Files
D1041231091-WebGIS-All/05/edit_user.php
T

87 lines
3.8 KiB
PHP

<?php
/**
* edit_user.php
* Update akun pengguna.
* Password boleh dikosongkan jika tidak ingin diganti.
*/
require_once __DIR__ . '/auth.php';
require_login(true);
require_role(['super_admin', 'admin_rumah_ibadah'], true);
require_post();
$actor = current_user();
$actorRole = $actor['role'];
$id = (int) post('id');
$nama = clean_text(post('nama'), 100);
$username = clean_text(post('username'), 50);
$password = post('password');
$role = post('role');
$status_akun = post('status_akun', 'aktif');
$statusList = ['aktif', 'nonaktif'];
if ($id <= 0) json_response('err', 'ID akun tidak valid.', [], 422);
if ($nama === '' || $username === '') json_response('err', 'Nama dan username wajib diisi.', [], 422);
if (!preg_match('/^[a-zA-Z0-9_\.\-]{4,50}$/', $username)) {
json_response('err', 'Username minimal 4 karakter dan hanya boleh huruf, angka, titik, strip, atau underscore.', [], 422);
}
if ($password !== '' && strlen($password) < 6) json_response('err', 'Password minimal 6 karakter.', [], 422);
if (!valid_enum($status_akun, $statusList)) json_response('err', 'Status akun tidak valid.', [], 422);
$stmt = $koneksi->prepare("SELECT id, role FROM users WHERE id=? LIMIT 1");
$stmt->bind_param('i', $id);
$stmt->execute();
$target = $stmt->get_result()->fetch_assoc();
if (!$target) json_response('err', 'Akun tidak ditemukan.', [], 404);
if ($actorRole === 'super_admin') {
if (!in_array($role, ['admin_rumah_ibadah', 'penerima'], true)) {
json_response('err', 'Super admin hanya mengelola akun admin rumah ibadah dan penerima dari halaman ini.', [], 403);
}
if (!in_array($target['role'], ['admin_rumah_ibadah', 'penerima'], true)) {
json_response('err', 'Akun ini tidak boleh diubah dari halaman ini.', [], 403);
}
} else {
// Admin rumah ibadah hanya bisa mengubah akun penerima, dan role tetap penerima.
if ($target['role'] !== 'penerima') json_response('err', 'Admin rumah ibadah hanya boleh mengelola akun penerima.', [], 403);
$role = 'penerima';
$ids = get_admin_rumah_ibadah_ids((int)$actor['id'], true);
$types = 'i';
$params = [$id];
if (!empty($ids)) {
$notIn = build_in_condition('rumah_ibadah_id', $ids, $types, $params);
$stmt = $koneksi->prepare("SELECT COUNT(*) AS jml FROM penerima_bantuan WHERE user_id=? AND COALESCE(status_hapus,'normal')<>'disetujui' AND rumah_ibadah_id IS NOT NULL AND NOT ($notIn)");
} else {
$stmt = $koneksi->prepare("SELECT COUNT(*) AS jml FROM penerima_bantuan WHERE user_id=? AND COALESCE(status_hapus,'normal')<>'disetujui' AND rumah_ibadah_id IS NOT NULL");
}
stmt_bind($stmt, $types, $params);
$stmt->execute();
$row = $stmt->get_result()->fetch_assoc();
if ((int)$row['jml'] > 0) json_response('err', 'Akun penerima ini terhubung dengan rumah ibadah lain.', [], 403);
}
$stmt = $koneksi->prepare("SELECT id FROM users WHERE username=? AND id<>? LIMIT 1");
$stmt->bind_param('si', $username, $id);
$stmt->execute();
if ($stmt->get_result()->fetch_assoc()) json_response('err', 'Username sudah digunakan akun lain.', [], 409);
if ($password !== '') {
$hash = password_hash($password, PASSWORD_DEFAULT);
$stmt = $koneksi->prepare("UPDATE users SET nama=?, username=?, password=?, role=?, status_akun=? WHERE id=?");
$stmt->bind_param('sssssi', $nama, $username, $hash, $role, $status_akun, $id);
} else {
$stmt = $koneksi->prepare("UPDATE users SET nama=?, username=?, role=?, status_akun=? WHERE id=?");
$stmt->bind_param('ssssi', $nama, $username, $role, $status_akun, $id);
}
if (!$stmt->execute()) json_response('err', 'Gagal mengubah akun: ' . $stmt->error, [], 500);
json_response('ok', 'Akun berhasil diubah.', [
'id' => $id,
'nama' => $nama,
'username' => $username,
'role' => $role,
'status_akun' => $status_akun
]);
?>