prepare("SELECT id, role FROM users WHERE id=? LIMIT 1"); $stmt->bind_param('i', $id); $stmt->execute(); $target = $stmt->get_result()->fetch_assoc(); if (!$target) json_response('err', 'Akun tidak ditemukan.', [], 404); if ($actorRole === 'super_admin') { if (!in_array($role, ['admin_rumah_ibadah', 'penerima'], true)) { json_response('err', 'Super admin hanya mengelola akun admin rumah ibadah dan penerima dari halaman ini.', [], 403); } if (!in_array($target['role'], ['admin_rumah_ibadah', 'penerima'], true)) { json_response('err', 'Akun ini tidak boleh diubah dari halaman ini.', [], 403); } } else { // Admin rumah ibadah hanya bisa mengubah akun penerima, dan role tetap penerima. if ($target['role'] !== 'penerima') json_response('err', 'Admin rumah ibadah hanya boleh mengelola akun penerima.', [], 403); $role = 'penerima'; $ids = get_admin_rumah_ibadah_ids((int)$actor['id'], true); $types = 'i'; $params = [$id]; if (!empty($ids)) { $notIn = build_in_condition('rumah_ibadah_id', $ids, $types, $params); $stmt = $koneksi->prepare("SELECT COUNT(*) AS jml FROM penerima_bantuan WHERE user_id=? AND COALESCE(status_hapus,'normal')<>'disetujui' AND rumah_ibadah_id IS NOT NULL AND NOT ($notIn)"); } else { $stmt = $koneksi->prepare("SELECT COUNT(*) AS jml FROM penerima_bantuan WHERE user_id=? AND COALESCE(status_hapus,'normal')<>'disetujui' AND rumah_ibadah_id IS NOT NULL"); } stmt_bind($stmt, $types, $params); $stmt->execute(); $row = $stmt->get_result()->fetch_assoc(); if ((int)$row['jml'] > 0) json_response('err', 'Akun penerima ini terhubung dengan rumah ibadah lain.', [], 403); } $stmt = $koneksi->prepare("SELECT id FROM users WHERE username=? AND id<>? LIMIT 1"); $stmt->bind_param('si', $username, $id); $stmt->execute(); if ($stmt->get_result()->fetch_assoc()) json_response('err', 'Username sudah digunakan akun lain.', [], 409); if ($password !== '') { $hash = password_hash($password, PASSWORD_DEFAULT); $stmt = $koneksi->prepare("UPDATE users SET nama=?, username=?, password=?, role=?, status_akun=? WHERE id=?"); $stmt->bind_param('sssssi', $nama, $username, $hash, $role, $status_akun, $id); } else { $stmt = $koneksi->prepare("UPDATE users SET nama=?, username=?, role=?, status_akun=? WHERE id=?"); $stmt->bind_param('ssssi', $nama, $username, $role, $status_akun, $id); } if (!$stmt->execute()) json_response('err', 'Gagal mengubah akun: ' . $stmt->error, [], 500); json_response('ok', 'Akun berhasil diubah.', [ 'id' => $id, 'nama' => $nama, 'username' => $username, 'role' => $role, 'status_akun' => $status_akun ]); ?>