'success', 'data' => $rows]); exit; } // ── ADD ───────────────────────────────────────────────────────── if ($action === 'add') { $username = trim($_POST['username'] ?? ''); $password = $_POST['password'] ?? ''; $nama = trim($_POST['nama'] ?? ''); if (!$username || !$nama || strlen($password) < 6) { echo json_encode(['status' => 'error', 'message' => 'Data tidak lengkap (password minimal 6 karakter)']); exit; } $role = in_array($_POST['role'] ?? '', ['admin','operator']) ? $_POST['role'] : 'operator'; $hash = password_hash($password, PASSWORD_DEFAULT); $st = mysqli_prepare($conn, "INSERT INTO users (username, password, nama, role) VALUES (?,?,?,?)"); mysqli_stmt_bind_param($st, 'ssss', $username, $hash, $nama, $role); if (mysqli_stmt_execute($st)) { echo json_encode(['status' => 'success', 'id' => mysqli_insert_id($conn)]); } else { $err = mysqli_error($conn); $msg = strpos($err, 'Duplicate') !== false ? "Username '{$username}' sudah digunakan" : $err; echo json_encode(['status' => 'error', 'message' => $msg]); } exit; } // ── UPDATE ────────────────────────────────────────────────────── if ($action === 'update') { $id = (int)($_POST['id'] ?? 0); $nama = trim($_POST['nama'] ?? ''); $pass = $_POST['password'] ?? ''; $role = in_array($_POST['role'] ?? '', ['admin','operator']) ? $_POST['role'] : 'operator'; if ($id <= 0 || !$nama) { echo json_encode(['status' => 'error', 'message' => 'Data tidak valid']); exit; } if (strlen($pass) >= 6) { $hash = password_hash($pass, PASSWORD_DEFAULT); $st = mysqli_prepare($conn, "UPDATE users SET nama=?, role=?, password=? WHERE id=?"); mysqli_stmt_bind_param($st, 'sssi', $nama, $role, $hash, $id); } else { $st = mysqli_prepare($conn, "UPDATE users SET nama=?, role=? WHERE id=?"); mysqli_stmt_bind_param($st, 'ssi', $nama, $role, $id); } if (mysqli_stmt_execute($st)) { echo json_encode(['status' => 'success']); } else { echo json_encode(['status' => 'error', 'message' => mysqli_error($conn)]); } exit; } // ── DELETE ────────────────────────────────────────────────────── if ($action === 'delete') { $id = (int)($_POST['id'] ?? 0); $my_id = (int)($_SESSION['user']['id'] ?? 0); if ($id <= 0) { echo json_encode(['status' => 'error', 'message' => 'ID tidak valid']); exit; } if ($id === $my_id) { echo json_encode(['status' => 'error', 'message' => 'Tidak dapat menghapus akun sendiri']); exit; } $st = mysqli_prepare($conn, "DELETE FROM users WHERE id = ?"); mysqli_stmt_bind_param($st, 'i', $id); if (mysqli_stmt_execute($st)) { if (mysqli_stmt_affected_rows($st) > 0) { echo json_encode(['status' => 'success']); } else { echo json_encode(['status' => 'error', 'message' => 'User tidak ditemukan']); } } else { echo json_encode(['status' => 'error', 'message' => mysqli_error($conn)]); } exit; } echo json_encode(['status' => 'error', 'message' => 'Action tidak dikenal']);