From 899847d81c80805cf5905cdbc40f1c6892db8513 Mon Sep 17 00:00:00 2001 From: Ichsanix Date: Sat, 13 Jun 2026 12:01:09 +0700 Subject: [PATCH] Fifth Commit --- add_users_table.php | 39 ++++++++++++ api/bantuan.php | 11 ++++ api/laporan.php | 11 ++++ api/parcels.php | 11 ++++ api/points.php | 11 ++++ api/roads.php | 11 ++++ assets/css/style.css | 6 ++ config/db.php | 8 +-- dashboard.html => dashboard.php | 26 +++++++- index.php | 2 +- login.php | 107 ++++++++++++++++++++++++++++++++ logout.php | 5 ++ 12 files changed, 241 insertions(+), 7 deletions(-) create mode 100644 add_users_table.php rename dashboard.html => dashboard.php (90%) create mode 100644 login.php create mode 100644 logout.php diff --git a/add_users_table.php b/add_users_table.php new file mode 100644 index 0000000..85b8d26 --- /dev/null +++ b/add_users_table.php @@ -0,0 +1,39 @@ +exec($sql); + + // Insert admin and public if not exists + $stmt = $pdo->prepare("SELECT COUNT(*) FROM users"); + $stmt->execute(); + if ($stmt->fetchColumn() == 0) { + $insert = $pdo->prepare("INSERT INTO users (username, password_hash, role) VALUES (?, ?, ?)"); + + // admin / admin123 + $insert->execute(['admin', password_hash('admin123', PASSWORD_BCRYPT), 'admin']); + + // public / public123 + $insert->execute(['public', password_hash('public123', PASSWORD_BCRYPT), 'public']); + + echo "Users created successfully.\n"; + } else { + echo "Users table already populated.\n"; + } + +} catch (PDOException $e) { + echo "Error: " . $e->getMessage() . "\n"; +} diff --git a/api/bantuan.php b/api/bantuan.php index 8fbd511..6cf3516 100644 --- a/api/bantuan.php +++ b/api/bantuan.php @@ -3,9 +3,20 @@ require_once __DIR__ . '/../config/db.php'; require_once __DIR__ . '/../config/helpers.php'; +session_start(); +if (!isset($_SESSION['user_id'])) { + jsonResponse(['error' => 'Unauthorized'], 401); +} + handlePreflight(); $method = getMethod(); +if ($method !== 'GET') { + if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { + jsonResponse(['error' => 'Forbidden: Admin access required'], 403); + } +} + $db = getDB(); switch ($method) { diff --git a/api/laporan.php b/api/laporan.php index 3f2084c..0386143 100644 --- a/api/laporan.php +++ b/api/laporan.php @@ -3,9 +3,20 @@ require_once __DIR__ . '/../config/db.php'; require_once __DIR__ . '/../config/helpers.php'; +session_start(); +if (!isset($_SESSION['user_id'])) { + jsonResponse(['error' => 'Unauthorized'], 401); +} + handlePreflight(); $method = getMethod(); +if ($method !== 'GET') { + if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { + jsonResponse(['error' => 'Forbidden: Admin access required'], 403); + } +} + $db = getDB(); switch ($method) { diff --git a/api/parcels.php b/api/parcels.php index b4734b0..afa890c 100644 --- a/api/parcels.php +++ b/api/parcels.php @@ -7,9 +7,20 @@ require_once __DIR__ . '/../config/db.php'; require_once __DIR__ . '/../config/helpers.php'; +session_start(); +if (!isset($_SESSION['user_id'])) { + jsonResponse(['error' => 'Unauthorized'], 401); +} + handlePreflight(); $method = getMethod(); +if ($method !== 'GET') { + if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { + jsonResponse(['error' => 'Forbidden: Admin access required'], 403); + } +} + $db = getDB(); switch ($method) { diff --git a/api/points.php b/api/points.php index c6e90b7..d71f959 100644 --- a/api/points.php +++ b/api/points.php @@ -9,9 +9,20 @@ require_once __DIR__ . '/../config/db.php'; require_once __DIR__ . '/../config/helpers.php'; +session_start(); +if (!isset($_SESSION['user_id'])) { + jsonResponse(['error' => 'Unauthorized'], 401); +} + handlePreflight(); $method = getMethod(); +if ($method !== 'GET') { + if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { + jsonResponse(['error' => 'Forbidden: Admin access required'], 403); + } +} + $db = getDB(); switch ($method) { diff --git a/api/roads.php b/api/roads.php index 078f7ed..d6c9e92 100644 --- a/api/roads.php +++ b/api/roads.php @@ -7,9 +7,20 @@ require_once __DIR__ . '/../config/db.php'; require_once __DIR__ . '/../config/helpers.php'; +session_start(); +if (!isset($_SESSION['user_id'])) { + jsonResponse(['error' => 'Unauthorized'], 401); +} + handlePreflight(); $method = getMethod(); +if ($method !== 'GET') { + if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { + jsonResponse(['error' => 'Forbidden: Admin access required'], 403); + } +} + $db = getDB(); switch ($method) { diff --git a/assets/css/style.css b/assets/css/style.css index 6fbac07..190f7a4 100644 --- a/assets/css/style.css +++ b/assets/css/style.css @@ -491,3 +491,9 @@ body { *::-webkit-scrollbar { width: 4px; } *::-webkit-scrollbar-track { background: transparent; } *::-webkit-scrollbar-thumb { background: var(--border); border-radius: 2px; } + +/* ── Role-based visibility overrides ───────────────────────── */ +body.role-public .feature-actions, +body.role-public .popup-actions { + display: none !important; +} diff --git a/config/db.php b/config/db.php index c35856a..76a5eec 100644 --- a/config/db.php +++ b/config/db.php @@ -3,11 +3,11 @@ // config/db.php — Database connection (PDO) // ============================================================ -define('DB_HOST', 'vsw0wwo480kg8sooc0s00sow'); +define('DB_HOST', 'localhost'); define('DB_PORT', '3306'); -define('DB_NAME', 'Pemetaan_Kemiskinan'); -define('DB_USER', 'mysql'); -define('DB_PASS', '4ZUbGM9LD8zcJuGz0xgGOvNkLrAtZiarqP0QSCrM6uYM5ZHGuMVm1xXu68ChfyRa'); +define('DB_NAME', 'webgis_db'); +define('DB_USER', 'root'); +define('DB_PASS', 'root123'); define('DB_CHARSET', 'utf8mb4'); function getDB(): PDO { diff --git a/dashboard.html b/dashboard.php similarity index 90% rename from dashboard.html rename to dashboard.php index 1a440a3..1d29b8b 100644 --- a/dashboard.html +++ b/dashboard.php @@ -1,3 +1,10 @@ + @@ -11,15 +18,24 @@ + - + @@ -145,6 +161,7 @@
Click the map to place a point, then fill in the form.
+
+
All Points
Loading…
@@ -171,11 +189,13 @@
Draw a polyline on the map. Length is calculated automatically.
+
+
All Roads
Loading…
@@ -187,11 +207,13 @@
Draw a polygon on the map. Area is calculated automatically.
+
+
All Parcels
Loading…
diff --git a/index.php b/index.php index dd3d10e..7cdfdea 100644 --- a/index.php +++ b/index.php @@ -264,7 +264,7 @@

Membantu identifikasi wilayah bantuan berdasarkan jangkauan radius masjid di Kota Pontianak dengan pendekatan presisi geospasial.

- + Masuk ke Dashboard GIS
diff --git a/login.php b/login.php new file mode 100644 index 0000000..adac1f8 --- /dev/null +++ b/login.php @@ -0,0 +1,107 @@ +prepare("SELECT * FROM users WHERE username = ? LIMIT 1"); + $stmt->execute([$username]); + $user = $stmt->fetch(); + + if ($user && password_verify($password, $user['password_hash'])) { + $_SESSION['user_id'] = $user['id']; + $_SESSION['username'] = $user['username']; + $_SESSION['role'] = $user['role']; + header("Location: dashboard.php"); + exit; + } else { + $error = 'Username atau password salah!'; + } + } else { + $error = 'Silakan isi username dan password!'; + } +} +?> + + + + + + SinergiSpasial | Login + + + + + + + + + diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..b818557 --- /dev/null +++ b/logout.php @@ -0,0 +1,5 @@ +