prepare("SELECT DATA_TYPE, EXTRA FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'lokasi' AND COLUMN_NAME = 'id' LIMIT 1"); if(!$st){ return false; } $st->execute(); $r = $st->get_result(); $row = $r ? $r->fetch_assoc() : null; $st->close(); if(!$row){ return false; } $dataType = strtolower((string)$row['DATA_TYPE']); $extra = strtolower((string)$row['EXTRA']); return strpos($extra, 'auto_increment') !== false || in_array($dataType, array('tinyint','smallint','mediumint','int','bigint'), true); } $usesAutoId = lokasi_id_uses_auto_increment($conn); $id = trim((string)$id); if($usesAutoId){ if(!ctype_digit($id)){ http_response_code(400); echo json_encode(['success'=>false,'error'=>'invalid_id']); exit; } $id = intval($id); } elseif($id === ''){ http_response_code(400); echo json_encode(['success'=>false,'error'=>'invalid_id']); exit; } // Enforce manager ownership for delete try{ if(isset($currentUser['role']) && $currentUser['role'] === 'manager'){ $owner = null; $selOwner = $conn->prepare('SELECT created_by FROM lokasi WHERE id = ? LIMIT 1'); if($selOwner){ if($usesAutoId){ $selOwner->bind_param('i', $id); } else { $selOwner->bind_param('s', $id); } $selOwner->execute(); $rOwner = $selOwner->get_result(); $rowOwner = $rOwner ? $rOwner->fetch_assoc() : null; $selOwner->close(); $owner = $rowOwner && isset($rowOwner['created_by']) ? intval($rowOwner['created_by']) : null; } if($owner !== intval($currentUser['id'])){ http_response_code(403); echo json_encode(['success'=>false,'error'=>'forbidden']); exit; } } }catch(Exception $e){ /* ignore */ } $photoPath = null; $sel = $conn->prepare('SELECT photo_path FROM lokasi WHERE id = ? LIMIT 1'); if($sel){ $sel->bind_param($usesAutoId ? 'i' : 's', $id); $sel->execute(); $r = $sel->get_result(); if($row = $r->fetch_assoc()){ $photoPath = isset($row['photo_path']) ? $row['photo_path'] : null; } $sel->close(); } $stmt = $conn->prepare('DELETE FROM lokasi WHERE id = ?'); if(!$stmt){ http_response_code(500); echo json_encode(['success'=>false,'error'=>$conn->error]); exit; } $stmt->bind_param($usesAutoId ? 'i' : 's', $id); $res = $stmt->execute(); $stmt->close(); if($res){ if($photoPath){ $root = realpath(__DIR__ . '/../../'); $uploadDir = $root ? ($root . '/uploads') : (__DIR__ . '/../../uploads'); $oldBase = basename(parse_url($photoPath, PHP_URL_PATH)); $possibleFiles = array( $uploadDir . '/' . $oldBase, $uploadDir . '/' . $photoPath, $root ? ($root . '/' . ltrim($photoPath, '/')) : null ); foreach($possibleFiles as $candidate){ if(!$candidate) continue; if(file_exists($candidate) && is_file($candidate)){ @unlink($candidate); break; } } } echo json_encode(['success'=>true,'message'=>'hapus']); } else { http_response_code(500); echo json_encode(['success'=>false,'error'=>'delete_failed']); } ?>