false, 'message' => 'Hanya POST']); exit; } $email = trim($_POST['email'] ?? ''); $password = $_POST['password'] ?? ''; if (empty($email) || empty($password)) { echo json_encode(['success' => false, 'message' => 'Email dan password wajib diisi']); exit; } $stmt = $conn->prepare("SELECT id, nama, email, password, role, status FROM users WHERE email = ?"); $stmt->bind_param("s", $email); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows === 0) { echo json_encode(['success' => false, 'message' => 'Email tidak ditemukan']); $stmt->close(); $conn->close(); exit; } $user = $result->fetch_assoc(); if (!password_verify($password, $user['password'])) { echo json_encode(['success' => false, 'message' => 'Password salah']); $stmt->close(); $conn->close(); exit; } // Cek status verifikasi akun if ($user['status'] === 'pending') { echo json_encode(['success' => false, 'message' => 'Akun Anda sedang menunggu verifikasi dari Admin. Harap bersabar.']); $stmt->close(); $conn->close(); exit; } if ($user['status'] === 'rejected') { echo json_encode(['success' => false, 'message' => 'Akun Anda ditolak oleh Admin.']); $stmt->close(); $conn->close(); exit; } // Set session $_SESSION['user_id'] = (int)$user['id']; $_SESSION['user_nama'] = $user['nama']; $_SESSION['user_email']= $user['email']; $_SESSION['user_role'] = $user['role']; echo json_encode([ 'success' => true, 'message' => 'Login berhasil!', 'user' => [ 'id' => (int)$user['id'], 'nama' => $user['nama'], 'email' => $user['email'], 'role' => $user['role'] ] ]); $stmt->close(); $conn->close();