Please see the release notes and apply update scripts if necessary."); //whether or not to use a subject ID that matched the subject info //by default, this is true. Some form handlers may set this to FALSE, however, to create a new subject ID //regardless of whether subject info (e.g. name, dob) matched $use_matching_subid = (isset($_GET['use_matching_subid']))? $_GET['use_matching_subid'] : TRUE; //if $SUBID_INCREMENT_INCREMENT or $SUBID_INCREMENT_OFFSET are not defined, use a default offset of 1 $use_increment_increment = (isset($SUBID_INCREMENT_INCREMENT))? $SUBID_INCREMENT_INCREMENT : 1; $use_increment_offset = (isset($SUBID_INCREMENT_OFFSET))? $SUBID_INCREMENT_OFFSET : 1; //$new_session_created tracks whether a new session was created for the subject $new_session_created= FALSE; if($valid_sid) { // data is valid, check to see if the subject exists by these criteria: first/last name, dob $enc_key = subinfo_encryption_key(); $sql_subject_record_exists = sprintf("SELECT subject_id FROM subject WHERE aes_decrypt(`name_last`,'%s')=%s ",$enc_key,GetSQLValueString($name_last,"text")). sprintf(" AND aes_decrypt(`name_first`,'%s')=%s AND aes_decrypt(`dob`,'%s')=%s", $enc_key, GetSQLValueString($name_first,"text"), $enc_key, GetSQLValueString($dob,"date")); mysql_select_db($database_subject, $subject); $result_subject_exists = mysql_query($sql_subject_record_exists, $subject) or report_error_form(mysql_error()); $row_subject_exists = mysql_fetch_assoc($result_subject_exists); $subject_record_exists = mysql_num_rows($result_subject_exists); if(!$subject_record_exists || !$use_matching_subid) { //find the maxsubid. Subject IDs are stored as strings and might be mixed with other subject ID methods // (e.g. method was switched from 'dl' to 'increment'). Therefore, we need to first select only those // subject IDs that have a regex pattern than matches an integer. Then find the largest integer among those. //find the maximum string length of subject IDs stored as 'increment' $sql_find_max_strlen = "select max(length(subject_id)) as `maxlen` from subject where subject_id regexp '^[0-9]+$'"; $row_find_max_strlen = mysql_select($sql_find_max_strlen); $max_strlen = $row_find_max_strlen['maxlen']; //find the maximum 'increment' value from those with length $max_strlen //note that since the max function is operating on strings, it compares them lexicographically //This is OK, as long as the strings all represent integers and they all have length $max_strlen $sql_find_max_subid = sprintf("select max(subject_id) as `maxid` from subject ". "where subject_id regexp '^[0-9]+$' and length(subject_id) = %d",$max_strlen); $row_find_max_subid = mysql_select($sql_find_max_subid); $maxsubid = $row_find_max_subid['maxid']; if(empty($maxsubid)) $maxsubid = $use_increment_offset - 1; //find the next integer for the specified offset and increment do { $maxsubid = strval(intval($maxsubid)+1); } while( (($maxsubid - $use_increment_offset) % $use_increment_increment) !== 0); $_SESSION['subject_id'] = $maxsubid; $insertSQL = sprintf("INSERT INTO subject (subject_id,date_entered,name_last,name_first,name_middle,name_suffix,dob,gender) "). sprintf("VALUES (%s,%s,aes_encrypt(%s,'%s'),aes_encrypt(%s,'%s'),aes_encrypt(%s,'%s'),aes_encrypt(%s,'%s'),aes_encrypt(%s,'%s'),%s)", GetSQLValueString($_SESSION['subject_id'], "text"), GetSQLValueString($_POST['current_date'], "date"), GetSQLValueString($name_last, "text"), $enc_key, GetSQLValueString($name_first, "text"), $enc_key, GetSQLValueString($name_middle, "text"), $enc_key, GetSQLValueString($_POST['name_suffix'], "text"), $enc_key, GetSQLValueString($dob, "date"), $enc_key, GetSQLValueString($_POST['gender'],"text") ); mysql_select_db($database_subject, $subject); $Result1 = mysql_query($insertSQL, $subject) or report_error_form(mysql_error()); } //if subject record does not exist else { //subject record exists $_SESSION['subject_id'] = $row_subject_exists['subject_id']; //update the subject's record with gender info in case they weren't asked before $updateGenderSQL = sprintf("update subject set gender = %s where subject_id = %s", GetSQLValueString($_POST['gender'],"text"), GetSQLValueString($_SESSION['subject_id'],"text") ); mysql_update($updateGenderSQL); } $sql_update_session = sprintf("update session set subject_id = %s, php_session_id=%s where session_id = %s ", GetSQLValueString($_SESSION['subject_id'],"text"), GetSQLValueString($_COOKIE[$QPI_SESSION_NAME],"text"), GetSQLValueString($_SESSION['session_id'],"int")); mysql_update($sql_update_session); $sql_update_responses = sprintf("update %s set subject_id = %s where session_id = %s ", $_SESSION['response_table'], GetSQLValueString($_SESSION['subject_id'],"text"), GetSQLValueString($_SESSION['session_id'],"int")); mysql_update($sql_update_responses); $subject_id = $_SESSION['subject_id']; $new_session_created = TRUE; } //end if a valid sid has been submitted ?>