Please see the release notes and apply update scripts if necessary."); //whether or not to use a subject ID that matched the subject info //by default, this is true. Some form handlers may set this to FALSE, however, to create a new subject ID //regardless of whether subject info (e.g. name, dob) matched $use_matching_subid = (isset($_GET['use_matching_subid']))? $_GET['use_matching_subid'] : TRUE; //$new_session_created tracks whether a new session was created for the subject $new_session_created= FALSE; if($valid_sid) { // data is valid, check to see if the subject exists by these criteria: first/last name, dob $enc_key = subinfo_encryption_key(); $sql_subject_record_exists = sprintf("SELECT subject_id FROM subject WHERE aes_decrypt(`name_last`,'%s')=%s ",$enc_key,GetSQLValueString($name_last,"text")). sprintf(" AND aes_decrypt(`name_first`,'%s')=%s AND aes_decrypt(`dob`,'%s')=%s", $enc_key, GetSQLValueString($name_first,"text"), $enc_key, GetSQLValueString($dob,"date")); mysql_select_db($database_subject, $subject); $result_subject_exists = mysql_query($sql_subject_record_exists, $subject) or report_error_form(mysql_error()); $row_subject_exists = mysql_fetch_assoc($result_subject_exists); $subject_record_exists = mysql_num_rows($result_subject_exists); if(!$subject_record_exists || !$use_matching_subid) { // the subject does not exist within the database: create a new subject id //construct the root string for the subject id $subject_id_root = substr($dob,5,2) . strtolower($name_last[0].$name_last[strlen($name_last)-1].$name_first[0]) . substr($dob,2,2) . substr($dob,8,2); //see if there are other subject ids with this root //if there are, we will increment the last digit of the id //note that the subject_id_roots are only duplicated for //subject's with the same dob, first and last char of last name, and first char of first name //first check if any other subjects have the same subject_id root. If so, increment last digit to the next available value $sql_subject_id_root = sprintf("SELECT subject_id FROM subject WHERE subject_id LIKE %s",GetSQLValueString($subject_id_root."_","text")); mysql_select_db($database_subject,$subject); $result_subject_id_root = mysql_query($sql_subject_id_root, $subject) or report_error_form(mysql_error()); $num_subject_id_root = mysql_num_rows($result_subject_id_root); //set the session variable to store the subject id $_SESSION['subject_id'] = $subject_id_root.strval($num_subject_id_root+1); // insert the subject information into the database` $insertSQL = sprintf("INSERT INTO subject (subject_id,date_entered,name_last,name_first,name_middle,name_suffix,dob,gender) "). sprintf("VALUES (%s,%s,aes_encrypt(%s,'%s'),aes_encrypt(%s,'%s'),aes_encrypt(%s,'%s'),aes_encrypt(%s,'%s'),aes_encrypt(%s,'%s'),%s)", GetSQLValueString($_SESSION['subject_id'], "text"), GetSQLValueString($_POST['current_date'], "date"), GetSQLValueString($name_last, "text"), $enc_key, GetSQLValueString($name_first, "text"), $enc_key, GetSQLValueString($name_middle, "text"), $enc_key, GetSQLValueString($_POST['name_suffix'], "text"), $enc_key, GetSQLValueString($dob, "date"), $enc_key, GetSQLValueString($_POST['gender'],"text") ); mysql_select_db($database_subject, $subject); $Result1 = mysql_query($insertSQL, $subject) or report_error_form(mysql_error()); } //if subject record does not exist else { //subject record exists // use the given subject id $_SESSION['subject_id'] = $row_subject_exists['subject_id']; //update the subject's record with gender info in case they weren't asked before $updateGenderSQL = sprintf("update subject set gender = %s where subject_id = %s", GetSQLValueString($_POST['gender'],"text"), GetSQLValueString($_SESSION['subject_id'],"text") ); mysql_update($updateGenderSQL); } // add the subject id to the session information $sql_update_session = sprintf("update session set subject_id = %s, php_session_id=%s where session_id = %s ", GetSQLValueString($_SESSION['subject_id'],"text"), GetSQLValueString($_COOKIE[$QPI_SESSION_NAME],"text"), GetSQLValueString($_SESSION['session_id'],"int")); mysql_update($sql_update_session); // update any responses that have already been given in the experiment's response table $sql_update_responses = sprintf("update %s set subject_id = %s where session_id = %s ", $_SESSION['response_table'], GetSQLValueString($_SESSION['subject_id'],"text"), GetSQLValueString($_SESSION['session_id'],"int")); mysql_update($sql_update_responses); $new_session_created= TRUE; } //end if a valid sid has been submitted ?>