From 8a5652b308c16bbb4ee396885550be57d9284a67 Mon Sep 17 00:00:00 2001 From: overplayed <47672088+overplayed@users.noreply.github.com> Date: Sat, 15 Mar 2025 22:59:50 -0400 Subject: [PATCH] Implemented form submission handling and response retrieval --- load-responses.php | 59 +++++--------------------------- submit.php | 84 +++++++++++++++++++++++----------------------- 2 files changed, 50 insertions(+), 93 deletions(-) diff --git a/load-responses.php b/load-responses.php index 8b33855..1f2fc29 100644 --- a/load-responses.php +++ b/load-responses.php @@ -1,68 +1,25 @@ "Invalid authentication token: " . htmlspecialchars($userToken)]); - exit; + echo json_encode(["error" => "Unauthorized access."]); + exit; } +$userId = $_SESSION['user_id']; + // Connect to the database $conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); if ($conn->connect_error) { http_response_code(500); - echo json_encode(["error" => "Database connection failed: " . $conn->connect_error]); - exit; - -} - -// Fetch user ID using token -$stmt = $conn->prepare("SELECT id, token_expires_at FROM users WHERE auth_token = ?"); -$stmt->bind_param("s", $userToken); -$stmt->execute(); -$result = $stmt->get_result(); -$user = $result->fetch_assoc(); -if (!$user) { - http_response_code(403); - echo json_encode(["error" => "Invalid authentication token."]); + echo json_encode(["error" => "Database connection failed."]); exit; } -// Check if token is expired -if ($user['expired'] == 1) { - http_response_code(403); - echo json_encode(["error" => "Authentication token has expired."]); - exit; -} - -$userId = $user['id']; -$isBoardMember = $user['is_board_member']; - -// Fetch board member profile image (if applicable) -$boardMemberImage = "img/ccah-logo.png"; // Default image -if ($isBoardMember == 1) { - $stmt = $conn->prepare("SELECT image_url FROM board_members WHERE user_id = ?"); - $stmt->bind_param("i", $userId); - $stmt->execute(); - $result = $stmt->get_result(); - if ($result->num_rows > 0) { - $boardMember = $result->fetch_assoc(); - $boardMemberImage = $boardMember['image_url'] ?: "img/ccah-logo.png"; - } -} - -// Add board membership and image to the response -$response['is_board_member'] = $isBoardMember; -$response['board_member_image'] = $boardMemberImage; - - // Fetch saved responses $stmt = $conn->prepare("SELECT * FROM questionnaire_responses WHERE user_id = ?"); diff --git a/submit.php b/submit.php index 723a2aa..48913a9 100644 --- a/submit.php +++ b/submit.php @@ -1,62 +1,31 @@ "Invalid request method."]); exit; } -// Get user token from session or URL (whichever is applicable) -$userToken = $_POST['token'] ?? null; - - -if (!$userToken) { +// Check if the user is authenticated +if (!isset($_SESSION['user_id'])) { http_response_code(403); echo json_encode(["error" => "Unauthorized access."]); exit; } -// Connect to database -$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); -if ($conn->connect_error) { - http_response_code(500); - echo json_encode(["error" => "Database connection failed."]); - exit; -} +$userId = $_SESSION['user_id']; -// Get user ID from token -$stmt = $conn->prepare("SELECT id, token_expires_at FROM users WHERE auth_token = ?"); - -$stmt->bind_param("s", $userToken); -$stmt->execute(); -$result = $stmt->get_result(); -$user = $result->fetch_assoc(); -if (!$user) { - http_response_code(403); - echo json_encode(["error" => "Invalid authentication token."]); - exit; -} -// Check if token is expired -if ($user['expired'] == 1) { - http_response_code(403); - echo json_encode(["error" => "Authentication token has expired."]); - exit; -} - -$userId = $user['id']; - - -// Extract & sanitize input +// Function to sanitize inputs function sanitize($value) { return htmlspecialchars(strip_tags(trim($value))); } +// Extract & sanitize input $role = sanitize($_POST['role'] ?? ''); $roleFunction = sanitize($_POST['role_function'] ?? ''); $devices = json_encode($_POST['devices'] ?? []); @@ -68,6 +37,14 @@ $itChallenges = json_encode($_POST['it_challenges'] ?? []); $improvements = sanitize($_POST['improvements'] ?? ''); $operationsImprovement = sanitize($_POST['operations_improvement'] ?? ''); +// Board Member Specific Fields +$boardDocAccess = sanitize($_POST['board_doc_access'] ?? ''); +$accessIssuesDetails = sanitize($_POST['access_issues_details'] ?? ''); +$boardCollabEffectiveness = sanitize($_POST['board_collab_effectiveness'] ?? ''); +$meetingIssues = sanitize($_POST['meeting_issues'] ?? ''); +$meetingIssuesDetails = sanitize($_POST['meeting_issues_details'] ?? ''); +$boardSuggestions = sanitize($_POST['board_suggestions'] ?? ''); + // Validate required fields if (empty($role) || empty($roleFunction) || empty($devices) || empty($workLocation) || empty($emailAccess)) { http_response_code(400); @@ -75,6 +52,14 @@ if (empty($role) || empty($roleFunction) || empty($devices) || empty($workLocati exit; } +// Connect to database +$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); +if ($conn->connect_error) { + http_response_code(500); + echo json_encode(["error" => "Database connection failed."]); + exit; +} + // Check if the user has already submitted $stmt = $conn->prepare("SELECT id FROM questionnaire_responses WHERE user_id = ?"); $stmt->bind_param("i", $userId); @@ -84,12 +69,27 @@ $existingResponse = $result->fetch_assoc(); if ($existingResponse) { // Update existing response - $stmt = $conn->prepare("UPDATE questionnaire_responses SET role=?, role_function=?, devices=?, work_location=?, email_access=?, mfa=?, mfa_types=?, it_challenges=?, improvements=?, operations_improvement=?, updated_at=NOW() WHERE user_id=?"); - $stmt->bind_param("ssssssssssi", $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement, $userId); + $stmt = $conn->prepare(" + UPDATE questionnaire_responses + SET role=?, role_function=?, devices=?, work_location=?, email_access=?, mfa=?, mfa_types=?, it_challenges=?, improvements=?, operations_improvement=?, + board_doc_access=?, access_issues_details=?, board_collab_effectiveness=?, meeting_issues=?, meeting_issues_details=?, board_suggestions=?, updated_at=NOW() + WHERE user_id=? + "); + $stmt->bind_param("ssssssssssssssssi", + $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement, + $boardDocAccess, $accessIssuesDetails, $boardCollabEffectiveness, $meetingIssues, $meetingIssuesDetails, $boardSuggestions, $userId + ); } else { // Insert new response - $stmt = $conn->prepare("INSERT INTO questionnaire_responses (user_id, role, role_function, devices, work_location, email_access, mfa, mfa_types, it_challenges, improvements, operations_improvement, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), NOW())"); - $stmt->bind_param("issssssssss", $userId, $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement); + $stmt = $conn->prepare(" + INSERT INTO questionnaire_responses (user_id, role, role_function, devices, work_location, email_access, mfa, mfa_types, it_challenges, improvements, operations_improvement, + board_doc_access, access_issues_details, board_collab_effectiveness, meeting_issues, meeting_issues_details, board_suggestions, created_at, updated_at) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), NOW()) + "); + $stmt->bind_param("issssssssssssssss", + $userId, $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement, + $boardDocAccess, $accessIssuesDetails, $boardCollabEffectiveness, $meetingIssues, $meetingIssuesDetails, $boardSuggestions + ); } if ($stmt->execute()) {