first commit
This commit is contained in:
@@ -0,0 +1,111 @@
|
||||
<?php
|
||||
// ============================================================
|
||||
// API: Autentikasi (Login / Logout / Cek Session)
|
||||
// Mendukung 3 role: admin, pengurus, walikota
|
||||
// ============================================================
|
||||
require_once __DIR__ . '/config.php';
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$action = $_GET['action'] ?? '';
|
||||
|
||||
// ── GET: Cek session aktif ───────────────────────────────────
|
||||
if ($method === 'GET' && $action === 'check') {
|
||||
if (!empty($_SESSION['user'])) {
|
||||
jsonResponse($_SESSION['user'], 'Session aktif.');
|
||||
} else {
|
||||
jsonResponse(null, 'Belum login.', false);
|
||||
}
|
||||
}
|
||||
|
||||
// ── POST: Login ──────────────────────────────────────────────
|
||||
if ($method === 'POST' && $action === 'login') {
|
||||
// Ambil data dari body JSON
|
||||
$body = json_decode(file_get_contents('php://input'), true) ?? [];
|
||||
$username = trim($body['username'] ?? '');
|
||||
$password = trim($body['password'] ?? '');
|
||||
|
||||
if (empty($username)) {
|
||||
jsonResponse(null, 'Username wajib diisi.', false, 400);
|
||||
}
|
||||
|
||||
// Cek apakah login sebagai pengurus (format kode_pengurus: RI-XXX-9999)
|
||||
$isPengurusLogin = preg_match('/^RI-[A-Z]{3}-\d{4}$/', $username);
|
||||
|
||||
if ($isPengurusLogin) {
|
||||
// ── Login pengurus via kode_pengurus di tabel rumah_ibadah ──
|
||||
$stmt = $pdo->prepare("
|
||||
SELECT id, kode_pengurus, password_pengurus, nama, jenis
|
||||
FROM rumah_ibadah
|
||||
WHERE kode_pengurus = ?
|
||||
LIMIT 1
|
||||
");
|
||||
$stmt->execute([$username]);
|
||||
$ri = $stmt->fetch();
|
||||
|
||||
if (!$ri) {
|
||||
jsonResponse(null, 'Kode pengurus tidak ditemukan.', false, 401);
|
||||
}
|
||||
|
||||
if (empty($password)) {
|
||||
jsonResponse(null, 'Password pengurus wajib diisi.', false, 400);
|
||||
}
|
||||
|
||||
if (!password_verify($password, $ri['password_pengurus'])) {
|
||||
jsonResponse(null, 'Password pengurus salah.', false, 401);
|
||||
}
|
||||
|
||||
// Set session sebagai pengurus
|
||||
$_SESSION['user'] = [
|
||||
'id' => 0, // Pengurus tidak punya ID di tabel users
|
||||
'nama' => 'Pengurus ' . $ri['nama'],
|
||||
'username' => $ri['kode_pengurus'],
|
||||
'role' => 'pengurus',
|
||||
'rumah_ibadah_id' => (int)$ri['id'],
|
||||
];
|
||||
|
||||
jsonResponse($_SESSION['user'], 'Login berhasil sebagai pengurus.');
|
||||
|
||||
} else {
|
||||
// ── Login admin / walikota via tabel users ──
|
||||
$stmt = $pdo->prepare("
|
||||
SELECT id, nama, username, password, role, rumah_ibadah_id
|
||||
FROM users
|
||||
WHERE username = ?
|
||||
LIMIT 1
|
||||
");
|
||||
$stmt->execute([$username]);
|
||||
$user = $stmt->fetch();
|
||||
|
||||
if (!$user) {
|
||||
jsonResponse(null, 'Username tidak ditemukan.', false, 401);
|
||||
}
|
||||
|
||||
if (empty($password)) {
|
||||
jsonResponse(null, 'Password wajib diisi.', false, 400);
|
||||
}
|
||||
|
||||
if (!password_verify($password, $user['password'])) {
|
||||
jsonResponse(null, 'Password salah.', false, 401);
|
||||
}
|
||||
|
||||
// Set session
|
||||
$_SESSION['user'] = [
|
||||
'id' => (int)$user['id'],
|
||||
'nama' => $user['nama'],
|
||||
'username' => $user['username'],
|
||||
'role' => $user['role'],
|
||||
'rumah_ibadah_id' => $user['rumah_ibadah_id'] ? (int)$user['rumah_ibadah_id'] : null,
|
||||
];
|
||||
|
||||
jsonResponse($_SESSION['user'], 'Login berhasil sebagai ' . $user['role'] . '.');
|
||||
}
|
||||
}
|
||||
|
||||
// ── POST: Logout ─────────────────────────────────────────────
|
||||
if ($method === 'POST' && $action === 'logout') {
|
||||
session_destroy();
|
||||
jsonResponse(null, 'Berhasil logout.');
|
||||
}
|
||||
|
||||
// ── Endpoint tidak valid ─────────────────────────────────────
|
||||
jsonResponse(null, 'Endpoint tidak valid.', false, 404);
|
||||
Reference in New Issue
Block a user