48 lines
1.6 KiB
PHP
48 lines
1.6 KiB
PHP
<?php
|
|
// api/add_user.php
|
|
header('Content-Type: application/json');
|
|
require_once '../db/config.php';
|
|
session_start();
|
|
|
|
// Authentication and Authorization check
|
|
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'super_admin') {
|
|
echo json_encode(['success' => false, 'message' => 'Unauthorized']);
|
|
exit;
|
|
}
|
|
|
|
// Basic validation
|
|
if (empty($_POST['nama_lengkap']) || empty($_POST['email']) || empty($_POST['password']) || empty($_POST['role'])) {
|
|
echo json_encode(['success' => false, 'message' => 'Please fill all required fields.']);
|
|
exit;
|
|
}
|
|
|
|
$nama_lengkap = $_POST['nama_lengkap'];
|
|
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
|
|
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
|
|
$role = $_POST['role'];
|
|
$id_kantor = !empty($_POST['id_kantor']) ? filter_input(INPUT_POST, 'id_kantor', FILTER_SANITIZE_NUMBER_INT) : null;
|
|
|
|
if (!$email) {
|
|
echo json_encode(['success' => false, 'message' => 'Invalid email format.']);
|
|
exit;
|
|
}
|
|
|
|
// Check for existing email
|
|
try {
|
|
$stmt = db()->prepare("SELECT id FROM users WHERE email = ?");
|
|
$stmt->execute([$email]);
|
|
if ($stmt->fetch()) {
|
|
echo json_encode(['success' => false, 'message' => 'Email already exists.']);
|
|
exit;
|
|
}
|
|
|
|
$sql = "INSERT INTO users (nama_lengkap, email, password, role, id_kantor) VALUES (?, ?, ?, ?, ?)";
|
|
$stmt = db()->prepare($sql);
|
|
$stmt->execute([$nama_lengkap, $email, $password, $role, $id_kantor]);
|
|
|
|
echo json_encode(['success' => true, 'message' => 'User added successfully.']);
|
|
|
|
} catch (PDOException $e) {
|
|
echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
|
|
}
|
|
?>
|