99 lines
3.5 KiB
PHP
99 lines
3.5 KiB
PHP
<?php
|
|
include __DIR__ . '/../config/koneksi.php';
|
|
include __DIR__ . '/../config/auth.php';
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
// Require bearer/JWT auth only for deletes; managers may only delete their own records
|
|
$currentUser = require_bearer_login();
|
|
|
|
// accept DELETE or POST with JSON body or form
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
$id = null;
|
|
if($_SERVER['REQUEST_METHOD'] === 'DELETE'){
|
|
$id = isset($input['id']) ? $input['id'] : null;
|
|
} else {
|
|
$id = isset($_POST['id']) ? $_POST['id'] : (isset($input['id']) ? $input['id'] : null);
|
|
}
|
|
|
|
function lokasi_id_uses_auto_increment($conn){
|
|
$st = $conn->prepare("SELECT DATA_TYPE, EXTRA FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'lokasi' AND COLUMN_NAME = 'id' LIMIT 1");
|
|
if(!$st){ return false; }
|
|
$st->execute();
|
|
$r = $st->get_result();
|
|
$row = $r ? $r->fetch_assoc() : null;
|
|
$st->close();
|
|
if(!$row){ return false; }
|
|
$dataType = strtolower((string)$row['DATA_TYPE']);
|
|
$extra = strtolower((string)$row['EXTRA']);
|
|
return strpos($extra, 'auto_increment') !== false || in_array($dataType, array('tinyint','smallint','mediumint','int','bigint'), true);
|
|
}
|
|
|
|
$usesAutoId = lokasi_id_uses_auto_increment($conn);
|
|
$id = trim((string)$id);
|
|
if($usesAutoId){
|
|
if(!ctype_digit($id)){ http_response_code(400); echo json_encode(['success'=>false,'error'=>'invalid_id']); exit; }
|
|
$id = intval($id);
|
|
} elseif($id === ''){
|
|
http_response_code(400); echo json_encode(['success'=>false,'error'=>'invalid_id']);
|
|
exit;
|
|
}
|
|
|
|
// Enforce manager ownership for delete
|
|
try{
|
|
if(isset($currentUser['role']) && $currentUser['role'] === 'manager'){
|
|
$owner = null;
|
|
$selOwner = $conn->prepare('SELECT created_by FROM lokasi WHERE id = ? LIMIT 1');
|
|
if($selOwner){
|
|
if($usesAutoId){ $selOwner->bind_param('i', $id); } else { $selOwner->bind_param('s', $id); }
|
|
$selOwner->execute();
|
|
$rOwner = $selOwner->get_result();
|
|
$rowOwner = $rOwner ? $rOwner->fetch_assoc() : null;
|
|
$selOwner->close();
|
|
$owner = $rowOwner && isset($rowOwner['created_by']) ? intval($rowOwner['created_by']) : null;
|
|
}
|
|
if($owner !== intval($currentUser['id'])){ http_response_code(403); echo json_encode(['success'=>false,'error'=>'forbidden']); exit; }
|
|
}
|
|
}catch(Exception $e){ /* ignore */ }
|
|
|
|
$photoPath = null;
|
|
$sel = $conn->prepare('SELECT photo_path FROM lokasi WHERE id = ? LIMIT 1');
|
|
if($sel){
|
|
$sel->bind_param($usesAutoId ? 'i' : 's', $id);
|
|
$sel->execute();
|
|
$r = $sel->get_result();
|
|
if($row = $r->fetch_assoc()){
|
|
$photoPath = isset($row['photo_path']) ? $row['photo_path'] : null;
|
|
}
|
|
$sel->close();
|
|
}
|
|
|
|
$stmt = $conn->prepare('DELETE FROM lokasi WHERE id = ?');
|
|
if(!$stmt){ http_response_code(500); echo json_encode(['success'=>false,'error'=>$conn->error]); exit; }
|
|
$stmt->bind_param($usesAutoId ? 'i' : 's', $id);
|
|
$res = $stmt->execute();
|
|
$stmt->close();
|
|
|
|
if($res){
|
|
if($photoPath){
|
|
$root = realpath(__DIR__ . '/../../');
|
|
$uploadDir = $root ? ($root . '/uploads') : (__DIR__ . '/../../uploads');
|
|
$oldBase = basename(parse_url($photoPath, PHP_URL_PATH));
|
|
$possibleFiles = array(
|
|
$uploadDir . '/' . $oldBase,
|
|
$uploadDir . '/' . $photoPath,
|
|
$root ? ($root . '/' . ltrim($photoPath, '/')) : null
|
|
);
|
|
foreach($possibleFiles as $candidate){
|
|
if(!$candidate) continue;
|
|
if(file_exists($candidate) && is_file($candidate)){
|
|
@unlink($candidate);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
echo json_encode(['success'=>true,'message'=>'hapus']);
|
|
}
|
|
else { http_response_code(500); echo json_encode(['success'=>false,'error'=>'delete_failed']); }
|
|
?>
|