Beispiel #1
0
function JB_insert_post_data($insert_mode = 'EMPLOYER')
{
    if ($_REQUEST['user_id'] != '' && $insert_mode == 'ADMIN') {
        $user_id = (int) $_REQUEST['user_id'];
    } else {
        $user_id = (int) $_SESSION['JB_ID'];
    }
    // determine what kind of posting it is
    $post_mode = "free";
    if ($_REQUEST['type'] != 'premium') {
        if (JB_POSTING_FEE_ENABLED == 'YES') {
            $post_mode = "normal";
            if ($insert_mode != 'ADMIN') {
                $credits = JB_get_num_posts_remaining($user_id);
            }
        }
    } else {
        if (JB_PREMIUM_POSTING_FEE_ENABLED == 'YES') {
            $post_mode = "premium";
            if ($insert_mode != 'ADMIN') {
                $credits = JB_get_num_premium_posts_remaining($user_id);
            }
        }
    }
    $_PRIVILEGED_USER = false;
    if ($insert_mode != 'ADMIN') {
        // check if the user is priveleged
        $_PRIVILEGED_USER = JB_is_privileged_user($user_id, $post_mode);
    } elseif ($insert_mode == 'ADMIN') {
        // Admin mode is always _PRIVILEGED_USER
        $_PRIVILEGED_USER = true;
    }
    $approved = 'N';
    if (JB_POSTS_NEED_APPROVAL == 'NO') {
        $approved = 'Y';
    } elseif ($_PRIVILEGED_USER) {
        $approved = 'Y';
    } elseif (JB_POSTS_NEED_APPROVAL == 'NOT_SUBSCRIBERS' && $insert_mode == 'EMPLOYER') {
        // no approval needed for subscibers..
        if (JB_SUBSCRIPTION_FEE_ENABLED == 'YES') {
            // check subscription
            if (JB_get_employer_subscription_status($user_id) == 'Active') {
                $approved = 'Y';
            }
        }
        if ($post_mode != 'free') {
            $approved = 'Y';
        }
    }
    if ($_REQUEST['app_type'] == false) {
        $_REQUEST['app_type'] = "O";
    }
    $new = false;
    if ($_REQUEST['post_id'] == false) {
        $new = true;
        $now = gmdate("Y-m-d H:i:s");
        $assign = array('post_date' => gmdate("Y-m-d H:i:s"), 'post_mode' => $post_mode, 'user_id' => $user_id, 'pin_x' => (int) $_REQUEST['pin_x'], 'pin_y' => (int) $_REQUEST['pin_y'], 'approved' => $approved, 'app_type' => $_REQUEST['app_type'], 'app_url' => $_REQUEST['app_url'], 'cached_summary' => '', 'expired' => 'N');
        $sql = "REPLACE INTO `posts_table` (" . JB_get_sql_insert_fields(1, $assign) . ") VALUES (" . JB_get_sql_insert_values(1, "posts_table", "post_id", $post_id, $user_id, $assign) . " )";
        // DEDUCT CREDITS (For new posts)
        if ($post_mode == 'normal' && !$_PRIVILEGED_USER) {
            JB_deduct_posting_credit($user_id);
        }
        if ($post_mode == 'premium' && !$_PRIVILEGED_USER) {
            JB_deduct_p_posting_credit($user_id);
        }
    } else {
        $post_id = (int) $_REQUEST['post_id'];
        if ($insert_mode != 'ADMIN') {
            // verify that the post is owned by this user in case of hacking
            $sql = "SELECT * from posts_table where post_id='" . jb_escape_sql($_REQUEST['post_id']) . "'";
            //echo $sql.'<br>'.$user_id;
            $result = JB_mysql_query($sql) or die(mysql_error());
            $row = mysql_fetch_array($result, MYSQL_ASSOC);
            if ($row['user_id'] != $user_id) {
                die('hacking attempt');
            }
        }
        $old_data = JB_load_post_data($post_id);
        // these old_values will be used to update the category counters & keep the current approved status
        $approved = $old_data['approved'];
        $assign = array('pin_x' => (int) $_REQUEST['pin_x'], 'pin_y' => (int) $_REQUEST['pin_y'], 'approved' => $approved, 'app_type' => $_REQUEST['app_type'], 'app_url' => $_REQUEST['app_url']);
        $sql = "UPDATE `posts_table` SET " . JB_get_sql_update_values(1, "posts_table", "post_id", $_REQUEST['post_id'], $user_id, $assign) . " WHERE post_id='" . jb_escape_sql($post_id) . "'";
    }
    $result = JB_mysql_query($sql) or die(mysql_error() . $sql);
    if ($new) {
        $post_id = jb_mysql_insert_id();
    }
    JBPLUG_do_callback('insert_post_data', $post_id);
    // for the plugin if you want your plugin to do something after a post is saved. Note that if the post is edited then $_REQUEST['post_id'] will be set or else this is a new post.
    if (JB_PREMIUM_AUTO_UPGRADE == 'YES') {
        // auto upgrade to premium!
        $post_mode = "premium";
        $sql = "UPDATE `posts_table` SET `post_mode`='" . jb_escape_sql($post_mode) . "' WHERE post_id='" . jb_escape_sql($post_id) . "' ";
        JB_mysql_query($sql) or die(mysql_error() . $sql);
    }
    // rebuild categories count...
    JB_update_post_category_count($old_data, $_REQUEST);
    // This will update the category counters only for the affected categories
    // build categories cache / update counters / update rss, etc.
    JB_finalize_post_updates();
    if (JB_EMAIL_NEW_POST_SWITCH == 'YES' && $new) {
        $Form = JB_get_DynamicFormObject(1);
        $Form->load($post_id);
        $TITLE = $Form->get_raw_template_value("TITLE");
        $POSTED_BY = $Form->get_raw_template_value("POSTED_BY");
        $POSTED_BY_ID = $Form->get_raw_template_value("USER_ID");
        $DATE = JB_get_formatted_date($Form->get_template_value("DATE"));
        $FORMATTED_DATE = $DATE;
        $DESCRIPTION = $Form->get_raw_template_value("DESCRIPTION");
        // get the email template
        $template_result = JB_get_email_template(310, $_SESSION['LANG']);
        $t_row = mysql_fetch_array($template_result);
        $to_address = JB_SITE_CONTACT_EMAIL;
        $to_name = JB_SITE_NAME;
        $subject = $t_row['EmailSubject'];
        $message = $t_row['EmailText'];
        $from_name = $t_row['EmailFromName'];
        $from_address = $t_row['EmailFromAddress'];
        $subject = str_replace("%SITE_NAME%", JB_SITE_NAME, $subject);
        $message = str_replace("%SITE_NAME%", JB_SITE_NAME, $message);
        $message = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $message);
        $message = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $message);
        $message = str_replace("%POST_TITLE%", $TITLE, $message);
        $message = str_replace("%DATE%", $FORMATTED_DATE, $message);
        $message = str_replace("%POST_DESCRIPTION%", $DESCRIPTION, $message);
        $message = str_replace("%POSTED_BY%", $POSTED_BY, $message);
        $message = str_replace("%ADMIN_LINK%", JB_BASE_HTTP_PATH . "admin/ra.php?post_id=" . $Form->get_value('post_id') . "&key=" . md5($Form->get_value('post_id') . JB_ADMIN_PASSWORD), $message);
        $message = str_replace('<BR>', "\n", $message);
        $message = str_replace('<P>', "\n\n", $message);
        $message = html_entity_decode($message);
        $message = strip_tags($message);
        $email_id = JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, '', 310);
        JB_process_mail_queue(1, $email_id);
    }
    return $post_id;
}
Beispiel #2
0
function JB_update_employer_account($user_id, $admin)
{
    // Notice that password is not updated here
    $assign = array('Newsletter' => (int) $_REQUEST['Newsletter'], 'Notification1' => (int) $_REQUEST['Notification1'], 'Notification2' => (int) $_REQUEST['Notification2'], 'FirstName' => $_REQUEST['FirstName'], 'LastName' => $_REQUEST['LastName'], 'CompName' => $_REQUEST['CompName'], 'Email' => $_REQUEST['Email'], 'lang' => $_REQUEST['lang']);
    if ($admin) {
        // append admin only values
        $assign['membership_active'] = $_REQUEST['membership_active'];
        $assign['posts_balance'] = $_REQUEST['posts_balance'];
        $assign['premium_posts_balance'] = $_REQUEST['premium_posts_balance'];
        $assign['subscription_can_view_resume'] = $_REQUEST['subscription_can_view_resume'];
        $assign['subscription_can_premium_post'] = $_REQUEST['subscription_can_premium_post'];
        $assign['subscription_can_post'] = $_REQUEST['subscription_can_post'];
        $assign['can_view_blocked'] = $_REQUEST['can_view_blocked'];
    }
    $sql = "UPDATE `employers` SET " . JB_get_sql_update_values(4, "employers", "ID", $user_id, $user_id, $assign) . " WHERE ID='" . jb_escape_sql($user_id) . "'";
    JB_mysql_query($sql) or die($sql . mysql_error());
    JBPLUG_do_callback('update_employer_account', $user_id, $admin);
    return jb_mysql_affected_rows();
}
Beispiel #3
0
function JB_insert_profile_data()
{
    if (func_num_args() > 0) {
        $admin = func_get_arg(0);
        // admin mode.
    }
    $user_id = $_SESSION['JB_ID'];
    if ($_REQUEST['profile_id'] == false) {
        $assign = array('profile_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $user_id, 'expired' => 'N');
        $sql = "REPLACE INTO `profiles_table` ( " . JB_get_sql_insert_fields(3, $assign) . ") VALUES (" . JB_get_sql_insert_values(3, "profiles_table", "profile_id", $_REQUEST['profile_id'], $user_id, $assign) . ") ";
    } else {
        $profile_id = (int) $_REQUEST['profile_id'];
        if (!$admin) {
            // make sure that the logged in user is the owner of this resume.
            $sql = "select user_id from `profiles_table` WHERE profile_id='" . jb_escape_sql($profile_id) . "'";
            $result = JB_mysql_query($sql) or die(mysql_error());
            $row = @mysql_fetch_array($result, MYSQL_ASSOC);
            if ($_SESSION['JB_ID'] !== $row['user_id']) {
                echo "!";
                return false;
                // not the owner, hacking attempt!
            }
        }
        $now = gmdate("Y-m-d H:i:s");
        // the static fields that we want to have on the update
        $assign = array('profile_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $_SESSION['JB_ID']);
        $sql = "UPDATE `profiles_table` SET  " . JB_get_sql_update_values(3, "profiles_table", "profile_id", $_REQUEST['profile_id'], $user_id, $assign) . " WHERE profile_id='" . jb_escape_sql($profile_id) . "'";
    }
    JB_mysql_query($sql) or die("[{$sql}]" . mysql_error());
    if ($_REQUEST['profile_id'] == false) {
        $profile_id = JB_mysql_insert_id();
    }
    JB_build_profile_count(0);
    JBPLUG_do_callback('JB_insert_profile_data', $profile_id);
    return $profile_id;
}
function JB_update_candidate_account($user_id, $admin)
{
    if ($_REQUEST['lang'] == '') {
        $_REQUEST['lang'] = JB_get_default_lang();
    }
    // build a list of fields that we want updated
    $assign = array('Newsletter' => (int) $_REQUEST['Newsletter'], 'Notification1' => (int) $_REQUEST['Notification1'], 'Notification2' => (int) $_REQUEST['Notification2'], 'FirstName' => $_REQUEST['FirstName'], 'LastName' => $_REQUEST['LastName'], 'Email' => $_REQUEST['Email'], 'lang' => $_REQUEST['lang']);
    if ($admin) {
        // append admin only values
        $assign['membership_active'] = $_REQUEST['membership_active'];
    }
    $sql = "UPDATE `users` SET " . JB_get_sql_update_values(5, "users", "ID", $user_id, $user_id, $assign) . " WHERE ID='" . jb_escape_sql($user_id) . "'";
    JB_mysql_query($sql) or die($sql . mysql_error());
    JBPLUG_do_callback('update_candidate_account', $user_id, $admin);
    return jb_mysql_affected_rows();
}
Beispiel #5
0
function JB_insert_resume_data()
{
    if (func_num_args() > 0) {
        $admin = func_get_arg(0);
        // admin mode.
    }
    $list_on_web = 'Y';
    $_REQUEST['anon'] = jb_alpha_numeric($_REQUEST['anon']);
    $status = "ACT";
    $approved = 'Y';
    if ($admin == true) {
        $sql = "select user_id from `resumes_table` WHERE resume_id='" . jb_escape_sql($_REQUEST['resume_id']) . "'";
        $result = JB_mysql_query($sql) or die(mysql_error());
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
        $user_id = $row['user_id'];
    } else {
        $user_id = (int) $_SESSION['JB_ID'];
    }
    if (JB_RESUMES_NEED_APPROVAL == 'YES' && !$admin) {
        $approved = 'N';
    }
    if ($_REQUEST['resume_id'] == false) {
        $assign = array('list_on_web' => 'Y', 'resume_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $user_id, 'approved' => $approved, 'anon' => jb_alpha_numeric($_REQUEST['anon']), 'status' => 'ACT', 'expired' => 'N');
        $sql = "REPLACE INTO `resumes_table` ( " . JB_get_sql_insert_fields(2, $assign) . ") VALUES (" . JB_get_sql_insert_values(2, "resumes_table", "resume_id", $resume_id, $user_id, $assign) . ") ";
        // JB_get_sql_insert_values() escapes the sql values
        $action = "Inserted new resume.";
    } else {
        $resume_id = (int) $_REQUEST['resume_id'];
        $now = gmdate("Y-m-d H:i:s");
        $assign = array('resume_date' => gmdate("Y-m-d H:i:s"), 'anon' => jb_alpha_numeric($_REQUEST['anon']), 'approved' => $approved);
        $sql = "UPDATE `resumes_table` SET  " . JB_get_sql_update_values(2, "resumes_table", "resume_id", $_REQUEST['resume_id'], $user_id, $assign) . " WHERE resume_id='" . jb_escape_sql($resume_id) . "' and user_id='" . jb_escape_sql($user_id) . "' ";
        // JB_get_sql_update_values() // escapes the sql values
        //$action = "Updated existing resume";
    }
    JB_mysql_query($sql) or die("[{$sql}]" . mysql_error());
    if ($resume_id == false) {
        $resume_id = JB_mysql_insert_id();
    }
    $RForm =& JB_get_DynamicFormObject(2);
    $data = $RForm->load($resume_id);
    $data['resume_id'] = $resume_id;
    JB_build_resume_count(0);
    JBPLUG_do_callback('insert_resume_data', $data);
    if (JB_EMAIL_ADMIN_RESUPDATE_SWITCH == 'YES') {
        // send notification email to Admin
        $resume_tag_to_field_id =& $RForm->get_tag_to_field_id();
        $RESUME_SUMMARY = $action . "\r\n";
        $sql = "SELECT * from form_lists WHERE form_id=2 ORDER BY sort_order ";
        $result = JB_mysql_query($sql);
        while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
            $label = $field_field_label = $resume_tag_to_field_id[$row['template_tag']]['field_label'];
            $RESUME_SUMMARY .= $label . " - " . $RForm->get_raw_template_value($row['template_tag'], $admin) . "\r\n";
        }
        // get the email template
        $template_result = JB_get_email_template(320, 'EN');
        $t_row = mysql_fetch_array($template_result);
        $to_address = JB_SITE_CONTACT_EMAIL;
        $to_name = JB_SITE_NAME;
        $subject = $t_row['EmailSubject'];
        $message = $t_row['EmailText'];
        $from_name = $t_row['EmailFromName'];
        $from_address = $t_row['EmailFromAddress'];
        $subject = str_replace("%SITE_NAME%", JB_SITE_NAME, $subject);
        $message = str_replace("%RESUME_SUMMARY%", $RESUME_SUMMARY, $message);
        $message = str_replace("%ADMIN_LINK%", JB_BASE_HTTP_PATH . "admin/ra.php?resume_id=" . $resume_id . "&key=" . md5($resume_id . JB_ADMIN_PASSWORD), $message);
        $message = str_replace("%SITE_NAME%", JB_SITE_NAME, $message);
        $message = strip_tags($message);
        JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, '', 320);
    }
    return $resume_id;
}