||||
|
||||
$allowedfileExtensions = array('jpg', 'jpeg', 'png', 'gif');
|
||||
if (in_array($fileExtension, $allowedfileExtensions)) {
|
||||
$newFileName = uniqid() . '_' . preg_replace('/[^a-zA-Z0-9\._-]/', '_', $fileName);
|
||||
$dest_path = $upload_dir . $newFileName;
|
||||
|
||||
if (move_uploaded_file($fileTmpPath, $dest_path)) {
|
||||
return $newFileName;
|
||||
}
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
$foto_rumah = uploadFile('foto_rumah', $upload_dir);
|
||||
$foto_kk = uploadFile('foto_kk', $upload_dir);
|
||||
|
||||
// Build update fields
|
||||
$update_fields = [
|
||||
"nama='$nama'",
|
||||
"kategori_bantuan='$kategori'",
|
||||
"jumlah_jiwa=$jumlah_jiwa",
|
||||
"lat=$lat",
|
||||
"lng=$lng"
|
||||
];
|
||||
|
||||
if ($foto_rumah !== null) {
|
||||
$update_fields[] = "foto_rumah='$foto_rumah'";
|
||||
if ($old_foto_rumah && file_exists($upload_dir . $old_foto_rumah)) {
|
||||
unlink($upload_dir . $old_foto_rumah);
|
||||
}
|
||||
}
|
||||
if ($foto_kk !== null) {
|
||||
$update_fields[] = "foto_kk='$foto_kk'";
|
||||
if ($old_foto_kk && file_exists($upload_dir . $old_foto_kk)) {
|
||||
unlink($upload_dir . $old_foto_kk);
|
||||
}
|
||||
}
|
||||
|
||||
$query = "UPDATE penduduk_miskin SET " . implode(", ", $update_fields) . " WHERE id=$id";
|
||||
|
||||
if ($conn->query($query)) {
|
||||
echo json_encode(["status" => "success", "message" => "Update berhasil."]);
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
require_once '../auth_helper.php';
|
||||
requireAdmin();
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
require_once '../auth_helper.php';
|
||||
requireAdmin();
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
require_once '../auth_helper.php';
|
||||
requireAdmin();
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
if(!empty($data->lat) && !empty($data->lng)) {
|
||||
$nama = $conn->real_escape_string($data->nama ?? '');
|
||||
$no_wa = $conn->real_escape_string($data->no_wa ?? '');
|
||||
$is_24_jam = isset($data->is_24_jam) ? (int)$data->is_24_jam : 0;
|
||||
$lat = (float)$data->lat;
|
||||
$lng = (float)$data->lng;
|
||||
|
||||
$query = "INSERT INTO spbu (nama, no_wa, is_24_jam, lat, lng) VALUES ('$nama', '$no_wa', $is_24_jam, $lat, $lng)";
|
||||
|
||||
if($conn->query($query)) {
|
||||
echo json_encode(["status" => "success", "id" => $conn->insert_id, "message" => "SPBU berhasil ditambahkan."]);
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Gagal menambahkan SPBU: " . $conn->error]);
|
||||
}
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Data tidak lengkap."]);
|
||||
}
|
||||
?>
|
||||
@@ -1,20 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
if(!empty($data->id)) {
|
||||
$id = (int)$data->id;
|
||||
|
||||
$query = "DELETE FROM spbu WHERE id=$id";
|
||||
|
||||
if($conn->query($query)) {
|
||||
echo json_encode(["status" => "success", "message" => "SPBU berhasil dihapus."]);
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Gagal hapus SPBU: " . $conn->error]);
|
||||
}
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "ID tidak diberikan."]);
|
||||
}
|
||||
?>
|
||||
@@ -1,26 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$query = "SELECT * FROM spbu";
|
||||
$result = $conn->query($query);
|
||||
|
||||
$spbu_arr = array();
|
||||
|
||||
if($result->num_rows > 0) {
|
||||
while($row = $result->fetch_assoc()) {
|
||||
$spbu_item = array(
|
||||
"id" => $row['id'],
|
||||
"nama" => $row['nama'],
|
||||
"no_wa" => $row['no_wa'],
|
||||
"is_24_jam" => (bool)$row['is_24_jam'],
|
||||
"lat" => (float)$row['lat'],
|
||||
"lng" => (float)$row['lng']
|
||||
);
|
||||
array_push($spbu_arr, $spbu_item);
|
||||
}
|
||||
echo json_encode(["status" => "success", "data" => $spbu_arr]);
|
||||
} else {
|
||||
echo json_encode(["status" => "success", "data" => []]);
|
||||
}
|
||||
?>
|
||||
@@ -1,25 +0,0 @@
|
||||
<?php
|
||||
header("Content-Type: application/json; charset=UTF-8");
|
||||
include_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
|
||||
if(!empty($data->id) && !empty($data->lat) && !empty($data->lng)) {
|
||||
$id = (int)$data->id;
|
||||
$nama = $conn->real_escape_string($data->nama ?? '');
|
||||
$no_wa = $conn->real_escape_string($data->no_wa ?? '');
|
||||
$is_24_jam = isset($data->is_24_jam) ? (int)$data->is_24_jam : 0;
|
||||
$lat = (float)$data->lat;
|
||||
$lng = (float)$data->lng;
|
||||
|
||||
$query = "UPDATE spbu SET nama='$nama', no_wa='$no_wa', is_24_jam=$is_24_jam, lat=$lat, lng=$lng WHERE id=$id";
|
||||
|
||||
if($conn->query($query)) {
|
||||
echo json_encode(["status" => "success", "message" => "SPBU berhasil diupdate."]);
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Gagal update SPBU: " . $conn->error]);
|
||||
}
|
||||
} else {
|
||||
echo json_encode(["status" => "error", "message" => "Data tidak lengkap."]);
|
||||
}
|
||||
?>
|
||||
@@ -0,0 +1,47 @@
|
||||
<?php
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
require_once '../auth_helper.php';
|
||||
requireAdmin();
|
||||
require_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
$username = trim($data['username'] ?? '');
|
||||
$password = trim($data['password'] ?? '');
|
||||
$role = trim($data['role'] ?? 'pengelola');
|
||||
$ibadah_id = !empty($data['ibadah_id']) ? intval($data['ibadah_id']) : null;
|
||||
|
||||
if (empty($username) || empty($password)) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Username dan password wajib diisi']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($role !== 'admin' && $role !== 'pengelola') {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Role tidak valid']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Cek apakah username sudah ada
|
||||
$stmt = $conn->prepare("SELECT id FROM users WHERE username = ?");
|
||||
$stmt->bind_param('s', $username);
|
||||
$stmt->execute();
|
||||
if ($stmt->get_result()->num_rows > 0) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Username sudah digunakan']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Hash password
|
||||
$hashed_password = password_hash($password, PASSWORD_BCRYPT);
|
||||
|
||||
// Insert user baru
|
||||
$stmt = $conn->prepare("INSERT INTO users (username, password, role, ibadah_id) VALUES (?, ?, ?, ?)");
|
||||
$stmt->bind_param('sssi', $username, $hashed_password, $role, $ibadah_id);
|
||||
|
||||
if ($stmt->execute()) {
|
||||
echo json_encode(['status' => 'success', 'message' => 'User berhasil ditambahkan', 'id' => $stmt->insert_id]);
|
||||
} else {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Gagal menambahkan user: ' . $conn->error]);
|
||||
}
|
||||
|
||||
$conn->close();
|
||||
?>
|
||||
@@ -0,0 +1,30 @@
|
||||
<?php
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
require_once '../auth_helper.php';
|
||||
requireAdmin();
|
||||
require_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents('php://input'), true);
|
||||
$id = intval($data['id'] ?? 0);
|
||||
|
||||
if (!$id) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'ID tidak valid']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($id === intval($_SESSION['user_id'])) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Anda tidak bisa menghapus akun Anda sendiri']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$stmt = $conn->prepare("DELETE FROM users WHERE id = ?");
|
||||
$stmt->bind_param('i', $id);
|
||||
|
||||
if ($stmt->execute()) {
|
||||
echo json_encode(['status' => 'success', 'message' => 'User berhasil dihapus']);
|
||||
} else {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Gagal menghapus user: ' . $conn->error]);
|
||||
}
|
||||
|
||||
$conn->close();
|
||||
?>
|
||||
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
require_once '../auth_helper.php';
|
||||
requireAdmin();
|
||||
require_once '../db_connect.php';
|
||||
|
||||
$sql = "SELECT u.id, u.username, u.role, u.ibadah_id, ri.nama as nama_ibadah
|
||||
FROM users u
|
||||
LEFT JOIN rumah_ibadah ri ON u.ibadah_id = ri.id
|
||||
ORDER BY u.id DESC";
|
||||
|
||||
$result = $conn->query($sql);
|
||||
$arr = array();
|
||||
|
||||
if ($result && $result->num_rows > 0) {
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
$item = array(
|
||||
"id" => intval($row['id']),
|
||||
"username" => $row['username'],
|
||||
"role" => $row['role'],
|
||||
"ibadah_id" => $row['ibadah_id'] ? intval($row['ibadah_id']) : null,
|
||||
"nama_ibadah" => $row['nama_ibadah'] ?? '-'
|
||||
);
|
||||
array_push($arr, $item);
|
||||
}
|
||||
echo json_encode(["status" => "success", "data" => $arr]);
|
||||
} else {
|
||||
echo json_encode(["status" => "success", "data" => []]);
|
||||
}
|
||||
$conn->close();
|
||||
?>
|
||||
@@ -0,0 +1,52 @@
|
||||
<?php
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
require_once '../auth_helper.php';
|
||||
requireAdmin();
|
||||
require_once '../db_connect.php';
|
||||
|
||||
$data = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
$id = intval($data['id'] ?? 0);
|
||||
$username = trim($data['username'] ?? '');
|
||||
$password = trim($data['password'] ?? '');
|
||||
$role = trim($data['role'] ?? 'pengelola');
|
||||
$ibadah_id = !empty($data['ibadah_id']) ? intval($data['ibadah_id']) : null;
|
||||
|
||||
if (!$id || empty($username)) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Data tidak lengkap']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($role !== 'admin' && $role !== 'pengelola') {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Role tidak valid']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Cek apakah username sudah ada di user lain
|
||||
$stmt = $conn->prepare("SELECT id FROM users WHERE username = ? AND id != ?");
|
||||
$stmt->bind_param('si', $username, $id);
|
||||
$stmt->execute();
|
||||
if ($stmt->get_result()->num_rows > 0) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Username sudah digunakan oleh user lain']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!empty($password)) {
|
||||
// Hash new password
|
||||
$hashed_password = password_hash($password, PASSWORD_BCRYPT);
|
||||
$stmt = $conn->prepare("UPDATE users SET username = ?, password = ?, role = ?, ibadah_id = ? WHERE id = ?");
|
||||
$stmt->bind_param('ssssi', $username, $hashed_password, $role, $ibadah_id, $id);
|
||||
} else {
|
||||
// Keep existing password
|
||||
$stmt = $conn->prepare("UPDATE users SET username = ?, role = ?, ibadah_id = ? WHERE id = ?");
|
||||
$stmt->bind_param('sssi', $username, $role, $ibadah_id, $id);
|
||||
}
|
||||
|
||||
if ($stmt->execute()) {
|
||||
echo json_encode(['status' => 'success', 'message' => 'User berhasil diperbarui']);
|
||||
} else {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Gagal memperbarui user: ' . $conn->error]);
|
||||
}
|
||||
|
||||
$conn->close();
|
||||
?>
|
||||
Reference in New Issue
Block a user