admin/34627-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34627-vm/api/update_user.php
Flatlogic Bot 2be5f009ee dua
2025-10-03 14:19:02 +00:00

56 lines
2.1 KiB
PHP
Raw Permalink Blame History

<?php
// api/update_user.php
header('Content-Type: application/json');
require_once '../db/config.php';
session_start();
// Authentication and Authorization check
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'super_admin') {
echo json_encode(['success' => false, 'message' => 'Unauthorized']);
exit;
}
// Basic validation
if (empty($_POST['id']) || empty($_POST['nama_lengkap']) || empty($_POST['email']) || empty($_POST['role'])) {
echo json_encode(['success' => false, 'message' => 'Incomplete data for update.']);
exit;
}
$id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT);
$nama_lengkap = $_POST['nama_lengkap'];
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$role = $_POST['role'];
$id_kantor = !empty($_POST['id_kantor']) ? filter_input(INPUT_POST, 'id_kantor', FILTER_SANITIZE_NUMBER_INT) : null;
if (!$email) {
echo json_encode(['success' => false, 'message' => 'Invalid email format.']);
exit;
}
try {
// Check if email is used by another user
$stmt = db()->prepare("SELECT id FROM users WHERE email = ? AND id != ?");
$stmt->execute([$email, $id]);
if ($stmt->fetch()) {
echo json_encode(['success' => false, 'message' => 'Email is already in use by another account.']);
exit;
}
// Handle password update
if (!empty($_POST['password'])) {
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$sql = "UPDATE users SET nama_lengkap = ?, email = ?, password = ?, role = ?, id_kantor = ? WHERE id = ?";
$stmt = db()->prepare($sql);
$stmt->execute([$nama_lengkap, $email, $password, $role, $id_kantor, $id]);
} else {
$sql = "UPDATE users SET nama_lengkap = ?, email = ?, role = ?, id_kantor = ? WHERE id = ?";
$stmt = db()->prepare($sql);
$stmt->execute([$nama_lengkap, $email, $role, $id_kantor, $id]);
}
echo json_encode(['success' => true, 'message' => 'User updated successfully.']);
} catch (PDOException $e) {
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
?>
Reference in New Issue View Git Blame Copy Permalink