34627-vm/api/update_asset.php

<?php
require_once '../db/config.php';
session_start();

header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['success' => false, 'message' => 'Metode tidak diizinkan.']);
    exit;
}

if (!isset($_SESSION['user_id'])) {
    http_response_code(403);
    echo json_encode(['success' => false, 'message' => 'Akses ditolak.']);
    exit;
}

// Get data from POST request
$id = $_POST['id'] ?? null;
$nama_aset = $_POST['nama_aset'] ?? '';
$id_kategori = $_POST['id_kategori'] ?? null;
$id_kantor_lokasi = $_POST['id_kantor_lokasi'] ?? null;
$spesifikasi = $_POST['spesifikasi'] ?? '';
$tanggal_pembelian = $_POST['tanggal_pembelian'] ?? null;
$harga_pembelian = $_POST['harga_pembelian'] ?? null;
$vendor = $_POST['vendor'] ?? '';
$status = $_POST['status'] ?? '';

// Basic validation
if (empty($id) || empty($nama_aset) || empty($id_kategori) || empty($id_kantor_lokasi) || empty($tanggal_pembelian) || empty($harga_pembelian) || empty($status)) {
    http_response_code(400);
    echo json_encode(['success' => false, 'message' => 'Semua field yang wajib diisi harus diisi.']);
    exit;
}

try {
    $pdo = db();
    $sql = "UPDATE aset SET 
                nama_aset = :nama_aset, 
                id_kategori = :id_kategori, 
                id_kantor_lokasi = :id_kantor_lokasi, 
                spesifikasi = :spesifikasi, 
                tanggal_pembelian = :tanggal_pembelian, 
                harga_pembelian = :harga_pembelian, 
                vendor = :vendor, 
                status = :status,
                updated_at = NOW()
            WHERE id = :id";
            
    $stmt = $pdo->prepare($sql);
    
    $stmt->bindParam(':id', $id, PDO::PARAM_INT);
    $stmt->bindParam(':nama_aset', $nama_aset, PDO::PARAM_STR);
    $stmt->bindParam(':id_kategori', $id_kategori, PDO::PARAM_INT);
    $stmt->bindParam(':id_kantor_lokasi', $id_kantor_lokasi, PDO::PARAM_INT);
    $stmt->bindParam(':spesifikasi', $spesifikasi, PDO::PARAM_STR);
    $stmt->bindParam(':tanggal_pembelian', $tanggal_pembelian, PDO::PARAM_STR);
    $stmt->bindParam(':harga_pembelian', $harga_pembelian);
    $stmt->bindParam(':vendor', $vendor, PDO::PARAM_STR);
    $stmt->bindParam(':status', $status, PDO::PARAM_STR);

    if ($stmt->execute()) {
        echo json_encode(['success' => true, 'message' => 'Aset berhasil diperbarui.']);
    } else {
        http_response_code(500);
        echo json_encode(['success' => false, 'message' => 'Gagal memperbarui aset.']);
    }
} catch (PDOException $e) {
    http_response_code(500);
    // In production, log this error.
    echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}