88 lines
4.1 KiB
PHP
88 lines
4.1 KiB
PHP
<?php
|
|
// api/user.php — Manajemen User (superadmin only)
|
|
require_once __DIR__ . '/../config.php';
|
|
$user = requireRole(['superadmin']);
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
|
|
$db = getDB();
|
|
|
|
switch ($method) {
|
|
case 'GET':
|
|
if ($id) {
|
|
$st = $db->prepare("SELECT u.id, u.username, u.nama_lengkap, u.telepon, u.aktif,
|
|
r.kode as role, r.nama as role_nama, r.id as role_id,
|
|
ri.nama as ri_nama, u.rumah_ibadah_id, u.created_at
|
|
FROM user u JOIN role r ON r.id=u.role_id
|
|
LEFT JOIN rumah_ibadah ri ON ri.id=u.rumah_ibadah_id
|
|
WHERE u.id=?");
|
|
$st->execute([$id]);
|
|
jsonOk($st->fetch());
|
|
}
|
|
$rows = $db->query("SELECT u.id, u.username, u.nama_lengkap, u.telepon, u.aktif,
|
|
r.kode as role, r.nama as role_nama, ri.nama as ri_nama, u.created_at
|
|
FROM user u JOIN role r ON r.id=u.role_id
|
|
LEFT JOIN rumah_ibadah ri ON ri.id=u.rumah_ibadah_id
|
|
ORDER BY r.id, u.nama_lengkap")->fetchAll();
|
|
jsonOk($rows);
|
|
break;
|
|
|
|
case 'POST':
|
|
$b = json_decode(file_get_contents('php://input'), true);
|
|
$username = sanitize($b['username'] ?? '');
|
|
$password = $b['password'] ?? '';
|
|
$nama = sanitize($b['nama_lengkap'] ?? '');
|
|
$roleId = (int)($b['role_id'] ?? 5);
|
|
|
|
if (!$username || !$password || !$nama) jsonErr('Username, password, dan nama wajib diisi.');
|
|
if (strlen($username) < 4) jsonErr('Username minimal 4 karakter.');
|
|
if (strlen($password) < 6) jsonErr('Password minimal 6 karakter.');
|
|
|
|
$chk = $db->prepare("SELECT id FROM user WHERE username=?"); $chk->execute([$username]);
|
|
if ($chk->fetch()) jsonErr('Username sudah digunakan.');
|
|
|
|
$hash = password_hash($password, PASSWORD_BCRYPT);
|
|
$db->prepare("INSERT INTO user (username, password, nama_lengkap, role_id, rumah_ibadah_id, telepon)
|
|
VALUES (?,?,?,?,?,?)")
|
|
->execute([$username, $hash, $nama, $roleId,
|
|
!empty($b['rumah_ibadah_id']) ? (int)$b['rumah_ibadah_id'] : null,
|
|
sanitize($b['telepon'] ?? '')]);
|
|
$newId = (int)$db->lastInsertId();
|
|
log_aksi($user['id'], 'CREATE', 'user', $newId, "Tambah user: $username");
|
|
jsonOk(['id' => $newId], 'User berhasil ditambahkan.');
|
|
break;
|
|
|
|
case 'PUT':
|
|
if (!$id) jsonErr('ID tidak valid.');
|
|
$b = json_decode(file_get_contents('php://input'), true);
|
|
$nama = sanitize($b['nama_lengkap'] ?? '');
|
|
if (!$nama) jsonErr('Nama wajib diisi.');
|
|
|
|
$chk = $db->prepare("SELECT id FROM user WHERE id=?"); $chk->execute([$id]);
|
|
if (!$chk->fetch()) jsonErr('User tidak ditemukan.', 404);
|
|
|
|
// Update data dasar
|
|
$db->prepare("UPDATE user SET nama_lengkap=?, role_id=?, rumah_ibadah_id=?, telepon=?, aktif=? WHERE id=?")
|
|
->execute([$nama, (int)($b['role_id'] ?? 5),
|
|
!empty($b['rumah_ibadah_id']) ? (int)$b['rumah_ibadah_id'] : null,
|
|
sanitize($b['telepon'] ?? ''), (int)($b['aktif'] ?? 1), $id]);
|
|
|
|
// Ganti password jika diisi
|
|
if (!empty($b['password']) && strlen($b['password']) >= 6) {
|
|
$db->prepare("UPDATE user SET password=? WHERE id=?")
|
|
->execute([password_hash($b['password'], PASSWORD_BCRYPT), $id]);
|
|
}
|
|
log_aksi($user['id'], 'UPDATE', 'user', $id, "Edit user ID: $id");
|
|
jsonOk(null, 'Data user diperbarui.');
|
|
break;
|
|
|
|
case 'DELETE':
|
|
if (!$id) jsonErr('ID tidak valid.');
|
|
if ($id === $user['id']) jsonErr('Tidak dapat menghapus akun sendiri.');
|
|
$db->prepare("DELETE FROM user WHERE id=?")->execute([$id]);
|
|
log_aksi($user['id'], 'DELETE', 'user', $id, "Hapus user ID: $id");
|
|
jsonOk(null, 'User dihapus.');
|
|
break;
|
|
|
|
default: jsonErr('Method tidak didukung.', 405);
|
|
}
|