46 lines
1.2 KiB
PHP
46 lines
1.2 KiB
PHP
<?php
|
|
// php/login.php
|
|
require_once 'koneksi.php';
|
|
if (session_status() === PHP_SESSION_NONE) { session_start(); }
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
http_response_code(405);
|
|
echo json_encode(['error' => 'Method not allowed']);
|
|
exit;
|
|
}
|
|
|
|
$username = trim($_POST['username'] ?? '');
|
|
$password = trim($_POST['password'] ?? '');
|
|
|
|
if (!$username || !$password) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Username dan password wajib diisi.']);
|
|
exit;
|
|
}
|
|
|
|
$stmt = $conn->prepare("SELECT id, password_hash, nama_lengkap, role FROM pengguna WHERE username = ? AND aktif = 1 LIMIT 1");
|
|
$stmt->bind_param('s', $username);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
$user = $result->fetch_assoc();
|
|
$stmt->close();
|
|
|
|
if (!$user || !password_verify($password, $user['password_hash'])) {
|
|
http_response_code(401);
|
|
echo json_encode(['error' => 'Username atau password salah.']);
|
|
exit;
|
|
}
|
|
|
|
$_SESSION['user_id'] = $user['id'];
|
|
$_SESSION['user_nama'] = $user['nama_lengkap'];
|
|
$_SESSION['user_role'] = $user['role'];
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'nama' => $user['nama_lengkap'],
|
|
'role' => $user['role']
|
|
]);
|
|
?>
|