feat: tambah profil akun dan ganti password
Tambahkan halaman /dashboard/profile beserta API ganti password untuk user yang sedang login. Rapikan AuthSeeder agar idempotent dan bisa ambil admin email/password dari env.
This commit is contained in:
mwpn
@@ -26,6 +26,7 @@ $routes->delete('api/users/(:num)', '\App\Modules\Auth\Controllers\UserControlle
|
||||
$routes->get('login', 'LoginController::index');
|
||||
$routes->post('logout', 'LogoutController::index');
|
||||
$routes->get('dashboard', 'DashboardPageController::index', ['filter' => 'dashboard_page_auth']);
|
||||
$routes->get('dashboard/profile', 'DashboardPageController::profile', ['filter' => 'dashboard_page_auth']);
|
||||
$routes->get('dashboard/attendance/reports', 'DashboardPageController::attendanceReports', ['filter' => 'dashboard_page_auth']);
|
||||
$routes->get('dashboard/attendance/report/(:num)', 'DashboardPageController::attendanceReport/$1', ['filter' => 'dashboard_page_auth']);
|
||||
$routes->get('dashboard/schedule/today', 'DashboardPageController::scheduleToday', ['filter' => 'dashboard_page_auth']);
|
||||
|
||||
@@ -25,6 +25,23 @@ class DashboardPageController extends BaseController
|
||||
return $this->response->setBody(view('layouts/main', $data));
|
||||
}
|
||||
|
||||
/**
|
||||
* GET /dashboard/profile
|
||||
* Halaman profile user: info akun + form ganti password.
|
||||
*/
|
||||
public function profile(): ResponseInterface
|
||||
{
|
||||
$authService = new AuthService();
|
||||
$user = $authService->currentUser();
|
||||
|
||||
$data = [
|
||||
'user' => $user,
|
||||
'content' => view('dashboard/profile'),
|
||||
];
|
||||
|
||||
return $this->response->setBody(view('layouts/main', $data));
|
||||
}
|
||||
|
||||
/**
|
||||
* GET /dashboard/attendance/reports
|
||||
* Attendance reports index: pick date, list schedules, link to report per schedule.
|
||||
|
||||
@@ -15,21 +15,37 @@ class AuthSeeder extends Seeder
|
||||
['role_code' => 'GURU_MAPEL', 'role_name' => 'Guru Mata Pelajaran'],
|
||||
['role_code' => 'ORANG_TUA', 'role_name' => 'Orang Tua'],
|
||||
];
|
||||
$this->db->table('roles')->insertBatch($roles);
|
||||
|
||||
foreach ($roles as $role) {
|
||||
$exists = $this->db->table('roles')->where('role_code', $role['role_code'])->countAllResults();
|
||||
if ($exists === 0) {
|
||||
$this->db->table('roles')->insert($role);
|
||||
}
|
||||
}
|
||||
|
||||
$adminEmail = env('ADMIN_EMAIL', 'admin@example.com');
|
||||
$adminPassword = env('ADMIN_PASSWORD', 'admin123');
|
||||
|
||||
$userExists = $this->db->table('users')->where('email', $adminEmail)->countAllResults();
|
||||
if ($userExists > 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
$this->db->table('users')->insert([
|
||||
'name' => 'Admin',
|
||||
'email' => 'admin@example.com',
|
||||
'password_hash' => password_hash('admin123', PASSWORD_DEFAULT),
|
||||
'email' => $adminEmail,
|
||||
'password_hash' => password_hash($adminPassword, PASSWORD_DEFAULT),
|
||||
'is_active' => 1,
|
||||
'created_at' => date('Y-m-d H:i:s'),
|
||||
'updated_at' => date('Y-m-d H:i:s'),
|
||||
]);
|
||||
$adminId = $this->db->insertID();
|
||||
$adminRoleId = $this->db->table('roles')->where('role_code', 'ADMIN')->get()->getRow()->id;
|
||||
$this->db->table('user_roles')->insert([
|
||||
'user_id' => $adminId,
|
||||
'role_id' => $adminRoleId,
|
||||
]);
|
||||
$adminRole = $this->db->table('roles')->where('role_code', 'ADMIN')->get()->getRow();
|
||||
if ($adminRole) {
|
||||
$this->db->table('user_roles')->insert([
|
||||
'user_id' => $adminId,
|
||||
'role_id' => $adminRole->id,
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -62,4 +62,41 @@ class AuthController extends BaseApiController
|
||||
}
|
||||
return $this->successResponse($user, 'Current user');
|
||||
}
|
||||
|
||||
/**
|
||||
* POST /api/auth/change-password
|
||||
* Body: { "current_password": "", "new_password": "" }
|
||||
* User can only change their own password.
|
||||
*/
|
||||
public function changePassword(): ResponseInterface
|
||||
{
|
||||
$user = $this->authService->currentUser();
|
||||
if (!$user) {
|
||||
return $this->errorResponse('Not authenticated', null, null, 401);
|
||||
}
|
||||
|
||||
$input = $this->request->getJSON(true);
|
||||
$currentPassword = $input['current_password'] ?? '';
|
||||
$newPassword = $input['new_password'] ?? '';
|
||||
|
||||
if ($currentPassword === '' || $newPassword === '') {
|
||||
return $this->errorResponse('Current password and new password are required', null, null, 400);
|
||||
}
|
||||
|
||||
if (strlen($newPassword) < 6) {
|
||||
return $this->errorResponse('New password must be at least 6 characters', null, null, 400);
|
||||
}
|
||||
|
||||
$ok = $this->authService->changePassword(
|
||||
(int) $user['id'],
|
||||
$currentPassword,
|
||||
$newPassword
|
||||
);
|
||||
|
||||
if (!$ok) {
|
||||
return $this->errorResponse('Current password is incorrect', null, null, 400);
|
||||
}
|
||||
|
||||
return $this->successResponse(null, 'Password changed successfully');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,4 +14,5 @@ $routes->group('api/auth', ['namespace' => 'App\Modules\Auth\Controllers'], func
|
||||
$routes->post('login', 'AuthController::login');
|
||||
$routes->post('logout', 'AuthController::logout');
|
||||
$routes->get('me', 'AuthController::me');
|
||||
$routes->post('change-password', 'AuthController::changePassword');
|
||||
});
|
||||
|
||||
@@ -67,8 +67,9 @@ class AuthService
|
||||
public function currentUser(): ?array
|
||||
{
|
||||
$session = session();
|
||||
$userId = $session->get(self::SESSION_USER_ID);
|
||||
if (!$userId) {
|
||||
$rawUserId = $session->get(self::SESSION_USER_ID);
|
||||
$userId = (int) $rawUserId;
|
||||
if ($userId <= 0) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -81,6 +82,31 @@ class AuthService
|
||||
return $this->userWithRoles($user);
|
||||
}
|
||||
|
||||
/**
|
||||
* Change password for the given user. Verifies current password first.
|
||||
*
|
||||
* @param int $userId
|
||||
* @param string $currentPassword
|
||||
* @param string $newPassword
|
||||
* @return bool True on success, false if current password wrong or user not found
|
||||
*/
|
||||
public function changePassword(int $userId, string $currentPassword, string $newPassword): bool
|
||||
{
|
||||
$user = $this->userModel->find($userId);
|
||||
if (!$user || !$user->isActive()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!password_verify($currentPassword, $user->password_hash)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$hash = password_hash($newPassword, PASSWORD_DEFAULT);
|
||||
$this->userModel->update($userId, ['password_hash' => $hash]);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Build user array with roles (no password).
|
||||
*/
|
||||
|
||||
130
app/Views/dashboard/profile.php
Normal file
130
app/Views/dashboard/profile.php
Normal file
@@ -0,0 +1,130 @@
|
||||
<?php
|
||||
$user = $user ?? null;
|
||||
$roles = $user && !empty($user['roles']) ? $user['roles'] : [];
|
||||
$roleLabels = array_map(function ($r) { return $r['role_name'] ?? $r['role_code'] ?? ''; }, $roles);
|
||||
?>
|
||||
<div class="space-y-6">
|
||||
<div>
|
||||
<h1 class="text-xl font-semibold">Profil Akun</h1>
|
||||
<p class="text-gray-600 dark:text-gray-400 mt-1">Informasi akun dan pengaturan ganti password.</p>
|
||||
</div>
|
||||
|
||||
<!-- Info Akun -->
|
||||
<div class="rounded-2xl border border-gray-200 dark:border-gray-700 bg-white dark:bg-gray-800 shadow-sm p-6">
|
||||
<h2 class="text-base font-semibold text-gray-900 dark:text-gray-100 mb-4">Informasi Akun</h2>
|
||||
<dl class="space-y-3">
|
||||
<div>
|
||||
<dt class="text-sm text-gray-500 dark:text-gray-400">Nama</dt>
|
||||
<dd class="text-gray-900 dark:text-gray-100 font-medium"><?= esc($user['name'] ?? '-') ?></dd>
|
||||
</div>
|
||||
<div>
|
||||
<dt class="text-sm text-gray-500 dark:text-gray-400">Email</dt>
|
||||
<dd class="text-gray-900 dark:text-gray-100"><?= esc($user['email'] ?? '-') ?></dd>
|
||||
</div>
|
||||
<div>
|
||||
<dt class="text-sm text-gray-500 dark:text-gray-400">Role</dt>
|
||||
<dd class="text-gray-900 dark:text-gray-100"><?= esc(implode(', ', $roleLabels) ?: '-') ?></dd>
|
||||
</div>
|
||||
</dl>
|
||||
</div>
|
||||
|
||||
<!-- Form Ganti Password -->
|
||||
<div class="rounded-2xl border border-gray-200 dark:border-gray-700 bg-white dark:bg-gray-800 shadow-sm p-6">
|
||||
<h2 class="text-base font-semibold text-gray-900 dark:text-gray-100 mb-4">Ganti Password</h2>
|
||||
<form id="form-change-password" class="space-y-4 max-w-md">
|
||||
<div>
|
||||
<label for="current-password" class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Password Saat Ini <span class="text-red-500">*</span></label>
|
||||
<input type="password" id="current-password" name="current_password" required autocomplete="current-password"
|
||||
class="w-full px-4 py-2.5 rounded-lg border border-gray-300 dark:border-gray-600 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 focus:ring-2 focus:ring-primary focus:border-transparent"
|
||||
placeholder="Masukkan password saat ini">
|
||||
</div>
|
||||
<div>
|
||||
<label for="new-password" class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Password Baru <span class="text-red-500">*</span></label>
|
||||
<input type="password" id="new-password" name="new_password" required minlength="6" autocomplete="new-password"
|
||||
class="w-full px-4 py-2.5 rounded-lg border border-gray-300 dark:border-gray-600 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 focus:ring-2 focus:ring-primary focus:border-transparent"
|
||||
placeholder="Minimal 6 karakter">
|
||||
</div>
|
||||
<div>
|
||||
<label for="new-password-confirm" class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Konfirmasi Password Baru <span class="text-red-500">*</span></label>
|
||||
<input type="password" id="new-password-confirm" name="new_password_confirm" required minlength="6" autocomplete="new-password"
|
||||
class="w-full px-4 py-2.5 rounded-lg border border-gray-300 dark:border-gray-600 bg-white dark:bg-gray-700 text-gray-900 dark:text-gray-100 focus:ring-2 focus:ring-primary focus:border-transparent"
|
||||
placeholder="Ulangi password baru">
|
||||
<p id="password-match-error" class="mt-1 text-sm text-red-600 dark:text-red-400 hidden">Password baru dan konfirmasi tidak sama.</p>
|
||||
</div>
|
||||
<button type="submit" id="btn-submit" class="inline-flex items-center gap-2 px-5 py-2.5 rounded-lg bg-primary text-white font-medium hover:bg-primary-hover transition-colors">
|
||||
<i class="bx bx-lock-alt"></i>
|
||||
Ganti Password
|
||||
</button>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="toast-container" class="fixed bottom-6 right-6 z-[60] flex flex-col gap-2 pointer-events-none"></div>
|
||||
|
||||
<script>
|
||||
(function() {
|
||||
var baseUrl = '<?= base_url() ?>'.replace(/\/$/, '');
|
||||
var apiChangePassword = baseUrl + '/api/auth/change-password';
|
||||
|
||||
var form = document.getElementById('form-change-password');
|
||||
var btnSubmit = document.getElementById('btn-submit');
|
||||
var currentPassword = document.getElementById('current-password');
|
||||
var newPassword = document.getElementById('new-password');
|
||||
var newPasswordConfirm = document.getElementById('new-password-confirm');
|
||||
var passwordMatchError = document.getElementById('password-match-error');
|
||||
var toastContainer = document.getElementById('toast-container');
|
||||
|
||||
function showToast(message, type) {
|
||||
type = type || 'success';
|
||||
var el = document.createElement('div');
|
||||
el.className = 'pointer-events-auto px-4 py-3 rounded-lg shadow-lg text-sm font-medium ' + (type === 'success' ? 'bg-green-600 text-white' : 'bg-red-600 text-white');
|
||||
el.textContent = message;
|
||||
toastContainer.appendChild(el);
|
||||
setTimeout(function() { if (el.parentNode) el.parentNode.removeChild(el); }, 3000);
|
||||
}
|
||||
|
||||
function postOpts(body) {
|
||||
return {
|
||||
method: 'POST',
|
||||
credentials: 'same-origin',
|
||||
headers: { 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/json', 'Accept': 'application/json' },
|
||||
body: JSON.stringify(body)
|
||||
};
|
||||
}
|
||||
|
||||
form.addEventListener('submit', function(e) {
|
||||
e.preventDefault();
|
||||
passwordMatchError.classList.add('hidden');
|
||||
|
||||
if (newPassword.value !== newPasswordConfirm.value) {
|
||||
passwordMatchError.classList.remove('hidden');
|
||||
return;
|
||||
}
|
||||
|
||||
if (newPassword.value.length < 6) {
|
||||
showToast('Password baru minimal 6 karakter', 'error');
|
||||
return;
|
||||
}
|
||||
|
||||
btnSubmit.disabled = true;
|
||||
fetch(apiChangePassword, postOpts({
|
||||
current_password: currentPassword.value,
|
||||
new_password: newPassword.value
|
||||
}))
|
||||
.then(function(res) { return res.json().then(function(j) { return { ok: res.ok, data: j }; }); })
|
||||
.then(function(r) {
|
||||
btnSubmit.disabled = false;
|
||||
if (!r.ok) {
|
||||
showToast(r.data && r.data.message ? r.data.message : 'Gagal mengganti password', 'error');
|
||||
return;
|
||||
}
|
||||
showToast('Password berhasil diubah');
|
||||
form.reset();
|
||||
})
|
||||
.catch(function() {
|
||||
btnSubmit.disabled = false;
|
||||
showToast('Gagal mengganti password', 'error');
|
||||
});
|
||||
});
|
||||
})();
|
||||
</script>
|
||||
@@ -21,10 +21,14 @@ function nav_is_active(string $currentUri, string $path, bool $exact = true): bo
|
||||
<a href="<?= base_url('dashboard') ?>" class="text-xl font-bold text-primary dark:text-primary-400">SMAN 1 Garut</a>
|
||||
</div>
|
||||
<nav class="flex-1 p-4 space-y-1 overflow-y-auto">
|
||||
<a href="<?= base_url('dashboard') ?>" class="<?= nav_is_active($currentUri, 'dashboard') ? $navClassActive : $navClassInactive ?>">
|
||||
<a href="<?= base_url('dashboard') ?>" class="<?= $currentUri === 'dashboard' ? $navClassActive : $navClassInactive ?>">
|
||||
<i class="bx bx-home-alt text-xl"></i>
|
||||
<span>Dashboard</span>
|
||||
</a>
|
||||
<a href="<?= base_url('dashboard/profile') ?>" class="<?= nav_is_active($currentUri, 'dashboard/profile') ? $navClassActive : $navClassInactive ?>">
|
||||
<i class="bx bx-user text-xl"></i>
|
||||
<span>Profil</span>
|
||||
</a>
|
||||
<a href="<?= base_url('dashboard/schedule/today') ?>" class="<?= nav_is_active($currentUri, 'dashboard/schedule/today') ? $navClassActive : $navClassInactive ?>">
|
||||
<i class="bx bx-calendar text-xl"></i>
|
||||
<span>Jadwal Hari Ini</span>
|
||||
|
||||
Reference in New Issue
Block a user