add files
This commit is contained in:
@@ -0,0 +1,60 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/../config.php';
|
||||
$action = $_GET['action'] ?? '';
|
||||
|
||||
switch ($action) {
|
||||
case 'login':
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') jsonErr('Method not allowed', 405);
|
||||
$b = json_decode(file_get_contents('php://input'), true);
|
||||
$username = sanitize($b['username'] ?? '');
|
||||
$password = $b['password'] ?? '';
|
||||
if (!$username || !$password) jsonErr('Username dan password wajib diisi.');
|
||||
|
||||
$db = getDB();
|
||||
$st = $db->prepare("SELECT u.id,u.username,u.password,u.nama_lengkap,u.telepon,u.aktif,
|
||||
r.kode as role, r.nama as role_nama, u.rumah_ibadah_id,
|
||||
ri.nama as ri_nama
|
||||
FROM user u
|
||||
JOIN role r ON r.id = u.role_id
|
||||
LEFT JOIN rumah_ibadah ri ON ri.id = u.rumah_ibadah_id
|
||||
WHERE u.username = ?");
|
||||
$st->execute([$username]);
|
||||
$user = $st->fetch();
|
||||
|
||||
if (!$user) jsonErr('Username atau password salah.', 401);
|
||||
if (!$user['aktif']) jsonErr('Akun ini dinonaktifkan. Hubungi administrator.', 403);
|
||||
|
||||
$valid = password_verify($password, $user['password']) || $user['password'] === $password;
|
||||
if (!$valid) jsonErr('Username atau password salah.', 401);
|
||||
|
||||
startSession();
|
||||
$sess = [
|
||||
'id' => (int)$user['id'],
|
||||
'username' => $user['username'],
|
||||
'nama_lengkap'=> $user['nama_lengkap'],
|
||||
'role' => $user['role'],
|
||||
'role_nama' => $user['role_nama'],
|
||||
'ri_id' => $user['rumah_ibadah_id'] ? (int)$user['rumah_ibadah_id'] : null,
|
||||
'ri_nama' => $user['ri_nama'],
|
||||
];
|
||||
$_SESSION['user'] = $sess;
|
||||
log_aksi($sess['id'], 'LOGIN', 'user', $sess['id'], 'Login berhasil');
|
||||
jsonOk($sess, 'Selamat datang, '.$user['nama_lengkap'].'!');
|
||||
break;
|
||||
|
||||
case 'logout':
|
||||
$u = getCurrentUser();
|
||||
if ($u) log_aksi($u['id'], 'LOGOUT', 'user', $u['id'], 'Logout');
|
||||
startSession(); session_destroy();
|
||||
jsonOk(null, 'Logout berhasil.');
|
||||
break;
|
||||
|
||||
case 'check':
|
||||
$u = getCurrentUser();
|
||||
if ($u) jsonOk($u);
|
||||
else jsonErr('Tidak ada sesi aktif.', 401);
|
||||
break;
|
||||
|
||||
default:
|
||||
jsonErr('Action tidak dikenali.', 404);
|
||||
}
|
||||
Reference in New Issue
Block a user