Files
2026-06-13 13:56:43 +07:00

102 lines
4.0 KiB
PHP

<?php
header('Content-Type: application/json');
include '../koneksi.php';
include '../auth.php';
requireLogin();
$action = $_POST['action'] ?? $_GET['action'] ?? 'list';
// ── LIST ────────────────────────────────────────────────────────
if ($action === 'list') {
$rows = mysqli_fetch_all(
mysqli_query($conn, "SELECT id, username, nama, role, created_at FROM users ORDER BY nama"),
MYSQLI_ASSOC
);
echo json_encode(['status' => 'success', 'data' => $rows]);
exit;
}
// ── ADD ─────────────────────────────────────────────────────────
if ($action === 'add') {
$username = trim($_POST['username'] ?? '');
$password = $_POST['password'] ?? '';
$nama = trim($_POST['nama'] ?? '');
if (!$username || !$nama || strlen($password) < 6) {
echo json_encode(['status' => 'error', 'message' => 'Data tidak lengkap (password minimal 6 karakter)']);
exit;
}
$role = in_array($_POST['role'] ?? '', ['admin','operator']) ? $_POST['role'] : 'operator';
$hash = password_hash($password, PASSWORD_DEFAULT);
$st = mysqli_prepare($conn, "INSERT INTO users (username, password, nama, role) VALUES (?,?,?,?)");
mysqli_stmt_bind_param($st, 'ssss', $username, $hash, $nama, $role);
if (mysqli_stmt_execute($st)) {
echo json_encode(['status' => 'success', 'id' => mysqli_insert_id($conn)]);
} else {
$err = mysqli_error($conn);
$msg = strpos($err, 'Duplicate') !== false ? "Username '{$username}' sudah digunakan" : $err;
echo json_encode(['status' => 'error', 'message' => $msg]);
}
exit;
}
// ── UPDATE ──────────────────────────────────────────────────────
if ($action === 'update') {
$id = (int)($_POST['id'] ?? 0);
$nama = trim($_POST['nama'] ?? '');
$pass = $_POST['password'] ?? '';
$role = in_array($_POST['role'] ?? '', ['admin','operator']) ? $_POST['role'] : 'operator';
if ($id <= 0 || !$nama) {
echo json_encode(['status' => 'error', 'message' => 'Data tidak valid']);
exit;
}
if (strlen($pass) >= 6) {
$hash = password_hash($pass, PASSWORD_DEFAULT);
$st = mysqli_prepare($conn, "UPDATE users SET nama=?, role=?, password=? WHERE id=?");
mysqli_stmt_bind_param($st, 'sssi', $nama, $role, $hash, $id);
} else {
$st = mysqli_prepare($conn, "UPDATE users SET nama=?, role=? WHERE id=?");
mysqli_stmt_bind_param($st, 'ssi', $nama, $role, $id);
}
if (mysqli_stmt_execute($st)) {
echo json_encode(['status' => 'success']);
} else {
echo json_encode(['status' => 'error', 'message' => mysqli_error($conn)]);
}
exit;
}
// ── DELETE ──────────────────────────────────────────────────────
if ($action === 'delete') {
$id = (int)($_POST['id'] ?? 0);
$my_id = (int)($_SESSION['user']['id'] ?? 0);
if ($id <= 0) {
echo json_encode(['status' => 'error', 'message' => 'ID tidak valid']);
exit;
}
if ($id === $my_id) {
echo json_encode(['status' => 'error', 'message' => 'Tidak dapat menghapus akun sendiri']);
exit;
}
$st = mysqli_prepare($conn, "DELETE FROM users WHERE id = ?");
mysqli_stmt_bind_param($st, 'i', $id);
if (mysqli_stmt_execute($st)) {
if (mysqli_stmt_affected_rows($st) > 0) {
echo json_encode(['status' => 'success']);
} else {
echo json_encode(['status' => 'error', 'message' => 'User tidak ditemukan']);
}
} else {
echo json_encode(['status' => 'error', 'message' => mysqli_error($conn)]);
}
exit;
}
echo json_encode(['status' => 'error', 'message' => 'Action tidak dikenal']);