'error', 'message' => 'Method not allowed' ]); exit(); } $auth = new Auth(); // Check if user is authenticated if (!$auth->checkSession()) { echo json_encode([ 'status' => 'error', 'message' => 'Unauthorized', 'redirect' => 'login.html' ]); exit(); } // Get POST data $username = trim($_POST['username'] ?? ''); $password = $_POST['password'] ?? ''; $confirmPassword = $_POST['confirmPassword'] ?? ''; // Validation $errors = []; // Username validation if (empty($username)) { $errors[] = 'Username tidak boleh kosong'; } elseif (strlen($username) < 3) { $errors[] = 'Username harus minimal 3 karakter'; } elseif (strlen($username) > 50) { $errors[] = 'Username maksimal 50 karakter'; } // Password validation (simple) if (empty($password)) { $errors[] = 'Password tidak boleh kosong'; } elseif (strlen($password) < 4) { $errors[] = 'Password harus minimal 4 karakter'; } // Confirm password validation if ($password !== $confirmPassword) { $errors[] = 'Konfirmasi password tidak cocok'; } // Return validation errors if (!empty($errors)) { echo json_encode([ 'status' => 'error', 'message' => implode(', ', $errors), 'field' => 'general' ]); exit(); } try { // Connect to database $database = new Database(); $conn = $database->connect(); // Check if username already exists $checkQuery = "SELECT id FROM admin WHERE username = :username LIMIT 1"; $checkStmt = $conn->prepare($checkQuery); $checkStmt->bindParam(':username', $username); $checkStmt->execute(); if ($checkStmt->rowCount() > 0) { echo json_encode([ 'status' => 'error', 'message' => 'Username sudah digunakan, silakan pilih username lain', 'field' => 'username' ]); exit(); } // Hash password $hashedPassword = password_hash($password, PASSWORD_DEFAULT); // Insert new admin $insertQuery = "INSERT INTO admin (username, password, created_at) VALUES (:username, :password, NOW())"; $insertStmt = $conn->prepare($insertQuery); $insertStmt->bindParam(':username', $username); $insertStmt->bindParam(':password', $hashedPassword); if ($insertStmt->execute()) { // Get session info for logging session_start(); $currentAdmin = $_SESSION['admin_username'] ?? 'Unknown'; // Log the action error_log("Admin '$currentAdmin' added new admin: '$username' at " . date('Y-m-d H:i:s')); echo json_encode([ 'status' => 'success', 'message' => "Admin '$username' berhasil ditambahkan ke sistem", 'data' => [ 'username' => $username, 'created_at' => date('Y-m-d H:i:s') ] ]); } else { throw new Exception('Gagal menyimpan data admin ke database'); } } catch (PDOException $e) { error_log("Database error in tambah_admin.php: " . $e->getMessage()); // Check for specific database errors if ($e->getCode() == 23000) { // Duplicate entry echo json_encode([ 'status' => 'error', 'message' => 'Username sudah digunakan, silakan pilih username lain', 'field' => 'username' ]); } else { echo json_encode([ 'status' => 'error', 'message' => 'Terjadi kesalahan database. Silakan coba lagi.' ]); } } catch (Exception $e) { error_log("General error in tambah_admin.php: " . $e->getMessage()); echo json_encode([ 'status' => 'error', 'message' => 'Terjadi kesalahan sistem. Silakan coba lagi.' ]); } ?>