149 lines
5.9 KiB
PHP
149 lines
5.9 KiB
PHP
<?php
|
|
header('Content-Type: application/json');
|
|
session_start();
|
|
require_once __DIR__ . '/db/config.php';
|
|
|
|
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
|
|
echo json_encode(['success' => false, 'error' => 'Authentication required.']);
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
echo json_encode(['success' => false, 'error' => 'Invalid request method.']);
|
|
exit;
|
|
}
|
|
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
if (!$input || !isset($input['action'])) {
|
|
echo json_encode(['success' => false, 'error' => 'Invalid or missing action.']);
|
|
exit;
|
|
}
|
|
|
|
$action = $input['action'];
|
|
$user_id = $_SESSION['user_id'];
|
|
$role = $_SESSION['role'];
|
|
|
|
switch ($action) {
|
|
case 'update_task_status':
|
|
handle_update_task_status($input, $user_id, $role);
|
|
break;
|
|
case 'create_task':
|
|
handle_create_task($input, $user_id, $role);
|
|
break;
|
|
case 'create_user':
|
|
case 'update_user':
|
|
case 'delete_user':
|
|
handle_user_management($action, $input, $role);
|
|
break;
|
|
default:
|
|
echo json_encode(['success' => false, 'error' => 'Unknown action.']);
|
|
break;
|
|
}
|
|
|
|
function handle_update_task_status($input, $user_id, $role) {
|
|
if ($role !== 'siswa') {
|
|
echo json_encode(['success' => false, 'error' => 'Permission denied.']);
|
|
exit;
|
|
}
|
|
if (!isset($input['assignment_id']) || !isset($input['status'])) {
|
|
echo json_encode(['success' => false, 'error' => 'Missing parameters.']);
|
|
return;
|
|
}
|
|
try {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("UPDATE task_assignments SET status = ?, completed_at = ? WHERE id = ? AND assigned_to_user_id = ?");
|
|
$completed_at = ($input['status'] === 'done') ? date('Y-m-d H:i:s') : null;
|
|
$stmt->execute([$input['status'], $completed_at, $input['assignment_id'], $user_id]);
|
|
echo json_encode(['success' => $stmt->rowCount() > 0]);
|
|
} catch (PDOException $e) {
|
|
echo json_encode(['success' => false, 'error' => 'Database error.']);
|
|
}
|
|
}
|
|
|
|
function handle_create_task($input, $user_id, $role) {
|
|
if ($role !== 'guru') {
|
|
echo json_encode(['success' => false, 'error' => 'Permission denied.']);
|
|
exit;
|
|
}
|
|
if (empty($input['title']) || empty($input['student_ids'])) {
|
|
echo json_encode(['success' => false, 'error' => 'Title and at least one student are required.']);
|
|
return;
|
|
}
|
|
|
|
$pdo = db();
|
|
try {
|
|
$pdo->beginTransaction();
|
|
$stmt = $pdo->prepare("INSERT INTO tasks (title, description, created_by_user_id, due_date) VALUES (?, ?, ?, ?)");
|
|
$stmt->execute([$input['title'], $input['description'], $user_id, $input['due_date']]);
|
|
$task_id = $pdo->lastInsertId();
|
|
$stmt = $pdo->prepare("INSERT INTO task_assignments (task_id, assigned_to_user_id) VALUES (?, ?)");
|
|
foreach ($input['student_ids'] as $student_id) {
|
|
$stmt->execute([$task_id, $student_id]);
|
|
}
|
|
$pdo->commit();
|
|
echo json_encode(['success' => true]);
|
|
} catch (PDOException $e) {
|
|
$pdo->rollBack();
|
|
echo json_encode(['success' => false, 'error' => 'Database error during task creation.']);
|
|
}
|
|
}
|
|
|
|
function handle_user_management($action, $input, $role) {
|
|
if ($role !== 'admin') {
|
|
echo json_encode(['success' => false, 'error' => 'Permission denied.']);
|
|
exit;
|
|
}
|
|
|
|
$pdo = db();
|
|
try {
|
|
switch ($action) {
|
|
case 'create_user':
|
|
if (empty($input['username']) || empty($input['password']) || empty($input['role'])) {
|
|
echo json_encode(['success' => false, 'error' => 'Username, password, and role are required.']);
|
|
return;
|
|
}
|
|
$hashed_password = password_hash($input['password'], PASSWORD_DEFAULT);
|
|
$stmt = $pdo->prepare("INSERT INTO users (username, password, role) VALUES (?, ?, ?)");
|
|
$stmt->execute([$input['username'], $hashed_password, $input['role']]);
|
|
break;
|
|
|
|
case 'update_user':
|
|
if (empty($input['user_id']) || empty($input['username']) || empty($input['role'])) {
|
|
echo json_encode(['success' => false, 'error' => 'User ID, username, and role are required.']);
|
|
return;
|
|
}
|
|
if (!empty($input['password'])) {
|
|
$hashed_password = password_hash($input['password'], PASSWORD_DEFAULT);
|
|
$stmt = $pdo->prepare("UPDATE users SET username = ?, password = ?, role = ? WHERE id = ?");
|
|
$stmt->execute([$input['username'], $hashed_password, $input['role'], $input['user_id']]);
|
|
} else {
|
|
$stmt = $pdo->prepare("UPDATE users SET username = ?, role = ? WHERE id = ?");
|
|
$stmt->execute([$input['username'], $input['role'], $input['user_id']]);
|
|
}
|
|
break;
|
|
|
|
case 'delete_user':
|
|
if (empty($input['user_id'])) {
|
|
echo json_encode(['success' => false, 'error' => 'User ID is required.']);
|
|
return;
|
|
}
|
|
// Prevent admin from deleting themselves
|
|
if ($input['user_id'] == $_SESSION['user_id']) {
|
|
echo json_encode(['success' => false, 'error' => 'You cannot delete your own account.']);
|
|
return;
|
|
}
|
|
$stmt = $pdo->prepare("DELETE FROM users WHERE id = ?");
|
|
$stmt->execute([$input['user_id']]);
|
|
break;
|
|
}
|
|
echo json_encode(['success' => true]);
|
|
} catch (PDOException $e) {
|
|
// Check for duplicate username error
|
|
if ($e->errorInfo[1] == 1062) {
|
|
echo json_encode(['success' => false, 'error' => 'Username already exists.']);
|
|
} else {
|
|
echo json_encode(['success' => false, 'error' => 'Database error: ' . $e->getMessage()]);
|
|
}
|
|
}
|
|
}
|