isLoggedIn()) { throw new Exception('Unauthorized'); } // Get input data $input = json_decode(file_get_contents('php://input'), true); if (!isset($input['survey_id']) || !isset($input['question_order']) || !is_array($input['question_order'])) { throw new Exception('Missing required parameters'); } $surveyId = (int)$input['survey_id']; $questionOrder = $input['question_order']; // Verify user has access to this survey $db = Database::getInstance(); $stmt = $db->prepare("SELECT id FROM surveys WHERE id = ? AND created_by = ?"); $stmt->bind_param('ii', $surveyId, $_SESSION['user_id']); $stmt->execute(); if ($stmt->get_result()->num_rows === 0) { throw new Exception('Access denied'); } // Update question order $db->query("START TRANSACTION"); $stmt = $db->prepare("UPDATE survey_questions SET question_order = ? WHERE id = ? AND survey_id = ?"); foreach ($questionOrder as $order => $questionId) { $stmt->bind_param('iii', $order, $questionId, $surveyId); if (!$stmt->execute()) { throw new Exception("Failed to update question order"); } } $db->query("COMMIT"); echo json_encode([ 'success' => true, 'message' => 'Question order updated successfully' ]); } catch (Exception $e) { if (isset($db) && $db->inTransaction()) { $db->query("ROLLBACK"); } echo json_encode([ 'success' => false, 'error' => $e->getMessage() ]); } ?>