235 lines
8.6 KiB
PHP
235 lines
8.6 KiB
PHP
<?php
|
|
// ============================================================
|
|
// API: Rumah Ibadah (CRUD)
|
|
// GET: publik | POST: admin | PUT: admin+pengurus | DELETE: admin
|
|
// ============================================================
|
|
require_once __DIR__ . '/config.php';
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
// Blokir aksi tulis walikota
|
|
blockWalikotaWrite();
|
|
|
|
// ── GET: Ambil semua atau satu rumah ibadah ──────────────────
|
|
if ($method === 'GET') {
|
|
$id = isset($_GET['id']) ? (int)$_GET['id'] : null;
|
|
|
|
if ($id) {
|
|
// Ambil satu rumah ibadah beserta jumlah KK binaan
|
|
$stmt = $pdo->prepare("
|
|
SELECT ri.*,
|
|
(SELECT COUNT(*) FROM keluarga_miskin km WHERE km.rumah_ibadah_id = ri.id) AS jumlah_kk_binaan
|
|
FROM rumah_ibadah ri
|
|
WHERE ri.id = ?
|
|
");
|
|
$stmt->execute([$id]);
|
|
$row = $stmt->fetch();
|
|
|
|
if (!$row) {
|
|
jsonResponse(null, 'Rumah ibadah tidak ditemukan.', false, 404);
|
|
}
|
|
|
|
// Sembunyikan password_pengurus hash dari response
|
|
unset($row['password_pengurus']);
|
|
|
|
jsonResponse($row, 'Data rumah ibadah ditemukan.');
|
|
}
|
|
|
|
// Ambil semua — pengurus hanya melihat miliknya
|
|
$sess = $_SESSION['user'] ?? null;
|
|
if ($sess && $sess['role'] === 'pengurus' && !empty($sess['rumah_ibadah_id'])) {
|
|
$stmt = $pdo->prepare("
|
|
SELECT ri.*,
|
|
(SELECT COUNT(*) FROM keluarga_miskin km WHERE km.rumah_ibadah_id = ri.id) AS jumlah_kk_binaan
|
|
FROM rumah_ibadah ri
|
|
WHERE ri.id = ?
|
|
ORDER BY ri.nama ASC
|
|
");
|
|
$stmt->execute([$sess['rumah_ibadah_id']]);
|
|
} else {
|
|
$stmt = $pdo->query("
|
|
SELECT ri.*,
|
|
(SELECT COUNT(*) FROM keluarga_miskin km WHERE km.rumah_ibadah_id = ri.id) AS jumlah_kk_binaan
|
|
FROM rumah_ibadah ri
|
|
ORDER BY ri.nama ASC
|
|
");
|
|
}
|
|
|
|
$rows = $stmt->fetchAll();
|
|
|
|
// Sembunyikan password hash, tapi tampilkan kode_pengurus
|
|
foreach ($rows as &$r) {
|
|
unset($r['password_pengurus']);
|
|
}
|
|
|
|
jsonResponse($rows, 'Daftar rumah ibadah.', true, 200);
|
|
}
|
|
|
|
// ── POST: Tambah rumah ibadah (admin only) ───────────────────
|
|
if ($method === 'POST') {
|
|
$user = requireRole(['admin']);
|
|
$body = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
|
|
// Validasi input wajib
|
|
$nama = clean($body['nama'] ?? '');
|
|
$jenis = clean($body['jenis'] ?? '');
|
|
$alamat = clean($body['alamat'] ?? '');
|
|
$lat = (float)($body['lat'] ?? 0);
|
|
$lng = (float)($body['lng'] ?? 0);
|
|
$radius_km = (float)($body['radius_km'] ?? 2.0);
|
|
$kecamatan = clean($body['kecamatan'] ?? '');
|
|
|
|
if (!$nama || !$jenis || !$alamat || !$lat || !$lng || !$kecamatan) {
|
|
jsonResponse(null, 'Nama, jenis, alamat, koordinat, dan kecamatan wajib diisi.', false, 400);
|
|
}
|
|
|
|
// Validasi jenis
|
|
$validJenis = ['Masjid', 'Gereja', 'Pura', 'Vihara', 'Klenteng', 'Lainnya'];
|
|
if (!in_array($jenis, $validJenis)) {
|
|
jsonResponse(null, 'Jenis rumah ibadah tidak valid.', false, 400);
|
|
}
|
|
|
|
// Validasi kecamatan
|
|
$validKecamatan = ['Pontianak Utara', 'Pontianak Selatan', 'Pontianak Timur', 'Pontianak Barat', 'Pontianak Tenggara', 'Pontianak Kota'];
|
|
if (!in_array($kecamatan, $validKecamatan)) {
|
|
jsonResponse(null, 'Kecamatan tidak valid.', false, 400);
|
|
}
|
|
|
|
// Generate kode pengurus dan password
|
|
$kodePengurus = generateKodePengurus($pdo, $jenis);
|
|
$passPlain = substr(bin2hex(random_bytes(4)), 0, 8); // 8 karakter acak
|
|
$passHash = password_hash($passPlain, PASSWORD_DEFAULT);
|
|
|
|
// Simpan ke database
|
|
$stmt = $pdo->prepare("
|
|
INSERT INTO rumah_ibadah (nama, jenis, alamat, lat, lng, radius_km, kode_pengurus, password_pengurus, kecamatan)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
|
|
");
|
|
$stmt->execute([$nama, $jenis, $alamat, $lat, $lng, $radius_km, $kodePengurus, $passHash, $kecamatan]);
|
|
$newId = (int)$pdo->lastInsertId();
|
|
|
|
// Re-assign semua KK setelah RI baru ditambahkan
|
|
reassignAllKK($pdo);
|
|
|
|
jsonResponse([
|
|
'id' => $newId,
|
|
'kode_pengurus' => $kodePengurus,
|
|
'password_pengurus' => $passPlain,
|
|
], 'Rumah ibadah berhasil ditambahkan. Kode pengurus: ' . $kodePengurus);
|
|
}
|
|
|
|
// ── PUT: Update rumah ibadah ─────────────────────────────────
|
|
if ($method === 'PUT') {
|
|
$user = requireRole(['admin', 'pengurus']);
|
|
$body = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
$id = (int)($body['id'] ?? 0);
|
|
|
|
if (!$id) {
|
|
jsonResponse(null, 'ID rumah ibadah wajib diisi.', false, 400);
|
|
}
|
|
|
|
// Pengurus hanya bisa edit RI miliknya sendiri
|
|
if ($user['role'] === 'pengurus' && (int)$user['rumah_ibadah_id'] !== $id) {
|
|
jsonResponse(null, 'Anda hanya dapat mengedit rumah ibadah Anda sendiri.', false, 403);
|
|
}
|
|
|
|
$nama = clean($body['nama'] ?? '');
|
|
$jenis = clean($body['jenis'] ?? '');
|
|
$alamat = clean($body['alamat'] ?? '');
|
|
$lat = (float)($body['lat'] ?? 0);
|
|
$lng = (float)($body['lng'] ?? 0);
|
|
$radius_km = (float)($body['radius_km'] ?? 2.0);
|
|
$kecamatan = clean($body['kecamatan'] ?? '');
|
|
|
|
if (!$nama || !$jenis || !$alamat || !$lat || !$lng || !$kecamatan) {
|
|
jsonResponse(null, 'Semua field wajib diisi.', false, 400);
|
|
}
|
|
|
|
$stmt = $pdo->prepare("
|
|
UPDATE rumah_ibadah
|
|
SET nama = ?, jenis = ?, alamat = ?, lat = ?, lng = ?, radius_km = ?, kecamatan = ?
|
|
WHERE id = ?
|
|
");
|
|
$stmt->execute([$nama, $jenis, $alamat, $lat, $lng, $radius_km, $kecamatan, $id]);
|
|
|
|
// Re-assign semua KK setelah radius/posisi berubah
|
|
reassignAllKK($pdo);
|
|
|
|
jsonResponse(null, 'Rumah ibadah berhasil diperbarui.');
|
|
}
|
|
|
|
// ── DELETE: Hapus rumah ibadah (admin only) ──────────────────
|
|
if ($method === 'DELETE') {
|
|
$user = requireRole(['admin']);
|
|
$id = (int)($_GET['id'] ?? 0);
|
|
|
|
if (!$id) {
|
|
jsonResponse(null, 'ID rumah ibadah wajib diisi.', false, 400);
|
|
}
|
|
|
|
$stmt = $pdo->prepare("DELETE FROM rumah_ibadah WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
|
|
if ($stmt->rowCount() === 0) {
|
|
jsonResponse(null, 'Rumah ibadah tidak ditemukan.', false, 404);
|
|
}
|
|
|
|
// Re-assign semua KK setelah RI dihapus
|
|
reassignAllKK($pdo);
|
|
|
|
jsonResponse(null, 'Rumah ibadah berhasil dihapus.');
|
|
}
|
|
|
|
// ── Helper: Re-assign semua KK ke RI terdekat ────────────────
|
|
function reassignAllKK(PDO $pdo): void {
|
|
$rows = $pdo->query("SELECT id, lat, lng FROM keluarga_miskin")->fetchAll();
|
|
|
|
foreach ($rows as $kk) {
|
|
$assign = autoAssign($pdo, (float)$kk['lat'], (float)$kk['lng']);
|
|
|
|
if ($assign['rumah_ibadah_id'] !== null) {
|
|
$stmt = $pdo->prepare("UPDATE keluarga_miskin SET rumah_ibadah_id = ?, jarak_ke_ibadah = ? WHERE id = ?");
|
|
$stmt->execute([$assign['rumah_ibadah_id'], $assign['jarak_km'], $kk['id']]);
|
|
} else {
|
|
$stmt = $pdo->prepare("UPDATE keluarga_miskin SET rumah_ibadah_id = NULL, jarak_ke_ibadah = NULL WHERE id = ?");
|
|
$stmt->execute([$kk['id']]);
|
|
}
|
|
}
|
|
}
|
|
|
|
// ── PATCH: Reset password pengurus (admin only) ──────────────
|
|
if ($method === 'PATCH') {
|
|
$user = requireRole(['admin']);
|
|
$body = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
$id = (int)($body['id'] ?? 0);
|
|
|
|
if (!$id) {
|
|
jsonResponse(null, 'ID rumah ibadah wajib diisi.', false, 400);
|
|
}
|
|
|
|
// Pastikan RI ada
|
|
$stmt = $pdo->prepare("SELECT id, nama, kode_pengurus FROM rumah_ibadah WHERE id = ? LIMIT 1");
|
|
$stmt->execute([$id]);
|
|
$ri = $stmt->fetch();
|
|
|
|
if (!$ri) {
|
|
jsonResponse(null, 'Rumah ibadah tidak ditemukan.', false, 404);
|
|
}
|
|
|
|
// Generate password baru
|
|
$passPlain = substr(bin2hex(random_bytes(4)), 0, 8); // 8 karakter acak
|
|
$passHash = password_hash($passPlain, PASSWORD_DEFAULT);
|
|
|
|
$stmt = $pdo->prepare("UPDATE rumah_ibadah SET password_pengurus = ? WHERE id = ?");
|
|
$stmt->execute([$passHash, $id]);
|
|
|
|
jsonResponse([
|
|
'id' => $id,
|
|
'kode_pengurus' => $ri['kode_pengurus'],
|
|
'password_pengurus' => $passPlain,
|
|
], 'Password pengurus berhasil direset untuk: ' . $ri['nama']);
|
|
}
|
|
|
|
// ── Method tidak didukung ────────────────────────────────────
|
|
jsonResponse(null, 'Method tidak didukung.', false, 405);
|