prepare("SELECT * FROM users WHERE username = ? AND aktif = 1 LIMIT 1"); $stmt->execute([$username]); $user = $stmt->fetch(); if (!$user || !password_verify($password, $user['password'])) { jsonError('Username atau password salah.', 401); } $_SESSION['user'] = [ 'id' => $user['id'], 'username' => $user['username'], 'role' => $user['role'], 'jabatan' => $user['jabatan'], 'can_edit' => (bool)$user['can_edit'], 'is_admin' => (bool)$user['is_admin'], 'is_wali' => (bool)$user['is_wali'], ]; jsonOk($_SESSION['user'], 'Login berhasil'); } if ($method === 'POST' && $action === 'logout') { session_destroy(); jsonOk(null, 'Logout berhasil'); } if ($method === 'GET' && $action === 'check') { if (!empty($_SESSION['user'])) { jsonOk($_SESSION['user'], 'Session aktif'); } jsonError('Tidak terautentikasi', 401); } jsonError('Method tidak valid', 405);