amrimd
/
TKK_E32222685
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
TKK_E32222685/WEB-playground/api/tambah_admin.php

143 lines
4.0 KiB
PHP
Raw Permalink Blame History

<?php
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST');
header('Access-Control-Allow-Headers: Content-Type, Authorization');
require_once '../includes/auth.php';
require_once '../config/database.php';
// Only allow POST requests
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo json_encode([
'status' => 'error',
'message' => 'Method not allowed'
]);
exit();
}
$auth = new Auth();
// Check if user is authenticated
if (!$auth->checkSession()) {
echo json_encode([
'status' => 'error',
'message' => 'Unauthorized',
'redirect' => 'login.html'
]);
exit();
}
// Get POST data
$username = trim($_POST['username'] ?? '');
$password = $_POST['password'] ?? '';
$confirmPassword = $_POST['confirmPassword'] ?? '';
// Validation
$errors = [];
// Username validation
if (empty($username)) {
$errors[] = 'Username tidak boleh kosong';
} elseif (strlen($username) < 3) {
$errors[] = 'Username harus minimal 3 karakter';
} elseif (strlen($username) > 50) {
$errors[] = 'Username maksimal 50 karakter';
}
// Password validation (simple)
if (empty($password)) {
$errors[] = 'Password tidak boleh kosong';
} elseif (strlen($password) < 4) {
$errors[] = 'Password harus minimal 4 karakter';
}
// Confirm password validation
if ($password !== $confirmPassword) {
$errors[] = 'Konfirmasi password tidak cocok';
}
// Return validation errors
if (!empty($errors)) {
echo json_encode([
'status' => 'error',
'message' => implode(', ', $errors),
'field' => 'general'
]);
exit();
}
try {
// Connect to database
$database = new Database();
$conn = $database->connect();
// Check if username already exists
$checkQuery = "SELECT id FROM admin WHERE username = :username LIMIT 1";
$checkStmt = $conn->prepare($checkQuery);
$checkStmt->bindParam(':username', $username);
$checkStmt->execute();
if ($checkStmt->rowCount() > 0) {
echo json_encode([
'status' => 'error',
'message' => 'Username sudah digunakan, silakan pilih username lain',
'field' => 'username'
]);
exit();
}
// Hash password
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
// Insert new admin
$insertQuery = "INSERT INTO admin (username, password, created_at) VALUES (:username, :password, NOW())";
$insertStmt = $conn->prepare($insertQuery);
$insertStmt->bindParam(':username', $username);
$insertStmt->bindParam(':password', $hashedPassword);
if ($insertStmt->execute()) {
// Get session info for logging
session_start();
$currentAdmin = $_SESSION['admin_username'] ?? 'Unknown';
// Log the action
error_log("Admin '$currentAdmin' added new admin: '$username' at " . date('Y-m-d H:i:s'));
echo json_encode([
'status' => 'success',
'message' => "Admin '$username' berhasil ditambahkan ke sistem",
'data' => [
'username' => $username,
'created_at' => date('Y-m-d H:i:s')
]
]);
} else {
throw new Exception('Gagal menyimpan data admin ke database');
}
} catch (PDOException $e) {
error_log("Database error in tambah_admin.php: " . $e->getMessage());
// Check for specific database errors
if ($e->getCode() == 23000) { // Duplicate entry
echo json_encode([
'status' => 'error',
'message' => 'Username sudah digunakan, silakan pilih username lain',
'field' => 'username'
]);
} else {
echo json_encode([
'status' => 'error',
'message' => 'Terjadi kesalahan database. Silakan coba lagi.'
]);
}
} catch (Exception $e) {
error_log("General error in tambah_admin.php: " . $e->getMessage());
echo json_encode([
'status' => 'error',
'message' => 'Terjadi kesalahan sistem. Silakan coba lagi.'
]);
}
?>
Reference in New Issue View Git Blame Copy Permalink