Files
WebGis_Final_Project/05/api/auth.php
T
2026-06-10 18:32:52 +07:00

61 lines
2.4 KiB
PHP

<?php
require_once __DIR__ . '/../config.php';
$action = $_GET['action'] ?? '';
switch ($action) {
case 'login':
if ($_SERVER['REQUEST_METHOD'] !== 'POST') jsonErr('Method not allowed', 405);
$b = json_decode(file_get_contents('php://input'), true);
$username = sanitize($b['username'] ?? '');
$password = $b['password'] ?? '';
if (!$username || !$password) jsonErr('Username dan password wajib diisi.');
$db = getDB();
$st = $db->prepare("SELECT u.id,u.username,u.password,u.nama_lengkap,u.telepon,u.aktif,
r.kode as role, r.nama as role_nama, u.rumah_ibadah_id,
ri.nama as ri_nama
FROM user u
JOIN role r ON r.id = u.role_id
LEFT JOIN rumah_ibadah ri ON ri.id = u.rumah_ibadah_id
WHERE u.username = ?");
$st->execute([$username]);
$user = $st->fetch();
if (!$user) jsonErr('Username atau password salah.', 401);
if (!$user['aktif']) jsonErr('Akun ini dinonaktifkan. Hubungi administrator.', 403);
$valid = password_verify($password, $user['password']) || $user['password'] === $password;
if (!$valid) jsonErr('Username atau password salah.', 401);
startSession();
$sess = [
'id' => (int)$user['id'],
'username' => $user['username'],
'nama_lengkap'=> $user['nama_lengkap'],
'role' => $user['role'],
'role_nama' => $user['role_nama'],
'ri_id' => $user['rumah_ibadah_id'] ? (int)$user['rumah_ibadah_id'] : null,
'ri_nama' => $user['ri_nama'],
];
$_SESSION['user'] = $sess;
log_aksi($sess['id'], 'LOGIN', 'user', $sess['id'], 'Login berhasil');
jsonOk($sess, 'Selamat datang, '.$user['nama_lengkap'].'!');
break;
case 'logout':
$u = getCurrentUser();
if ($u) log_aksi($u['id'], 'LOGOUT', 'user', $u['id'], 'Logout');
startSession(); session_destroy();
jsonOk(null, 'Logout berhasil.');
break;
case 'check':
$u = getCurrentUser();
if ($u) jsonOk($u);
else jsonErr('Tidak ada sesi aktif.', 401);
break;
default:
jsonErr('Action tidak dikenali.', 404);
}