diff --git a/add_users_table.php b/add_users_table.php new file mode 100644 index 0000000..85b8d26 --- /dev/null +++ b/add_users_table.php @@ -0,0 +1,39 @@ +exec($sql); + + // Insert admin and public if not exists + $stmt = $pdo->prepare("SELECT COUNT(*) FROM users"); + $stmt->execute(); + if ($stmt->fetchColumn() == 0) { + $insert = $pdo->prepare("INSERT INTO users (username, password_hash, role) VALUES (?, ?, ?)"); + + // admin / admin123 + $insert->execute(['admin', password_hash('admin123', PASSWORD_BCRYPT), 'admin']); + + // public / public123 + $insert->execute(['public', password_hash('public123', PASSWORD_BCRYPT), 'public']); + + echo "Users created successfully.\n"; + } else { + echo "Users table already populated.\n"; + } + +} catch (PDOException $e) { + echo "Error: " . $e->getMessage() . "\n"; +} diff --git a/api/bantuan.php b/api/bantuan.php index 8fbd511..6cf3516 100644 --- a/api/bantuan.php +++ b/api/bantuan.php @@ -3,9 +3,20 @@ require_once __DIR__ . '/../config/db.php'; require_once __DIR__ . '/../config/helpers.php'; +session_start(); +if (!isset($_SESSION['user_id'])) { + jsonResponse(['error' => 'Unauthorized'], 401); +} + handlePreflight(); $method = getMethod(); +if ($method !== 'GET') { + if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { + jsonResponse(['error' => 'Forbidden: Admin access required'], 403); + } +} + $db = getDB(); switch ($method) { diff --git a/api/laporan.php b/api/laporan.php index 3f2084c..0386143 100644 --- a/api/laporan.php +++ b/api/laporan.php @@ -3,9 +3,20 @@ require_once __DIR__ . '/../config/db.php'; require_once __DIR__ . '/../config/helpers.php'; +session_start(); +if (!isset($_SESSION['user_id'])) { + jsonResponse(['error' => 'Unauthorized'], 401); +} + handlePreflight(); $method = getMethod(); +if ($method !== 'GET') { + if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { + jsonResponse(['error' => 'Forbidden: Admin access required'], 403); + } +} + $db = getDB(); switch ($method) { diff --git a/api/parcels.php b/api/parcels.php index b4734b0..afa890c 100644 --- a/api/parcels.php +++ b/api/parcels.php @@ -7,9 +7,20 @@ require_once __DIR__ . '/../config/db.php'; require_once __DIR__ . '/../config/helpers.php'; +session_start(); +if (!isset($_SESSION['user_id'])) { + jsonResponse(['error' => 'Unauthorized'], 401); +} + handlePreflight(); $method = getMethod(); +if ($method !== 'GET') { + if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { + jsonResponse(['error' => 'Forbidden: Admin access required'], 403); + } +} + $db = getDB(); switch ($method) { diff --git a/api/points.php b/api/points.php index c6e90b7..d71f959 100644 --- a/api/points.php +++ b/api/points.php @@ -9,9 +9,20 @@ require_once __DIR__ . '/../config/db.php'; require_once __DIR__ . '/../config/helpers.php'; +session_start(); +if (!isset($_SESSION['user_id'])) { + jsonResponse(['error' => 'Unauthorized'], 401); +} + handlePreflight(); $method = getMethod(); +if ($method !== 'GET') { + if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { + jsonResponse(['error' => 'Forbidden: Admin access required'], 403); + } +} + $db = getDB(); switch ($method) { diff --git a/api/roads.php b/api/roads.php index 078f7ed..d6c9e92 100644 --- a/api/roads.php +++ b/api/roads.php @@ -7,9 +7,20 @@ require_once __DIR__ . '/../config/db.php'; require_once __DIR__ . '/../config/helpers.php'; +session_start(); +if (!isset($_SESSION['user_id'])) { + jsonResponse(['error' => 'Unauthorized'], 401); +} + handlePreflight(); $method = getMethod(); +if ($method !== 'GET') { + if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { + jsonResponse(['error' => 'Forbidden: Admin access required'], 403); + } +} + $db = getDB(); switch ($method) { diff --git a/assets/css/style.css b/assets/css/style.css index 6fbac07..190f7a4 100644 --- a/assets/css/style.css +++ b/assets/css/style.css @@ -491,3 +491,9 @@ body { *::-webkit-scrollbar { width: 4px; } *::-webkit-scrollbar-track { background: transparent; } *::-webkit-scrollbar-thumb { background: var(--border); border-radius: 2px; } + +/* ── Role-based visibility overrides ───────────────────────── */ +body.role-public .feature-actions, +body.role-public .popup-actions { + display: none !important; +} diff --git a/config/db.php b/config/db.php index c35856a..76a5eec 100644 --- a/config/db.php +++ b/config/db.php @@ -3,11 +3,11 @@ // config/db.php — Database connection (PDO) // ============================================================ -define('DB_HOST', 'vsw0wwo480kg8sooc0s00sow'); +define('DB_HOST', 'localhost'); define('DB_PORT', '3306'); -define('DB_NAME', 'Pemetaan_Kemiskinan'); -define('DB_USER', 'mysql'); -define('DB_PASS', '4ZUbGM9LD8zcJuGz0xgGOvNkLrAtZiarqP0QSCrM6uYM5ZHGuMVm1xXu68ChfyRa'); +define('DB_NAME', 'webgis_db'); +define('DB_USER', 'root'); +define('DB_PASS', 'root123'); define('DB_CHARSET', 'utf8mb4'); function getDB(): PDO { diff --git a/dashboard.html b/dashboard.php similarity index 90% rename from dashboard.html rename to dashboard.php index 1a440a3..1d29b8b 100644 --- a/dashboard.html +++ b/dashboard.php @@ -1,3 +1,10 @@ +
@@ -11,15 +18,24 @@ + - +Membantu identifikasi wilayah bantuan berdasarkan jangkauan radius masjid di Kota Pontianak dengan pendekatan presisi geospasial.
- + Masuk ke Dashboard GISAkses Admin: admin / admin123
+Akses Publik: public / public123
+