Persiapan hosting: config DB, perbaikan role, fix redirect

This commit is contained in:
Athallah Ghathfan Aqila
2026-06-13 13:56:43 +07:00
parent e3d7750f11
commit 46e999a9d0
9 changed files with 255 additions and 26 deletions
+3 -3
View File
@@ -9,7 +9,7 @@ $action = $_POST['action'] ?? $_GET['action'] ?? 'list';
// ── LIST ────────────────────────────────────────────────────────
if ($action === 'list') {
$rows = mysqli_fetch_all(
mysqli_query($conn, "SELECT id, username, nama, created_at FROM users ORDER BY nama"),
mysqli_query($conn, "SELECT id, username, nama, role, created_at FROM users ORDER BY nama"),
MYSQLI_ASSOC
);
echo json_encode(['status' => 'success', 'data' => $rows]);
@@ -27,7 +27,7 @@ if ($action === 'add') {
exit;
}
$role = in_array($_POST['role'] ?? '', ['admin','superadmin']) ? $_POST['role'] : 'admin';
$role = in_array($_POST['role'] ?? '', ['admin','operator']) ? $_POST['role'] : 'operator';
$hash = password_hash($password, PASSWORD_DEFAULT);
$st = mysqli_prepare($conn, "INSERT INTO users (username, password, nama, role) VALUES (?,?,?,?)");
mysqli_stmt_bind_param($st, 'ssss', $username, $hash, $nama, $role);
@@ -46,7 +46,7 @@ if ($action === 'update') {
$id = (int)($_POST['id'] ?? 0);
$nama = trim($_POST['nama'] ?? '');
$pass = $_POST['password'] ?? '';
$role = in_array($_POST['role'] ?? '', ['admin','superadmin']) ? $_POST['role'] : 'admin';
$role = in_array($_POST['role'] ?? '', ['admin','operator']) ? $_POST['role'] : 'operator';
if ($id <= 0 || !$nama) {
echo json_encode(['status' => 'error', 'message' => 'Data tidak valid']);
+4 -4
View File
@@ -8,22 +8,22 @@ function requireLogin() {
echo json_encode(['status' => 'error', 'message' => 'Sesi habis, silakan login kembali.']);
exit;
}
header('Location: /uas/login.php');
header('Location: login.php');
exit;
}
}
function requireSuperAdmin() {
requireLogin();
if ($_SESSION['user']['role'] !== 'superadmin') {
if ($_SESSION['user']['role'] !== 'admin') {
http_response_code(403);
echo json_encode(['status' => 'error', 'message' => 'Akses ditolak. Hanya superadmin.']);
echo json_encode(['status' => 'error', 'message' => 'Akses ditolak. Hanya admin.']);
exit;
}
}
function isSuperAdmin() {
return ($_SESSION['user']['role'] ?? '') === 'superadmin';
return ($_SESSION['user']['role'] ?? '') === 'admin';
}
function currentUser() {
+13 -7
View File
@@ -1,10 +1,14 @@
<?php
if (isset($conn)) return;
$host = getenv('DB_HOST') ?: '127.0.0.1';
$user = getenv('DB_USER') ?: 'root';
$pass = getenv('DB_PASS') ?: '';
$name = getenv('DB_NAME') ?: 'db_webgis';
$port = (int)(getenv('DB_PORT') ?: 3306);
if (!defined('DB_HOST')) {
$cfg = dirname(__DIR__) . '/config.php';
if (file_exists($cfg)) require_once $cfg;
}
$host = defined('DB_HOST') ? DB_HOST : (getenv('DB_HOST') ?: '127.0.0.1');
$user = defined('DB_USER') ? DB_USER : (getenv('DB_USER') ?: 'root');
$pass = defined('DB_PASS') ? DB_PASS : (getenv('DB_PASS') ?: '');
$name = defined('DB_NAME') ? DB_NAME : (getenv('DB_NAME') ?: 'db_webgis');
$port = defined('DB_PORT') ? (int)DB_PORT : (int)(getenv('DB_PORT') ?: 3306);
$conn = mysqli_init();
mysqli_options($conn, MYSQLI_OPT_CONNECT_TIMEOUT, 5);
$ok = @mysqli_real_connect($conn, $host, $user, $pass, $name, $port);
@@ -23,7 +27,7 @@ if (!isset($GLOBALS[$setup_flag])) {
username VARCHAR(50) UNIQUE NOT NULL,
password VARCHAR(255) NOT NULL,
nama VARCHAR(100),
role ENUM('superadmin','admin','operator') DEFAULT 'operator',
role ENUM('admin','operator') DEFAULT 'operator',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
)");
$conn->query("CREATE TABLE IF NOT EXISTS rumah_ibadah (
@@ -55,10 +59,12 @@ if (!isset($GLOBALS[$setup_flag])) {
hubungan VARCHAR(50), umur INT, pekerjaan VARCHAR(100), keterangan TEXT,
FOREIGN KEY (penduduk_id) REFERENCES penduduk_miskin(id) ON DELETE CASCADE
)");
$conn->query("UPDATE users SET role='admin' WHERE role='superadmin'");
$conn->query("ALTER TABLE users MODIFY COLUMN role ENUM('admin','operator') DEFAULT 'operator'");
$count = $conn->query("SELECT COUNT(*) FROM users")->fetch_row()[0];
if ($count == 0) {
$hash = '$2y$10$Ep64LS7KEQc2jKMu.AsH.O2wKF9ku4C8Cz0z4RHahgmYbz0vMr0/.';
$conn->query("INSERT INTO users (username,password,nama,role) VALUES ('admin','$hash','Administrator','superadmin')");
$conn->query("INSERT INTO users (username,password,nama,role) VALUES ('admin','$hash','Administrator','admin')");
$conn->query("INSERT INTO users (username,password,nama,role) VALUES ('operator','$hash','Operator Lapangan','operator')");
}
$conn->query("INSERT IGNORE INTO rumah_ibadah (id,nama,jenis,kontak,alamat,lat,lng,radius) VALUES
+1 -1
View File
@@ -127,7 +127,7 @@ input::placeholder{color:#94a3b8}
<p class="hint">Default: <span>admin</span> / <span>admin123</span></p>
<div style="text-align:center;margin-top:20px;padding-top:20px;border-top:1px solid #1e293b">
<a href="/index.php" style="color:#475569;font-size:12px;text-decoration:none;display:inline-flex;align-items:center;gap:6px;transition:.15s" onmouseover="this.style.color='#94a3b8'" onmouseout="this.style.color='#475569'">
<a href="../index.php" style="color:#475569;font-size:12px;text-decoration:none;display:inline-flex;align-items:center;gap:6px;transition:.15s" onmouseover="this.style.color='#94a3b8'" onmouseout="this.style.color='#475569'">
<svg width="14" height="14" viewBox="0 0 24 24" fill="currentColor"><path d="M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.41L7.83 13H20v-2z"/></svg>
Kembali ke Portal
</a>
+6 -6
View File
@@ -41,8 +41,8 @@ tbody tr:hover td{background:rgba(255,255,255,.02)}
.u-name{font-weight:600;font-size:13px}
.u-un{font-size:11px;color:var(--muted);margin-top:2px;font-family:monospace}
.badge{display:inline-flex;align-items:center;gap:4px;padding:3px 10px;border-radius:20px;font-size:11px;font-weight:600}
.badge-superadmin{background:rgba(99,102,241,.2);color:#a5b4fc}
.badge-admin{background:rgba(100,116,139,.2);color:#94a3b8}
.badge-admin{background:rgba(99,102,241,.2);color:#a5b4fc}
.badge-operator{background:rgba(100,116,139,.2);color:#94a3b8}
.me-tag{display:inline-flex;align-items:center;gap:4px;font-size:10px;background:rgba(245,158,11,.15);color:#fbbf24;padding:2px 8px;border-radius:8px;margin-left:8px;font-weight:600}
.btn-sm{display:inline-flex;align-items:center;gap:5px;padding:6px 12px;border-radius:8px;font-size:12px;font-weight:500;cursor:pointer;font-family:inherit;transition:var(--trans);border:none}
.btn-edit{background:rgba(59,130,246,.1);color:var(--blue);border:1px solid rgba(59,130,246,.2)}
@@ -100,7 +100,7 @@ tbody tr:hover td{background:rgba(255,255,255,.02)}
</div>
<?php if (!$isSuperAdmin): ?>
<div class="no-access"><i class="fas fa-lock" style="margin-right:8px"></i>Hanya superadmin yang dapat mengelola pengguna. Role kamu: <strong><?= $user['role'] ?></strong></div>
<div class="no-access"><i class="fas fa-lock" style="margin-right:8px"></i>Hanya admin yang dapat mengelola pengguna. Role kamu: <strong><?= $user['role'] ?></strong></div>
<?php endif; ?>
<div class="card">
@@ -146,7 +146,7 @@ tbody tr:hover td{background:rgba(255,255,255,.02)}
<label>Role <span class="req">*</span></label>
<select id="f-role">
<option value="admin">Admin</option>
<option value="superadmin">Superadmin</option>
<option value="operator">Operator</option>
</select>
</div>
</div>
@@ -229,8 +229,8 @@ function renderUsers(rows) {
const isMe = parseInt(u.id) === MY_ID;
const color = avatarColor(u.nama || u.username);
const init = (u.nama || u.username || '?')[0].toUpperCase();
const roleC = u.role === 'superadmin' ? 'badge-superadmin' : 'badge-admin';
const roleI = u.role === 'superadmin' ? 'shield-alt' : 'user';
const roleC = u.role === 'admin' ? 'badge-admin' : 'badge-operator';
const roleI = u.role === 'admin' ? 'shield-alt' : 'user';
const acols = IS_SUPER ? `
<td style="text-align:right;white-space:nowrap">
<button class="btn-sm btn-edit" onclick='openEdit(${JSON.stringify(u)})'>