essae
/
ccah-assessment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ccah-assessment/submit.php

109 lines
4.2 KiB
PHP
Raw Blame History

<?php
session_start();
require_once 'db.php';
header("Content-Type: application/json");
// Ensure request method is POST
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
http_response_code(405);
echo json_encode(["error" => "Invalid request method."]);
exit;
}
// Check if the user is authenticated
if (!isset($_SESSION['user_id'])) {
http_response_code(403);
echo json_encode(["error" => "Unauthorized access."]);
exit;
}
$userId = $_SESSION['user_id'];
// Function to sanitize inputs
function sanitize($value) {
return htmlspecialchars(strip_tags(trim($value)));
}
// Extract & sanitize input
$role = sanitize($_POST['role'] ?? '');
$roleFunction = sanitize($_POST['role_function'] ?? '');
$devices = json_encode($_POST['devices'] ?? []);
$workLocation = sanitize($_POST['work_location'] ?? '');
$emailAccess = sanitize($_POST['email_access'] ?? '');
$mfa = sanitize($_POST['mfa'] ?? '');
$mfaTypes = json_encode($_POST['mfa_types'] ?? []);
$itChallenges = json_encode($_POST['it_challenges'] ?? []);
$improvements = sanitize($_POST['improvements'] ?? '');
$operationsImprovement = sanitize($_POST['operations_improvement'] ?? '');
// Board Member Specific Fields
$boardDocAccess = sanitize($_POST['board_doc_access'] ?? '');
$accessIssuesDetails = sanitize($_POST['access_issues_details'] ?? '');
$boardCollabEffectiveness = sanitize($_POST['board_collab_effectiveness'] ?? '');
$meetingIssues = sanitize($_POST['meeting_issues'] ?? '');
$meetingIssuesDetails = sanitize($_POST['meeting_issues_details'] ?? '');
$boardSuggestions = sanitize($_POST['board_suggestions'] ?? '');
// Validate required fields
if (empty($role) || empty($roleFunction) || empty($devices) || empty($workLocation) || empty($emailAccess)) {
http_response_code(400);
echo json_encode(["error" => "Missing required fields."]);
exit;
}
// Connect to database
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) {
http_response_code(500);
echo json_encode(["error" => "Database connection failed."]);
exit;
}
// Check if the user has already submitted
$stmt = $conn->prepare("SELECT id FROM questionnaire_responses WHERE user_id = ?");
$stmt->bind_param("i", $userId);
$stmt->execute();
$result = $stmt->get_result();
$existingResponse = $result->fetch_assoc();
if ($existingResponse) {
// Update existing response
$stmt = $conn->prepare("
UPDATE questionnaire_responses
SET role=?, role_function=?, devices=?, work_location=?, email_access=?, mfa=?, mfa_types=?, it_challenges=?, improvements=?, operations_improvement=?,
board_doc_access=?, access_issues_details=?, board_collab_effectiveness=?, meeting_issues=?, meeting_issues_details=?, board_suggestions=?, updated_at=NOW()
WHERE user_id=?
");
$stmt->bind_param("ssssssssssssssssi",
$role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement,
$boardDocAccess, $accessIssuesDetails, $boardCollabEffectiveness, $meetingIssues, $meetingIssuesDetails, $boardSuggestions, $userId
);
} else {
// Insert new response
$stmt = $conn->prepare("
INSERT INTO questionnaire_responses (user_id, role, role_function, devices, work_location, email_access, mfa, mfa_types, it_challenges, improvements, operations_improvement,
board_doc_access, access_issues_details, board_collab_effectiveness, meeting_issues, meeting_issues_details, board_suggestions, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), NOW())
");
$stmt->bind_param("issssssssssssssss",
$userId, $role, $roleFunction, $devices, $workLocation, $emailAccess, $mfa, $mfaTypes, $itChallenges, $improvements, $operationsImprovement,
$boardDocAccess, $accessIssuesDetails, $boardCollabEffectiveness, $meetingIssues, $meetingIssuesDetails, $boardSuggestions
);
}
if ($stmt->execute()) {
echo json_encode(["success" => "Form submitted successfully."]);
} else {
http_response_code(500);
echo json_encode(["error" => "Error saving response."]);
}
header("Content-Type: application/json");
echo json_encode(["debug" => "Submit script is running"]);
exit;
$conn->close();
exit;
?>
Reference in New Issue View Git Blame Copy Permalink