Files
WebGis_UAS_Project/05/api/user.php
T
2026-06-10 19:23:50 +07:00

88 lines
4.1 KiB
PHP

<?php
// api/user.php — Manajemen User (superadmin only)
require_once __DIR__ . '/../config.php';
$user = requireRole(['superadmin']);
$method = $_SERVER['REQUEST_METHOD'];
$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
$db = getDB();
switch ($method) {
case 'GET':
if ($id) {
$st = $db->prepare("SELECT u.id, u.username, u.nama_lengkap, u.telepon, u.aktif,
r.kode as role, r.nama as role_nama, r.id as role_id,
ri.nama as ri_nama, u.rumah_ibadah_id, u.created_at
FROM user u JOIN role r ON r.id=u.role_id
LEFT JOIN rumah_ibadah ri ON ri.id=u.rumah_ibadah_id
WHERE u.id=?");
$st->execute([$id]);
jsonOk($st->fetch());
}
$rows = $db->query("SELECT u.id, u.username, u.nama_lengkap, u.telepon, u.aktif,
r.kode as role, r.nama as role_nama, ri.nama as ri_nama, u.created_at
FROM user u JOIN role r ON r.id=u.role_id
LEFT JOIN rumah_ibadah ri ON ri.id=u.rumah_ibadah_id
ORDER BY r.id, u.nama_lengkap")->fetchAll();
jsonOk($rows);
break;
case 'POST':
$b = json_decode(file_get_contents('php://input'), true);
$username = sanitize($b['username'] ?? '');
$password = $b['password'] ?? '';
$nama = sanitize($b['nama_lengkap'] ?? '');
$roleId = (int)($b['role_id'] ?? 5);
if (!$username || !$password || !$nama) jsonErr('Username, password, dan nama wajib diisi.');
if (strlen($username) < 4) jsonErr('Username minimal 4 karakter.');
if (strlen($password) < 6) jsonErr('Password minimal 6 karakter.');
$chk = $db->prepare("SELECT id FROM user WHERE username=?"); $chk->execute([$username]);
if ($chk->fetch()) jsonErr('Username sudah digunakan.');
$hash = password_hash($password, PASSWORD_BCRYPT);
$db->prepare("INSERT INTO user (username, password, nama_lengkap, role_id, rumah_ibadah_id, telepon)
VALUES (?,?,?,?,?,?)")
->execute([$username, $hash, $nama, $roleId,
!empty($b['rumah_ibadah_id']) ? (int)$b['rumah_ibadah_id'] : null,
sanitize($b['telepon'] ?? '')]);
$newId = (int)$db->lastInsertId();
log_aksi($user['id'], 'CREATE', 'user', $newId, "Tambah user: $username");
jsonOk(['id' => $newId], 'User berhasil ditambahkan.');
break;
case 'PUT':
if (!$id) jsonErr('ID tidak valid.');
$b = json_decode(file_get_contents('php://input'), true);
$nama = sanitize($b['nama_lengkap'] ?? '');
if (!$nama) jsonErr('Nama wajib diisi.');
$chk = $db->prepare("SELECT id FROM user WHERE id=?"); $chk->execute([$id]);
if (!$chk->fetch()) jsonErr('User tidak ditemukan.', 404);
// Update data dasar
$db->prepare("UPDATE user SET nama_lengkap=?, role_id=?, rumah_ibadah_id=?, telepon=?, aktif=? WHERE id=?")
->execute([$nama, (int)($b['role_id'] ?? 5),
!empty($b['rumah_ibadah_id']) ? (int)$b['rumah_ibadah_id'] : null,
sanitize($b['telepon'] ?? ''), (int)($b['aktif'] ?? 1), $id]);
// Ganti password jika diisi
if (!empty($b['password']) && strlen($b['password']) >= 6) {
$db->prepare("UPDATE user SET password=? WHERE id=?")
->execute([password_hash($b['password'], PASSWORD_BCRYPT), $id]);
}
log_aksi($user['id'], 'UPDATE', 'user', $id, "Edit user ID: $id");
jsonOk(null, 'Data user diperbarui.');
break;
case 'DELETE':
if (!$id) jsonErr('ID tidak valid.');
if ($id === $user['id']) jsonErr('Tidak dapat menghapus akun sendiri.');
$db->prepare("DELETE FROM user WHERE id=?")->execute([$id]);
log_aksi($user['id'], 'DELETE', 'user', $id, "Hapus user ID: $id");
jsonOk(null, 'User dihapus.');
break;
default: jsonErr('Method tidak didukung.', 405);
}