"Invalid request method."]); exit; } // Check if the user is authenticated if (!isset($_SESSION['user_id'])) { http_response_code(403); echo json_encode(["error" => "Unauthorized access."]); exit; } $userId = $_SESSION['user_id']; // Function to sanitize inputs function sanitize($value) { return htmlspecialchars(strip_tags(trim($value))); } // Extract & sanitize input $role = sanitize($_POST['role'] ?? ''); $roleFunction = sanitize($_POST['role_function'] ?? ''); $devices = json_encode($_POST['devices'] ?? []); $workLocation = sanitize($_POST['work_location'] ?? ''); $emailAccess = sanitize($_POST['email_access'] ?? ''); $mfa = sanitize($_POST['mfa'] ?? ''); $mfaTypes = json_encode($_POST['mfa_types'] ?? []); $itChallenges = json_encode($_POST['it_challenges'] ?? []); $improvements = sanitize($_POST['improvements'] ?? ''); $operationsImprovement = sanitize($_POST['operations_improvement'] ?? ''); // Board Member Specific Fields $boardDocAccess = sanitize($_POST['board_doc_access'] ?? ''); $accessIssuesDetails = sanitize($_POST['access_issues_details'] ?? ''); $boardCollabEffectiveness = sanitize($_POST['board_collab_effectiveness'] ?? ''); $meetingIssues = sanitize($_POST['meeting_issues'] ?? ''); $meetingIssuesDetails = sanitize($_POST['meeting_issues_details'] ?? ''); $boardSuggestions = sanitize($_POST['board_suggestions'] ?? ''); // Validate required fields if (empty($role) || empty($roleFunction) || empty($devices) || empty($workLocation) || empty($emailAccess)) { http_response_code(400); echo json_encode(["error" => "Missing required fields."]); exit; } // Connect to database $conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); if ($conn->connect_error) { http_response_code(500); echo json_encode(["error" => "Database connection failed."]); exit; } // Check if the user has already submitted $stmt = $conn->prepare("SELECT id FROM questionnaire_responses WHERE user_id = ?"); $stmt->bind_param("i", $userId); $stmt->execute(); $result = $stmt->get_result(); $existingResponse = $result->fetch_assoc(); if ($existingResponse) { // Update existing response $stmt = $conn->prepare(" UPDATE questionnaire_responses SET role=?, role_function=?, devices=?, work_location=?, email_access=?, mfa=?, mfa_types=?, it_challenges=?, improvements=?, operations_improvement=?, board_doc_access=?, access_issues_details=?, board_collab_effectiveness=?, meeting_issues=?, meeting_issues_details=?, board_suggestions=?, updated_at=NOW() WHERE user_id=? "); $stmt->bind_param("ssssssssssssssssi", $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement, $boardDocAccess, $accessIssuesDetails, $boardCollabEffectiveness, $meetingIssues, $meetingIssuesDetails, $boardSuggestions, $userId ); } else { // Insert new response $stmt = $conn->prepare(" INSERT INTO questionnaire_responses (user_id, role, role_function, devices, work_location, email_access, mfa, mfa_types, it_challenges, improvements, operations_improvement, board_doc_access, access_issues_details, board_collab_effectiveness, meeting_issues, meeting_issues_details, board_suggestions, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), NOW()) "); $stmt->bind_param("issssssssssssssss", $userId, $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement, $boardDocAccess, $accessIssuesDetails, $boardCollabEffectiveness, $meetingIssues, $meetingIssuesDetails, $boardSuggestions ); } if ($stmt->execute()) { echo json_encode(["success" => "Form submitted successfully."]); } else { http_response_code(500); echo json_encode(["error" => "Error saving response."]); } header("Content-Type: application/json"); echo json_encode(["debug" => "Submit script is running"]); exit; $conn->close(); exit; ?>