chore: prepare docker webgis deployment

This commit is contained in:
Andrie
2026-06-11 18:14:21 +07:00
parent d2214ad9c8
commit a90748d9c1
149 changed files with 20844 additions and 5 deletions
+105
View File
@@ -0,0 +1,105 @@
<?php
header('Content-Type: application/json');
require_once '../../config.php';
require_once '../../auth/helper.php';
require_once '../../koneksi.php';
$is_authenticated = is_logged_in();
$is_privileged = $is_authenticated && has_role('operator');
$role = $is_authenticated ? get_role() : 'viewer';
$is_admin = $is_authenticated && has_role('administrator');
$can_see_sensitive = $is_privileged;
$can_see_coords = $is_privileged;
$public_verif_sql = $is_privileged ? "" : " AND pm.status_verifikasi = 'Terverifikasi'";
// Publik: hanya data Terverifikasi
// Operator: semua data ibadahnya sendiri (semua status)
// Admin: semua data tanpa filter
$operator_scope_sql = '';
if ($is_privileged && !$is_admin) {
$linked_ibadah_id = get_ibadah_id();
$operator_scope_sql = $linked_ibadah_id
? ' AND pm.ibadah_id = ' . (int)$linked_ibadah_id
: ' AND 1 = 0';
// operator lihat semua status miliknya (termasuk Pending/Ditolak)
}
// Cek apakah tabel kebutuhan sudah ada (migrasi F14 sudah dijalankan)
$kebutuhan_exists = $conn->query(
"SELECT 1 FROM information_schema.TABLES
WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'kebutuhan' LIMIT 1"
)->num_rows > 0;
if ($kebutuhan_exists) {
$sql = "
SELECT
pm.id, pm.nama_kk, pm.nik, pm.kategori, pm.alamat, pm.catatan,
pm.jumlah_jiwa, pm.lat, pm.lng, pm.ibadah_id, pm.jarak_m,
pm.is_blank_spot, pm.status_bantuan, pm.status_verifikasi, pm.created_at,
ri.nama AS nama_ibadah,
ri.jenis AS jenis_ibadah,
COALESCE(kstat.kebutuhan_open, 0) AS kebutuhan_open,
COALESCE(kstat.kebutuhan_proses, 0) AS kebutuhan_proses,
COALESCE(kstat.kebutuhan_terpenuhi,0) AS kebutuhan_terpenuhi,
kstat.kebutuhan_kategori_open
FROM penduduk_miskin pm
LEFT JOIN rumah_ibadah ri ON pm.ibadah_id = ri.id AND ri.deleted_at IS NULL
LEFT JOIN (
SELECT
penduduk_id,
SUM(CASE WHEN status='Belum Terpenuhi' THEN 1 ELSE 0 END) AS kebutuhan_open,
SUM(CASE WHEN status='Dalam Proses' THEN 1 ELSE 0 END) AS kebutuhan_proses,
SUM(CASE WHEN status='Terpenuhi' THEN 1 ELSE 0 END) AS kebutuhan_terpenuhi,
GROUP_CONCAT(DISTINCT CASE WHEN status='Belum Terpenuhi' THEN kategori ELSE NULL END
ORDER BY kategori SEPARATOR ',') AS kebutuhan_kategori_open
FROM kebutuhan
GROUP BY penduduk_id
) kstat ON kstat.penduduk_id = pm.id
WHERE pm.is_active = 1 AND pm.deleted_at IS NULL {$public_verif_sql} {$operator_scope_sql}
ORDER BY pm.created_at DESC
";
} else {
$sql = "
SELECT
pm.id, pm.nama_kk, pm.nik, pm.kategori, pm.alamat, pm.catatan,
pm.jumlah_jiwa, pm.lat, pm.lng, pm.ibadah_id, pm.jarak_m,
pm.is_blank_spot, pm.status_bantuan, pm.status_verifikasi, pm.created_at,
ri.nama AS nama_ibadah,
ri.jenis AS jenis_ibadah,
0 AS kebutuhan_open, 0 AS kebutuhan_proses,
0 AS kebutuhan_terpenuhi, NULL AS kebutuhan_kategori_open
FROM penduduk_miskin pm
LEFT JOIN rumah_ibadah ri ON pm.ibadah_id = ri.id AND ri.deleted_at IS NULL
WHERE pm.is_active = 1 AND pm.deleted_at IS NULL {$public_verif_sql} {$operator_scope_sql}
ORDER BY pm.created_at DESC
";
}
$result = $conn->query($sql);
if (!$result) {
error_log('penduduk/ambil query failed: ' . $conn->error);
echo json_encode(['status' => 'error', 'message' => 'Gagal memuat data penduduk.']);
exit;
}
$data = [];
while ($row = $result->fetch_assoc()) {
if (!$can_see_sensitive) {
// Publik tidak boleh lihat data pribadi
$row['nik'] = null;
$row['nama_kk'] = null;
$row['alamat'] = null;
$row['catatan'] = null;
}
if (!$can_see_coords) {
// Publik tidak boleh lihat koordinat rumah warga
$row['lat'] = null;
$row['lng'] = null;
}
$data[] = $row;
}
echo json_encode(['status' => 'success', 'total' => count($data), 'data' => $data]);
$conn->close();
@@ -0,0 +1,28 @@
<?php
header('Content-Type: application/json');
require_once '../../config.php';
require_once '../../auth/helper.php';
require_once '../../koneksi.php';
require_auth('administrator');
// Return inactive (is_active=0) AND soft-deleted warga for admin audit
$stmt = $conn->prepare("
SELECT pm.id, pm.nama_kk, pm.jumlah_jiwa, pm.kategori, pm.status_bantuan,
pm.is_active, pm.deleted_at,
ri.nama AS nama_ibadah,
(SELECT COUNT(*) FROM riwayat_bantuan WHERE penduduk_id = pm.id) AS jml_riwayat
FROM penduduk_miskin pm
LEFT JOIN rumah_ibadah ri ON ri.id = pm.ibadah_id
WHERE pm.is_active = 0 OR pm.deleted_at IS NOT NULL
ORDER BY COALESCE(pm.deleted_at, pm.updated_at) DESC
LIMIT 200
");
$stmt->execute();
$res = $stmt->get_result();
$rows = [];
while ($r = $res->fetch_assoc()) $rows[] = $r;
$stmt->close();
echo json_encode(['status' => 'success', 'data' => $rows]);
$conn->close();
@@ -0,0 +1,32 @@
<?php
header('Content-Type: application/json');
require_once '../../config.php';
require_once '../../auth/helper.php';
require_once '../../koneksi.php';
require_auth('administrator');
require_csrf();
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
exit;
}
$id = (int) ($_POST['id'] ?? 0);
if (!$id) {
echo json_encode(['status' => 'error', 'message' => 'ID tidak valid']);
exit;
}
$stmt = $conn->prepare(
"UPDATE penduduk_miskin SET deleted_at = NOW() WHERE id = ? AND deleted_at IS NULL"
);
$stmt->bind_param('i', $id);
if ($stmt->execute() && $stmt->affected_rows > 0) {
echo json_encode(['status' => 'success', 'message' => 'Data berhasil dihapus']);
} else {
echo json_encode(['status' => 'error', 'message' => 'Data tidak ditemukan atau sudah dihapus']);
}
$stmt->close();
$conn->close();
@@ -0,0 +1,29 @@
<?php
header('Content-Type: application/json');
require_once '../../config.php';
require_once '../../auth/helper.php';
require_once '../../koneksi.php';
require_auth('administrator');
require_csrf();
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']); exit;
}
$id = (int)($_POST['id'] ?? 0);
if (!$id) {
echo json_encode(['status' => 'error', 'message' => 'ID tidak valid']); exit;
}
$stmt = $conn->prepare(
"UPDATE penduduk_miskin SET is_active = 0 WHERE id = ? AND is_active = 1 AND deleted_at IS NULL"
);
$stmt->bind_param('i', $id);
if ($stmt->execute() && $stmt->affected_rows > 0) {
echo json_encode(['status' => 'success', 'message' => 'Warga berhasil dinonaktifkan']);
} else {
echo json_encode(['status' => 'error', 'message' => 'Data tidak ditemukan atau sudah tidak aktif']);
}
$stmt->close();
$conn->close();
@@ -0,0 +1,50 @@
<?php
header('Content-Type: application/json');
require_once '../../config.php';
require_once '../../auth/helper.php';
require_once '../../koneksi.php';
require_auth('operator');
$id = (int)($_GET['id'] ?? 0);
if ($id <= 0) {
echo json_encode(['status' => 'error', 'message' => 'ID tidak valid.']);
exit;
}
// Operator hanya boleh lihat riwayat warga dalam ibadah-nya
if (!has_role('administrator')) {
$op_ibadah = get_ibadah_id();
$stmt = $conn->prepare(
"SELECT ibadah_id FROM penduduk_miskin
WHERE id=? AND is_active=1 AND deleted_at IS NULL"
);
$stmt->bind_param('i', $id);
$stmt->execute();
$r = $stmt->get_result()->fetch_assoc();
$stmt->close();
if (!$r || (int)$r['ibadah_id'] !== (int)$op_ibadah) {
http_response_code(403);
echo json_encode(['status' => 'error', 'message' => 'Akses ditolak.']);
exit;
}
}
$stmt = $conn->prepare("
SELECT r.id, r.status_lama, r.status_baru, r.catatan, r.created_at,
u.nama_lengkap AS user_nama
FROM riwayat_bantuan r
LEFT JOIN users u ON u.id = r.operator_id
WHERE r.penduduk_id = ?
ORDER BY r.created_at DESC
LIMIT 20
");
$stmt->bind_param('i', $id);
$stmt->execute();
$res = $stmt->get_result();
$rows = [];
while ($r = $res->fetch_assoc()) $rows[] = $r;
$stmt->close();
echo json_encode(['status' => 'success', 'data' => $rows]);
$conn->close();
@@ -0,0 +1,143 @@
<?php
header('Content-Type: application/json');
require_once '../../config.php';
require_once '../../auth/helper.php';
require_once '../../includes/validation.php';
require_once '../../koneksi.php';
require_auth('operator');
require_csrf();
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
exit;
}
$nama_kk = trim($_POST['nama_kk'] ?? '');
$nik = trim($_POST['nik'] ?? '');
$jumlah_jiwa = max(1, (int)($_POST['jumlah_jiwa'] ?? 1));
$kategori = trim($_POST['kategori'] ?? 'Miskin');
$alamat = trim($_POST['alamat'] ?? '');
$catatan = trim($_POST['catatan'] ?? '');
$coord = validate_lat_lng($_POST['lat'] ?? null, $_POST['lng'] ?? null);
if (!$coord['ok']) {
echo json_encode(['status' => 'error', 'message' => $coord['message']]);
exit;
}
$lat = $coord['lat'];
$lng = $coord['lng'];
if (!$nama_kk) {
echo json_encode(['status' => 'error', 'message' => 'Nama Kepala Keluarga tidak boleh kosong']);
exit;
}
$valid_kategori = ['Sangat Miskin', 'Miskin', 'Hampir Miskin'];
if (!in_array($kategori, $valid_kategori)) $kategori = 'Miskin';
// Validasi & dedup NIK
$nik_val = $nik !== '' ? $nik : null;
if ($nik_val !== null) {
if (!preg_match('/^\d{16}$/', $nik_val)) {
echo json_encode(['status' => 'error', 'message' => 'NIK harus 16 digit angka']);
exit;
}
$stmt_nik = $conn->prepare(
"SELECT id, nama_kk FROM penduduk_miskin
WHERE nik = ? LIMIT 1"
);
$stmt_nik->bind_param('s', $nik_val);
$stmt_nik->execute();
$existing = $stmt_nik->get_result()->fetch_assoc();
$stmt_nik->close();
if ($existing) {
echo json_encode([
'status' => 'error',
'message' => "NIK {$nik_val} pernah terdaftar atas nama {$existing['nama_kk']}. Cek arsip sebelum menambah ulang.",
]);
exit;
}
}
// PRD-correct proximity calculation
$p = calc_proximity($conn, $lat, $lng);
if (!has_role('administrator')) {
$op_ibadah_id = get_ibadah_id();
if (!$op_ibadah_id) {
http_response_code(403);
echo json_encode([
'status' => 'error',
'message' => 'Operator belum dikaitkan dengan rumah ibadah'
]);
exit;
}
if (empty($p['ibadah_id']) || (int)$p['ibadah_id'] !== $op_ibadah_id) {
http_response_code(403);
echo json_encode([
'status' => 'error',
'message' => 'Lokasi warga berada di luar wilayah rumah ibadah operator'
]);
exit;
}
}
// Admin langsung Terverifikasi; operator masuk Pending untuk direview
$status_verif = has_role('administrator') ? 'Terverifikasi' : 'Pending';
$verified_by = has_role('administrator') ? get_user_id() : null;
$verified_at = has_role('administrator') ? date('Y-m-d H:i:s') : null;
$stmt = $conn->prepare(
"INSERT INTO penduduk_miskin
(nama_kk, nik, jumlah_jiwa, kategori, alamat, catatan, lat, lng,
ibadah_id, jarak_m, is_blank_spot, status_verifikasi, verified_by, verified_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
);
$stmt->bind_param(
'ssisssddidisis',
$nama_kk, $nik_val, $jumlah_jiwa, $kategori, $alamat, $catatan,
$lat, $lng, $p['ibadah_id'], $p['jarak_m'], $p['is_blank_spot'],
$status_verif, $verified_by, $verified_at
);
if ($stmt->execute()) {
$new_id = $conn->insert_id;
$nama_ibadah = null;
$jenis_ibadah = null;
if ($p['ibadah_id']) {
$s2 = $conn->prepare("SELECT nama, jenis FROM rumah_ibadah WHERE id = ? AND deleted_at IS NULL");
$s2->bind_param('i', $p['ibadah_id']);
$s2->execute();
$ri = $s2->get_result()->fetch_assoc();
$s2->close();
if ($ri) { $nama_ibadah = $ri['nama']; $jenis_ibadah = $ri['jenis']; }
}
echo json_encode([
'status' => 'success',
'message' => 'Data berhasil disimpan',
'data' => [
'id' => $new_id,
'nama_kk' => $nama_kk,
'nik' => $nik_val,
'kategori' => $kategori,
'alamat' => $alamat,
'catatan' => $catatan,
'jumlah_jiwa' => $jumlah_jiwa,
'lat' => $lat,
'lng' => $lng,
'ibadah_id' => $p['ibadah_id'],
'jarak_m' => $p['jarak_m'],
'is_blank_spot' => $p['is_blank_spot'],
'status_verifikasi' => $status_verif,
'nama_ibadah' => $nama_ibadah,
'jenis_ibadah' => $jenis_ibadah,
]
]);
} else {
error_log('penduduk/simpan insert failed: ' . $stmt->error);
echo json_encode(['status' => 'error', 'message' => 'Gagal menyimpan data penduduk.']);
}
$stmt->close();
$conn->close();
@@ -0,0 +1,93 @@
<?php
header('Content-Type: application/json');
require_once '../../config.php';
require_once '../../auth/helper.php';
require_once '../../koneksi.php';
require_auth('operator');
require_csrf();
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
exit;
}
$id = (int)($_POST['id'] ?? 0);
$nama_kk = trim($_POST['nama_kk'] ?? '');
$nik = trim($_POST['nik'] ?? '');
$jumlah_jiwa = max(1, (int)($_POST['jumlah_jiwa'] ?? 1));
$kategori = trim($_POST['kategori'] ?? 'Miskin');
$alamat = trim($_POST['alamat'] ?? '');
$catatan = trim($_POST['catatan'] ?? '');
if ($id <= 0 || !$nama_kk) {
echo json_encode(['status' => 'error', 'message' => 'ID dan nama kepala keluarga wajib diisi.']);
exit;
}
$valid_kategori = ['Sangat Miskin', 'Miskin', 'Hampir Miskin'];
if (!in_array($kategori, $valid_kategori)) $kategori = 'Miskin';
// Ambil data existing untuk scope check
$stmt = $conn->prepare(
"SELECT ibadah_id FROM penduduk_miskin WHERE id=? AND is_active=1 AND deleted_at IS NULL"
);
$stmt->bind_param('i', $id);
$stmt->execute();
$warga = $stmt->get_result()->fetch_assoc();
$stmt->close();
if (!$warga) {
echo json_encode(['status' => 'error', 'message' => 'Data warga tidak ditemukan.']);
exit;
}
// Operator hanya boleh edit warga dalam ibadah-nya
if (!has_role('administrator')) {
$op_ibadah = get_ibadah_id();
if ($warga['ibadah_id'] === null || (int)$warga['ibadah_id'] !== (int)$op_ibadah) {
http_response_code(403);
echo json_encode(['status' => 'error', 'message' => 'Anda tidak memiliki akses untuk warga ini.']);
exit;
}
}
// Validasi & dedup NIK (exclude diri sendiri)
$nik_val = $nik !== '' ? $nik : null;
if ($nik_val !== null) {
if (!preg_match('/^\d{16}$/', $nik_val)) {
echo json_encode(['status' => 'error', 'message' => 'NIK harus 16 digit angka.']);
exit;
}
$stmt_nik = $conn->prepare(
"SELECT id, nama_kk FROM penduduk_miskin WHERE nik=? AND id != ? LIMIT 1"
);
$stmt_nik->bind_param('si', $nik_val, $id);
$stmt_nik->execute();
$existing = $stmt_nik->get_result()->fetch_assoc();
$stmt_nik->close();
if ($existing) {
echo json_encode([
'status' => 'error',
'message' => "NIK {$nik_val} sudah terdaftar atas nama {$existing['nama_kk']}.",
]);
exit;
}
}
$catatan_val = $catatan !== '' ? $catatan : null;
$stmt = $conn->prepare(
"UPDATE penduduk_miskin
SET nama_kk=?, nik=?, jumlah_jiwa=?, kategori=?, alamat=?, catatan=?, updated_at=NOW()
WHERE id=? AND is_active=1 AND deleted_at IS NULL"
);
$stmt->bind_param('ssisssi', $nama_kk, $nik_val, $jumlah_jiwa, $kategori, $alamat, $catatan_val, $id);
if ($stmt->execute() && $stmt->affected_rows >= 0) {
echo json_encode(['status' => 'success', 'message' => 'Data berhasil diperbarui.']);
} else {
echo json_encode(['status' => 'error', 'message' => 'Gagal memperbarui data: ' . $stmt->error]);
}
$stmt->close();
$conn->close();
@@ -0,0 +1,89 @@
<?php
header('Content-Type: application/json');
require_once '../../config.php';
require_once '../../auth/helper.php';
require_once '../../includes/validation.php';
require_once '../../koneksi.php';
require_auth('operator');
require_csrf();
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
exit;
}
$id = (int) ($_POST['id'] ?? 0);
$coord = validate_lat_lng($_POST['lat'] ?? null, $_POST['lng'] ?? null);
if (!$coord['ok']) {
echo json_encode(['status' => 'error', 'message' => $coord['message']]);
exit;
}
$lat = $coord['lat'];
$lng = $coord['lng'];
if (!$id) {
echo json_encode(['status' => 'error', 'message' => 'ID tidak valid']);
exit;
}
if (!has_role('administrator')) {
$linked_ibadah_id = get_ibadah_id();
if (!$linked_ibadah_id) {
http_response_code(403);
echo json_encode(['status' => 'error', 'message' => 'Akses ditolak untuk data warga ini']);
exit;
}
$scope = $conn->prepare(
"SELECT id FROM penduduk_miskin
WHERE id = ? AND ibadah_id = ? AND is_active = 1 AND deleted_at IS NULL"
);
$scope->bind_param('ii', $id, $linked_ibadah_id);
$scope->execute();
$allowed = $scope->get_result()->fetch_assoc();
$scope->close();
if (!$allowed) {
http_response_code(403);
echo json_encode(['status' => 'error', 'message' => 'Akses ditolak untuk data warga ini']);
exit;
}
}
// PRD-correct proximity calculation
$p = calc_proximity($conn, $lat, $lng);
if (!has_role('administrator')) {
if (empty($p['ibadah_id']) || (int)$p['ibadah_id'] !== $linked_ibadah_id) {
http_response_code(403);
echo json_encode([
'status' => 'error',
'message' => 'Posisi baru berada di luar wilayah rumah ibadah operator'
]);
exit;
}
}
$stmt = $conn->prepare(
"UPDATE penduduk_miskin
SET lat = ?, lng = ?, ibadah_id = ?, jarak_m = ?, is_blank_spot = ?
WHERE id = ? AND deleted_at IS NULL"
);
$stmt->bind_param('ddidii', $lat, $lng, $p['ibadah_id'], $p['jarak_m'], $p['is_blank_spot'], $id);
if ($stmt->execute() && $stmt->affected_rows > 0) {
echo json_encode([
'status' => 'success',
'message' => 'Posisi berhasil diperbarui',
'data' => [
'ibadah_id' => $p['ibadah_id'],
'jarak_m' => $p['jarak_m'],
'is_blank_spot' => $p['is_blank_spot'],
]
]);
} else {
echo json_encode(['status' => 'error', 'message' => 'Gagal update atau data tidak ditemukan']);
}
$stmt->close();
$conn->close();
@@ -0,0 +1,68 @@
<?php
header('Content-Type: application/json');
require_once '../../config.php';
require_once '../../auth/helper.php';
require_once '../../koneksi.php';
require_auth('operator');
require_csrf();
$id = (int)($_POST['id'] ?? 0);
$status = trim($_POST['status'] ?? '');
$catatan = trim($_POST['catatan'] ?? '');
$allowed = ['Belum Ditangani', 'Dalam Proses', 'Sudah Ditangani'];
if ($id <= 0 || !in_array($status, $allowed, true)) {
echo json_encode(['status' => 'error', 'message' => 'Parameter tidak valid.']);
exit;
}
$stmt = $conn->prepare(
"SELECT id, ibadah_id, status_bantuan, status_verifikasi FROM penduduk_miskin
WHERE id=? AND is_active=1 AND deleted_at IS NULL"
);
$stmt->bind_param('i', $id);
$stmt->execute();
$row = $stmt->get_result()->fetch_assoc();
$stmt->close();
if (!$row) {
echo json_encode(['status' => 'error', 'message' => 'Data tidak ditemukan.']);
exit;
}
// Operator hanya boleh update warga dalam ibadah-nya sendiri
if (!has_role('administrator')) {
$op_ibadah = get_ibadah_id();
if ($row['ibadah_id'] === null || (int)$row['ibadah_id'] !== (int)$op_ibadah) {
http_response_code(403);
echo json_encode(['status' => 'error', 'message' => 'Anda tidak memiliki akses untuk warga ini.']);
exit;
}
}
if ($row['status_verifikasi'] !== 'Terverifikasi') {
echo json_encode(['status' => 'error', 'message' => 'Data warga belum terverifikasi']);
exit;
}
$old_status = $row['status_bantuan'];
$user_id = (int)$_SESSION['user_id'];
$stmt = $conn->prepare(
"UPDATE penduduk_miskin SET status_bantuan=?, updated_at=NOW() WHERE id=?"
);
$stmt->bind_param('si', $status, $id);
$stmt->execute();
$stmt->close();
$stmt = $conn->prepare(
"INSERT INTO riwayat_bantuan (penduduk_id, operator_id, status_lama, status_baru, catatan)
VALUES (?,?,?,?,?)"
);
$stmt->bind_param('iisss', $id, $user_id, $old_status, $status, $catatan);
$stmt->execute();
$stmt->close();
echo json_encode(['status' => 'success', 'status_baru' => $status]);
$conn->close();
@@ -0,0 +1,43 @@
<?php
header('Content-Type: application/json');
require_once '../../config.php';
require_once '../../auth/helper.php';
require_once '../../koneksi.php';
require_auth('administrator');
require_csrf();
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
exit;
}
$id = (int)trim($_POST['id'] ?? 0);
$aksi = trim($_POST['aksi'] ?? ''); // 'approve' | 'reject'
$catatan = trim($_POST['catatan'] ?? '');
if ($id <= 0 || !in_array($aksi, ['approve', 'reject'], true)) {
echo json_encode(['status' => 'error', 'message' => 'Parameter tidak valid.']);
exit;
}
$status_baru = $aksi === 'approve' ? 'Terverifikasi' : 'Ditolak';
$admin_id = get_user_id();
$catatan_val = $catatan !== '' ? mb_substr($catatan, 0, 500) : null;
$stmt = $conn->prepare("
UPDATE penduduk_miskin
SET status_verifikasi = ?,
verified_by = ?,
verified_at = NOW(),
catatan_verifikasi = ?
WHERE id = ? AND deleted_at IS NULL
");
$stmt->bind_param('sisi', $status_baru, $admin_id, $catatan_val, $id);
if ($stmt->execute() && $stmt->affected_rows > 0) {
echo json_encode(['status' => 'success', 'status_verifikasi' => $status_baru, 'id' => $id]);
} else {
echo json_encode(['status' => 'error', 'message' => 'Data tidak ditemukan atau tidak ada perubahan.']);
}
$stmt->close();
$conn->close();