From 31c6796950bd956bf09161aae3b43fa710af4285 Mon Sep 17 00:00:00 2001
From: overplayed <47672088+overplayed@users.noreply.github.com>
Date: Sat, 15 Mar 2025 18:47:59 -0400
Subject: [PATCH] Added backend form processing

---
 db.php                   | 11 +++++
 forms/questionnaire.html |  2 +-
 submit.php               | 93 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 105 insertions(+), 1 deletion(-)
 create mode 100644 db.php
 create mode 100644 submit.php

diff --git a/db.php b/db.php
new file mode 100644
index 0000000..d92651d
--- /dev/null
+++ b/db.php
@@ -0,0 +1,11 @@
+<?php
+define("DB_HOST", "localhost");
+define("DB_USER", "ccah-user");
+define("DB_PASS", "e_NQ,S^#sW6X:;nV!Uw.my");
+define("DB_NAME", "ccah_assessment");
+
+$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
+if ($conn->connect_error) {
+    die("Database connection failed: " . $conn->connect_error);
+}
+?>
diff --git a/forms/questionnaire.html b/forms/questionnaire.html
index ac3c4fe..34bf6da 100644
--- a/forms/questionnaire.html
+++ b/forms/questionnaire.html
@@ -15,7 +15,7 @@
         </div>
         <h3 class="text-center">CCAH IT Assessment Questionnaire</h3>
         
-        <form id="assessment-form">
+        <form id="assessment-form" action="../submit.php" method="POST">
             <!-- General Information -->
             <div class="mb-3">
                 <label class="form-label">Role/Title at CCAH</label>
diff --git a/submit.php b/submit.php
new file mode 100644
index 0000000..05d86e7
--- /dev/null
+++ b/submit.php
@@ -0,0 +1,93 @@
+<?php
+session_start();
+require_once "db.php"; // Ensure you have a DB connection file
+
+header("Content-Type: application/json");
+
+// Check if request is POST
+if ($_SERVER["REQUEST_METHOD"] !== "POST") {
+    http_response_code(405);
+    echo json_encode(["error" => "Invalid request method."]);
+    exit;
+}
+
+// Get user token from session or URL (whichever is applicable)
+$userToken = $_SESSION['user_token'] ?? $_GET['token'] ?? null;
+
+if (!$userToken) {
+    http_response_code(403);
+    echo json_encode(["error" => "Unauthorized access."]);
+    exit;
+}
+
+// Connect to database
+$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
+if ($conn->connect_error) {
+    http_response_code(500);
+    echo json_encode(["error" => "Database connection failed."]);
+    exit;
+}
+
+// Get user ID from token
+$stmt = $conn->prepare("SELECT id FROM users WHERE auth_token = ?");
+$stmt->bind_param("s", $userToken);
+$stmt->execute();
+$result = $stmt->get_result();
+$user = $result->fetch_assoc();
+if (!$user) {
+    http_response_code(403);
+    echo json_encode(["error" => "Invalid authentication token."]);
+    exit;
+}
+$userId = $user['id'];
+
+// Extract & sanitize input
+function sanitize($value) {
+    return htmlspecialchars(strip_tags(trim($value)));
+}
+
+$role = sanitize($_POST['role'] ?? '');
+$roleFunction = sanitize($_POST['role_function'] ?? '');
+$devices = json_encode($_POST['devices'] ?? []);
+$workLocation = sanitize($_POST['work_location'] ?? '');
+$emailAccess = sanitize($_POST['email_access'] ?? '');
+$mfa = sanitize($_POST['mfa'] ?? '');
+$mfaTypes = json_encode($_POST['mfa_types'] ?? []);
+$itChallenges = json_encode($_POST['it_challenges'] ?? []);
+$improvements = sanitize($_POST['improvements'] ?? '');
+$operationsImprovement = sanitize($_POST['operations_improvement'] ?? '');
+
+// Validate required fields
+if (empty($role) || empty($roleFunction) || empty($devices) || empty($workLocation) || empty($emailAccess)) {
+    http_response_code(400);
+    echo json_encode(["error" => "Missing required fields."]);
+    exit;
+}
+
+// Check if the user has already submitted
+$stmt = $conn->prepare("SELECT id FROM questionnaire_responses WHERE user_id = ?");
+$stmt->bind_param("i", $userId);
+$stmt->execute();
+$result = $stmt->get_result();
+$existingResponse = $result->fetch_assoc();
+
+if ($existingResponse) {
+    // Update existing response
+    $stmt = $conn->prepare("UPDATE questionnaire_responses SET role=?, role_function=?, devices=?, work_location=?, email_access=?, mfa=?, mfa_types=?, it_challenges=?, improvements=?, operations_improvement=?, updated_at=NOW() WHERE user_id=?");
+    $stmt->bind_param("ssssssssssi", $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement, $userId);
+} else {
+    // Insert new response
+    $stmt = $conn->prepare("INSERT INTO questionnaire_responses (user_id, role, role_function, devices, work_location, email_access, mfa, mfa_types, it_challenges, improvements, operations_improvement, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), NOW())");
+    $stmt->bind_param("issssssssss", $userId, $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement);
+}
+
+if ($stmt->execute()) {
+    echo json_encode(["success" => "Form submitted successfully."]);
+} else {
+    http_response_code(500);
+    echo json_encode(["error" => "Error saving response."]);
+}
+
+$conn->close();
+exit;
+?>