exec(" CREATE TABLE IF NOT EXISTS `sales_member` ( `id` int(11) NOT NULL AUTO_INCREMENT, `member_id` varchar(50) NOT NULL COMMENT '로그인 ID', `password` varchar(255) NOT NULL COMMENT '비밀번호', `name` varchar(100) NOT NULL COMMENT '성명', `phone` varchar(20) DEFAULT NULL COMMENT '전화번호', `email` varchar(100) DEFAULT NULL COMMENT '이메일', `parent_id` int(11) DEFAULT NULL COMMENT '상위 관리자 ID', `role` varchar(20) DEFAULT 'manager' COMMENT '역할 (operator, manager)', `remarks` text DEFAULT NULL COMMENT '비고', `is_active` tinyint(1) DEFAULT 1 COMMENT '활성화 여부', `created_at` timestamp DEFAULT CURRENT_TIMESTAMP, `updated_at` timestamp DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE KEY `idx_member_id` (`member_id`), KEY `idx_parent_id` (`parent_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; "); switch ($method) { case 'GET': if ($action === 'check_session') { if (isset($_SESSION['sales_user'])) { echo json_encode(['success' => true, 'user' => $_SESSION['sales_user']]); } else { echo json_encode(['success' => false]); } } elseif ($action === 'list') { if (!isset($_SESSION['sales_user'])) throw new Exception("로그인이 필요합니다."); $currentUser = $_SESSION['sales_user']; if ($currentUser['role'] === 'operator') { // 운영자는 상위/하위 상관없이 모든 활동중인 멤버 조회 (본인 제외) $stmt = $pdo->prepare("SELECT id, member_id, name, phone, email, role, parent_id, remarks, created_at FROM sales_member WHERE is_active = 1 AND role != 'operator' ORDER BY name ASC"); $stmt->execute(); } else { // 특정 관리자의 하위 멤버 목록 조회 $parent_id = $_GET['parent_id'] ?? $currentUser['id']; $stmt = $pdo->prepare("SELECT id, member_id, name, phone, email, role, parent_id, remarks, created_at FROM sales_member WHERE parent_id = ? AND is_active = 1 ORDER BY name ASC"); $stmt->execute([$parent_id]); } $members = $stmt->fetchAll(PDO::FETCH_ASSOC); echo json_encode(['success' => true, 'data' => $members]); } break; case 'POST': $data = json_decode(file_get_contents('php://input'), true); if ($action === 'login') { $member_id = $data['member_id'] ?? ''; $password = $data['password'] ?? ''; $stmt = $pdo->prepare("SELECT * FROM sales_member WHERE member_id = ? AND is_active = 1"); $stmt->execute([$member_id]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user && $password === $user['password']) { $_SESSION['sales_user'] = $user; echo json_encode(['success' => true, 'user' => $user]); } else { // 수동 초기화용 (개발용: plain text) if ($member_id === 'admin' && $password === 'admin') { $pdo->prepare("INSERT IGNORE INTO sales_member (member_id, password, name, role) VALUES ('admin', 'admin', '운영자', 'operator')")->execute(); $stmt = $pdo->prepare("SELECT * FROM sales_member WHERE member_id = 'admin'"); $stmt->execute(); $user = $stmt->fetch(PDO::FETCH_ASSOC); $_SESSION['sales_user'] = $user; echo json_encode(['success' => true, 'user' => $user, 'message' => 'Admin reset successful. Logged in.']); return; } if ($member_id === 'sales' && $password === 'sales') { $pdo->prepare("INSERT IGNORE INTO sales_member (member_id, password, name, role) VALUES ('sales', 'sales', '영업관리자', 'sales_admin')")->execute(); $stmt = $pdo->prepare("SELECT * FROM sales_member WHERE member_id = 'sales'"); $stmt->execute(); $user = $stmt->fetch(PDO::FETCH_ASSOC); $_SESSION['sales_user'] = $user; echo json_encode(['success' => true, 'user' => $user, 'message' => 'Sales admin reset successful. Logged in.']); return; } if ($member_id === 'manager' && $password === 'manager') { $pdo->prepare("INSERT IGNORE INTO sales_member (member_id, password, name, role) VALUES ('manager', 'manager', '매니저', 'manager')")->execute(); $stmt = $pdo->prepare("SELECT * FROM sales_member WHERE member_id = 'manager'"); $stmt->execute(); $user = $stmt->fetch(PDO::FETCH_ASSOC); $_SESSION['sales_user'] = $user; echo json_encode(['success' => true, 'user' => $user, 'message' => 'Manager reset successful. Logged in.']); return; } throw new Exception("아이디 또는 비밀번호가 일치하지 않습니다."); } } elseif ($action === 'logout') { session_destroy(); echo json_encode(['success' => true]); } elseif ($action === 'create') { if (!isset($_SESSION['sales_user'])) throw new Exception("로그인이 필요합니다."); $currentUser = $_SESSION['sales_user']; $member_id = $data['member_id'] ?? ''; $password = $data['password'] ?? '1234'; $name = $data['name'] ?? ''; $phone = $data['phone'] ?? ''; $email = $data['email'] ?? ''; $remarks = $data['remarks'] ?? ''; // 운영자는 parent_id와 role을 직접 지정 가능 if ($currentUser['role'] === 'operator') { $parent_id = $data['parent_id'] ?: null; $role = $data['role'] ?? 'manager'; } else { $parent_id = $currentUser['id']; $role = 'manager'; } // 중복 체크 $stmt = $pdo->prepare("SELECT COUNT(*) FROM sales_member WHERE member_id = ?"); $stmt->execute([$member_id]); if ($stmt->fetchColumn() > 0) throw new Exception("이미 존재하는 아이디입니다."); $stmt = $pdo->prepare("INSERT INTO sales_member (member_id, password, name, phone, email, parent_id, role, remarks) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([$member_id, $password, $name, $phone, $email, $parent_id, $role, $remarks]); echo json_encode(['success' => true, 'message' => '등록되었습니다.']); } elseif ($action === 'check_id') { $member_id = $data['member_id'] ?? ''; if (!$member_id) throw new Exception("아이디를 입력해주세요."); $stmt = $pdo->prepare("SELECT COUNT(*) FROM sales_member WHERE member_id = ?"); $stmt->execute([$member_id]); $exists = $stmt->fetchColumn() > 0; echo json_encode([ 'success' => true, 'exists' => $exists, 'message' => $exists ? '이미 사용 중인 아이디입니다.' : '사용 가능한 아이디입니다.' ]); } elseif ($action === 'delete') { $id = $data['id'] ?? $_GET['id'] ?? null; if (!$id) throw new Exception("ID가 누락되었습니다."); $stmt = $pdo->prepare("UPDATE sales_member SET is_active = 0 WHERE id = ?"); $stmt->execute([$id]); echo json_encode(['success' => true, 'message' => '삭제되었습니다.']); return; } break; case 'PUT': if (!isset($_SESSION['sales_user'])) throw new Exception("로그인이 필요합니다."); $currentUser = $_SESSION['sales_user']; $data = json_decode(file_get_contents('php://input'), true); $id = $data['id'] ?? null; if (!$id) throw new Exception("ID가 누락되었습니다."); $updates = []; $params = []; $fields = ['name', 'phone', 'email', 'remarks']; if ($currentUser['role'] === 'operator') { $fields[] = 'role'; $fields[] = 'parent_id'; } foreach ($fields as $field) { if (isset($data[$field])) { $updates[] = "$field = ?"; $params[] = ($field === 'parent_id' && $data[$field] === '') ? null : $data[$field]; } } if (isset($data['password']) && !empty($data['password'])) { $updates[] = "password = ?"; $params[] = $data['password']; } if (empty($updates)) throw new Exception("수정할 내용이 없습니다."); $params[] = $id; $stmt = $pdo->prepare("UPDATE sales_member SET " . implode(", ", $updates) . " WHERE id = ?"); $stmt->execute($params); echo json_encode(['success' => true, 'message' => '수정되었습니다.']); break; case 'DELETE': $id = $_GET['id'] ?? null; if (!$id) throw new Exception("ID가 누락되었습니다."); $stmt = $pdo->prepare("UPDATE sales_member SET is_active = 0 WHERE id = ?"); $stmt->execute([$id]); echo json_encode(['success' => true, 'message' => '삭제되었습니다.']); break; } } catch (Exception $e) { echo json_encode(['success' => false, 'error' => $e->getMessage()]); }