/home/ejrndhmu/.trash/reseller.6/ajax_products.php
<?php
require_once dirname(__DIR__) . '/config/database.php';
require_once dirname(__DIR__) . '/includes/functions.php';
startSecureSession();
// Check if user is logged in and is a reseller
if (!isLoggedIn() || !in_array($_SESSION['user_type'], ['reseller', 'agen'])) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Unauthorized']);
exit();
}
$user_id = $_SESSION['user_id'];
$action = $_POST['action'] ?? $_GET['action'] ?? '';
header('Content-Type: application/json');
switch ($action) {
case 'get_products':
try {
$products = getProductsByReseller($user_id);
echo json_encode(['success' => true, 'data' => $products]);
} catch (Exception $e) {
echo json_encode(['success' => false, 'message' => 'Gagal mengambil data produk']);
}
break;
case 'get_product':
$product_id = (int)($_GET['id'] ?? 0);
if ($product_id <= 0) {
echo json_encode(['success' => false, 'message' => 'ID produk tidak valid']);
break;
}
try {
$db = new Database();
$db->query("SELECT * FROM products WHERE id = :id AND reseller_id = :reseller_id");
$db->bind(':id', $product_id);
$db->bind(':reseller_id', $user_id);
$product = $db->single();
if ($product) {
echo json_encode(['success' => true, 'data' => $product]);
} else {
echo json_encode(['success' => false, 'message' => 'Produk tidak ditemukan']);
}
} catch (Exception $e) {
echo json_encode(['success' => false, 'message' => 'Gagal mengambil data produk']);
}
break;
case 'add_product':
$csrf_token = $_POST['csrf_token'] ?? '';
if (!verifyCSRFToken($csrf_token)) {
echo json_encode(['success' => false, 'message' => 'Token keamanan tidak valid']);
break;
}
$name = sanitizeInput($_POST['name'] ?? '');
$description = sanitizeInput($_POST['description'] ?? '');
$price = (float)($_POST['price'] ?? 0);
$category = sanitizeInput($_POST['category'] ?? '');
$file_url = sanitizeInput($_POST['file_url'] ?? '');
$thumbnail_url = sanitizeInput($_POST['thumbnail_url'] ?? '');
$status = sanitizeInput($_POST['status'] ?? 'active');
if (empty($name) || empty($description) || $price <= 0 || empty($category)) {
echo json_encode(['success' => false, 'message' => 'Semua field wajib diisi dengan benar']);
break;
}
try {
$result = createProduct($name, $description, $price, $category, $file_url, $thumbnail_url, $status, $user_id);
if ($result['success']) {
echo json_encode(['success' => true, 'message' => 'Produk berhasil ditambahkan']);
} else {
echo json_encode(['success' => false, 'message' => $result['message']]);
}
} catch (Exception $e) {
echo json_encode(['success' => false, 'message' => 'Gagal menambahkan produk']);
}
break;
case 'edit_product':
$csrf_token = $_POST['csrf_token'] ?? '';
if (!verifyCSRFToken($csrf_token)) {
echo json_encode(['success' => false, 'message' => 'Token keamanan tidak valid']);
break;
}
$product_id = (int)($_POST['product_id'] ?? 0);
$name = sanitizeInput($_POST['name'] ?? '');
$description = sanitizeInput($_POST['description'] ?? '');
$price = (float)($_POST['price'] ?? 0);
$category = sanitizeInput($_POST['category'] ?? '');
$file_url = sanitizeInput($_POST['file_url'] ?? '');
$thumbnail_url = sanitizeInput($_POST['thumbnail_url'] ?? '');
$status = sanitizeInput($_POST['status'] ?? 'active');
if ($product_id <= 0 || empty($name) || empty($description) || $price <= 0 || empty($category)) {
echo json_encode(['success' => false, 'message' => 'Semua field wajib diisi dengan benar']);
break;
}
try {
$db = new Database();
// Check if product belongs to this reseller
$db->query("SELECT id FROM products WHERE id = :id AND reseller_id = :reseller_id");
$db->bind(':id', $product_id);
$db->bind(':reseller_id', $user_id);
if (!$db->single()) {
echo json_encode(['success' => false, 'message' => 'Produk tidak ditemukan atau tidak memiliki akses']);
break;
}
// Update product
$db->query("
UPDATE products
SET name = :name, description = :description, price = :price, category = :category,
file_url = :file_url, thumbnail_url = :thumbnail_url, status = :status, updated_at = NOW()
WHERE id = :id AND reseller_id = :reseller_id
");
$db->bind(':name', $name);
$db->bind(':description', $description);
$db->bind(':price', $price);
$db->bind(':category', $category);
$db->bind(':file_url', $file_url);
$db->bind(':thumbnail_url', $thumbnail_url);
$db->bind(':status', $status);
$db->bind(':id', $product_id);
$db->bind(':reseller_id', $user_id);
if ($db->execute()) {
echo json_encode(['success' => true, 'message' => 'Produk berhasil diperbarui']);
} else {
echo json_encode(['success' => false, 'message' => 'Gagal memperbarui produk']);
}
} catch (Exception $e) {
echo json_encode(['success' => false, 'message' => 'Gagal memperbarui produk']);
}
break;
case 'delete_product':
$csrf_token = $_POST['csrf_token'] ?? '';
if (!verifyCSRFToken($csrf_token)) {
echo json_encode(['success' => false, 'message' => 'Token keamanan tidak valid']);
break;
}
$product_id = (int)($_POST['product_id'] ?? 0);
if ($product_id <= 0) {
echo json_encode(['success' => false, 'message' => 'ID produk tidak valid']);
break;
}
try {
$db = new Database();
// Check if product belongs to this reseller
$db->query("SELECT id FROM products WHERE id = :id AND reseller_id = :reseller_id");
$db->bind(':id', $product_id);
$db->bind(':reseller_id', $user_id);
if (!$db->single()) {
echo json_encode(['success' => false, 'message' => 'Produk tidak ditemukan atau tidak memiliki akses']);
break;
}
// Delete related user_products first
$db->query("DELETE FROM user_products WHERE product_id = :product_id");
$db->bind(':product_id', $product_id);
$db->execute();
// Delete product
$db->query("DELETE FROM products WHERE id = :id AND reseller_id = :reseller_id");
$db->bind(':id', $product_id);
$db->bind(':reseller_id', $user_id);
if ($db->execute()) {
echo json_encode(['success' => true, 'message' => 'Produk berhasil dihapus']);
} else {
echo json_encode(['success' => false, 'message' => 'Gagal menghapus produk']);
}
} catch (Exception $e) {
echo json_encode(['success' => false, 'message' => 'Gagal menghapus produk']);
}
break;
default:
echo json_encode(['success' => false, 'message' => 'Aksi tidak valid']);
break;
}
?>