'Method not allowed']); exit; } $username = trim($_POST['username'] ?? ''); $password = trim($_POST['password'] ?? ''); if (!$username || !$password) { http_response_code(400); echo json_encode(['error' => 'Username dan password wajib diisi.']); exit; } $stmt = $conn->prepare("SELECT id, password_hash, nama_lengkap, role FROM pengguna WHERE username = ? AND aktif = 1 LIMIT 1"); $stmt->bind_param('s', $username); $stmt->execute(); $result = $stmt->get_result(); $user = $result->fetch_assoc(); $stmt->close(); if (!$user || !password_verify($password, $user['password_hash'])) { http_response_code(401); echo json_encode(['error' => 'Username atau password salah.']); exit; } $_SESSION['user_id'] = $user['id']; $_SESSION['user_nama'] = $user['nama_lengkap']; $_SESSION['user_role'] = $user['role']; echo json_encode([ 'success' => true, 'nama' => $user['nama_lengkap'], 'role' => $user['role'] ]); ?>