essae
/
ccah-assessment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implemented form submission handling and response retrieval

This commit is contained in:
overplayed 2025-03-15 22:59:50 -04:00
parent 3089a26449
commit 8a5652b308
2 changed files with 50 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
load-responses.php
View File

@ -1,68 +1,25 @@
<?php
session_start();
require_once __DIR__ . "/db.php";
require_once 'db.php';
header("Content-Type: application/json");
// Get user token from session or URL
$userToken = $_GET['token'] ?? null;
if (!$userToken) {
// Check if the user is authenticated
if (!isset($_SESSION['user_id'])) {
http_response_code(403);
echo json_encode(["error" => "Invalid authentication token: " . htmlspecialchars($userToken)]);
exit;
echo json_encode(["error" => "Unauthorized access."]);
exit;
}
$userId = $_SESSION['user_id'];
// Connect to the database
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) {
http_response_code(500);
echo json_encode(["error" => "Database connection failed: " . $conn->connect_error]);
exit;
}
// Fetch user ID using token
$stmt = $conn->prepare("SELECT id, token_expires_at FROM users WHERE auth_token = ?");
$stmt->bind_param("s", $userToken);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
if (!$user) {
http_response_code(403);
echo json_encode(["error" => "Invalid authentication token."]);
echo json_encode(["error" => "Database connection failed."]);
exit;
}
// Check if token is expired
if ($user['expired'] == 1) {
http_response_code(403);
echo json_encode(["error" => "Authentication token has expired."]);
exit;
}
$userId = $user['id'];
$isBoardMember = $user['is_board_member'];
// Fetch board member profile image (if applicable)
$boardMemberImage = "img/ccah-logo.png"; // Default image
if ($isBoardMember == 1) {
$stmt = $conn->prepare("SELECT image_url FROM board_members WHERE user_id = ?");
$stmt->bind_param("i", $userId);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$boardMember = $result->fetch_assoc();
$boardMemberImage = $boardMember['image_url'] ?: "img/ccah-logo.png";
}
}
// Add board membership and image to the response
$response['is_board_member'] = $isBoardMember;
$response['board_member_image'] = $boardMemberImage;
// Fetch saved responses
$stmt = $conn->prepare("SELECT * FROM questionnaire_responses WHERE user_id = ?");

84
submit.php
View File

@ -1,62 +1,31 @@
<?php
session_start();
require_once __DIR__ . "/db.php";
// Ensure you have a DB connection file
require_once 'db.php';
header("Content-Type: application/json");
// Check if request is POST
// Ensure request method is POST
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
http_response_code(405);
echo json_encode(["error" => "Invalid request method."]);
exit;
}
// Get user token from session or URL (whichever is applicable)
$userToken = $_POST['token'] ?? null;
if (!$userToken) {
// Check if the user is authenticated
if (!isset($_SESSION['user_id'])) {
http_response_code(403);
echo json_encode(["error" => "Unauthorized access."]);
exit;
}
// Connect to database
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) {
http_response_code(500);
echo json_encode(["error" => "Database connection failed."]);
exit;
}
$userId = $_SESSION['user_id'];
// Get user ID from token
$stmt = $conn->prepare("SELECT id, token_expires_at FROM users WHERE auth_token = ?");
$stmt->bind_param("s", $userToken);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
if (!$user) {
http_response_code(403);
echo json_encode(["error" => "Invalid authentication token."]);
exit;
}
// Check if token is expired
if ($user['expired'] == 1) {
http_response_code(403);
echo json_encode(["error" => "Authentication token has expired."]);
exit;
}
$userId = $user['id'];
// Extract & sanitize input
// Function to sanitize inputs
function sanitize($value) {
return htmlspecialchars(strip_tags(trim($value)));
}
// Extract & sanitize input
$role = sanitize($_POST['role'] ?? '');
$roleFunction = sanitize($_POST['role_function'] ?? '');
$devices = json_encode($_POST['devices'] ?? []);
@ -68,6 +37,14 @@ $itChallenges = json_encode($_POST['it_challenges'] ?? []);
$improvements = sanitize($_POST['improvements'] ?? '');
$operationsImprovement = sanitize($_POST['operations_improvement'] ?? '');
// Board Member Specific Fields
$boardDocAccess = sanitize($_POST['board_doc_access'] ?? '');
$accessIssuesDetails = sanitize($_POST['access_issues_details'] ?? '');
$boardCollabEffectiveness = sanitize($_POST['board_collab_effectiveness'] ?? '');
$meetingIssues = sanitize($_POST['meeting_issues'] ?? '');
$meetingIssuesDetails = sanitize($_POST['meeting_issues_details'] ?? '');
$boardSuggestions = sanitize($_POST['board_suggestions'] ?? '');
// Validate required fields
if (empty($role) || empty($roleFunction) || empty($devices) || empty($workLocation) || empty($emailAccess)) {
http_response_code(400);
@ -75,6 +52,14 @@ if (empty($role) || empty($roleFunction) || empty($devices) || empty($workLocati
exit;
}
// Connect to database
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) {
http_response_code(500);
echo json_encode(["error" => "Database connection failed."]);
exit;
}
// Check if the user has already submitted
$stmt = $conn->prepare("SELECT id FROM questionnaire_responses WHERE user_id = ?");
$stmt->bind_param("i", $userId);
@ -84,12 +69,27 @@ $existingResponse = $result->fetch_assoc();
if ($existingResponse) {
// Update existing response
$stmt = $conn->prepare("UPDATE questionnaire_responses SET role=?, role_function=?, devices=?, work_location=?, email_access=?, mfa=?, mfa_types=?, it_challenges=?, improvements=?, operations_improvement=?, updated_at=NOW() WHERE user_id=?");
$stmt->bind_param("ssssssssssi", $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement, $userId);
$stmt = $conn->prepare("
UPDATE questionnaire_responses
SET role=?, role_function=?, devices=?, work_location=?, email_access=?, mfa=?, mfa_types=?, it_challenges=?, improvements=?, operations_improvement=?,
board_doc_access=?, access_issues_details=?, board_collab_effectiveness=?, meeting_issues=?, meeting_issues_details=?, board_suggestions=?, updated_at=NOW()
WHERE user_id=?
");
$stmt->bind_param("ssssssssssssssssi",
$role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement,
$boardDocAccess, $accessIssuesDetails, $boardCollabEffectiveness, $meetingIssues, $meetingIssuesDetails, $boardSuggestions, $userId
);
} else {
// Insert new response
$stmt = $conn->prepare("INSERT INTO questionnaire_responses (user_id, role, role_function, devices, work_location, email_access, mfa, mfa_types, it_challenges, improvements, operations_improvement, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), NOW())");
$stmt->bind_param("issssssssss", $userId, $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement);
$stmt = $conn->prepare("
INSERT INTO questionnaire_responses (user_id, role, role_function, devices, work_location, email_access, mfa, mfa_types, it_challenges, improvements, operations_improvement,
board_doc_access, access_issues_details, board_collab_effectiveness, meeting_issues, meeting_issues_details, board_suggestions, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), NOW())
");
$stmt->bind_param("issssssssssssssss",
$userId, $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement,
$boardDocAccess, $accessIssuesDetails, $boardCollabEffectiveness, $meetingIssues, $meetingIssuesDetails, $boardSuggestions
);
}
if ($stmt->execute()) {