112 lines
4.1 KiB
PHP
112 lines
4.1 KiB
PHP
<?php
|
|
// ============================================================
|
|
// API: Autentikasi (Login / Logout / Cek Session)
|
|
// Mendukung 3 role: admin, pengurus, walikota
|
|
// ============================================================
|
|
require_once __DIR__ . '/config.php';
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
$action = $_GET['action'] ?? '';
|
|
|
|
// ── GET: Cek session aktif ───────────────────────────────────
|
|
if ($method === 'GET' && $action === 'check') {
|
|
if (!empty($_SESSION['user'])) {
|
|
jsonResponse($_SESSION['user'], 'Session aktif.');
|
|
} else {
|
|
jsonResponse(null, 'Belum login.', false);
|
|
}
|
|
}
|
|
|
|
// ── POST: Login ──────────────────────────────────────────────
|
|
if ($method === 'POST' && $action === 'login') {
|
|
// Ambil data dari body JSON
|
|
$body = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
$username = trim($body['username'] ?? '');
|
|
$password = trim($body['password'] ?? '');
|
|
|
|
if (empty($username)) {
|
|
jsonResponse(null, 'Username wajib diisi.', false, 400);
|
|
}
|
|
|
|
// Cek apakah login sebagai pengurus (format kode_pengurus: RI-XXX-9999)
|
|
$isPengurusLogin = preg_match('/^RI-[A-Z]{3}-\d{4}$/', $username);
|
|
|
|
if ($isPengurusLogin) {
|
|
// ── Login pengurus via kode_pengurus di tabel rumah_ibadah ──
|
|
$stmt = $pdo->prepare("
|
|
SELECT id, kode_pengurus, password_pengurus, nama, jenis
|
|
FROM rumah_ibadah
|
|
WHERE kode_pengurus = ?
|
|
LIMIT 1
|
|
");
|
|
$stmt->execute([$username]);
|
|
$ri = $stmt->fetch();
|
|
|
|
if (!$ri) {
|
|
jsonResponse(null, 'Kode pengurus tidak ditemukan.', false, 401);
|
|
}
|
|
|
|
if (empty($password)) {
|
|
jsonResponse(null, 'Password pengurus wajib diisi.', false, 400);
|
|
}
|
|
|
|
if (!password_verify($password, $ri['password_pengurus'])) {
|
|
jsonResponse(null, 'Password pengurus salah.', false, 401);
|
|
}
|
|
|
|
// Set session sebagai pengurus
|
|
$_SESSION['user'] = [
|
|
'id' => 0, // Pengurus tidak punya ID di tabel users
|
|
'nama' => 'Pengurus ' . $ri['nama'],
|
|
'username' => $ri['kode_pengurus'],
|
|
'role' => 'pengurus',
|
|
'rumah_ibadah_id' => (int)$ri['id'],
|
|
];
|
|
|
|
jsonResponse($_SESSION['user'], 'Login berhasil sebagai pengurus.');
|
|
|
|
} else {
|
|
// ── Login admin / walikota via tabel users ──
|
|
$stmt = $pdo->prepare("
|
|
SELECT id, nama, username, password, role, rumah_ibadah_id
|
|
FROM users
|
|
WHERE username = ?
|
|
LIMIT 1
|
|
");
|
|
$stmt->execute([$username]);
|
|
$user = $stmt->fetch();
|
|
|
|
if (!$user) {
|
|
jsonResponse(null, 'Username tidak ditemukan.', false, 401);
|
|
}
|
|
|
|
if (empty($password)) {
|
|
jsonResponse(null, 'Password wajib diisi.', false, 400);
|
|
}
|
|
|
|
if (!password_verify($password, $user['password'])) {
|
|
jsonResponse(null, 'Password salah.', false, 401);
|
|
}
|
|
|
|
// Set session
|
|
$_SESSION['user'] = [
|
|
'id' => (int)$user['id'],
|
|
'nama' => $user['nama'],
|
|
'username' => $user['username'],
|
|
'role' => $user['role'],
|
|
'rumah_ibadah_id' => $user['rumah_ibadah_id'] ? (int)$user['rumah_ibadah_id'] : null,
|
|
];
|
|
|
|
jsonResponse($_SESSION['user'], 'Login berhasil sebagai ' . $user['role'] . '.');
|
|
}
|
|
}
|
|
|
|
// ── POST: Logout ─────────────────────────────────────────────
|
|
if ($method === 'POST' && $action === 'logout') {
|
|
session_destroy();
|
|
jsonResponse(null, 'Berhasil logout.');
|
|
}
|
|
|
|
// ── Endpoint tidak valid ─────────────────────────────────────
|
|
jsonResponse(null, 'Endpoint tidak valid.', false, 404);
|