<?php
###########################################################################
# Copyright Jamit Software 2012, http://www.jamit.com
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this file,
# You can obtain one at http://mozilla.org/MPL/2.0/.
###########################################################################
require '../config.php';
//include('../include/functions.php');
require '../include/resumes.inc.php';
JB_template_candidates_header();
$sql = "UPDATE `requests` SET `request_status`='GRANTED' WHERE `key`='" . jb_escape_sql($_REQUEST['k']) . "' ";
$result = JB_mysql_query($sql) or die(mysql_error());
if (JB_mysql_affected_rows() > 0) {
$label["c_permit_success"] = str_replace("%BASE_HTTP_PATH%", JB_BASE_HTTP_PATH, $label["c_permit_success"]);
$label["c_permit_success"] = str_replace("%SITE_NAME%", JB_SITE_NAME, $label["c_permit_success"]);
$JBMarkup->ok_msg($label["c_permit_success"]);
$sql = "select employer_id, candidate_id FROM `requests` WHERE `key`='" . jb_escape_sql($_REQUEST['k']) . "'";
$result = jb_mysql_query($sql);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
JB_send_request_granted_email($row['candidate_id'], $row['employer_id']);
} else {
$label["c_permit_weclome"] = str_replace("%CANDIDATE_FOLDER%", JB_CANDIDATE_FOLDER, $label["c_permit_weclome"]);
$label["c_permit_weclome"] = str_replace("%SITE_NAME%", JB_SITE_NAME, $label["c_permit_weclome"]);
echo "<br><p style='text-align:center;font-weight:bold;'>" . $label["c_permit_weclome"] . "</p>";
}
JB_template_candidates_footer();
<?php
$categories = JB_getCatStruct($_REQUEST['cat'], $_SESSION["LANG"], 2);
JB_display_categories($categories, JB_CAT_COLS);
break;
}
}
if ($_REQUEST['action'] == 'grant') {
// get user_id for resume
$sql = "SELECT user_id from resumes_table WHERE resume_id='" . jb_escape_sql($_REQUEST['resume_id']) . "' ";
$result = JB_mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$user_id = $row['user_id'];
$sql = "UPDATE `requests` SET `request_status`='GRANTED' WHERE `employer_id`='" . jb_escape_sql($_REQUEST['employer_id']) . "' AND candidate_id='" . jb_escape_sql($user_id) . "' ";
JB_mysql_query($sql) or die(mysql_error());
JB_send_request_granted_email($user_id, $_REQUEST['employer_id']);
$JBMarkup->ok_msg('Resume granted.');
}
if ($_REQUEST['action'] == 'refuse') {
// get user_id for resume
$sql = "SELECT user_id from resumes_table WHERE resume_id='" . jb_escape_sql($_REQUEST['resume_id']) . "' ";
$result = JB_mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$user_id = $row['user_id'];
$sql = "UPDATE `requests` SET `request_status`='REFUSED' WHERE `employer_id`='" . jb_escape_sql($_REQUEST['employer_id']) . "' AND candidate_id='" . jb_escape_sql($user_id) . "' ";
JB_mysql_query($sql) or die(mysql_error());
$JBMarkup->ok_msg('Resume refused.');
}
if ($_REQUEST['action'] == 'suspend') {
$sql = "UPDATE `resumes_table` SET `status`='SUS' WHERE `resume_id`='" . jb_escape_sql($_REQUEST['resume_id']) . "' ";
JB_mysql_query($sql) or die(mysql_error());
$sql = "INSERT INTO `applications` (`user_id`, `post_id`, `app_date`, `cover_letter`, `employer_id`, `employer_name`, `data1`, `data2`, `data3`) VALUES ( '" . jb_escape_sql($user_id) . "', '" . jb_escape_sql($post_id) . "', '" . jb_escape_sql($now) . "', '" . jb_escape_sql($app_letter) . "', '" . jb_escape_sql($POSTED_BY_ID) . "', '" . jb_escape_sql(addslashes($POSTED_BY)) . "', '" . jb_escape_sql(addslashes($TITLE)) . "', '" . jb_escape_sql(addslashes($LOCATION)) . "', '" . jb_escape_sql(addslashes($EMAIL)) . "') ";
JB_mysql_query($sql);
##############
# Automatically grant permission for employer to view
// If anonymous fields are enabled
if (JB_RESUME_REQUEST_SWITCH == 'YES') {
if (Jb_is_request_granted($user_id, $PForm->get_value('user_id')) === 0) {
// no request was sent / granted
if (JB_ONLINE_APP_REVEAL_PREMIUM == 'YES' && $PForm->get_value('post_mode') == 'premium' || JB_ONLINE_APP_REVEAL_STD == 'YES' && $PForm->get_value('post_mode') != 'premium' || JB_ONLINE_APP_REVEAL_RESUME == 'YES') {
// Grant the request automatically - this will unblock candidate's resume details
// for the user_id of the poster
if (JB_grant_request($user_id, $PForm->get_value('user_id'))) {
// send an email to employer to notify them that a request has been granted
$is_anon = 'N';
// not anonymous
JB_send_request_granted_email($user_id, $PForm->get_value('user_id'));
}
}
}
} else {
$is_anon = 'N';
}
}
// strip slashes from data before sending it by email
// (Jamit job board adds slashes regardless of PHP config)
$app_letter = stripslashes(JB_clean_str($_REQUEST['app_letter']));
$app_subject = stripslashes(JB_clean_str($_REQUEST['app_subject']));
$app_name = stripslashes(JB_clean_str($_REQUEST['app_name']));
$to_name = stripslashes(JB_clean_str($POSTED_BY));
$to_address = stripslashes(JB_clean_str($EMAIL));
/*
require "../config.php";
include 'login_functions.php';
require_once "../include/resumes.inc.php";
require_once "../include/profiles.inc.php";
JB_process_login();
$resume_id = JB_get_resume_id($_SESSION['JB_ID']);
$JBPage = new JBResumePage($resume_id);
// this loads and sets the dynamic forms, data, etc
$resume_data =& $JBPage->vars['DynamicForm']->get_values();
JB_template_candidates_header();
JB_display_info_box($label["c_resume_header"], $label["c_resume_intro"], 80);
$employer_id = (int) $_REQUEST['employer_id'];
if ($_REQUEST['action'] == 'grant') {
$sql = "UPDATE `requests` SET `request_status`='GRANTED' WHERE `employer_id`='" . jb_escape_sql($employer_id) . "' AND candidate_id='" . jb_escape_sql($_SESSION['JB_ID']) . "' ";
JB_mysql_query($sql) or die(mysql_error());
JB_send_request_granted_email($_SESSION['JB_ID'], $employer_id);
}
if ($_REQUEST['action'] == 'refuse') {
$sql = "UPDATE `requests` SET `request_status`='REFUSED' WHERE `employer_id`='" . jb_escape_sql($employer_id) . "' AND candidate_id='" . jb_escape_sql($_SESSION['JB_ID']) . "' ";
JB_mysql_query($sql) or die(mysql_error());
}
if (isset($_REQUEST['delete']) && $_REQUEST['delete']) {
$sql = "UPDATE `requests` SET `request_status`='REFUSED' WHERE `employer_id`='" . jb_escape_sql($employer_id) . "' AND candidate_id='" . jb_escape_sql($_SESSION['JB_ID']) . "' ";
JB_mysql_query($sql) or die(mysql_error());
$candidate_id = $_SESSION['JB_ID'];
foreach ($_REQUEST['employer_ids'] as $employer_id) {
$sql = "UPDATE`requests` SET `deleted`='Y' WHERE `candidate_id`='" . jb_escape_sql($candidate_id) . "' AND `employer_id`='" . jb_escape_sql($employer_id) . "'";
$result = JB_mysql_query($sql) or die(mysql_error());
}
$sql = "UPDATE `requests` SET `request_status` = 'REFUSED' WHERE `deleted`='Y' AND `candidate_id`='" . jb_escape_sql($candidate_id) . "' AND `request_status` = 'REQUEST' ";
JB_mysql_query($sql) or die(mysql_error());
