function JB_create_new_employer_account()
{
if ($_REQUEST['lang'] == '') {
$_REQUEST['lang'] = JB_get_default_lang();
}
global $label;
global $jb_mysql_link;
$validated = 0;
if (JB_EM_NEEDS_ACTIVATION == "AUTO" || JB_EM_NEEDS_ACTIVATION == "FIRST_POST") {
$validated = 1;
}
// when inserting, use $assign to overwrite
// the values which we do not want to fetch from the $_REQUEST
// (Assuming that values on $_REQUEST already went through validation)
$assign = array('Validated' => $validated, 'SignupDate' => gmdate("Y-m-d H:i:s"), 'IP' => $_SERVER['REMOTE_ADDR'], 'Newsletter' => (int) $_REQUEST['Newsletter'], 'Notification1' => (int) $_REQUEST['Notification1'], 'Notification2' => (int) $_REQUEST['Notification2'], 'posts_balance' => JB_BEGIN_STANDARD_CREDITS, 'premium_posts_balance' => JB_BEGIN_PREMIUM_CREDITS, 'Password' => md5(stripslashes($_REQUEST['Password'])), 'expired' => 'N');
$sql = "REPLACE INTO `employers` (" . JB_get_sql_insert_fields(4, $assign) . ") VALUES (" . JB_get_sql_insert_values(4, "employers", "ID", $employer_id, '', $assign) . ") ";
$result = JB_mysql_query($sql);
$employer_id = JB_mysql_insert_id();
if ($employer_id > 0) {
JBPLUG_do_callback('create_employer_account', $employer_id);
}
$result = JB_get_email_template(2, $_SESSION['LANG']);
$e_row = mysql_fetch_array($result, MYSQL_ASSOC);
$subject = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $e_row['EmailSubject']);
$EmailMessage = str_replace("%FNAME%", stripslashes($_REQUEST['FirstName']), $e_row['EmailText']);
$EmailMessage = str_replace("%LNAME%", stripslashes($_REQUEST['LastName']), $EmailMessage);
$EmailMessage = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $EmailMessage);
$EmailMessage = str_replace("%SITE_NAME%", JB_SITE_NAME, $EmailMessage);
$EmailMessage = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $EmailMessage);
$EmailMessage = str_replace("%PASSWORD%", stripslashes($_REQUEST['Password']), $EmailMessage);
$EmailMessage = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $EmailMessage);
JBPLUG_do_callback('employer_signup_email_msg', $EmailMessage, $employer_id);
if (!defined('JB_EMAIL_EMP_SIGNUP')) {
define('JB_EMAIL_EMP_SIGNUP', 'YES');
}
if (JB_EMAIL_EMP_SIGNUP == 'YES') {
$email_id = JB_queue_mail(stripslashes($_REQUEST['Email']), jb_get_formatted_name(stripslashes($_REQUEST['FirstName']), stripslashes($_REQUEST['LastName'])), $e_row['EmailFromAddress'], $e_row['EmailFromName'], $subject, $EmailMessage, '', 2);
JB_process_mail_queue(1, $email_id);
}
$to = JB_SITE_CONTACT_EMAIL;
if (JB_EMAIL_EMPLOYER_SIGNUP_SWITCH == 'YES') {
$email_id = JB_queue_mail($to, "Admin", JB_SITE_CONTACT_EMAIL, JB_SITE_NAME, $subject, $EmailMessage, '', 2);
JB_process_mail_queue(1, $email_id);
}
return $employer_id;
}
function JB_insert_profile_data()
{
if (func_num_args() > 0) {
$admin = func_get_arg(0);
// admin mode.
}
$user_id = $_SESSION['JB_ID'];
if ($_REQUEST['profile_id'] == false) {
$assign = array('profile_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $user_id, 'expired' => 'N');
$sql = "REPLACE INTO `profiles_table` ( " . JB_get_sql_insert_fields(3, $assign) . ") VALUES (" . JB_get_sql_insert_values(3, "profiles_table", "profile_id", $_REQUEST['profile_id'], $user_id, $assign) . ") ";
} else {
$profile_id = (int) $_REQUEST['profile_id'];
if (!$admin) {
// make sure that the logged in user is the owner of this resume.
$sql = "select user_id from `profiles_table` WHERE profile_id='" . jb_escape_sql($profile_id) . "'";
$result = JB_mysql_query($sql) or die(mysql_error());
$row = @mysql_fetch_array($result, MYSQL_ASSOC);
if ($_SESSION['JB_ID'] !== $row['user_id']) {
echo "!";
return false;
// not the owner, hacking attempt!
}
}
$now = gmdate("Y-m-d H:i:s");
// the static fields that we want to have on the update
$assign = array('profile_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $_SESSION['JB_ID']);
$sql = "UPDATE `profiles_table` SET " . JB_get_sql_update_values(3, "profiles_table", "profile_id", $_REQUEST['profile_id'], $user_id, $assign) . " WHERE profile_id='" . jb_escape_sql($profile_id) . "'";
}
JB_mysql_query($sql) or die("[{$sql}]" . mysql_error());
if ($_REQUEST['profile_id'] == false) {
$profile_id = JB_mysql_insert_id();
}
JB_build_profile_count(0);
JBPLUG_do_callback('JB_insert_profile_data', $profile_id);
return $profile_id;
}
function JB_create_new_candidate_account()
{
global $label;
if ($_REQUEST['lang'] == '') {
$_REQUEST['lang'] = JB_get_default_lang();
}
$validated = 0;
if (JB_CA_NEEDS_ACTIVATION == "AUTO") {
$validated = 1;
}
// when inserting, use $assign to overwrite
// the values which we do not want to fetch from the $_REQUEST
// (Assuming that values on $_REQUEST already went through validation)
$assign = array('Validated' => $validated, 'SignupDate' => gmdate("Y-m-d H:i:s"), 'IP' => $_SERVER['REMOTE_ADDR'], 'Newsletter' => (int) $_REQUEST['Newsletter'], 'Notification1' => (int) $_REQUEST['Notification1'], 'Notification2' => (int) $_REQUEST['Notification2'], 'Password' => md5(stripslashes($_REQUEST['Password'])), 'expired' => 'N');
$sql = "REPLACE INTO `users` ( " . JB_get_sql_insert_fields(5, $assign) . ") VALUES ( " . JB_get_sql_insert_values(5, "users", "ID", $user_id, '', $assign) . ") ";
JB_mysql_query($sql);
$user_id = JB_mysql_insert_id();
if ($user_id > 0) {
JBPLUG_do_callback('create_candidate_account', $user_id);
}
// Here the emailmessage itself is defined, this will be send to your members. Don't forget to set the validation link here.
$result = JB_get_email_template(1, $_SESSION['LANG']);
$e_row = mysql_fetch_array($result, MYSQL_ASSOC);
$EmailMessage = $e_row['EmailText'];
$from = $e_row['EmailFromAddress'];
$from_name = $e_row['EmailFromName'];
$subject = $e_row['EmailSubject'];
$subject = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $subject);
$EmailMessage = str_replace("%FNAME%", stripslashes($_REQUEST['FirstName']), $EmailMessage);
$EmailMessage = str_replace("%LNAME%", stripslashes($_REQUEST['LastName']), $EmailMessage);
$EmailMessage = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $EmailMessage);
$EmailMessage = str_replace("%SITE_NAME%", JB_SITE_NAME, $EmailMessage);
$EmailMessage = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $EmailMessage);
$EmailMessage = str_replace("%PASSWORD%", stripslashes($_REQUEST['Password']), $EmailMessage);
$EmailMessage = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $EmailMessage);
JBPLUG_do_callback('candidate_signup_email_msg', $EmailMessage, $user_id);
$to = stripslashes($_REQUEST['Email']);
if (!defined('JB_EMAIL_CAN_SIGNUP')) {
define('JB_EMAIL_CAN_SIGNUP', 'YES');
}
if (JB_EMAIL_CAN_SIGNUP == 'YES') {
$email_id = JB_queue_mail($to, stripslashes(jb_get_formatted_name(stripslashes($_REQUEST['FirstName']), stripslashes($_REQUEST['LastName']))), $e_row['EmailFromAddress'], $e_row['EmailFromName'], $subject, $EmailMessage, '', 1);
JB_process_mail_queue(1, $email_id);
}
$to = JB_SITE_CONTACT_EMAIL;
if (JB_EMAIL_CANDIDATE_SIGNUP_SWITCH == 'YES') {
$email_id = JB_queue_mail($to, "Admin", JB_SITE_CONTACT_EMAIL, JB_SITE_NAME, $subject, $EmailMessage, '', 2);
JB_process_mail_queue(1, $email_id);
}
return $user_id;
}
function JB_insert_resume_data()
{
if (func_num_args() > 0) {
$admin = func_get_arg(0);
// admin mode.
}
$list_on_web = 'Y';
$_REQUEST['anon'] = jb_alpha_numeric($_REQUEST['anon']);
$status = "ACT";
$approved = 'Y';
if ($admin == true) {
$sql = "select user_id from `resumes_table` WHERE resume_id='" . jb_escape_sql($_REQUEST['resume_id']) . "'";
$result = JB_mysql_query($sql) or die(mysql_error());
$row = @mysql_fetch_array($result, MYSQL_ASSOC);
$user_id = $row['user_id'];
} else {
$user_id = (int) $_SESSION['JB_ID'];
}
if (JB_RESUMES_NEED_APPROVAL == 'YES' && !$admin) {
$approved = 'N';
}
if ($_REQUEST['resume_id'] == false) {
$assign = array('list_on_web' => 'Y', 'resume_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $user_id, 'approved' => $approved, 'anon' => jb_alpha_numeric($_REQUEST['anon']), 'status' => 'ACT', 'expired' => 'N');
$sql = "REPLACE INTO `resumes_table` ( " . JB_get_sql_insert_fields(2, $assign) . ") VALUES (" . JB_get_sql_insert_values(2, "resumes_table", "resume_id", $resume_id, $user_id, $assign) . ") ";
// JB_get_sql_insert_values() escapes the sql values
$action = "Inserted new resume.";
} else {
$resume_id = (int) $_REQUEST['resume_id'];
$now = gmdate("Y-m-d H:i:s");
$assign = array('resume_date' => gmdate("Y-m-d H:i:s"), 'anon' => jb_alpha_numeric($_REQUEST['anon']), 'approved' => $approved);
$sql = "UPDATE `resumes_table` SET " . JB_get_sql_update_values(2, "resumes_table", "resume_id", $_REQUEST['resume_id'], $user_id, $assign) . " WHERE resume_id='" . jb_escape_sql($resume_id) . "' and user_id='" . jb_escape_sql($user_id) . "' ";
// JB_get_sql_update_values() // escapes the sql values
//$action = "Updated existing resume";
}
JB_mysql_query($sql) or die("[{$sql}]" . mysql_error());
if ($resume_id == false) {
$resume_id = JB_mysql_insert_id();
}
$RForm =& JB_get_DynamicFormObject(2);
$data = $RForm->load($resume_id);
$data['resume_id'] = $resume_id;
JB_build_resume_count(0);
JBPLUG_do_callback('insert_resume_data', $data);
if (JB_EMAIL_ADMIN_RESUPDATE_SWITCH == 'YES') {
// send notification email to Admin
$resume_tag_to_field_id =& $RForm->get_tag_to_field_id();
$RESUME_SUMMARY = $action . "\r\n";
$sql = "SELECT * from form_lists WHERE form_id=2 ORDER BY sort_order ";
$result = JB_mysql_query($sql);
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$label = $field_field_label = $resume_tag_to_field_id[$row['template_tag']]['field_label'];
$RESUME_SUMMARY .= $label . " - " . $RForm->get_raw_template_value($row['template_tag'], $admin) . "\r\n";
}
// get the email template
$template_result = JB_get_email_template(320, 'EN');
$t_row = mysql_fetch_array($template_result);
$to_address = JB_SITE_CONTACT_EMAIL;
$to_name = JB_SITE_NAME;
$subject = $t_row['EmailSubject'];
$message = $t_row['EmailText'];
$from_name = $t_row['EmailFromName'];
$from_address = $t_row['EmailFromAddress'];
$subject = str_replace("%SITE_NAME%", JB_SITE_NAME, $subject);
$message = str_replace("%RESUME_SUMMARY%", $RESUME_SUMMARY, $message);
$message = str_replace("%ADMIN_LINK%", JB_BASE_HTTP_PATH . "admin/ra.php?resume_id=" . $resume_id . "&key=" . md5($resume_id . JB_ADMIN_PASSWORD), $message);
$message = str_replace("%SITE_NAME%", JB_SITE_NAME, $message);
$message = strip_tags($message);
JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, '', 320);
}
return $resume_id;
}
// "Edit" button must be pressed
$sql = "UPDATE packages SET name='" . jb_escape_sql($package_name) . "', price='" . jb_escape_sql($package_price) . "', posts_quantity='" . jb_escape_sql($package_posts_quantity) . "', premium='" . jb_escape_sql($premium) . "', description='" . jb_escape_sql($package_description) . "', currency_code='" . jb_escape_sql($package_currency) . "' WHERE `package_id`='" . jb_escape_sql($selected_package) . "' ";
JB_mysql_query($sql) or die(mysql_error());
$JBMarkup->ok_msg('Changes Saved.');
}
if ($package_delete_action != '') {
// "Delete" button must be pressed.
$sql = "DELETE FROM packages WHERE package_id = '" . jb_escape_sql($selected_package) . "' ";
JB_mysql_query($sql) or die(mysql_error());
$JBMarkup->ok_msg('Package Deleted.');
}
if ($new_package_label != '') {
// the "Add" button was pressed, or Enter is hit.
$sql = "INSERT INTO packages (`name`, `price`, `posts_quantity`, `premium`, `currency_code`, `description`) VALUES('" . jb_escape_sql($new_package_label) . "', '" . jb_escape_sql($package_price) . "', '" . jb_escape_sql($package_posts_quantity) . "', '" . jb_escape_sql($premium) . "', '" . jb_escape_sql($package_currency) . "', '') ";
JB_mysql_query($sql) or die(mysql_error());
$selected_package = JB_mysql_insert_id();
$new_package_label = "";
// need to clear it, so we don't pupulate it back to the form
$_REQUEST['new'] = "";
$JBMarkup->ok_msg('New Package Added.');
}
// get the updated values from the database
if ($selected_package != '') {
$sql = "SELECT * FROM `packages` WHERE `package_id`='" . jb_escape_sql($selected_package) . "' ";
$result = JB_mysql_query($sql);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$package_label = $row['name'];
$package_price = $row['price'];
$package_description = $row['description'];
$package_posts_quantity = $row['posts_quantity'];
$premium = $row['premium'];
$sql = "SELECT subscription_id FROM subscription_invoices WHERE subscription_id='" . jb_escape_sql($selected_subscription) . "' AND ((`status`='Completed' ) OR ((`status`='Pending') AND `reason`='jb_credit_advanced'))";
$result = jb_mysql_query($sql);
if (mysql_num_rows($result) > 0) {
$JBMarkup->error_msg('Subscription plan cannot be deleted. The system found that there are some active subscription(s) which for this subscription plan. Please modify these subscription(s) in Admin->Subscriptions so that they are not active, and try to delete them here again');
} else {
$sql = "DELETE FROM subscriptions WHERE subscription_id = '" . jb_escape_sql($selected_subscription) . "' ";
JB_mysql_query($sql) or die(mysql_error());
$JBMarkup->ok_msg('Subscription Plan Deleted.');
}
}
if ($new_subscription_label != '') {
// the "Add" button was pressed, or Enter is hit.
$sql = "INSERT INTO subscriptions (`name`, `price`, `months_duration`, `can_post`, `can_view_resumes` , `can_post_premium`, `currency_code`, `can_view_blocked`, `description`, posts_quota, p_posts_quota, views_quota) VALUES('" . jb_escape_sql($new_subscription_label) . "', '" . jb_escape_sql($subscription_price) . "', '" . jb_escape_sql($subscription_duration) . "', '" . jb_escape_sql($subscription_can_post) . "', '" . jb_escape_sql($subscription_can_view_resumes) . "' , '" . jb_escape_sql($subscription_can_post_premium) . "', '" . jb_escape_sql($subscription_currency) . "' , '" . jb_escape_sql($subscription_can_view_blocked) . "', '" . jb_escape_sql($description) . "', '" . jb_escape_sql($posts_quota) . "', '" . jb_escape_sql($p_posts_quota) . "', '" . jb_escape_sql($views_quota) . "') ";
//echo $sql."<br>";
JB_mysql_query($sql) or die(mysql_error());
$selected_subscription = JB_mysql_insert_id();
$new_subscription_label = "";
// need to clear it, so we don't pupulate it back to the form
$_REQUEST['new'] = "";
$JBMarkup->ok_msg('Subscription Plan Updated.');
}
if ($selected_subscription != '') {
$sql = "SELECT * FROM `subscriptions` WHERE `subscription_id`='" . jb_escape_sql($selected_subscription) . "' ";
$result = JB_mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$subscription_label = $row['name'];
$subscription_price = $row['price'];
$subscription_currency = $row['currency_code'];
$subscription_description = $row['description'];
$subscription_duration = $row['months_duration'];
$subscription_can_post = $row['can_post'];
function JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, $html_message, $template_id, $att = false)
{
$to_address = trim($to_address);
$to_name = trim($to_name);
$from_address = trim($from_address);
$from_name = trim($from_name);
$subject = trim($subject);
$message = trim($message);
$html_message = trim($html_message);
if (EMAIL_URL_SHORTEN == 'YES') {
$message = JB_change_urls_to_short($message);
$html_message = JB_change_urls_to_short($html_message);
}
// legacy addslashes() - this will be removed in the future!
$to_address = addslashes($to_address);
$to_name = addslashes($to_name);
$from_address = addslashes($from_address);
$from_name = addslashes($from_name);
$subject = addslashes($subject);
$message = addslashes($message);
$html_message = addslashes($html_message);
$now = gmdate("Y-m-d H:i:s");
$attachments = 'N';
$user_type = $_SESSION['JB_Domain'] ? "'" . jb_escape_sql($_SESSION['JB_Domain']) . "'" : 'NULL';
$user_id = $_SESSION['JB_ID'] ? "'" . jb_escape_sql($_SESSION['JB_ID']) . "'" : 'NULL';
$sql = "INSERT INTO mail_queue (mail_date, to_address, to_name, from_address, from_name, subject, message, html_message, attachments, status, error_msg, retry_count, template_id, date_stamp, user_id, user_type) VALUES('" . $now . "', '" . jb_escape_sql($to_address) . "', '" . jb_escape_sql($to_name) . "', '" . jb_escape_sql($from_address) . "', '" . jb_escape_sql($from_name) . "', '" . jb_escape_sql($subject) . "', '" . jb_escape_sql($message) . "', '" . jb_escape_sql($html_message) . "', '" . jb_escape_sql($attachments) . "', 'queued', '', 0, '" . jb_escape_sql($template_id) . "', '" . $now . "', " . $user_id . ", " . $user_type . ")";
// 2005 copyr1ght jam1t softwar3
JB_mysql_query($sql) or JB_q_mail_error(mysql_error() . $sql);
$mail_id = JB_mysql_insert_id();
if ($att) {
if ($_FILES['att1']['name'] != '') {
$filename = JB_move_uploaded_attachment($mail_id, 'att1', $from_name);
$sql = "UPDATE mail_queue SET attachments='Y', att1_name='" . jb_escape_sql($filename) . "' WHERE mail_id='" . jb_escape_sql($mail_id) . "' ";
JB_mysql_query($sql) or JB_q_mail_error(mysql_error() . $sql);
}
if ($_FILES['att2']['name'] != '') {
$filename = JB_move_uploaded_attachment($mail_id, 'att2', $from_name);
$sql = "UPDATE mail_queue SET attachments='Y', att2_name='" . jb_escape_sql($filename) . "' WHERE mail_id='" . jb_escape_sql($mail_id) . "' ";
JB_mysql_query($sql) or JB_q_mail_error(mysql_error() . $sql);
}
if ($_FILES['att3']['name'] != '') {
$filename = JB_move_uploaded_attachment($mail_id, 'att3', $from_name);
$sql = "UPDATE mail_queue SET attachments='Y', att3_name='" . jb_escape_sql($filename) . "' WHERE mail_id='" . jb_escape_sql($mail_id) . "' ";
JB_mysql_query($sql) or JB_q_mail_error(mysql_error() . $sql);
}
}
return $mail_id;
}
function JB_save_field($error, $NEW_FIELD)
{
$_REQUEST['field_sort'] = (int) $_REQUEST['field_sort'];
$_REQUEST['field_width'] = (int) $_REQUEST['field_width'];
$_REQUEST['field_height'] = (int) $_REQUEST['field_height'];
$_REQUEST['list_sort_order'] = (int) $_REQUEST['list_sort_order'];
$_REQUEST['category_init_id'] = (int) $_REQUEST['category_init_id'];
$_REQUEST['search_sort_order'] = (int) $_REQUEST['search_sort_order'];
$_REQUEST['cat_multiple_rows'] = (int) $_REQUEST['cat_multiple_rows'];
if ($_REQUEST['field_type'] == 'GMAP') {
if (!$_REQUEST['field_width']) {
$_REQUEST['field_width'] = 300;
}
if (!$_REQUEST['field_height']) {
$_REQUEST['field_height'] = 400;
}
}
if ($_REQUEST['field_type'] == 'EDITOR') {
}
if ($NEW_FIELD == "YES") {
$sql = "INSERT INTO `form_fields` ( `form_id` , `reg_expr` , `field_label` , `field_type` , `field_sort` , `is_required` , `display_in_list` , `error_message` , `field_init`, `field_width`, `field_height`, `is_in_search`, `list_sort_order`, `search_sort_order`, `template_tag`, `section`, `is_hidden`, `is_anon`, `field_comment`, `category_init_id`, `is_cat_multiple`, `cat_multiple_rows`, `is_blocked`, `multiple_sel_all`, `is_member`) VALUES ('" . JB_escape_sql($_REQUEST['form_id']) . "', '" . JB_escape_sql($_REQUEST['reg_expr']) . "', '" . JB_escape_sql($_REQUEST['field_label']) . "', '" . JB_escape_sql($_REQUEST['field_type']) . "', '" . JB_escape_sql($_REQUEST['field_sort']) . "', '" . JB_escape_sql($_REQUEST['is_required']) . "', '" . JB_escape_sql($_REQUEST['display_in_list']) . "', '" . JB_escape_sql($_REQUEST['error_message']) . "', '" . JB_escape_sql($_REQUEST['field_init']) . "', '" . JB_escape_sql($_REQUEST['field_width']) . "', '" . JB_escape_sql($_REQUEST['field_height']) . "', '" . JB_escape_sql($_REQUEST['is_in_search']) . "', '" . JB_escape_sql($_REQUEST['list_sort_order']) . "', '" . JB_escape_sql($_REQUEST['search_sort_order']) . "', '" . JB_escape_sql($_REQUEST['template_tag']) . "', '" . JB_escape_sql($_REQUEST['section']) . "', '" . JB_escape_sql($_REQUEST['is_hidden']) . "', '" . JB_escape_sql($_REQUEST['is_blcoked']) . "', '" . JB_escape_sql($_REQUEST['field_comment']) . "', '" . JB_escape_sql($_REQUEST['category_init_id']) . "', '" . JB_escape_sql($_REQUEST['is_cat_multiple']) . "', '" . JB_escape_sql($_REQUEST['cat_multiple_rows']) . "', '" . JB_escape_sql($_REQUEST['is_blocked']) . "', '" . JB_escape_sql($_REQUEST['multiple_sel_all']) . "', '" . JB_escape_sql($_REQUEST['is_member']) . "' )";
} else {
//if ($_SESSION["LANG"] == "EN") {
$sql = "SELECT * FROM form_fields WHERE field_id='" . JB_escape_sql($_REQUEST['field_id']) . "' ";
$result = JB_mysql_query($sql) or die(mysql_error() . $sql);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
if (JB_is_reserved_template_tag($_REQUEST['template_tag']) && true) {
$tt = "";
// do not update template tag
} elseif ($_REQUEST['template_tag'] != '') {
$tt = "`template_tag` = '" . JB_escape_sql($_REQUEST['template_tag']) . "',";
}
$sql = "UPDATE `form_fields` SET " . "`reg_expr` = '" . JB_escape_sql($_REQUEST['reg_expr']) . "'," . "`field_label` = '" . JB_escape_sql($_REQUEST['field_label']) . "'," . "`field_type` = '" . JB_escape_sql($_REQUEST['field_type']) . "'," . "`field_init` = '" . JB_escape_sql($_REQUEST['field_init']) . "'," . "`is_required` = '" . JB_escape_sql($_REQUEST['is_required']) . "'," . "`field_width` = '" . JB_escape_sql($_REQUEST['field_width']) . "'," . "`field_height` = '" . JB_escape_sql($_REQUEST['field_height']) . "'," . "`is_in_search` = '" . JB_escape_sql($_REQUEST['is_in_search']) . "'," . "`search_sort_order` = '" . JB_escape_sql($_REQUEST['search_sort_order']) . "'," . "`section` = '" . JB_escape_sql($_REQUEST['section']) . "'," . $tt . "`error_message` = '" . JB_escape_sql($_REQUEST['error_message']) . "'," . "`is_hidden` = '" . JB_escape_sql($_REQUEST['is_hidden']) . "', " . "`is_anon` = '" . JB_escape_sql($_REQUEST['is_anon']) . "', " . "`is_cat_multiple` = '" . JB_escape_sql($_REQUEST['is_cat_multiple']) . "', " . "`cat_multiple_rows` = '" . JB_escape_sql($_REQUEST['cat_multiple_rows']) . "', " . "`field_comment` = '" . JB_escape_sql($_REQUEST['field_comment']) . "', " . "`multiple_sel_all` = '" . JB_escape_sql($_REQUEST['multiple_sel_all']) . "', " . "`is_blocked` = '" . JB_escape_sql($_REQUEST['is_blocked']) . "', " . "`is_prefill` = '" . JB_escape_sql($_REQUEST['is_prefill']) . "', " . "`is_member` = '" . JB_escape_sql($_REQUEST['is_member']) . "', " . "category_init_id = '" . JB_escape_sql($_REQUEST['category_init_id']) . "' " . "WHERE `field_id` = '" . JB_escape_sql($_REQUEST['field_id']) . "' ;";
// update template tag on the form_lists
if ($_REQUEST['template_tag'] != '') {
// sometimes template tag can be blank (reserved tags)
$sql_tt = "UPDATE form_lists SET `template_tag`='" . JB_escape_sql($_REQUEST['template_tag']) . "' WHERE `field_id`='" . JB_escape_sql($_REQUEST['field_id']) . "'";
JB_mysql_query($sql_tt) or die($sql . mysql_error());
}
}
// Do the SQL query, UPDATE or INSERT
JB_mysql_query($sql) or die($sql . mysql_error());
if ($_REQUEST['field_id'] == false) {
$_REQUEST['field_id'] = jb_mysql_insert_id();
}
// update translations
$label = $_REQUEST['field_label'];
$sql_fft = "RePLACE INTO `form_field_translations` (`field_id`, `lang`, `field_label`, `error_message`, `field_comment`) VALUES ('" . JB_escape_sql($_REQUEST['field_id']) . "', '" . JB_escape_sql($_SESSION["LANG"]) . "', '" . JB_escape_sql($label) . "', '" . JB_escape_sql($_REQUEST['error_message']) . "', '" . JB_escape_sql($_REQUEST['field_comment']) . "' )";
JB_mysql_query($sql_fft) or die($sql . mysql_error());
if ($_REQUEST['field_type'] == 'RADIO' || $_REQUEST['field_type'] == 'CHECK' || $_REQUEST['field_type'] == 'MSELECT' || $_REQUEST['field_type'] == 'SELECT') {
//echo 'formatting field..<br>';
if ($NEW_FIELD == 'YES') {
$_REQUEST['field_id'] = JB_mysql_insert_id();
}
JB_format_codes_translation_table($_REQUEST['field_id']);
}
if ($NEW_FIELD == 'YES') {
$field_id = JB_mysql_insert_id();
} else {
$field_id = $_REQUEST['field_id'];
}
JB_cache_del_keys_for_form($_REQUEST['form_id']);
$_REQUEST['mode'] = 'EDIT';
global $NEW_FIELD;
$_REQUEST['NEW_FIELD'] = 'NO';
return $field_id;
}
function JB_place_membership_invoice_clone($old_invoice_id)
{
$status = 'in_cart';
$id = JB_generate_membership_invoice_id();
$sql = "SELECT * FROM membership_invoices WHERE `invoice_id`='" . jb_escape_sql($old_invoice_id) . "' ";
$result = JB_mysql_query($sql) or die($sql . mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$now = gmdate("Y-m-d H:i:s");
$currency_rate = JB_get_currency_rate($row['currency_code']);
if (!$row['currency_code']) {
$row['currency_code'] = 'USD';
$currency_rate = 1;
}
$sql = "INSERT INTO `membership_invoices` ( `invoice_id` , `invoice_date` , `processed_date` , `status` , `user_type` , `user_id` , `membership_id` , `months_duration` , `amount` , `currency_code` , `currency_rate` , `item_name`, `payment_method`, `reason`, `member_date`, `member_end` ) VALUES ('{$id}', '{$now}', NULL, '" . jb_escape_sql($status) . "', '" . jb_escape_sql($row['user_type']) . "', '" . jb_escape_sql($row['user_id']) . "', '" . jb_escape_sql($row['membership_id']) . "', '" . jb_escape_sql($row['months_duration']) . "', '" . jb_escape_sql($row['amount']) . "', '" . jb_escape_sql($row['currency_code']) . "', '" . jb_escape_sql($currency_rate) . "', '" . jb_escape_sql(addslashes($row['item_name'])) . "', '" . jb_escape_sql(addslashes($row['payment_method'])) . "', '', '0000-00-00 00:00:00', '0000-00-00 00:00:00')";
$result = JB_mysql_query($sql) or die($sql . mysql_error());
$invoice_id = JB_mysql_insert_id();
JB_send_admin_new_invoice_alert('M', $invoice_id);
return $invoice_id;
}
$row[$col_key] = jb_escape_sql(addslashes($col_val));
}
$row['schema_id'] = (int) $_REQUEST['schema_id'];
$old_element_id = (int) $row['element_id'];
if ($row['has_child'] == '') {
$row['has_child'] = 'NULL';
} else {
$row['has_child'] = "'" . $row['has_child'] . "'";
// add quotes
}
// Note: data in $row was already escaped above
$sql = 'INSERT INTO `xml_export_elements` (`element_id`, `element_name`, `is_cdata`, `parent_element_id`, `form_id`, `field_id`, `schema_id`, `attributes`, `static_data`, `is_pivot`, `description`, `fieldcondition`, `is_boolean`, `qualify_codes`, `qualify_cats`, `truncate`, `strip_tags`, `is_mandatory`, `static_mod`, `multi_fields`, `has_child`) VALUES (NULL, \'' . $row['element_name'] . '\', \'' . $row['is_cdata'] . '\', \'' . $row['parent_element_id'] . '\', \'' . $row['form_id'] . '\', \'' . $row['field_id'] . '\', \'' . $row['schema_id'] . '\', \'' . $row['attributes'] . '\', \'' . $row['static_data'] . '\', \'' . $row['is_pivot'] . '\', \'' . $row['description'] . '\', \'' . $row['fieldcondition'] . '\', \'' . $row['is_boolean'] . '\', \'' . $row['qualify_codes'] . '\', \'' . $row['qualify_cats'] . '\', \'' . $row['truncate'] . '\', \'' . $row['strip_tags'] . '\', \'' . $row['is_mandatory'] . '\', \'' . $row['static_mod'] . '\', \'' . $row['multi_fields'] . '\', ' . $row['has_child'] . ')';
// insert the element
jb_mysql_query($sql);
// get the element id
$element_id = JB_mysql_insert_id();
// update all the parent_element_id refrences in the $arr
// find where parent_element_id == old_element_id and change
// to the new element_id
update_arr_parent_ids($arr, $old_element_id, $element_id);
// update all the parent_element_id refrences in the table
$sql = "UPDATE xml_export_elements SET parent_element_id='" . $element_id . "' WHERE parent_element_id='" . $old_element_id . "' ";
jb_mysql_query($sql);
}
$JBMarkup->ok_msg('Imported XML Schema');
}
}
if ($_REQUEST['import'] != '') {
?>
<form method="POST" action="xmlschema.php?config=yes&form_id=<?php
