admin/34784-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34784-vm/api.php
Flatlogic Bot 0e7f6ab776 Edutask V1
2025-10-08 08:54:03 +00:00

149 lines
5.9 KiB
PHP
Raw Permalink Blame History

<?php
header('Content-Type: application/json');
session_start();
require_once __DIR__ . '/db/config.php';
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
echo json_encode(['success' => false, 'error' => 'Authentication required.']);
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo json_encode(['success' => false, 'error' => 'Invalid request method.']);
exit;
}
$input = json_decode(file_get_contents('php://input'), true);
if (!$input || !isset($input['action'])) {
echo json_encode(['success' => false, 'error' => 'Invalid or missing action.']);
exit;
}
$action = $input['action'];
$user_id = $_SESSION['user_id'];
$role = $_SESSION['role'];
switch ($action) {
case 'update_task_status':
handle_update_task_status($input, $user_id, $role);
break;
case 'create_task':
handle_create_task($input, $user_id, $role);
break;
case 'create_user':
case 'update_user':
case 'delete_user':
handle_user_management($action, $input, $role);
break;
default:
echo json_encode(['success' => false, 'error' => 'Unknown action.']);
break;
}
function handle_update_task_status($input, $user_id, $role) {
if ($role !== 'siswa') {
echo json_encode(['success' => false, 'error' => 'Permission denied.']);
exit;
}
if (!isset($input['assignment_id']) || !isset($input['status'])) {
echo json_encode(['success' => false, 'error' => 'Missing parameters.']);
return;
}
try {
$pdo = db();
$stmt = $pdo->prepare("UPDATE task_assignments SET status = ?, completed_at = ? WHERE id = ? AND assigned_to_user_id = ?");
$completed_at = ($input['status'] === 'done') ? date('Y-m-d H:i:s') : null;
$stmt->execute([$input['status'], $completed_at, $input['assignment_id'], $user_id]);
echo json_encode(['success' => $stmt->rowCount() > 0]);
} catch (PDOException $e) {
echo json_encode(['success' => false, 'error' => 'Database error.']);
}
}
function handle_create_task($input, $user_id, $role) {
if ($role !== 'guru') {
echo json_encode(['success' => false, 'error' => 'Permission denied.']);
exit;
}
if (empty($input['title']) || empty($input['student_ids'])) {
echo json_encode(['success' => false, 'error' => 'Title and at least one student are required.']);
return;
}
$pdo = db();
try {
$pdo->beginTransaction();
$stmt = $pdo->prepare("INSERT INTO tasks (title, description, created_by_user_id, due_date) VALUES (?, ?, ?, ?)");
$stmt->execute([$input['title'], $input['description'], $user_id, $input['due_date']]);
$task_id = $pdo->lastInsertId();
$stmt = $pdo->prepare("INSERT INTO task_assignments (task_id, assigned_to_user_id) VALUES (?, ?)");
foreach ($input['student_ids'] as $student_id) {
$stmt->execute([$task_id, $student_id]);
}
$pdo->commit();
echo json_encode(['success' => true]);
} catch (PDOException $e) {
$pdo->rollBack();
echo json_encode(['success' => false, 'error' => 'Database error during task creation.']);
}
}
function handle_user_management($action, $input, $role) {
if ($role !== 'admin') {
echo json_encode(['success' => false, 'error' => 'Permission denied.']);
exit;
}
$pdo = db();
try {
switch ($action) {
case 'create_user':
if (empty($input['username']) || empty($input['password']) || empty($input['role'])) {
echo json_encode(['success' => false, 'error' => 'Username, password, and role are required.']);
return;
}
$hashed_password = password_hash($input['password'], PASSWORD_DEFAULT);
$stmt = $pdo->prepare("INSERT INTO users (username, password, role) VALUES (?, ?, ?)");
$stmt->execute([$input['username'], $hashed_password, $input['role']]);
break;
case 'update_user':
if (empty($input['user_id']) || empty($input['username']) || empty($input['role'])) {
echo json_encode(['success' => false, 'error' => 'User ID, username, and role are required.']);
return;
}
if (!empty($input['password'])) {
$hashed_password = password_hash($input['password'], PASSWORD_DEFAULT);
$stmt = $pdo->prepare("UPDATE users SET username = ?, password = ?, role = ? WHERE id = ?");
$stmt->execute([$input['username'], $hashed_password, $input['role'], $input['user_id']]);
} else {
$stmt = $pdo->prepare("UPDATE users SET username = ?, role = ? WHERE id = ?");
$stmt->execute([$input['username'], $input['role'], $input['user_id']]);
}
break;
case 'delete_user':
if (empty($input['user_id'])) {
echo json_encode(['success' => false, 'error' => 'User ID is required.']);
return;
}
// Prevent admin from deleting themselves
if ($input['user_id'] == $_SESSION['user_id']) {
echo json_encode(['success' => false, 'error' => 'You cannot delete your own account.']);
return;
}
$stmt = $pdo->prepare("DELETE FROM users WHERE id = ?");
$stmt->execute([$input['user_id']]);
break;
}
echo json_encode(['success' => true]);
} catch (PDOException $e) {
// Check for duplicate username error
if ($e->errorInfo[1] == 1062) {
echo json_encode(['success' => false, 'error' => 'Username already exists.']);
} else {
echo json_encode(['success' => false, 'error' => 'Database error: ' . $e->getMessage()]);
}
}
}
Reference in New Issue View Git Blame Copy Permalink