spota-dev/konsultasi/API/web/login.php

<?php

error_reporting(E_ALL);
ini_set('display_errors', '1');

session_start();
include '../../conf/function.php';
include '../../conf/class.server.php';
include '../../conf/koneksiPDO.php';

header('Content-Type: application/json');

$server = new Server();
$urlServiceSpota = $server->getSpotaServiceURL();
$urlLoginSpota = $urlServiceSpota.'/login.php';

$conn = new createCon();
$dbh = $conn->connect();
$dbhSpota = $conn->connectSpota();

checkKey('POST', 'username');
checkKey('POST', 'password');

$username = trim(strtoupper($_POST['username']));
$password = md5($_POST['password']);

$loginSuccess = false;
$pesanError = 'Username dan password tidak cocok!!!';
$redir = '';

$sql = 'SELECT * FROM tbmhs WHERE nim = :nim AND password = :password';
$stmt = $dbhSpota->prepare($sql);
$stmt->bindParam(':nim', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();

while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
    $loginSuccess = true;
    $level = 'mahasiswa';
    $idMhs = $row['idmhs'];
    $nim = $row['nim'];
    $namaMhs = $row['nmLengkap'];
    $email = $row['email'];
    $foto = $row['foto'];
    $urlFoto = "http://spota.untan.ac.id/img/$foto";

    $data = [
            'id' => $idMhs,
            'nim' => $nim,
            'nama' => $namaMhs,
            'email' => $email,
            'foto' => $foto,
        ];
}

  

if (!$loginSuccess) {
    $sql = 'SELECT * FROM tbdosen WHERE nip = :nip AND password = :password';
    $stmt = $dbhSpota->prepare($sql);
    $stmt->bindParam(':nip', $username);
    $stmt->bindParam(':password', $password);
    $stmt->execute();

    // if($username == "123456"){
    //     $x = '198908192019032012';
    //     $sql = 'SELECT * FROM tbdosen WHERE nip = :nip';
    //     $stmt = $dbh->prepare($sql);
    //     $stmt->bindParam(':nip', $x);
    //     $stmt->execute();
    // }

    while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
        $loginSuccess = true;
        $level = 'dosen';
        $idDosen = $row['iddosen'];
        $nip = $row['nip'];
        $nama = $row['nmLengkap'];
        $email = $row['email'];
        $hp = $row['nohp'];
        $foto = $row['foto'];
        $jenisDosen = $row['jenis'];

        $kajur = false;
        if ($jenisDosen == 'K') {
            $kajur = true;
        }

        $urlFoto = "http://spota.untan.ac.id/img/$foto";

        $data = [
                'id' => $idDosen,
                'nip' => $nip,
                'nama' => $nama,
                'email' => $email,
                'hp' => $hp,
                'foto' => $foto,
                'kajur' => $kajur,
        ];
    }
}


if($loginSuccess){
    $token = $token = createToken($username);
   
    if ($level == 'mahasiswa') {
        $loginSuccess = true;
    
        $sql = 'SELECT * FROM mahasiswa WHERE nim = :nim';
        $stmt = $dbh->prepare($sql);
        $stmt->bindParam(':nim', $username);
        $stmt->execute();
    
        if ($stmt->rowCount() == 0) {
            $sql = 'INSERT INTO mahasiswa(idMahasiswa, nim, nama, email, token) VALUES(:idMhs, :nim, :nama, :email, :token)';
            $stmt = $dbh->prepare($sql);
            $stmt->bindParam(':idMhs', $data['id']);
            $stmt->bindParam(':nim', $username);
            $stmt->bindParam(':nama', $data['nama']);
            $stmt->bindParam(':email', $data['email']);
            $stmt->bindParam(':token', $token);
            $stmt->execute();
        } else {
            while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
                $tokenDb = $row['token'];
                $updateToken = false;
    
                if ($tokenDb == null) {
                    $updateToken = true;
                } else {
                    if ($tokenDb == '') {
                        $updateToken = true;
                    } else {
                        $token = $tokenDb;
                    }
                }
    
                if ($updateToken) {
                    $sql = 'UPDATE mahasiswa SET token = :token WHERE idMahasiswa = :id';
                    $stmt = $dbh->prepare($sql);
                    $stmt->bindParam(':id', $data['id']);
                    $stmt->bindParam(':token', $token);
                    $stmt->execute();
                }
            }
        }
    
        $data['token'] = $token;
        $_SESSION['konsulMahasiswa'] = $data;
        $redir = 'mahasiswa/';
    } elseif ($level == 'dosen') {
        $loginSuccess = true;
        if($username === "123456"){
            $username = "198908192019032012";
        }
    
        $sql = 'SELECT * FROM dosen WHERE nip = :nip';
        $stmt = $dbh->prepare($sql);
        $stmt->bindParam(':nip', $username);
        $stmt->execute();
    
        if ($stmt->rowCount() == 0) {
            $sql = 'INSERT INTO dosen(idDosen, nip, namaDosen, email, hp, token) VALUES(:idDosen, :nip, :nama, :email, :hp, :token)';
            $stmt = $dbh->prepare($sql);
            $stmt->bindParam(':idDosen', $data['id']);
            $stmt->bindParam(':nip', $username);
            $stmt->bindParam(':nama', $data['nama']);
            $stmt->bindParam(':email', $data['email']);
            $stmt->bindParam(':hp', $data['hp']);
            $stmt->bindParam(':token', $token);
            $stmt->execute();
        } else {
            while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
                $tokenDb = $row['token'];
                $updateToken = false;
    
                if ($tokenDb == null) {
                    $updateToken = true;
                } else {
                    if ($tokenDb == '') {
                        $updateToken = true;
                    } else {
                        $token = $tokenDb;
                    }
                }
    
                if ($updateToken) {
                    $sql = 'UPDATE dosen SET token = :token WHERE idDosen = :id';
                    $stmt = $dbh->prepare($sql);
                    $stmt->bindParam(':id', $data['id']);
                    $stmt->bindParam(':token', $token);
                    $stmt->execute();
                }
            }
        }
    
        $data['token'] = $token;
    
        $_SESSION['konsulDosen'] = $data;
        $redir = 'dosen/';
    } else {
        echo json_encode(array('status' => 0, 'msg' => 'Tipe login user tidak diketahui.'));
    }
}

if ($loginSuccess) {
    echo json_encode(array('status' => 1, 'msg' => 'Login sukses!!!', 'data' => $data, 'redir' => $redir));
} else {
    echo json_encode(array('status' => 0, 'msg' => $pesanError));
}