Files
2026-06-13 12:01:09 +07:00

252 lines
8.9 KiB
PHP

<?php
// ============================================================
// api/points.php — CRUD for point features
// Supports: SPBU, Mosque, Poor Population
// ============================================================
require_once __DIR__ . '/../config/db.php';
require_once __DIR__ . '/../config/helpers.php';
session_start();
if (!isset($_SESSION['user_id'])) {
jsonResponse(['error' => 'Unauthorized'], 401);
}
handlePreflight();
$method = getMethod();
if ($method !== 'GET') {
if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') {
jsonResponse(['error' => 'Forbidden: Admin access required'], 403);
}
}
$db = getDB();
switch ($method) {
// ----------------------------------------------------------
// GET /api/points.php → list all points
// GET /api/points.php?id=N → single point
// GET /api/points.php?category=spbu → filter by category
// ----------------------------------------------------------
case 'GET':
if (isset($_GET['id'])) {
$stmt = $db->prepare('SELECT * FROM points WHERE id = ?');
$stmt->execute([(int)$_GET['id']]);
$row = $stmt->fetch();
if ($row) {
jsonResponse($row);
} else {
jsonResponse(['error' => 'Point not found'], 404);
}
}
$where = '';
$params = [];
if (!empty($_GET['category'])) {
$where = 'WHERE category = ?';
$params = [$_GET['category']];
}
$stmt = $db->prepare("SELECT * FROM points $where ORDER BY created_at DESC");
$stmt->execute($params);
$rows = $stmt->fetchAll();
// Return as GeoJSON FeatureCollection
$features = [];
foreach ($rows as $row) {
$features[] = [
'type' => 'Feature',
'geometry' => [
'type' => 'Point',
'coordinates' => [(float)$row['longitude'], (float)$row['latitude']],
],
'properties' => [
'id' => $row['id'],
'name' => $row['name'],
'category' => $row['category'],
'subtype' => $row['subtype'],
'description' => $row['description'],
'created_at' => $row['created_at'],
'tanggal_lahir' => $row['tanggal_lahir'],
'pendidikan' => $row['pendidikan'],
'pekerjaan' => $row['pekerjaan'],
'jumlah_tanggungan' => $row['jumlah_tanggungan'],
'riwayat_penyakit' => $row['riwayat_penyakit'],
'alamat' => $row['alamat'],
'status_verifikasi' => $row['status_verifikasi'],
],
];
}
jsonResponse([
'type' => 'FeatureCollection',
'features' => $features,
]);
break;
// ----------------------------------------------------------
// POST /api/points.php — create a point
// Body: { name, category, subtype, latitude, longitude, description }
// ----------------------------------------------------------
case 'POST':
$body = getRequestBody();
$required = ['name', 'category', 'latitude', 'longitude'];
foreach ($required as $field) {
if (empty($body[$field]) && $body[$field] !== 0) {
jsonResponse(['error' => "Field '$field' is required"], 422);
}
}
$allowed = ['spbu', 'mosque', 'poor'];
if (!in_array($body['category'], $allowed, true)) {
jsonResponse(['error' => 'Invalid category'], 422);
}
$subtype = (!empty($body['subtype'])) ? $body['subtype'] : null;
$description = (!empty($body['description'])) ? $body['description'] : null;
$tanggal_lahir = (!empty($body['tanggal_lahir'])) ? $body['tanggal_lahir'] : null;
$pendidikan = (!empty($body['pendidikan'])) ? $body['pendidikan'] : null;
$pekerjaan = (!empty($body['pekerjaan'])) ? $body['pekerjaan'] : null;
$jumlah_tanggungan = (isset($body['jumlah_tanggungan']) && $body['jumlah_tanggungan'] !== '') ? (int)$body['jumlah_tanggungan'] : null;
$riwayat_penyakit = (!empty($body['riwayat_penyakit'])) ? $body['riwayat_penyakit'] : null;
$alamat = (!empty($body['alamat'])) ? $body['alamat'] : null;
$status_verifikasi = (!empty($body['status_verifikasi'])) ? $body['status_verifikasi'] : 'Menunggu Verifikasi';
$stmt = $db->prepare(
'INSERT INTO points (
name,
category,
subtype,
latitude,
longitude,
description,
tanggal_lahir,
pendidikan,
pekerjaan,
jumlah_tanggungan,
riwayat_penyakit,
alamat,
status_verifikasi
)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'
);
$stmt->execute([
$body['name'],
$body['category'],
$subtype,
(float)$body['latitude'],
(float)$body['longitude'],
$description,
$tanggal_lahir,
$pendidikan,
$pekerjaan,
$jumlah_tanggungan,
$riwayat_penyakit,
$alamat,
$status_verifikasi
]);
$id = (int)$db->lastInsertId();
$stmt2 = $db->prepare('SELECT * FROM points WHERE id = ?');
$stmt2->execute([$id]);
jsonResponse($stmt2->fetch(), 201);
break;
// ----------------------------------------------------------
// PUT /api/points.php?id=N — update a point
// Body: { name, category, subtype, latitude, longitude, description }
// ----------------------------------------------------------
case 'PUT':
if (empty($_GET['id'])) {
jsonResponse(['error' => 'id is required'], 400);
}
$body = getRequestBody();
$id = (int)$_GET['id'];
// Check exists
$stmt = $db->prepare('SELECT id FROM points WHERE id = ?');
$stmt->execute([$id]);
if (!$stmt->fetch()) {
jsonResponse(['error' => 'Point not found'], 404);
}
$subtype = (!empty($body['subtype'])) ? $body['subtype'] : null;
$description = (!empty($body['description'])) ? $body['description'] : null;
$tanggal_lahir = (!empty($body['tanggal_lahir'])) ? $body['tanggal_lahir'] : null;
$pendidikan = (!empty($body['pendidikan'])) ? $body['pendidikan'] : null;
$pekerjaan = (!empty($body['pekerjaan'])) ? $body['pekerjaan'] : null;
$jumlah_tanggungan = (isset($body['jumlah_tanggungan']) && $body['jumlah_tanggungan'] !== '') ? (int)$body['jumlah_tanggungan'] : null;
$riwayat_penyakit = (!empty($body['riwayat_penyakit'])) ? $body['riwayat_penyakit'] : null;
$alamat = (!empty($body['alamat'])) ? $body['alamat'] : null;
$status_verifikasi = (!empty($body['status_verifikasi'])) ? $body['status_verifikasi'] : 'Menunggu Verifikasi';
$stmt = $db->prepare(
'UPDATE points SET
name=?,
category=?,
subtype=?,
latitude=?,
longitude=?,
description=?,
tanggal_lahir=?,
pendidikan=?,
pekerjaan=?,
jumlah_tanggungan=?,
riwayat_penyakit=?,
alamat=?,
status_verifikasi=?
WHERE id=?'
);
$stmt->execute([
$body['name'] ?? '',
$body['category'] ?? 'spbu',
$subtype,
(float)($body['latitude'] ?? 0),
(float)($body['longitude'] ?? 0),
$description,
$tanggal_lahir,
$pendidikan,
$pekerjaan,
$jumlah_tanggungan,
$riwayat_penyakit,
$alamat,
$status_verifikasi,
$id
]);
$stmt2 = $db->prepare('SELECT * FROM points WHERE id = ?');
$stmt2->execute([$id]);
jsonResponse($stmt2->fetch());
break;
// ----------------------------------------------------------
// DELETE /api/points.php?id=N — delete a point
// ----------------------------------------------------------
case 'DELETE':
if (empty($_GET['id'])) {
jsonResponse(['error' => 'id is required'], 400);
}
$id = (int)$_GET['id'];
$stmt = $db->prepare('DELETE FROM points WHERE id = ?');
$stmt->execute([$id]);
if ($stmt->rowCount() === 0) {
jsonResponse(['error' => 'Point not found'], 404);
}
jsonResponse(['message' => 'Point deleted', 'id' => $id]);
break;
default:
jsonResponse(['error' => 'Method not allowed'], 405);
}