prepare("SELECT u.id, u.username, u.nama_lengkap, u.telepon, u.aktif, r.kode as role, r.nama as role_nama, r.id as role_id, ri.nama as ri_nama, u.rumah_ibadah_id, u.created_at FROM user u JOIN role r ON r.id=u.role_id LEFT JOIN rumah_ibadah ri ON ri.id=u.rumah_ibadah_id WHERE u.id=?"); $st->execute([$id]); jsonOk($st->fetch()); } $rows = $db->query("SELECT u.id, u.username, u.nama_lengkap, u.telepon, u.aktif, r.kode as role, r.nama as role_nama, ri.nama as ri_nama, u.created_at FROM user u JOIN role r ON r.id=u.role_id LEFT JOIN rumah_ibadah ri ON ri.id=u.rumah_ibadah_id ORDER BY r.id, u.nama_lengkap")->fetchAll(); jsonOk($rows); break; case 'POST': $b = json_decode(file_get_contents('php://input'), true); $username = sanitize($b['username'] ?? ''); $password = $b['password'] ?? ''; $nama = sanitize($b['nama_lengkap'] ?? ''); $roleId = (int)($b['role_id'] ?? 5); if (!$username || !$password || !$nama) jsonErr('Username, password, dan nama wajib diisi.'); if (strlen($username) < 4) jsonErr('Username minimal 4 karakter.'); if (strlen($password) < 6) jsonErr('Password minimal 6 karakter.'); $chk = $db->prepare("SELECT id FROM user WHERE username=?"); $chk->execute([$username]); if ($chk->fetch()) jsonErr('Username sudah digunakan.'); $hash = password_hash($password, PASSWORD_BCRYPT); $db->prepare("INSERT INTO user (username, password, nama_lengkap, role_id, rumah_ibadah_id, telepon) VALUES (?,?,?,?,?,?)") ->execute([$username, $hash, $nama, $roleId, !empty($b['rumah_ibadah_id']) ? (int)$b['rumah_ibadah_id'] : null, sanitize($b['telepon'] ?? '')]); $newId = (int)$db->lastInsertId(); log_aksi($user['id'], 'CREATE', 'user', $newId, "Tambah user: $username"); jsonOk(['id' => $newId], 'User berhasil ditambahkan.'); break; case 'PUT': if (!$id) jsonErr('ID tidak valid.'); $b = json_decode(file_get_contents('php://input'), true); $nama = sanitize($b['nama_lengkap'] ?? ''); if (!$nama) jsonErr('Nama wajib diisi.'); $chk = $db->prepare("SELECT id FROM user WHERE id=?"); $chk->execute([$id]); if (!$chk->fetch()) jsonErr('User tidak ditemukan.', 404); // Update data dasar $db->prepare("UPDATE user SET nama_lengkap=?, role_id=?, rumah_ibadah_id=?, telepon=?, aktif=? WHERE id=?") ->execute([$nama, (int)($b['role_id'] ?? 5), !empty($b['rumah_ibadah_id']) ? (int)$b['rumah_ibadah_id'] : null, sanitize($b['telepon'] ?? ''), (int)($b['aktif'] ?? 1), $id]); // Ganti password jika diisi if (!empty($b['password']) && strlen($b['password']) >= 6) { $db->prepare("UPDATE user SET password=? WHERE id=?") ->execute([password_hash($b['password'], PASSWORD_BCRYPT), $id]); } log_aksi($user['id'], 'UPDATE', 'user', $id, "Edit user ID: $id"); jsonOk(null, 'Data user diperbarui.'); break; case 'DELETE': if (!$id) jsonErr('ID tidak valid.'); if ($id === $user['id']) jsonErr('Tidak dapat menghapus akun sendiri.'); $db->prepare("DELETE FROM user WHERE id=?")->execute([$id]); log_aksi($user['id'], 'DELETE', 'user', $id, "Hapus user ID: $id"); jsonOk(null, 'User dihapus.'); break; default: jsonErr('Method tidak didukung.', 405); }