delete folder backup
This commit is contained in:
+216
@@ -0,0 +1,216 @@
|
||||
<?php
|
||||
// api/auth.php
|
||||
header('Content-Type: application/json');
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
|
||||
header('Access-Control-Allow-Headers: Content-Type, Authorization');
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
||||
http_response_code(200);
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once '../config/db.php';
|
||||
require_once 'middleware.php';
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$action = $_GET['action'] ?? 'status';
|
||||
|
||||
try {
|
||||
switch ($method) {
|
||||
case 'GET':
|
||||
if ($action === 'status') {
|
||||
// Cek status login (Guest support)
|
||||
$user = optionalAuth();
|
||||
if ($user) {
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
'logged_in' => true,
|
||||
'user' => [
|
||||
'id' => $user['id'],
|
||||
'username' => $user['username'],
|
||||
'role' => $user['role'],
|
||||
'rumah_ibadah_id' => $user['rumah_ibadah_id'],
|
||||
'no_telp' => $user['no_telp'] ?? ''
|
||||
]
|
||||
]);
|
||||
} else {
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
'logged_in' => false,
|
||||
'user' => null,
|
||||
'message' => 'Guest Mode: Pengguna belum login.'
|
||||
]);
|
||||
}
|
||||
} else {
|
||||
http_response_code(400);
|
||||
echo json_encode(['success' => false, 'message' => 'Action GET tidak dikenal.']);
|
||||
}
|
||||
break;
|
||||
|
||||
case 'POST':
|
||||
if ($action === 'login') {
|
||||
// Proses Login
|
||||
$body = json_decode(file_get_contents('php://input'), true) ?: $_POST;
|
||||
$username = trim($body['username'] ?? '');
|
||||
$password = trim($body['password'] ?? '');
|
||||
|
||||
if (!$username || !$password) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['success' => false, 'message' => 'Username dan Password wajib diisi.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Cari user berdasarkan username
|
||||
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
|
||||
$stmt->execute([$username]);
|
||||
$user = $stmt->fetch();
|
||||
|
||||
if ($user && password_verify($password, $user['password'])) {
|
||||
// Simpan data penting ke session
|
||||
$_SESSION['user'] = [
|
||||
'id' => (int)$user['id'],
|
||||
'username' => $user['username'],
|
||||
'role' => $user['role'],
|
||||
'rumah_ibadah_id' => $user['rumah_ibadah_id'] ? (int)$user['rumah_ibadah_id'] : null,
|
||||
'no_telp' => $user['no_telp'] ?? ''
|
||||
];
|
||||
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
'message' => 'Login berhasil! Selamat datang, ' . $user['username'],
|
||||
'user' => $_SESSION['user']
|
||||
]);
|
||||
} else {
|
||||
http_response_code(401);
|
||||
echo json_encode(['success' => false, 'message' => 'Username atau Password salah.']);
|
||||
}
|
||||
} elseif ($action === 'register') {
|
||||
// Proses Registrasi Mandiri (hanya untuk kontributor & koordinator)
|
||||
$body = json_decode(file_get_contents('php://input'), true) ?: $_POST;
|
||||
$username = trim($body['username'] ?? '');
|
||||
$email = trim($body['email'] ?? '');
|
||||
$password = trim($body['password'] ?? '');
|
||||
$noTelp = trim($body['no_telp'] ?? '');
|
||||
$role = trim($body['role'] ?? '');
|
||||
$rumahIbadahId = isset($body['rumah_ibadah_id']) && $body['rumah_ibadah_id'] !== '' ? (int)$body['rumah_ibadah_id'] : null;
|
||||
|
||||
// Validasi field wajib
|
||||
if (!$username || !$email || !$password || !$noTelp || !$role) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['success' => false, 'message' => 'Semua field wajib diisi (username, email, password, no_telp, role).']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Validasi panjang & kekuatan password
|
||||
if (strlen($password) < 6) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['success' => false, 'message' => 'Password minimal 6 karakter.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Validasi format email
|
||||
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['success' => false, 'message' => 'Format email tidak valid.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Whitelist role — HANYA kontributor dan koordinator yang boleh mendaftar sendiri
|
||||
$allowedRoles = ['kontributor', 'koordinator'];
|
||||
if (!in_array($role, $allowedRoles)) {
|
||||
http_response_code(403);
|
||||
echo json_encode(['success' => false, 'message' => 'Peran "' . $role . '" tidak diizinkan untuk registrasi mandiri.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Koordinator wajib memilih rumah ibadah
|
||||
if ($role === 'koordinator' && !$rumahIbadahId) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['success' => false, 'message' => 'Koordinator Rumah Ibadah wajib memilih rumah ibadah yang dikelola.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Kontributor tidak boleh terikat ke rumah ibadah
|
||||
if ($role === 'kontributor') {
|
||||
$rumahIbadahId = null;
|
||||
}
|
||||
|
||||
// Cek duplikasi username
|
||||
$stmtCheck = $pdo->prepare("SELECT id FROM users WHERE username = ? LIMIT 1");
|
||||
$stmtCheck->execute([$username]);
|
||||
if ($stmtCheck->fetch()) {
|
||||
http_response_code(409);
|
||||
echo json_encode(['success' => false, 'message' => 'Username "' . $username . '" sudah terdaftar. Gunakan username lain.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Cek duplikasi email
|
||||
$stmtCheck2 = $pdo->prepare("SELECT id FROM users WHERE email = ? LIMIT 1");
|
||||
$stmtCheck2->execute([$email]);
|
||||
if ($stmtCheck2->fetch()) {
|
||||
http_response_code(409);
|
||||
echo json_encode(['success' => false, 'message' => 'Email "' . $email . '" sudah terdaftar. Gunakan email lain.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Validasi rumah ibadah ada di database (untuk koordinator)
|
||||
if ($role === 'koordinator' && $rumahIbadahId) {
|
||||
$stmtIbadah = $pdo->prepare("SELECT id FROM rumah_ibadah WHERE id = ? LIMIT 1");
|
||||
$stmtIbadah->execute([$rumahIbadahId]);
|
||||
if (!$stmtIbadah->fetch()) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['success' => false, 'message' => 'Rumah ibadah yang dipilih tidak valid atau tidak ditemukan.']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
// Hash password dengan bcrypt
|
||||
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
|
||||
|
||||
// Simpan user baru ke database
|
||||
$stmtInsert = $pdo->prepare("INSERT INTO users (username, email, password, no_telp, role, rumah_ibadah_id) VALUES (?, ?, ?, ?, ?, ?)");
|
||||
$stmtInsert->execute([$username, $email, $hashedPassword, $noTelp, $role, $rumahIbadahId]);
|
||||
|
||||
$roleLabel = $role === 'koordinator' ? 'Koordinator Rumah Ibadah' : 'Kontributor';
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
'message' => 'Registrasi berhasil! Selamat bergabung sebagai ' . $roleLabel . '. Silakan login dengan akun Anda.',
|
||||
'username' => $username
|
||||
]);
|
||||
|
||||
} elseif ($action === 'logout') {
|
||||
// Proses Logout
|
||||
if (session_status() === PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
|
||||
// Hapus semua data session dan hancurkan
|
||||
$_SESSION = [];
|
||||
if (ini_get("session.use_cookies")) {
|
||||
$params = session_get_cookie_params();
|
||||
setcookie(session_name(), '', time() - 42000,
|
||||
$params["path"], $params["domain"],
|
||||
$params["secure"], $params["httponly"]
|
||||
);
|
||||
}
|
||||
session_destroy();
|
||||
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
'message' => 'Logout berhasil. Anda sekarang masuk sebagai Guest.'
|
||||
]);
|
||||
} else {
|
||||
http_response_code(400);
|
||||
echo json_encode(['success' => false, 'message' => 'Action POST tidak dikenal.']);
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
http_response_code(405);
|
||||
echo json_encode(['error' => 'Method not allowed']);
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
http_response_code(500);
|
||||
echo json_encode(['success' => false, 'message' => 'Terjadi kesalahan sistem: ' . $e->getMessage()]);
|
||||
}
|
||||
Reference in New Issue
Block a user