From d44d584918fa7d236780ce968dfa518c58fad0ae Mon Sep 17 00:00:00 2001 From: Flatlogic Bot Date: Wed, 25 Feb 2026 12:21:34 +0000 Subject: [PATCH] Andmin akses admin --- app/Controllers/AdminController.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/app/Controllers/AdminController.php b/app/Controllers/AdminController.php index 18a1e6a..8aa051c 100644 --- a/app/Controllers/AdminController.php +++ b/app/Controllers/AdminController.php @@ -8,13 +8,13 @@ use App\Services\ApkService; class AdminController extends Controller { private function checkAuth() { - if (!isset($_SESSION['user_id'])) { + if (!isset($_SESSION['user_id']) || ($_SESSION['role'] ?? '') !== 'admin') { $this->redirect('/admin/login'); } } public function loginForm() { - if (isset($_SESSION['user_id'])) { + if (isset($_SESSION['user_id']) && ($_SESSION['role'] ?? '') === 'admin') { $this->redirect('/admin/dashboard'); } $this->view('admin/login'); @@ -25,16 +25,17 @@ class AdminController extends Controller { $password = $_POST['password'] ?? ''; $db = db_pdo(); - $stmt = $db->prepare("SELECT * FROM users WHERE username = ?"); + $stmt = $db->prepare("SELECT * FROM users WHERE username = ? AND role = 'admin'"); $stmt->execute([$username]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password'])) { $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; + $_SESSION['role'] = $user['role']; $this->redirect('/admin/dashboard'); } else { - $error = "Invalid username or password"; + $error = "Invalid username or password, or you are not an admin"; $this->view('admin/login', ['error' => $error]); } } @@ -344,4 +345,4 @@ class AdminController extends Controller { $text = strtolower($text); return empty($text) ? 'n-a' : $text; } -} +} \ No newline at end of file