false, 'message' => 'Akses ditolak']); exit; } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { echo json_encode(['success' => false, 'message' => 'Hanya POST']); exit; } $request_id = (int)($_POST['request_id'] ?? 0); $user_id = (int)($_POST['user_id'] ?? 0); $new_password = $_POST['new_password'] ?? ''; if ($request_id <= 0 || $user_id <= 0 || strlen($new_password) < 6) { echo json_encode(['success' => false, 'message' => 'Password minimal 6 karakter']); exit; } // Update password user $hashed = password_hash($new_password, PASSWORD_DEFAULT); $stmt = $conn->prepare("UPDATE users SET password = ? WHERE id = ?"); $stmt->bind_param("si", $hashed, $user_id); if (!$stmt->execute()) { echo json_encode(['success' => false, 'message' => 'Gagal update password']); $stmt->close(); $conn->close(); exit; } $stmt->close(); // Tandai request sebagai done $stmt2 = $conn->prepare("UPDATE password_resets SET status = 'done' WHERE id = ?"); $stmt2->bind_param("i", $request_id); $stmt2->execute(); $stmt2->close(); echo json_encode(['success' => true, 'message' => 'Password berhasil direset. User bisa login dengan password baru.']); $conn->close();