false, 'message' => 'Akses ditolak: hanya admin'], 403); } $db = getDB(); $method = $_SERVER['REQUEST_METHOD']; $id = isset($_GET['id']) ? (int)$_GET['id'] : null; // ── GET ──────────────────────────────────────────────────────── if ($method === 'GET') { if ($id) { $stmt = $db->prepare("SELECT id, nama, email, role, created_at FROM users WHERE id = ?"); $stmt->execute([$id]); $row = $stmt->fetch(); if (!$row) jsonResponse(['success' => false, 'message' => 'User tidak ditemukan'], 404); jsonResponse(['success' => true, 'data' => $row]); } $rows = $db->query("SELECT id, nama, email, role, created_at FROM users ORDER BY role DESC, nama")->fetchAll(); jsonResponse(['success' => true, 'data' => $rows, 'total' => count($rows)]); } // ── POST (Tambah user baru) ──────────────────────────────────── if ($method === 'POST') { $body = json_decode(file_get_contents('php://input'), true) ?? []; $nama = trim($body['nama'] ?? ''); $email = trim($body['email'] ?? ''); $pwd = $body['password'] ?? ''; $role = in_array($body['role'] ?? '', ['admin','operator']) ? $body['role'] : 'operator'; if (!$nama || !$email || !$pwd) { jsonResponse(['success' => false, 'message' => 'Nama, email, dan password wajib diisi'], 422); } if (strlen($pwd) < 6) { jsonResponse(['success' => false, 'message' => 'Password minimal 6 karakter'], 422); } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { jsonResponse(['success' => false, 'message' => 'Format email tidak valid'], 422); } // Cek duplikat email $check = $db->prepare("SELECT id FROM users WHERE email = ?"); $check->execute([$email]); if ($check->fetch()) { jsonResponse(['success' => false, 'message' => 'Email sudah terdaftar'], 409); } $hash = password_hash($pwd, PASSWORD_BCRYPT); $stmt = $db->prepare("INSERT INTO users (nama, email, password, role) VALUES (?, ?, ?, ?)"); $stmt->execute([$nama, $email, $hash, $role]); $newId = $db->lastInsertId(); $new = $db->query("SELECT id, nama, email, role, created_at FROM users WHERE id = $newId")->fetch(); jsonResponse(['success' => true, 'message' => 'Pengguna berhasil ditambahkan', 'data' => $new], 201); } // ── PUT (Edit user) ──────────────────────────────────────────── if ($method === 'PUT') { if (!$id) jsonResponse(['success' => false, 'message' => 'ID wajib disertakan'], 400); $body = json_decode(file_get_contents('php://input'), true) ?? []; $existing = $db->prepare("SELECT * FROM users WHERE id = ?"); $existing->execute([$id]); $user = $existing->fetch(); if (!$user) jsonResponse(['success' => false, 'message' => 'User tidak ditemukan'], 404); $nama = trim($body['nama'] ?? $user['nama']); $email = trim($body['email'] ?? $user['email']); $role = in_array($body['role'] ?? '', ['admin','operator']) ? $body['role'] : $user['role']; $pwd = $body['password'] ?? ''; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { jsonResponse(['success' => false, 'message' => 'Format email tidak valid'], 422); } // Cek duplikat email (kecuali user ini sendiri) $checkEmail = $db->prepare("SELECT id FROM users WHERE email = ? AND id != ?"); $checkEmail->execute([$email, $id]); if ($checkEmail->fetch()) { jsonResponse(['success' => false, 'message' => 'Email sudah digunakan oleh user lain'], 409); } if ($pwd) { if (strlen($pwd) < 6) jsonResponse(['success' => false, 'message' => 'Password minimal 6 karakter'], 422); $hash = password_hash($pwd, PASSWORD_BCRYPT); $stmt = $db->prepare("UPDATE users SET nama=?, email=?, role=?, password=? WHERE id=?"); $stmt->execute([$nama, $email, $role, $hash, $id]); } else { $stmt = $db->prepare("UPDATE users SET nama=?, email=?, role=? WHERE id=?"); $stmt->execute([$nama, $email, $role, $id]); } $updated = $db->query("SELECT id, nama, email, role, created_at FROM users WHERE id = $id")->fetch(); jsonResponse(['success' => true, 'message' => 'Data pengguna berhasil diperbarui', 'data' => $updated]); } // ── DELETE ───────────────────────────────────────────────────── if ($method === 'DELETE') { if (!$id) jsonResponse(['success' => false, 'message' => 'ID wajib disertakan'], 400); // Tidak boleh hapus diri sendiri if ($id == $sessionUserId) { jsonResponse(['success' => false, 'message' => 'Tidak bisa menghapus akun sendiri'], 403); } $stmt = $db->prepare("DELETE FROM users WHERE id = ?"); $stmt->execute([$id]); if ($stmt->rowCount() === 0) jsonResponse(['success' => false, 'message' => 'User tidak ditemukan'], 404); jsonResponse(['success' => true, 'message' => 'Pengguna berhasil dihapus']); } jsonResponse(['success' => false, 'message' => 'Method tidak didukung'], 405);