false, 'message' => 'Unauthorized']); exit; } // Basic validation if (empty($_POST['id']) || empty($_POST['nama_lengkap']) || empty($_POST['email']) || empty($_POST['role'])) { echo json_encode(['success' => false, 'message' => 'Incomplete data for update.']); exit; } $id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT); $nama_lengkap = $_POST['nama_lengkap']; $email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); $role = $_POST['role']; $id_kantor = !empty($_POST['id_kantor']) ? filter_input(INPUT_POST, 'id_kantor', FILTER_SANITIZE_NUMBER_INT) : null; if (!$email) { echo json_encode(['success' => false, 'message' => 'Invalid email format.']); exit; } try { // Check if email is used by another user $stmt = db()->prepare("SELECT id FROM users WHERE email = ? AND id != ?"); $stmt->execute([$email, $id]); if ($stmt->fetch()) { echo json_encode(['success' => false, 'message' => 'Email is already in use by another account.']); exit; } // Handle password update if (!empty($_POST['password'])) { $password = password_hash($_POST['password'], PASSWORD_DEFAULT); $sql = "UPDATE users SET nama_lengkap = ?, email = ?, password = ?, role = ?, id_kantor = ? WHERE id = ?"; $stmt = db()->prepare($sql); $stmt->execute([$nama_lengkap, $email, $password, $role, $id_kantor, $id]); } else { $sql = "UPDATE users SET nama_lengkap = ?, email = ?, role = ?, id_kantor = ? WHERE id = ?"; $stmt = db()->prepare($sql); $stmt->execute([$nama_lengkap, $email, $role, $id_kantor, $id]); } echo json_encode(['success' => true, 'message' => 'User updated successfully.']); } catch (PDOException $e) { echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]); } ?>