Andmin akses admin

app/Controllers/AdminController.php

@@ -8,13 +8,13 @@ use App\Services\ApkService;
 class AdminController extends Controller {
     
     private function checkAuth() {
-        if (!isset($_SESSION['user_id'])) {
+        if (!isset($_SESSION['user_id']) || ($_SESSION['role'] ?? '') !== 'admin') {
             $this->redirect('/admin/login');
         }
     }
 
     public function loginForm() {
-        if (isset($_SESSION['user_id'])) {
+        if (isset($_SESSION['user_id']) && ($_SESSION['role'] ?? '') === 'admin') {
             $this->redirect('/admin/dashboard');
         }
         $this->view('admin/login');
@@ -25,16 +25,17 @@ class AdminController extends Controller {
         $password = $_POST['password'] ?? '';
 
         $db = db_pdo();
-        $stmt = $db->prepare("SELECT * FROM users WHERE username = ?");
+        $stmt = $db->prepare("SELECT * FROM users WHERE username = ? AND role = 'admin'");
         $stmt->execute([$username]);
         $user = $stmt->fetch();
 
         if ($user && password_verify($password, $user['password'])) {
             $_SESSION['user_id'] = $user['id'];
             $_SESSION['username'] = $user['username'];
+            $_SESSION['role'] = $user['role'];
             $this->redirect('/admin/dashboard');
         } else {
-            $error = "Invalid username or password";
+            $error = "Invalid username or password, or you are not an admin";
             $this->view('admin/login', ['error' => $error]);
         }
     }
@@ -344,4 +345,4 @@ class AdminController extends Controller {
         $text = strtolower($text);
         return empty($text) ? 'n-a' : $text;
     }
-}
+}