35 lines
803 B
PHP
35 lines
803 B
PHP
<?php
|
|
if (session_status() === PHP_SESSION_NONE) {
|
|
session_start();
|
|
}
|
|
|
|
/**
|
|
* Pastikan user sudah login.
|
|
* Kalau belum, redirect ke login.php
|
|
*/
|
|
function requireLogin() {
|
|
if (!isset($_SESSION['user'])) {
|
|
header("Location: login.php");
|
|
exit;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Pastikan user punya role tertentu.
|
|
* Kalau tidak, kembalikan response JSON error (untuk endpoint API)
|
|
*/
|
|
function requireRole(...$roles) {
|
|
requireLogin();
|
|
if (!in_array($_SESSION['role'], $roles)) {
|
|
http_response_code(403);
|
|
echo json_encode(["status" => "error", "message" => "Akses ditolak."]);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Helper: cek role tanpa exit, untuk dipakai di kondisi if
|
|
*/
|
|
function hasRole(...$roles) {
|
|
return isset($_SESSION['role']) && in_array($_SESSION['role'], $roles);
|
|
} |