first commit
This commit is contained in:
@@ -0,0 +1,51 @@
|
||||
<?php
|
||||
// ============================================================
|
||||
// api/auth.php — Login / Logout / Session check
|
||||
// ============================================================
|
||||
require_once __DIR__ . '/config.php';
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$action = getParam('action', 'login');
|
||||
|
||||
if ($method === 'POST' && $action === 'login') {
|
||||
$data = body();
|
||||
$username = trim($data['username'] ?? '');
|
||||
$password = $data['password'] ?? '';
|
||||
|
||||
if (!$username || !$password) jsonError('Username dan password wajib diisi.');
|
||||
|
||||
$db = getDB();
|
||||
$stmt = $db->prepare("SELECT * FROM users WHERE username = ? AND aktif = 1 LIMIT 1");
|
||||
$stmt->execute([$username]);
|
||||
$user = $stmt->fetch();
|
||||
|
||||
if (!$user || !password_verify($password, $user['password'])) {
|
||||
jsonError('Username atau password salah.', 401);
|
||||
}
|
||||
|
||||
$_SESSION['user'] = [
|
||||
'id' => $user['id'],
|
||||
'username' => $user['username'],
|
||||
'role' => $user['role'],
|
||||
'jabatan' => $user['jabatan'],
|
||||
'can_edit' => (bool)$user['can_edit'],
|
||||
'is_admin' => (bool)$user['is_admin'],
|
||||
'is_wali' => (bool)$user['is_wali'],
|
||||
];
|
||||
|
||||
jsonOk($_SESSION['user'], 'Login berhasil');
|
||||
}
|
||||
|
||||
if ($method === 'POST' && $action === 'logout') {
|
||||
session_destroy();
|
||||
jsonOk(null, 'Logout berhasil');
|
||||
}
|
||||
|
||||
if ($method === 'GET' && $action === 'check') {
|
||||
if (!empty($_SESSION['user'])) {
|
||||
jsonOk($_SESSION['user'], 'Session aktif');
|
||||
}
|
||||
jsonError('Tidak terautentikasi', 401);
|
||||
}
|
||||
|
||||
jsonError('Method tidak valid', 405);
|
||||
Reference in New Issue
Block a user