Login

Login.php

@@ -1,12 +1,11 @@
 <?php
-// ✅ CORS Headers HARUS di paling atas sebelum apapun
+// ... (Header CORS tetap sama) ...
 header('Access-Control-Allow-Origin: *');
 header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
 header('Access-Control-Allow-Headers: Content-Type, Authorization');
 header('Access-Control-Max-Age: 86400');
 header('Content-Type: application/json');
 
-// ✅ Handle preflight OPTIONS request
 if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
     http_response_code(200);
     exit();
@@ -15,17 +14,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
 session_start();
 include 'Connection.php';
 
-// Ambil data dari JSON body
 $input = json_decode(file_get_contents('php://input'), true);
 $username = $input['username'] ?? '';
 $password = $input['password'] ?? '';
 
-if (empty($username) || empty($password)) {
-    echo json_encode(["success" => false, "message" => "Username dan password wajib diisi"]);
-    exit;
-}
+// ... (Validasi input kosong tetap sama) ...
 
-$stmt = $conn->prepare("SELECT password FROM users WHERE username = ?");
+// 🔴 PERBAIKAN 1: Tambahkan 'id' di dalam SELECT
+$stmt = $conn->prepare("SELECT id, password FROM users WHERE username = ?");
 $stmt->bind_param("s", $username);
 $stmt->execute();
 $stmt->store_result();
@@ -37,11 +33,15 @@ if ($stmt->num_rows === 0) {
     exit;
 }
 
-$stmt->bind_result($hashedPassword);
+// 🔴 PERBAIKAN 2: Bind result untuk menangkap 'id' dan 'password'
+$stmt->bind_result($userId, $hashedPassword);
 $stmt->fetch();
 
 if (password_verify($password, $hashedPassword)) {
+    // 🔴 PERBAIKAN 3: Simpan 'user_id' ke dalam SESSION
+    $_SESSION['user_id'] = $userId;
     $_SESSION['username'] = $username;
+    
     echo json_encode([
         "success" => true, 
         "message" => "Login berhasil",