essae
/
ccah-assessment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ccah-assessment/submit.php

94 lines
3.4 KiB
PHP
Raw Blame History

<?php
session_start();
require_once "db.php"; // Ensure you have a DB connection file
header("Content-Type: application/json");
// Check if request is POST
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
http_response_code(405);
echo json_encode(["error" => "Invalid request method."]);
exit;
}
// Get user token from session or URL (whichever is applicable)
$userToken = $_SESSION['user_token'] ?? $_GET['token'] ?? null;
if (!$userToken) {
http_response_code(403);
echo json_encode(["error" => "Unauthorized access."]);
exit;
}
// Connect to database
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) {
http_response_code(500);
echo json_encode(["error" => "Database connection failed."]);
exit;
}
// Get user ID from token
$stmt = $conn->prepare("SELECT id FROM users WHERE auth_token = ?");
$stmt->bind_param("s", $userToken);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
if (!$user) {
http_response_code(403);
echo json_encode(["error" => "Invalid authentication token."]);
exit;
}
$userId = $user['id'];
// Extract & sanitize input
function sanitize($value) {
return htmlspecialchars(strip_tags(trim($value)));
}
$role = sanitize($_POST['role'] ?? '');
$roleFunction = sanitize($_POST['role_function'] ?? '');
$devices = json_encode($_POST['devices'] ?? []);
$workLocation = sanitize($_POST['work_location'] ?? '');
$emailAccess = sanitize($_POST['email_access'] ?? '');
$mfa = sanitize($_POST['mfa'] ?? '');
$mfaTypes = json_encode($_POST['mfa_types'] ?? []);
$itChallenges = json_encode($_POST['it_challenges'] ?? []);
$improvements = sanitize($_POST['improvements'] ?? '');
$operationsImprovement = sanitize($_POST['operations_improvement'] ?? '');
// Validate required fields
if (empty($role) || empty($roleFunction) || empty($devices) || empty($workLocation) || empty($emailAccess)) {
http_response_code(400);
echo json_encode(["error" => "Missing required fields."]);
exit;
}
// Check if the user has already submitted
$stmt = $conn->prepare("SELECT id FROM questionnaire_responses WHERE user_id = ?");
$stmt->bind_param("i", $userId);
$stmt->execute();
$result = $stmt->get_result();
$existingResponse = $result->fetch_assoc();
if ($existingResponse) {
// Update existing response
$stmt = $conn->prepare("UPDATE questionnaire_responses SET role=?, role_function=?, devices=?, work_location=?, email_access=?, mfa=?, mfa_types=?, it_challenges=?, improvements=?, operations_improvement=?, updated_at=NOW() WHERE user_id=?");
$stmt->bind_param("ssssssssssi", $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement, $userId);
} else {
// Insert new response
$stmt = $conn->prepare("INSERT INTO questionnaire_responses (user_id, role, role_function, devices, work_location, email_access, mfa, mfa_types, it_challenges, improvements, operations_improvement, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), NOW())");
$stmt->bind_param("issssssssss", $userId, $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement);
}
if ($stmt->execute()) {
echo json_encode(["success" => "Form submitted successfully."]);
} else {
http_response_code(500);
echo json_encode(["error" => "Error saving response."]);
}
$conn->close();
exit;
?>
Reference in New Issue View Git Blame Copy Permalink