first commit
This commit is contained in:
@@ -0,0 +1,234 @@
|
||||
<?php
|
||||
// ============================================================
|
||||
// API: Rumah Ibadah (CRUD)
|
||||
// GET: publik | POST: admin | PUT: admin+pengurus | DELETE: admin
|
||||
// ============================================================
|
||||
require_once __DIR__ . '/config.php';
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
// Blokir aksi tulis walikota
|
||||
blockWalikotaWrite();
|
||||
|
||||
// ── GET: Ambil semua atau satu rumah ibadah ──────────────────
|
||||
if ($method === 'GET') {
|
||||
$id = isset($_GET['id']) ? (int)$_GET['id'] : null;
|
||||
|
||||
if ($id) {
|
||||
// Ambil satu rumah ibadah beserta jumlah KK binaan
|
||||
$stmt = $pdo->prepare("
|
||||
SELECT ri.*,
|
||||
(SELECT COUNT(*) FROM keluarga_miskin km WHERE km.rumah_ibadah_id = ri.id) AS jumlah_kk_binaan
|
||||
FROM rumah_ibadah ri
|
||||
WHERE ri.id = ?
|
||||
");
|
||||
$stmt->execute([$id]);
|
||||
$row = $stmt->fetch();
|
||||
|
||||
if (!$row) {
|
||||
jsonResponse(null, 'Rumah ibadah tidak ditemukan.', false, 404);
|
||||
}
|
||||
|
||||
// Sembunyikan password_pengurus hash dari response
|
||||
unset($row['password_pengurus']);
|
||||
|
||||
jsonResponse($row, 'Data rumah ibadah ditemukan.');
|
||||
}
|
||||
|
||||
// Ambil semua — pengurus hanya melihat miliknya
|
||||
$sess = $_SESSION['user'] ?? null;
|
||||
if ($sess && $sess['role'] === 'pengurus' && !empty($sess['rumah_ibadah_id'])) {
|
||||
$stmt = $pdo->prepare("
|
||||
SELECT ri.*,
|
||||
(SELECT COUNT(*) FROM keluarga_miskin km WHERE km.rumah_ibadah_id = ri.id) AS jumlah_kk_binaan
|
||||
FROM rumah_ibadah ri
|
||||
WHERE ri.id = ?
|
||||
ORDER BY ri.nama ASC
|
||||
");
|
||||
$stmt->execute([$sess['rumah_ibadah_id']]);
|
||||
} else {
|
||||
$stmt = $pdo->query("
|
||||
SELECT ri.*,
|
||||
(SELECT COUNT(*) FROM keluarga_miskin km WHERE km.rumah_ibadah_id = ri.id) AS jumlah_kk_binaan
|
||||
FROM rumah_ibadah ri
|
||||
ORDER BY ri.nama ASC
|
||||
");
|
||||
}
|
||||
|
||||
$rows = $stmt->fetchAll();
|
||||
|
||||
// Sembunyikan password hash, tapi tampilkan kode_pengurus
|
||||
foreach ($rows as &$r) {
|
||||
unset($r['password_pengurus']);
|
||||
}
|
||||
|
||||
jsonResponse($rows, 'Daftar rumah ibadah.', true, 200);
|
||||
}
|
||||
|
||||
// ── POST: Tambah rumah ibadah (admin only) ───────────────────
|
||||
if ($method === 'POST') {
|
||||
$user = requireRole(['admin']);
|
||||
$body = json_decode(file_get_contents('php://input'), true) ?? [];
|
||||
|
||||
// Validasi input wajib
|
||||
$nama = clean($body['nama'] ?? '');
|
||||
$jenis = clean($body['jenis'] ?? '');
|
||||
$alamat = clean($body['alamat'] ?? '');
|
||||
$lat = (float)($body['lat'] ?? 0);
|
||||
$lng = (float)($body['lng'] ?? 0);
|
||||
$radius_km = (float)($body['radius_km'] ?? 2.0);
|
||||
$kecamatan = clean($body['kecamatan'] ?? '');
|
||||
|
||||
if (!$nama || !$jenis || !$alamat || !$lat || !$lng || !$kecamatan) {
|
||||
jsonResponse(null, 'Nama, jenis, alamat, koordinat, dan kecamatan wajib diisi.', false, 400);
|
||||
}
|
||||
|
||||
// Validasi jenis
|
||||
$validJenis = ['Masjid', 'Gereja', 'Pura', 'Vihara', 'Klenteng', 'Lainnya'];
|
||||
if (!in_array($jenis, $validJenis)) {
|
||||
jsonResponse(null, 'Jenis rumah ibadah tidak valid.', false, 400);
|
||||
}
|
||||
|
||||
// Validasi kecamatan
|
||||
$validKecamatan = ['Pontianak Utara', 'Pontianak Selatan', 'Pontianak Timur', 'Pontianak Barat', 'Pontianak Tenggara', 'Pontianak Kota'];
|
||||
if (!in_array($kecamatan, $validKecamatan)) {
|
||||
jsonResponse(null, 'Kecamatan tidak valid.', false, 400);
|
||||
}
|
||||
|
||||
// Generate kode pengurus dan password
|
||||
$kodePengurus = generateKodePengurus($pdo, $jenis);
|
||||
$passPlain = substr(bin2hex(random_bytes(4)), 0, 8); // 8 karakter acak
|
||||
$passHash = password_hash($passPlain, PASSWORD_DEFAULT);
|
||||
|
||||
// Simpan ke database
|
||||
$stmt = $pdo->prepare("
|
||||
INSERT INTO rumah_ibadah (nama, jenis, alamat, lat, lng, radius_km, kode_pengurus, password_pengurus, kecamatan)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
|
||||
");
|
||||
$stmt->execute([$nama, $jenis, $alamat, $lat, $lng, $radius_km, $kodePengurus, $passHash, $kecamatan]);
|
||||
$newId = (int)$pdo->lastInsertId();
|
||||
|
||||
// Re-assign semua KK setelah RI baru ditambahkan
|
||||
reassignAllKK($pdo);
|
||||
|
||||
jsonResponse([
|
||||
'id' => $newId,
|
||||
'kode_pengurus' => $kodePengurus,
|
||||
'password_pengurus' => $passPlain,
|
||||
], 'Rumah ibadah berhasil ditambahkan. Kode pengurus: ' . $kodePengurus);
|
||||
}
|
||||
|
||||
// ── PUT: Update rumah ibadah ─────────────────────────────────
|
||||
if ($method === 'PUT') {
|
||||
$user = requireRole(['admin', 'pengurus']);
|
||||
$body = json_decode(file_get_contents('php://input'), true) ?? [];
|
||||
$id = (int)($body['id'] ?? 0);
|
||||
|
||||
if (!$id) {
|
||||
jsonResponse(null, 'ID rumah ibadah wajib diisi.', false, 400);
|
||||
}
|
||||
|
||||
// Pengurus hanya bisa edit RI miliknya sendiri
|
||||
if ($user['role'] === 'pengurus' && (int)$user['rumah_ibadah_id'] !== $id) {
|
||||
jsonResponse(null, 'Anda hanya dapat mengedit rumah ibadah Anda sendiri.', false, 403);
|
||||
}
|
||||
|
||||
$nama = clean($body['nama'] ?? '');
|
||||
$jenis = clean($body['jenis'] ?? '');
|
||||
$alamat = clean($body['alamat'] ?? '');
|
||||
$lat = (float)($body['lat'] ?? 0);
|
||||
$lng = (float)($body['lng'] ?? 0);
|
||||
$radius_km = (float)($body['radius_km'] ?? 2.0);
|
||||
$kecamatan = clean($body['kecamatan'] ?? '');
|
||||
|
||||
if (!$nama || !$jenis || !$alamat || !$lat || !$lng || !$kecamatan) {
|
||||
jsonResponse(null, 'Semua field wajib diisi.', false, 400);
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare("
|
||||
UPDATE rumah_ibadah
|
||||
SET nama = ?, jenis = ?, alamat = ?, lat = ?, lng = ?, radius_km = ?, kecamatan = ?
|
||||
WHERE id = ?
|
||||
");
|
||||
$stmt->execute([$nama, $jenis, $alamat, $lat, $lng, $radius_km, $kecamatan, $id]);
|
||||
|
||||
// Re-assign semua KK setelah radius/posisi berubah
|
||||
reassignAllKK($pdo);
|
||||
|
||||
jsonResponse(null, 'Rumah ibadah berhasil diperbarui.');
|
||||
}
|
||||
|
||||
// ── DELETE: Hapus rumah ibadah (admin only) ──────────────────
|
||||
if ($method === 'DELETE') {
|
||||
$user = requireRole(['admin']);
|
||||
$id = (int)($_GET['id'] ?? 0);
|
||||
|
||||
if (!$id) {
|
||||
jsonResponse(null, 'ID rumah ibadah wajib diisi.', false, 400);
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM rumah_ibadah WHERE id = ?");
|
||||
$stmt->execute([$id]);
|
||||
|
||||
if ($stmt->rowCount() === 0) {
|
||||
jsonResponse(null, 'Rumah ibadah tidak ditemukan.', false, 404);
|
||||
}
|
||||
|
||||
// Re-assign semua KK setelah RI dihapus
|
||||
reassignAllKK($pdo);
|
||||
|
||||
jsonResponse(null, 'Rumah ibadah berhasil dihapus.');
|
||||
}
|
||||
|
||||
// ── Helper: Re-assign semua KK ke RI terdekat ────────────────
|
||||
function reassignAllKK(PDO $pdo): void {
|
||||
$rows = $pdo->query("SELECT id, lat, lng FROM keluarga_miskin")->fetchAll();
|
||||
|
||||
foreach ($rows as $kk) {
|
||||
$assign = autoAssign($pdo, (float)$kk['lat'], (float)$kk['lng']);
|
||||
|
||||
if ($assign['rumah_ibadah_id'] !== null) {
|
||||
$stmt = $pdo->prepare("UPDATE keluarga_miskin SET rumah_ibadah_id = ?, jarak_ke_ibadah = ? WHERE id = ?");
|
||||
$stmt->execute([$assign['rumah_ibadah_id'], $assign['jarak_km'], $kk['id']]);
|
||||
} else {
|
||||
$stmt = $pdo->prepare("UPDATE keluarga_miskin SET rumah_ibadah_id = NULL, jarak_ke_ibadah = NULL WHERE id = ?");
|
||||
$stmt->execute([$kk['id']]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// ── PATCH: Reset password pengurus (admin only) ──────────────
|
||||
if ($method === 'PATCH') {
|
||||
$user = requireRole(['admin']);
|
||||
$body = json_decode(file_get_contents('php://input'), true) ?? [];
|
||||
$id = (int)($body['id'] ?? 0);
|
||||
|
||||
if (!$id) {
|
||||
jsonResponse(null, 'ID rumah ibadah wajib diisi.', false, 400);
|
||||
}
|
||||
|
||||
// Pastikan RI ada
|
||||
$stmt = $pdo->prepare("SELECT id, nama, kode_pengurus FROM rumah_ibadah WHERE id = ? LIMIT 1");
|
||||
$stmt->execute([$id]);
|
||||
$ri = $stmt->fetch();
|
||||
|
||||
if (!$ri) {
|
||||
jsonResponse(null, 'Rumah ibadah tidak ditemukan.', false, 404);
|
||||
}
|
||||
|
||||
// Generate password baru
|
||||
$passPlain = substr(bin2hex(random_bytes(4)), 0, 8); // 8 karakter acak
|
||||
$passHash = password_hash($passPlain, PASSWORD_DEFAULT);
|
||||
|
||||
$stmt = $pdo->prepare("UPDATE rumah_ibadah SET password_pengurus = ? WHERE id = ?");
|
||||
$stmt->execute([$passHash, $id]);
|
||||
|
||||
jsonResponse([
|
||||
'id' => $id,
|
||||
'kode_pengurus' => $ri['kode_pengurus'],
|
||||
'password_pengurus' => $passPlain,
|
||||
], 'Password pengurus berhasil direset untuk: ' . $ri['nama']);
|
||||
}
|
||||
|
||||
// ── Method tidak didukung ────────────────────────────────────
|
||||
jsonResponse(null, 'Method tidak didukung.', false, 405);
|
||||
Reference in New Issue
Block a user