prepare("SELECT id, username, password, role, masjid_id, dhuafa_id FROM users WHERE username = ?"); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows === 1) { $user = $result->fetch_assoc(); // Memverifikasi kecocokan password yang di-hash if (password_verify($password, $user['password'])) { // Menyimpan data user ke dalam session server $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; $_SESSION['masjid_id'] = $user['masjid_id']; $_SESSION['dhuafa_id'] = $user['dhuafa_id']; // Kirim data user yang berhasil login tanpa password-nya unset($user['password']); sendResponse(true, 'Login berhasil.', $user); } else { sendResponse(false, 'Password salah.'); } } else { sendResponse(false, 'Username tidak ditemukan.'); } $stmt->close(); } elseif ($method === 'GET' && $action === 'check') { // Aksi untuk memeriksa apakah session user masih aktif saat halaman di-refresh if (isset($_SESSION['user_id'])) { sendResponse(true, 'Sesi aktif.', [ 'id' => $_SESSION['user_id'], 'username' => $_SESSION['username'], 'role' => $_SESSION['role'], 'masjid_id' => $_SESSION['masjid_id'], 'dhuafa_id' => $_SESSION['dhuafa_id'] ]); } else { sendResponse(false, 'Belum login.'); } } elseif ($method === 'POST' && $action === 'logout') { // Menghapus seluruh session aktif session_unset(); session_destroy(); sendResponse(true, 'Logout berhasil.'); } else { sendResponse(false, 'Aksi autentikasi tidak valid.'); } ?>