Files
webgis/poverty-mapping/src/api/hapus_lokasi.php
T
2026-06-11 17:43:01 +07:00

99 lines
3.5 KiB
PHP

<?php
include __DIR__ . '/../config/koneksi.php';
include __DIR__ . '/../config/auth.php';
header('Content-Type: application/json; charset=utf-8');
// Require bearer/JWT auth only for deletes; managers may only delete their own records
$currentUser = require_bearer_login();
// accept DELETE or POST with JSON body or form
$input = json_decode(file_get_contents('php://input'), true);
$id = null;
if($_SERVER['REQUEST_METHOD'] === 'DELETE'){
$id = isset($input['id']) ? $input['id'] : null;
} else {
$id = isset($_POST['id']) ? $_POST['id'] : (isset($input['id']) ? $input['id'] : null);
}
function lokasi_id_uses_auto_increment($conn){
$st = $conn->prepare("SELECT DATA_TYPE, EXTRA FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'lokasi' AND COLUMN_NAME = 'id' LIMIT 1");
if(!$st){ return false; }
$st->execute();
$r = $st->get_result();
$row = $r ? $r->fetch_assoc() : null;
$st->close();
if(!$row){ return false; }
$dataType = strtolower((string)$row['DATA_TYPE']);
$extra = strtolower((string)$row['EXTRA']);
return strpos($extra, 'auto_increment') !== false || in_array($dataType, array('tinyint','smallint','mediumint','int','bigint'), true);
}
$usesAutoId = lokasi_id_uses_auto_increment($conn);
$id = trim((string)$id);
if($usesAutoId){
if(!ctype_digit($id)){ http_response_code(400); echo json_encode(['success'=>false,'error'=>'invalid_id']); exit; }
$id = intval($id);
} elseif($id === ''){
http_response_code(400); echo json_encode(['success'=>false,'error'=>'invalid_id']);
exit;
}
// Enforce manager ownership for delete
try{
if(isset($currentUser['role']) && $currentUser['role'] === 'manager'){
$owner = null;
$selOwner = $conn->prepare('SELECT created_by FROM lokasi WHERE id = ? LIMIT 1');
if($selOwner){
if($usesAutoId){ $selOwner->bind_param('i', $id); } else { $selOwner->bind_param('s', $id); }
$selOwner->execute();
$rOwner = $selOwner->get_result();
$rowOwner = $rOwner ? $rOwner->fetch_assoc() : null;
$selOwner->close();
$owner = $rowOwner && isset($rowOwner['created_by']) ? intval($rowOwner['created_by']) : null;
}
if($owner !== intval($currentUser['id'])){ http_response_code(403); echo json_encode(['success'=>false,'error'=>'forbidden']); exit; }
}
}catch(Exception $e){ /* ignore */ }
$photoPath = null;
$sel = $conn->prepare('SELECT photo_path FROM lokasi WHERE id = ? LIMIT 1');
if($sel){
$sel->bind_param($usesAutoId ? 'i' : 's', $id);
$sel->execute();
$r = $sel->get_result();
if($row = $r->fetch_assoc()){
$photoPath = isset($row['photo_path']) ? $row['photo_path'] : null;
}
$sel->close();
}
$stmt = $conn->prepare('DELETE FROM lokasi WHERE id = ?');
if(!$stmt){ http_response_code(500); echo json_encode(['success'=>false,'error'=>$conn->error]); exit; }
$stmt->bind_param($usesAutoId ? 'i' : 's', $id);
$res = $stmt->execute();
$stmt->close();
if($res){
if($photoPath){
$root = realpath(__DIR__ . '/../../');
$uploadDir = $root ? ($root . '/uploads') : (__DIR__ . '/../../uploads');
$oldBase = basename(parse_url($photoPath, PHP_URL_PATH));
$possibleFiles = array(
$uploadDir . '/' . $oldBase,
$uploadDir . '/' . $photoPath,
$root ? ($root . '/' . ltrim($photoPath, '/')) : null
);
foreach($possibleFiles as $candidate){
if(!$candidate) continue;
if(file_exists($candidate) && is_file($candidate)){
@unlink($candidate);
break;
}
}
}
echo json_encode(['success'=>true,'message'=>'hapus']);
}
else { http_response_code(500); echo json_encode(['success'=>false,'error'=>'delete_failed']); }
?>