UAS SIG Proyek WebGis
This commit is contained in:
@@ -0,0 +1,75 @@
|
||||
<?php
|
||||
// api/auth.php v2.0
|
||||
// ============================================================
|
||||
// Login / Logout / Session Check API
|
||||
// ============================================================
|
||||
require_once __DIR__ . '/../includes/config.php';
|
||||
session_start();
|
||||
|
||||
header('Content-Type: application/json; charset=utf-8');
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS');
|
||||
header('Access-Control-Allow-Headers: Content-Type');
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') exit;
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$db = getDB();
|
||||
|
||||
switch ($method) {
|
||||
|
||||
// ── POST /api/auth.php → Login ─────────────────────────
|
||||
case 'POST':
|
||||
$input = getInput();
|
||||
$username = trim($input['username'] ?? '');
|
||||
$password = $input['password'] ?? '';
|
||||
|
||||
if (!$username || !$password) {
|
||||
jsonResponse(['success' => false, 'error' => 'Username dan password wajib diisi'], 400);
|
||||
}
|
||||
|
||||
$stmt = $db->prepare("SELECT * FROM users WHERE username = ? AND aktif = 1 LIMIT 1");
|
||||
$stmt->execute([$username]);
|
||||
$user = $stmt->fetch();
|
||||
|
||||
if (!$user || !password_verify($password, $user['password'])) {
|
||||
jsonResponse(['success' => false, 'error' => 'Username atau password salah'], 401);
|
||||
}
|
||||
|
||||
// Simpan ke session
|
||||
$_SESSION['user_id'] = $user['id'];
|
||||
$_SESSION['user'] = [
|
||||
'id' => $user['id'],
|
||||
'nama' => $user['nama'],
|
||||
'username' => $user['username'],
|
||||
'role' => $user['role'],
|
||||
];
|
||||
|
||||
// Update last_login
|
||||
$db->prepare("UPDATE users SET last_login = NOW() WHERE id = ?")
|
||||
->execute([$user['id']]);
|
||||
|
||||
jsonResponse([
|
||||
'success' => true,
|
||||
'message' => 'Login berhasil',
|
||||
'user' => $_SESSION['user'],
|
||||
]);
|
||||
break;
|
||||
|
||||
// ── DELETE /api/auth.php → Logout ─────────────────────
|
||||
case 'DELETE':
|
||||
session_destroy();
|
||||
jsonResponse(['success' => true, 'message' => 'Logout berhasil']);
|
||||
break;
|
||||
|
||||
// ── GET /api/auth.php → Cek session ───────────────────
|
||||
case 'GET':
|
||||
if (!isset($_SESSION['user_id'])) {
|
||||
jsonResponse(['success' => false, 'loggedIn' => false], 200);
|
||||
}
|
||||
jsonResponse(['success' => true, 'loggedIn' => true, 'user' => $_SESSION['user']]);
|
||||
break;
|
||||
|
||||
default:
|
||||
jsonResponse(['success' => false, 'error' => 'Method tidak diizinkan'], 405);
|
||||
}
|
||||
Reference in New Issue
Block a user