false, 'error' => 'Username dan password wajib diisi'], 400); } $stmt = $db->prepare("SELECT * FROM users WHERE username = ? AND aktif = 1 LIMIT 1"); $stmt->execute([$username]); $user = $stmt->fetch(); if (!$user || !password_verify($password, $user['password'])) { jsonResponse(['success' => false, 'error' => 'Username atau password salah'], 401); } // Simpan ke session $_SESSION['user_id'] = $user['id']; $_SESSION['user'] = [ 'id' => $user['id'], 'nama' => $user['nama'], 'username' => $user['username'], 'role' => $user['role'], ]; // Update last_login $db->prepare("UPDATE users SET last_login = NOW() WHERE id = ?") ->execute([$user['id']]); jsonResponse([ 'success' => true, 'message' => 'Login berhasil', 'user' => $_SESSION['user'], ]); break; // ── DELETE /api/auth.php → Logout ───────────────────── case 'DELETE': session_destroy(); jsonResponse(['success' => true, 'message' => 'Logout berhasil']); break; // ── GET /api/auth.php → Cek session ─────────────────── case 'GET': if (!isset($_SESSION['user_id'])) { jsonResponse(['success' => false, 'loggedIn' => false], 200); } jsonResponse(['success' => true, 'loggedIn' => true, 'user' => $_SESSION['user']]); break; default: jsonResponse(['success' => false, 'error' => 'Method tidak diizinkan'], 405); }