function JB_move_uploaded_attachment($mail_id, $att_file, $from_name) { $mail_id = (int) $mail_id; $att_tmp = $_FILES[$att_file]['tmp_name']; $temp = explode('.', $_FILES[$att_file]['name']); $ext = array_pop($temp); if (!file_exists(JB_FILE_PATH . "temp/")) { mkdir(JB_FILE_PATH . "temp/", JB_NEW_DIR_CHMOD); //chmod(JB_FILE_PATH."temp/", JB_NEW_DIR_CHMOD); } if (strpos(strtoupper(PHP_OS), 'WIN') !== false) { // sometimes the dir can have double slashes on Win, remove 'em $att_tmp = str_replace('\\\\', '\\', $att_tmp); } // strip out non-alphanumeric characters from from_name $from_name = preg_replace('/[^a-z^0-9^&^;^.^#]+/i', "", $from_name); $from_name = JB_clean_str($from_name); $ext = preg_replace('/[^a-z^0-9]+/i', "", $ext); $new_name = JB_FILE_PATH . "temp/{$from_name}" . $mail_id . "{$att_file}." . $ext; if (move_uploaded_file($att_tmp, $new_name)) { chmod($new_name, JB_NEW_FILE_CHMOD); } else { //echo htmlentities('Could not move the image form the temp directory. (FROM: '.$_FILES[$field_id]['tmp_name'].' ->> TO: '.$uploadfile.') ').PHP_OS."<br>\n"; switch ($_FILES[$field_id]["error"]) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: jb_custom_error_handler('upload', "The uploaded file exceeds the upload_max_filesize directive (" . ini_get("upload_max_filesize") . ") in php.ini.", __FILE__, __LINE__, $vars); break; case UPLOAD_ERR_FORM_SIZE: jb_custom_error_handler('upload', "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.", __FILE__, 0, $vars); break; case UPLOAD_ERR_PARTIAL: jb_custom_error_handler('upload', "The uploaded file was only partially uploaded.", __FILE__, 0, $vars); break; case UPLOAD_ERR_NO_FILE: jb_custom_error_handler('upload', "No file was uploaded.", __FILE__, __LINE__, $vars); break; case UPLOAD_ERR_NO_TMP_DIR: jb_custom_error_handler('upload', "Missing a temporary folder.", __FILE__, __LINE__, $vars); break; case UPLOAD_ERR_CANT_WRITE: jb_custom_error_handler('upload', "Failed to write file to disk", __FILE__, __LINE__, $vars); break; default: jb_custom_error_handler('upload', "Unknown File Error", __FILE__, __LINE__, $vars); } } return $new_name; }
<?php echo $label["c_alert_head2"]; ?> <p> <?php echo $label["c_alert_intro"]; ?> </p> <form method="post" action="alerts.php"> <input type="hidden" name="key" value="<?php echo JB_escape_html(JB_clean_str($_REQUEST['key'])); ?> "> <input type="hidden" name="id" value="<?php echo JB_escape_html(JB_clean_str($_REQUEST['id'])); ?> "> <table border="0" cellSpacing="1" cellPadding="3" class="dynamic_form" id='dynamic_form'> <tr><td class="dynamic_form_field"><?php echo $label["c_alert_receive"]; ?> </td> <td class="dynamic_form_value"><input type="radio" name="notification" <?php if ($notification == '1') { echo " checked "; } ?> value="1"><?php echo $label["c_alert_yes"];
function JB_merge_language_files($force_update = false) { if (JB_DEMO_MODE == 'YES') { return; } global $label; // load in the main english_default labels $source_label = array(); include_once jb_get_english_default_dir() . 'english_default.php'; // the master lang/english_default $source_label = array_merge($source_label, $label); // default english labels unset($label); $label = array(); $last_mtime = filemtime(jb_get_english_default_dir() . 'english_default.php'); // load the english_default.php labels for all themes // global $JB_LANG_THEMES; $themes = $JB_LANG_THEMES; if (isset($_REQUEST['jb_theme'])) { // Admin->Main Config, Admin-> Languagess if (isset($_REQUEST['lang_code'])) { $lang = $_REQUEST['lang_code']; // comes from Admin->Languages } else { $lang = $_SESSION['LANG']; } $themes[$lang] = $_REQUEST['jb_theme']; } $themes = array_unique($themes); // get the english_default.php for each theme foreach ($themes as $key => $theme) { $theme_path = JB_get_theme_dir() . $theme . '/'; if (file_exists($theme_path . 'lang/english_default.php')) { include $theme_path . 'lang/english_default.php'; $source_label = array_merge($source_label, $label); // default english labels unset($label); $label = array(); $m_time = filemtime($theme_path . "lang/english_default.php"); if ($m_time > $last_mtime) { $last_mtime = $m_time; } } } if ($force_update) { $last_mtime = time(); } // Now we should have all the source labels in $source_label and // last modification time in $last_mtime // Grab all the languages installed $sql = "SELECT * FROM lang "; $result = JB_mysql_query($sql) or die(mysql_error()); // Now merge the english_default.php strings with the language files while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { // now that we have all the source labels, we can merge them with // the langauge file. Any key that is present in the source, but // not present if (is_writable(jB_get_lang_dir() . $row['lang_filename'])) { if ($last_mtime > filemtime(jB_get_lang_dir() . $row['lang_filename'])) { echo "Merging language strings for " . jb_escape_html($row['lang_filename']) . ".. <br>"; // Now merge the english defaults with the langauge file include jB_get_lang_dir() . $row['lang_filename']; // customized labels $dest_label = array_merge($source_label, $label); $label = null; // write out the new file: $out = "<?php\n"; $out .= "///////////////////////////////////////////////////////////////////////////\n"; $out .= "// IMPORTANT NOTICE\n"; $out .= "///////////////////////////////////////////////////////////////////////////\n"; $out .= "// This file was generated by a script!\n"; $out .= "// (JB_merge_language_files() function)\n"; $out .= "// Please do not edit the language files by hand\n"; $out .= "// - please always use the Language Translation / Editing tool found\n"; $out .= "// in Admin->Languages\n"; $out .= "// To add a new phrase for the \$label, please edit english_default.php, and\n"; $out .= "// then vist Admin->Main Summary where the language files will be\n"; $out .= "// automatically merged with this file.\n"; $out .= "///////////////////////////////////////////////////////////////////////////\n"; foreach ($dest_label as $key => $val) { $val = str_replace("'", "\\'", $val); $out .= "\$label['{$key}']='" . JB_clean_str($val) . "'; \n"; } $out .= "?>\n"; $handler = fopen(jB_get_lang_dir() . $row['lang_filename'], "w"); fputs($handler, $out); fclose($handler); } } else { echo "<font color='red'><b>- " . jB_get_lang_dir() . $row['lang_filename'] . " file is not writable. Give write permissions (" . decoct(JB_NEW_FILE_CHMOD) . ") to " . jB_get_lang_dir() . $row['lang_filename'] . " file and then disable & re-enable this plugin</b></font><br>"; } } if ($out) { echo " Done.<br>"; } }
function JB_save_skill_matrix_data($field_id, $object_id, $user_id) { if ($object_id == '') { return false; } $row_count = JB_get_matrix_row_count($field_id); $sql = "DELETE FROM skill_matrix_data WHERE field_id='" . jb_escape_sql($field_id) . "' AND `object_id`='" . jb_escape_sql($object_id) . "' AND user_id='" . jb_escape_sql($user_id) . "' "; JB_mysql_query($sql) or die($sql . mysql_error()); for ($i = 0; $i < $row_count; $i++) { // field id=110, row=0, user_id /* primary key is: field_id row user_id */ $sql = "REPLACE INTO skill_matrix_data (field_id, row, name, years, rating, object_id, user_id) values({$field_id}, {$i}, '" . JB_clean_str($_REQUEST[$field_id . "name" . $i]) . "', '" . jb_escape_sql($_REQUEST[$field_id . "years" . $i]) . "', '" . jb_escape_sql($_REQUEST[$field_id . "rating" . $i]) . "', '" . jb_escape_sql($object_id) . "', '" . jb_escape_sql($user_id) . "') "; if (trim($_REQUEST[$field_id . "name" . $i]) != '') { JB_mysql_query($sql) or die("[skill matrix]" . $sql . mysql_error()); } } }
function JB_validate_employer_data($form_id) { global $label; $errors = array(); if ($_REQUEST['FirstName'] == false) { $errors[] = $label['employer_signup_error_name']; } if ($_REQUEST['LastName'] == false) { $errors[] = $label['employer_signup_error_ln']; } if ($_REQUEST['user_id'] == false) { if ($_REQUEST['Password'] != $_REQUEST['Password2']) { $errors[] = $label['employer_signup_error_pmatch']; } if ($_REQUEST['Username'] == false) { $errors[] = $label["employer_signup_error_user"]; } else { $sql = "SELECT * FROM `employers` WHERE `Username`='" . jb_escape_sql($_REQUEST['Username']) . "' "; $result = JB_mysql_query($sql) or die(mysql_error() . $sql); $row = mysql_fetch_array($result, MYSQL_ASSOC); if ($row['Username'] != false) { $errors[] = str_replace('%username%', jb_escape_html($_REQUEST['Username']), $label['employer_signup_error_inuse']); } elseif (!preg_match('#^[a-z0-9À-ÿ\\-_\\.@]+$#Di', $_REQUEST['Username'])) { $errors[] = $label['employer_signup_error_uname']; } } if ($_REQUEST['Password'] == false) { $errors[] = $label["employer_signup_error_p"]; } elseif (strlen(trim($_REQUEST['Password'])) < 6) { $errors[] = $label['employer_signup_error_pw_too_weak']; } if ($_REQUEST['Password2'] == false) { $errors[] = $label['employer_signup_error_p2']; } } if ($_REQUEST['Email'] == false) { $errors[] = $label["employer_signup_error_email"]; } elseif (!JB_validate_mail($_REQUEST['Email'])) { $errors[] = $label['employer_signup_error_invemail']; } else { if ($_REQUEST['user_id'] == false) { // for new account signups, make sure the email does not already exist $result = JB_mysql_query("SELECT * from `employers` WHERE `Email`='" . jb_escape_sql($_REQUEST['Email']) . "'") or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); } if ($row['Email'] != false) { $errors[] = $label['employer_signup_email_in_use']; } } if ($_REQUEST['user_id'] != false) { if (!is_numeric($_REQUEST['user_id'])) { return 'Invalid Input!'; } } $_REQUEST['FirstName'] = JB_clean_str($_REQUEST['FirstName']); $_REQUEST['LastName'] = JB_clean_str($_REQUEST['LastName']); $_REQUEST['CompName'] = JB_clean_str($_REQUEST['CompName']); $_REQUEST['Username'] = JB_clean_str($_REQUEST['Username']); $_REQUEST['Email'] = JB_clean_str($_REQUEST['Email']); $_REQUEST['Newsletter'] = JB_clean_str($_REQUEST['Newsletter']); $_REQUEST['Notification1'] = JB_clean_str($_REQUEST['Notification1']); $_REQUEST['Notification2'] = JB_clean_str($_REQUEST['Notification2']); $_REQUEST['lang'] = JB_clean_str($_REQUEST['lang']); $error = ''; JBPLUG_do_callback('valiate_employer_account', $error); if ($error) { $list = explode('<br>', $error); foreach ($list as $item) { $errors[] = $item; } } JBPLUG_do_callback('valiate_employer_account_array', $errors); // added in 3.6.6 ($errors is a list) $errors = $errors + JB_validate_form_data(4); return $errors; }
} if (JB_request_was_made($candidate['ID'], $_SESSION['JB_ID']) == false && $error == '') { jb_add_new_request($candidate['ID'], $_SESSION['JB_ID'], 'REQUEST', $message); JB_mysql_query($sql) or die(mysql_error()); $result = JB_mysql_query("SELECT * from `employers` where `ID`='" . $_SESSION['JB_ID'] . "' ") or die(mysql_error()); $employer = mysql_fetch_array($result, MYSQL_ASSOC); $result = JB_get_email_template(4, $_SESSION['LANG']); $e_row = mysql_fetch_array($result, MYSQL_ASSOC); $EmailMessage = $e_row['EmailText']; //$from = $e_row[EmailFromAddress]; //$from_name = $e_row[EmailFromName]; $subject = $e_row['EmailSubject']; $EmailMessage = str_replace("%FNAME%", $candidate['FirstName'], $EmailMessage); $EmailMessage = str_replace("%LNAME%", $candidate['LastName'], $EmailMessage); $EmailMessage = str_replace("%EMPLOYER_NAME%", JB_clean_str($_REQUEST['from']), $EmailMessage); $EmailMessage = str_replace("%REPLY_TO%", JB_clean_str($_REQUEST['reply_to']), $EmailMessage); $EmailMessage = str_replace("%PERMIT_LINK%", JB_BASE_HTTP_PATH . JB_CANDIDATE_FOLDER . "permit.php?k=" . $key, $EmailMessage); $EmailMessage = str_replace("%SITE_NAME%", JB_SITE_NAME, $EmailMessage); $EmailMessage = str_replace("%MESSAGE%", $_REQUEST['message'], $EmailMessage); //echo $EmailMessage; $label["employer_request_letter_subject"] = str_replace("%SITE_NAME%", JB_SITE_NAME, $label["employer_request_letter_subject"]); $subject = $e_row['EmailSubject']; //$label["employer_request_letter_subject"]; $to = $candidate['Email']; $reply_to = stripslashes($reply_to); $from = stripslashes($from); $email_id = JB_queue_mail($to, jb_get_formatted_name($candidate['FirstName'], $candidate['LastName']), $reply_to, $from, $subject, $EmailMessage, '', 4); JB_process_mail_queue(1, $email_id); $JBMarkup->ok_msg($label['employer_request_sent']); } }
function jb_get_config_definitions() { $input = $_REQUEST; // do not allow evil tags foreach ($input as $key => $val) { $val = str_replace('\\', '\\\\', $input[$key]); // escape any '\' characters $input[$key] = str_replace('\'', "\\'", trim(JB_clean_str($val))); // escape ' characters } // clean the sensitive settings $input['jb_cache_driver'] = preg_replace('/[^a-z^0-9^-^_]+/i', '', $input['jb_cache_driver']); $input['jb_theme'] = preg_replace('/[^a-z^0-9^-^_]+/i', '', $input['jb_theme']); $input['jb_default_pay_meth'] = preg_replace('/[^a-z^0-9^-^_]+/i', '', $input['jb_default_pay_meth']); // process the lat and lng from a google map link // eg http://maps.google.com/maps?showlabs=1&ie=UTF8&ll=38.891033,-93.427734&spn=33.74472,73.740234&t=h&z=4 if (preg_match('/&ll=(-?[0-9\\.\\+\\-]+),(-?[0-9\\.\\+\\-]+)?&/', $input['gmap_location'], $m)) { $input['gmap_lat'] = $m[1]; $input['gmap_lng'] = $m[2]; } if (!$input['jb_new_file_chmod']) { $input['jb_new_file_chmod'] = '0666'; } if (!$input['jb_new_dir_chmod']) { $input['jb_new_dir_chmod'] = '0777'; } if (!defined('JB_DEMO_MODE')) { define('JB_DEMO_MODE', 'NO'); } $str = " \n\ndefine('JB_SITE_NAME', '" . $input['site_name'] . "');\ndefine('JB_SITE_HEADING', '" . $input['site_heading'] . "');\ndefine('JB_SITE_DESCRIPTION', '" . $input['site_description'] . "');\ndefine('JB_SITE_KEYWORDS', '" . $input['site_keywords'] . "');\ndefine('JB_SITE_CONTACT_EMAIL', '" . $input['site_contact_email'] . "');\ndefine('JB_ADMIN_PASSWORD', '" . $input['admin_password'] . "');\ndefine('JB_THEME', '" . $input['jb_theme'] . "');\n\ndefine('JB_CRON_EMULATION_ENABLED', '" . $input['cron_emulation_enabled'] . "');\ndefine('JB_CRON_HTTP_ALLOW', '" . $input['cron_http_allow'] . "');\ndefine('JB_CRON_HTTP_USER', '" . $input['cron_http_user'] . "');\ndefine('JB_CRON_HTTP_PASS', '" . $input['cron_http_pass'] . "');\n\ndefine('JB_CACHE_ENABLED', '" . $input['jb_cache_enabled'] . "');\ndefine('JB_USE_SERIALIZE', '" . $input['use_serialize'] . "');\n\ndefine('JB_PLUGIN_SWITCH', '" . $input['jb_plugin_switch'] . "');\n// Paths and Locations\n\ndefine('JB_CANDIDATE_FOLDER', '" . $input['candidate_folder'] . "');\ndefine('JB_EMPLOYER_FOLDER', '" . $input['employer_folder'] . "');\n\n\ndefine('JB_IMG_MAX_WIDTH', '" . intval($input['img_max_width']) . "');\ndefine('JB_KEEP_ORIGINAL_IMAGES', '" . $input['jb_keep_original_images'] . "');\ndefine('JB_BIG_IMG_MAX_WIDTH', '" . intval($input['big_img_max_width']) . "');\ndefine('JB_IMG_PATH', '" . $input['img_path'] . "');\ndefine('JB_FILE_PATH', '" . $input['file_path'] . "');\ndefine('JB_IM_PATH', '" . $input['im_path'] . "');\ndefine('JB_USE_GD_LIBRARY', '" . $input['use_gd_library'] . "');\n\ndefine('JB_RSS_FEED_PATH', '" . $input['rss_feed_path'] . "');\ndefine('JB_RSS_FEED_LOGO', '" . $input['rss_feed_logo'] . "');\n\ndefine('JB_NEW_FILE_CHMOD', " . $input['jb_new_file_chmod'] . ");\ndefine('JB_NEW_DIR_CHMOD', " . $input['jb_new_dir_chmod'] . ");\n\n\n\nif (isset(\$_SERVER['HTTPS']) && !empty(\$_SERVER['HTTPS']) && (strtolower(\$_SERVER['HTTPS']) != 'off')) {\n//if (true) {\n\tdefine('JB_SITE_LOGO_URL', str_replace('http:', 'https:', '" . $input['site_logo_url'] . "'));\n\tdefine('JB_FILE_HTTP_PATH', str_replace('http:', 'https:', '" . $input['file_http_path'] . "'));\n\tdefine('JB_BASE_HTTP_PATH', str_replace('http:', 'https:', '" . $input['base_http_path'] . "'));\n\tdefine('JB_IMG_HTTP_PATH', str_replace('http:', 'https:', '" . $input['img_http_path'] . "'));\n\t\n} else {\n\t\n\tdefine('JB_SITE_LOGO_URL', '" . $input['site_logo_url'] . "');\n\tdefine('JB_FILE_HTTP_PATH', '" . $input['file_http_path'] . "');\n\tdefine('JB_BASE_HTTP_PATH', '" . $input['base_http_path'] . "');\n\tdefine('JB_IMG_HTTP_PATH', '" . $input['img_http_path'] . "');\n}\n\ndefine('JB_NAME_FORMAT', '" . $input['jb_name_format'] . "');\n// categories\n\ndefine('JB_CAT_PATH_ONLY_LEAF', '" . $input['jb_cat_path_only_leaf'] . "');\ndefine('JB_CAT_RSS_SWITCH', '" . $input['jb_cat_rss_switch'] . "');\ndefine('JB_SHOW_SUBCATS', '" . intval($input['show_subcats']) . "');\ndefine('JB_CAT_COLS_FP', '" . intval($input['cat_cols_fp']) . "');\ndefine('JB_CAT_COLS', '" . intval($input['cat_cols']) . "');\ndefine('JB_FORMAT_SUB_CATS', '" . $input['format_sub_cats'] . "');\ndefine('JB_SUB_CATEGORY_COLS', '" . intval($input['sub_category_cols']) . "');\ndefine('JB_CAT_NAME_CUTOFF', '" . $input['cat_name_cutoff'] . "');\ndefine('JB_CAT_NAME_CUTOFF_CHARS', '" . $input['cat_name_cutoff_chars'] . "');\ndefine('JB_INDENT_CATEGORY_LIST', '" . $input['indent_category_list'] . "');\ndefine('JB_CAT_SHOW_OBJ_COUNT', '" . $input['cat_show_obj_count'] . "');\ndefine('JB_MOD_REWRITE_REMOVE_ACCENTS', '" . $input['mod_rewrite_remove_accents'] . "');\ndefine('JB_CAT_MOD_REWRITE', '" . $input['cat_mod_rewrite'] . "');\ndefine('JB_JOB_MOD_REWRITE', '" . $input['job_mod_rewrite'] . "');\ndefine('JB_PRO_MOD_REWRITE', '" . $input['pro_mod_rewrite'] . "');\ndefine('JB_MOD_REWRITE_DIR', '" . $input['mod_rewrite_dir'] . "');\ndefine('JB_MOD_REWRITE_JOB_DIR', '" . $input['mod_rewrite_job_dir'] . "');\ndefine('JB_MOD_REWRITE_PRO_DIR', '" . $input['mod_rewrite_pro_dir'] . "');\ndefine('JB_JOB_PAGES_MOD_REWRITE', '" . $input['job_pages_mod_rewrite'] . "');\ndefine('JB_MOD_REWRITE_JOB_PAGES_PREFIX', '" . $input['mod_rewrite_job_pages_prefix'] . "');\n// data cleaning\ndefine('JB_STRIP_HTML', 'YES');\ndefine('JB_STRIP_LATIN1', '" . $input['strip_latin1'] . "');\ndefine('JB_BREAK_LONG_WORDS', '" . $input['break_long_words'] . "');\ndefine('JB_LNG_MAX', '" . intval($input['lng_max']) . "');\ndefine('JB_CLEAN_STRINGS', '" . $input['clean_strings'] . "');\ndefine('JB_ALLOWED_EXT', '" . trim($input['allowed_ext']) . "');\ndefine('JB_ALLOWED_IMG', '" . trim($input['allowed_img']) . "');\ndefine('JB_MAX_UPLOAD_BYTES', '" . intval($input['max_upload_bytes']) . "');\n\n// features\ndefine('JB_CAN_LANG_ENABLED', '" . $input['can_lang_enabled'] . "');\ndefine('JB_EMP_LANG_ENABLED', '" . $input['emp_lang_enabled'] . "');\ndefine('JB_MAP_DISABLED', '" . $input['map_disabled'] . "');\n\ndefine('JB_GMAP_LOCATION', '" . $input['gmap_location'] . "');\ndefine('JB_GMAP_LAT', '" . $input['gmap_lat'] . "');\ndefine('JB_GMAP_LNG', '" . $input['gmap_lng'] . "');\ndefine('JB_GMAP_ZOOM', '" . $input['gmap_zoom'] . "');\ndefine('JB_GMAP_SHOW_IF_MAP_EMPTY', '" . $input['gmap_show_if_map_empty'] . "');\ndefine('JB_PIN_IMAGE_FILE', '" . $input['pin_image_file'] . "');\ndefine('JB_MAP_IMAGE_FILE', '" . $input['map_image_file'] . "');\ndefine('JB_PREVIEW_RESUME_IMAGE', '" . $input['preview_resume_image'] . "');\ndefine('JB_BAD_WORD_FILTER', '" . $input['bad_word_filter'] . "');\ndefine('JB_BAD_WORDS', '" . trim($input['bad_words']) . "');\ndefine('JB_ONLINE_APP_ENABLED', '" . $input['online_app_enabled'] . "');\ndefine('JB_APP_CHOICE_SWITCH', '" . $input['jb_app_choice_switch'] . "');\n\ndefine('JB_RESUME_REPLY_ENABLED', '" . $input['resume_reply_enabled'] . "');\ndefine('JB_FIELD_BLOCK_APP_SWITCH', '" . $input['field_block_app_switch'] . "');\n\ndefine('JB_JOB_ALERTS_ENABLED', '" . $input['job_alerts_enabled'] . "');\ndefine('JB_RESUME_ALERTS_ENABLED', '" . $input['resume_alerts_enabled'] . "');\n\ndefine('JB_JOB_ALERTS_DAYS', '" . intval($input['job_alerts_days']) . "');\n\ndefine('JB_RESUME_ALERTS_DAYS', '" . intval($input['resume_alerts_days']) . "');\ndefine('JB_TAF_ENABLED', '" . $input['taf_enabled'] . "');\ndefine('JB_SAVE_JOB_ENABLED', '" . $input['save_job_enabled'] . "');\ndefine('JB_SHOW_PREMIUM_LIST', '" . $input['jb_show_premium_list'] . "');\ndefine('JB_DONT_REPEAT_PREMIUM', '" . $input['jb_dont_repeat_premium'] . "');\ndefine('JB_ONLINE_APP_SIGN_IN', '" . $input['online_app_sign_in'] . "');\ndefine('JB_ONLINE_APP_EMAIL_ADMIN', '" . $input['online_app_email_admin'] . "');\ndefine('JB_ONLINE_APP_EMAIL_PREMIUM', '" . $input['online_app_email_premium'] . "');\ndefine('JB_ONLINE_APP_EMAIL_STD', '" . $input['online_app_email_std'] . "');\ndefine('JB_ONLINE_APP_REVEAL_PREMIUM', '" . $input['online_app_reveal_premium'] . "');\ndefine('JB_ONLINE_APP_REVEAL_STD', '" . $input['online_app_reveal_std'] . "');\ndefine('JB_ONLINE_APP_REVEAL_RESUME', '" . $input['online_app_reveal_resume'] . "');\ndefine('JB_TAF_SIGN_IN', '" . $input['taf_sign_in'] . "');\ndefine('JB_ANON_RESUME_ENABLED', '" . $input['anon_resume_enabled'] . "');\ndefine('JB_FIELD_BLOCK_SWITCH', '" . $input['field_block_switch'] . "');\ndefine('JB_MEMBER_FIELD_SWITCH', '" . $input['member_field_switch'] . "');\ndefine('JB_MEMBER_FIELD_IGNORE_PREMIUM', '" . $input['jb_member_field_ignore_premium'] . "');\ndefine('JB_NEED_SUBSCR_FOR_REQUEST', '" . $input['need_subscr_for_request'] . "');\ndefine('JB_JOB_ALERTS_ACTIVE_DAYS', '" . intval($input['job_alerts_active_days']) . "');\ndefine('JB_JOB_ALERTS_ITEMS', '" . intval($input['job_alerts_items']) . "');\ndefine('JB_RESUME_ALERTS_ACTIVE_DAYS', '" . intval($input['resume_alerts_active_days']) . "');\ndefine('JB_RESUME_ALERTS_ITEMS', '" . intval($input['resume_alerts_items']) . "');\ndefine('JB_RESUME_ALERTS_SUB_IGNORE', '" . $input['jb_resume_alerts_sub_ignore'] . "');\ndefine('JB_CODE_ORDER_BY', '" . $input['jb_code_order_by'] . "');\n// Database\ndefine('JB_MYSQL_HOST', '" . $input['jb_mysql_host'] . "');\ndefine('JB_MYSQL_USER', '" . $input['jb_mysql_user'] . "');\ndefine('JB_MYSQL_PASS', '" . $input['jb_mysql_pass'] . "');\ndefine('JB_MYSQL_DB', '" . $input['jb_mysql_db'] . "');\n//date & time\ndefine('JB_DATE_FORMAT', '" . $input['date_format'] . "');\ndefine('JB_GMT_DIF', '" . $input['gmt_dif'] . "');\n\ndefine('JB_SCW_INPUT_SEQ', '" . $input['scw_input_seq'] . "');\ndefine('JB_SCW_DATE_FORMAT', '" . $input['scw_date_format'] . "');\n\n\ndefine('JB_DATE_INPUT_SEQ', '" . $input['date_input_seq'] . "');\n// Accounts permissions\ndefine('JB_CA_NEEDS_ACTIVATION', '" . $input['ca_needs_activation'] . "');\ndefine('JB_EM_NEEDS_ACTIVATION', '" . $input['em_needs_activation'] . "');\ndefine('JB_FREE_POST_LIMIT', '" . $input['free_post_limit'] . "');\ndefine('JB_FREE_POST_LIMIT_MAX', '" . intval($input['free_post_limit_max']) . "');\ndefine('JB_BEGIN_PREMIUM_CREDITS', '" . intval($input['begin_premium_credits']) . "');\ndefine('JB_BEGIN_STANDARD_CREDITS', '" . intval($input['begin_standard_credits']) . "');\ndefine('JB_ALLOW_ADMIN_LOGIN', '" . $input['allow_admin_login'] . "');\n\n\n// menu\ndefine('JB_CANDIDATE_MENU_TYPE', '" . $input['candidate_menu_type'] . "');\ndefine('JB_EMPLOYER_MENU_TYPE', '" . $input['employer_menu_type'] . "');\n//search form\ndefine('JB_SEARCH_FORM_LAYOUT', '" . $input['search_form_layout'] . "');\n\ndefine('JB_SUBSCRIPTION_FEE_ENABLED', '" . $input['subscription_fee_enabled'] . "');\ndefine('JB_POSTING_FEE_ENABLED', '" . $input['posting_fee_enabled'] . "');\ndefine('JB_PREMIUM_AUTO_UPGRADE', '" . $input['premium_auto_upgrade'] . "');\n\ndefine('JB_CANDIDATE_MEMBERSHIP_ENABLED', '" . $input['candidate_membership_enabled'] . "');\ndefine('JB_EMPLOYER_MEMBERSHIP_ENABLED', '" . $input['employer_membership_enabled'] . "');\ndefine('JB_PREMIUM_POSTING_FEE_ENABLED', '" . $input['premium_posting_fee_enabled'] . "');\ndefine('JB_INVOICE_ID_START', '" . intval($input['invoice_id_start']) . "');\ndefine('JB_DEFAULT_PAY_METH', '" . $input['jb_default_pay_meth'] . "');\n\n// Posts...\ndefine('JB_POSTS_NEED_APPROVAL', '" . $input['posts_need_approval'] . "');\ndefine('JB_POSTS_PER_PAGE', '" . intval($input['posts_per_page']) . "');\ndefine('JB_POSTS_PER_RSS', '" . intval($input['posts_per_rss']) . "');\ndefine('JB_PREMIUM_POSTS_PER_PAGE', '" . intval($input['premium_posts_per_page']) . "');\ndefine('JB_PREMIUM_POSTS_LIMIT', '" . $input['premium_posts_limit'] . "');\ndefine('JB_P_POSTS_DISPLAY_DAYS', '" . intval($input['p_posts_display_days']) . "');\n\ndefine('JB_POSTS_DISPLAY_DAYS', '" . intval($input['posts_display_days']) . "');\ndefine('JB_POSTS_DESCRIPTION_CHARS', '" . intval($input['posts_description_chars']) . "');\ndefine('JB_POSTS_SHOW_DESCRIPTION', '" . $input['posts_show_description'] . "');\ndefine('JB_POSTS_SHOW_JOB_TYPE', '" . $input['posts_show_job_type'] . "');\ndefine('JB_POSTS_SHOW_POSTED_BY', '" . $input['posts_show_posted_by'] . "');\ndefine('JB_POSTS_SHOW_POSTED_BY_BR', '" . $input['posts_show_posted_by_br'] . "');\ndefine('POSTS_SHOW_CATEGORY', '" . $input['posts_show_category'] . "');\ndefine('POSTS_SHOW_CATEGORY_BR', '" . $input['posts_show_category_br'] . "');\ndefine('JB_POSTS_SHOW_DAYS_ELAPSED', '" . $input['posts_show_days_elapsed'] . "');\n\ndefine('JB_P_POSTS_SHOW_DAYS_ELAPSED', '" . $input['p_posts_show_days_elapsed'] . "');\ndefine('JB_SHOW_PREMIUM_HITS', '" . $input['show_premium_hits'] . "');\ndefine('JB_MANAGER_POSTS_PER_PAGE', '" . intval($input['manager_posts_per_page']) . "');\ndefine('JB_POSTING_FORM_HEIGHT', '" . intval($input['posting_form_height']) . "');\n\n// Resumes\ndefine('JB_RESUMES_NEED_APPROVAL', '" . $input['resumes_need_approval'] . "');\ndefine('JB_RESUMES_PER_PAGE', '" . intval($input['resumes_per_page']) . "');\ndefine('JB_RESUME_REQUEST_SWITCH', '" . $input['resume_request_switch'] . "');\n\n// Email\n\ndefine('JB_USE_MAIL_FUNCTION', '" . $input['use_mail_function'] . "');\ndefine('JB_EMAIL_HOSTNAME', '" . $input['email_hostname'] . "');\ndefine('JB_EMAIL_SMTP_SERVER', '" . $input['email_smtp_server'] . "');\ndefine('JB_EMAIL_POP_SERVER', '" . $input['email_pop_server'] . "');\ndefine('JB_EMAIL_SMTP_USER', '" . $input['email_smtp_user'] . "');\ndefine('JB_EMAIL_SMTP_PASS', '" . $input['email_smtp_pass'] . "');\ndefine('JB_EMAIL_SMTP_AUTH_HOST', '" . $input['email_smtp_auth_host'] . "');\ndefine('JB_EMAIL_SMTP_PORT', '" . intval($input['email_smtp_port']) . "');\ndefine('JB_POP3_PORT', '" . intval($input['pop3_port']) . "');\ndefine('JB_EMAIL_SIG_SWITCH', '" . $input['email_sig_switch'] . "');\ndefine('JB_EMAIL_ADMIN_RECEIPT_SWITCH', '" . $input['email_admin_receipt_switch'] . "');\ndefine('JB_EMAIL_ORDER_COMPLETED_SWITCH', '" . $input['email_order_completed_switch'] . "');\ndefine('JB_EMAIL_MEMBER_EXP_SWITCH', '" . $input['email_member_exp_switch'] . "');\ndefine('JB_EMAIL_SUBSCR_EXP_SWITCH', '" . $input['email_subscr_exp_switch'] . "');\ndefine('JB_EMAIL_CANDIDATE_RECEIPT_SWITCH', '" . $input['email_candidate_receipt_switch'] . "');\ndefine('JB_EMAIL_DEBUG_SWITCH', '" . $input['email_debug_switch'] . "');\ndefine('EMAIL_URL_SHORTEN', '" . $input['email_url_shorten'] . "');\ndefine('JB_EMAIL_EMPLOYER_SIGNUP_SWITCH', '" . $input['email_employer_signup_switch'] . "');\ndefine('JB_EMAIL_CANDIDATE_SIGNUP_SWITCH', '" . $input['jb_email_candidate_signup_switch'] . "');\ndefine('JB_EMAIL_EMP_SIGNUP', '" . $input['jb_email_emp_signup'] . "');\ndefine('JB_EMAIL_CAN_SIGNUP', '" . $input['jb_email_can_signup'] . "');\ndefine('JB_EMAIL_AT_REPLACE', '" . $input['email_at_replace'] . "');\ndefine('JB_EMAIL_NEW_POST_SWITCH', '" . $input['email_new_post_switch'] . "');\ndefine('JB_EMAILS_PER_BATCH', '" . intval($input['emails_per_batch']) . "');\ndefine('JB_EMAILS_MAX_RETRY', '" . intval($input['emails_max_retry']) . "');\ndefine('JB_EMAILS_ERROR_WAIT', '" . intval($input['emails_error_wait']) . "');\ndefine('JB_EMAILS_DAYS_KEEP', '" . intval($input['emails_days_keep']) . "');\ndefine('JB_EMAIL_POP_BEFORE_SMTP', '" . $input['email_pop_before_smtp'] . "');\ndefine('JB_EMAIL_SMTP_SSL', '" . $input['jb_email_smtp_ssl'] . "');\ndefine('JB_ENABLED_PLUGINS', '" . $input['jb_enabled_plugins'] . "');\ndefine('JB_PLUGIN_CONFIG', '" . str_replace('\'', '\\\'', JB_PLUGIN_CONFIG) . "');\ndefine('JB_EMAIL_ADMIN_RESUPDATE_SWITCH', '" . $input['jb_email_admin_resupdate_switch'] . "');\ndefine('JB_EMAIL_ADMIN_NEWORD_SWITCH', '" . $input['jb_email_admin_neword_switch'] . "');\ndefine('JB_EMAIL_POST_EXP_SWITCH', '" . $input['jb_email_post_exp_switch'] . "');\ndefine('JB_EMAIL_POST_APPR_SWITCH', '" . $input['jb_email_post_appr_switch'] . "');\ndefine('JB_EMAIL_POST_DISAPP_SWITCH', '" . $input['jb_email_post_disapp_switch'] . "');\ndefine('JB_CRON_LIMIT', '" . $input['jb_cron_limit'] . "');\ndefine('JB_LIST_HOVER_COLOR', '" . $input['jb_list_hover_color'] . "');\ndefine('JB_LIST_BG_COLOR', '" . $input['jb_list_bg_color'] . "');\ndefine('JB_SET_CUSTOM_ERROR', '" . $input['jb_set_custom_error'] . "');\ndefine('JB_DEMO_MODE', '" . JB_DEMO_MODE . "');\ndefine('JB_MEMCACHE_HOST', '" . $input['jb_memcache_host'] . "');\ndefine('JB_MEMCACHE_PORT', '" . $input['jb_memcache_port'] . "');\ndefine('JB_MEMCACHE_COMPRESSED', '" . $input['jb_memcache_compressed'] . "');\ndefine('JB_CACHE_DRIVER', '" . $input['jb_cache_driver'] . "');\ndefine('JB_POSTS_SHOW_JOB_TYPE_BR', '" . $input['posts_show_job_type_br'] . "');\n\n\n\n\t"; JBPLUG_do_callback('set_edit_config_str', $str); //A plugin can modify the $val return $str; }
$JBMarkup->charset_meta_tag(); // character set $JBMarkup->no_robots_meta_tag(); // do not follow, do not index $JBMarkup->head_close(); $JBMarkup->body_open('style="background-color:white"'); $submit = JB_clean_str($_REQUEST['submit']); $post_id = (int) $_REQUEST['post_id']; $url = JB_clean_str($_REQUEST['url']); // Assume quotes is always On, we need to strip slashes. $subject = JB_clean_str(stripslashes($_REQUEST['subject'])); $message = JB_clean_str(stripslashes($_REQUEST['message'])); $your_name = JB_clean_str(stripslashes($_REQUEST['your_name'])); $your_email = JB_clean_str(stripslashes($_REQUEST['your_email'])); $to_email = JB_clean_str(stripslashes($_REQUEST['to_email'])); $to_name = JB_clean_str(stripslashes($_REQUEST['to_name'])); if (strlen(trim($to_name)) == 0) { $to_name = $to_email; } if (strlen(trim($your_name)) == 0) { $your_name = JB_get_formatted_name($_SESSION['JB_FirstName'], $_SESSION['JB_LastName']); } if (strlen(trim($your_email)) == 0) { //$your_email = $sql = "SELECT Email from users WHERE ID='" . jb_escape_sql($_SESSION['JB_ID']) . "'"; $result = jb_mysql_query($sql); if (mysql_num_rows($result)) { $your_email = array_pop(mysql_fetch_row($result)); } } if ($submit != '') {
function JB_validate_profile_data($form_id) { $error = ''; $errors = array(); // Make sure they are numeric if ($_REQUEST['profile_id'] != '') { if (!is_numeric($_REQUEST['profile_id'])) { return 'Invalid Input!'; } } if ($_REQUEST['user_id'] != '') { if (!is_numeric($_REQUEST['user_id'])) { return 'Invalid Input!'; } } $_REQUEST['profile_date'] = JB_clean_str($_REQUEST['profile_date']); $error = ''; JBPLUG_do_callback('JB_insert_profile_data', $error); // deprecated, use JB_insert_profile_data_array if ($error) { $list = explode('<br>', $error); foreach ($list as $item) { $errors[] = $item; } } JBPLUG_do_callback('JB_insert_profile_data_array', $errors); // added in 3.6.6 $errors = $errors + JB_validate_form_data(3); return $errors; }
function JB_validate_resume_data($form_id) { global $label; $errors = array(); // Make sure they are numeric if ($_REQUEST['resume_id'] != '') { if (!is_numeric($_REQUEST['resume_id'])) { return 'Invalid Input!'; } } // Make sure they are numeric if ($_REQUEST['user_id'] != '') { if (!is_numeric($_REQUEST['user_id'])) { return 'Invalid Input!'; } } $_REQUEST['list_on_web'] = JB_clean_str($_REQUEST['list_on_web']); $_REQUEST['resume_date'] = JB_clean_str($_REQUEST['resume_date']); $_REQUEST['anon'] = JB_clean_str($_REQUEST['anon']); $_REQUEST['approved'] = JB_clean_str($_REQUEST['approved']); JBPLUG_do_callback('validate_resume_data_array', $errors); // added in 3.6.6 to replace validate_resume_data. $errors is a list of reasons why the form cannot be saved $error = false; JBPLUG_do_callback('validate_resume_data', $error); // deprecated, use validate_resume_data_array instead if ($error) { $list = explode('<br>', $error); // in the old version, $error was just a string separated by <br>'s foreach ($list as $item) { $errors[] = $item; } } $errors = $errors + JB_validate_form_data(2); return $errors; }
// not anonymous JB_send_request_granted_email($user_id, $PForm->get_value('user_id')); } } } } else { $is_anon = 'N'; } } // strip slashes from data before sending it by email // (Jamit job board adds slashes regardless of PHP config) $app_letter = stripslashes(JB_clean_str($_REQUEST['app_letter'])); $app_subject = stripslashes(JB_clean_str($_REQUEST['app_subject'])); $app_name = stripslashes(JB_clean_str($_REQUEST['app_name'])); $to_name = stripslashes(JB_clean_str($POSTED_BY)); $to_address = stripslashes(JB_clean_str($EMAIL)); /* * Trying to guess your e-mail address. * It is better that you change this line to your address explicitly. * $from_address="*****@*****.**"; * $from_name="My Name"; */ $from_address = $app_email; $from_name = $app_name; $reply_name = $app_name; $reply_address = $app_email; $text_message = $app_letter; // Assign the Application template $e_result = JB_get_email_template(12, $_SESSION['LANG']); // html alert template if (mysql_num_rows($e_result) > 0) {
if (trim($e_row['CompName']) != '') { $EMPLOYER_NAME = $e_row['CompName']; } else { $EMPLOYER_NAME = jb_get_formatted_name($e_row['FirstName'], $e_row['LastName']); } $EMPLOYER_NAME = trim(strip_tags($EMPLOYER_NAME)); // just to make sure. if (JB_EMAIL_SIG_SWITCH == "YES") { $sig = "\n\n---\n" . $label["em_email_sent_from_sig"] . JB_SITE_NAME; $sig_html = "<p>---<br>" . $label["em_email_sent_from_sig"] . JB_SITE_NAME; } $apply = $_REQUEST['apply']; $email_letter = JB_clean_str(trim($_REQUEST['email_letter'])); $c_email = JB_clean_str(trim($_REQUEST['c_email'])); $c_name = JB_clean_str(trim($_REQUEST['c_name'])); $email_subject = JB_clean_str(trim($_REQUEST['email_subject'])); $success = false; if ($apply != '') { if ($email_letter == '') { $error .= $label['em_letter_error'] . "<br>"; } if ($c_email == '') { $error .= $label['em_email_error'] . "<br>"; } elseif (!JB_validate_mail($c_email)) { $error .= $label['em_email_invalid'] . "<br>"; } if ($c_name == '') { $error .= $label["em_name_error"] . "<br>"; } if ($error != '') { $JBMarkup->error_msg($label['em_error']);
function JB_saveImage($field_id, $user_id = false) { if ($user_id === false) { $user_id = $_SESSION['JB_ID']; } $a = explode(".", JB_clean_str($_FILES[$field_id]['name'])); if (sizeof($a) < 2) { // must have name and extension return false; } $ext = strtolower(array_pop($a)); $name = strtolower(array_shift($a)); if (!$name) { return false; } $name = $user_id . "_" . $name; // prefix the file with the user id $name = preg_replace('#[^a-z^0-9]+#i', "_", $name); // strip out unwanted characters $ext = preg_replace('#[^a-z^0-9]+#i', "_", $ext); // strip out unwanted characters $new_name = $name . time() . "." . $ext; //$new_name = $name.".".$ext; $uploadfile = jb_provision_archive_path($new_name, 'IMAGE'); $thumbfile = jb_provision_archive_path($new_name, 'THUMB'); if (strpos(strtoupper(PHP_OS), 'WIN') !== false) { // sometimes the dir can have double slashes on Win, remove 'em $_FILES[$field_id]['tmp_name'] = str_replace('\\\\', '\\', $_FILES[$field_id]['tmp_name']); } if (move_uploaded_file($_FILES[$field_id]['tmp_name'], $uploadfile)) { //if unix, update permissions chmod($uploadfile, JB_NEW_FILE_CHMOD); // plugins can hook here to do extra processing on the file JBPLUG_do_callback('save_image', $uploadfile, $field_id, $user_id); } else { //echo htmlentities('Could not move the image form the temp directory. (FROM: '.$_FILES[$field_id]['tmp_name'].' ->> TO: '.$uploadfile.') ').PHP_OS."<br>\n"; switch ($_FILES[$field_id]["error"]) { case UPLOAD_ERR_OK: jb_custom_error_handler('upload', "Uploaded the file OK, but the move failed", __FILE__, __LINE__, $vars); break; case UPLOAD_ERR_INI_SIZE: jb_custom_error_handler('upload', "The uploaded file exceeds the upload_max_filesize directive (" . ini_get("upload_max_filesize") . ") in php.ini.", __FILE__, __LINE__, $vars); break; case UPLOAD_ERR_FORM_SIZE: jb_custom_error_handler('upload', "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.", __FILE__, 0, $vars); break; case UPLOAD_ERR_PARTIAL: jb_custom_error_handler('upload', "The uploaded file was only partially uploaded.", __FILE__, 0, $vars); break; case UPLOAD_ERR_NO_FILE: jb_custom_error_handler('upload', "No file was uploaded.", __FILE__, __LINE__, $vars); break; case UPLOAD_ERR_NO_TMP_DIR: jb_custom_error_handler('upload', "Missing a temporary folder.", __FILE__, __LINE__, $vars); break; case UPLOAD_ERR_CANT_WRITE: jb_custom_error_handler('upload', "Failed to write file to disk", __FILE__, __LINE__, $vars); break; default: jb_custom_error_handler('upload', "Unknown File Error", __FILE__, __LINE__, $vars); } } // resize JB_gd_resize_image($field_id, $uploadfile, $thumbfile); // use GD Library @chmod($thumbfile, JB_NEW_FILE_CHMOD); if (JB_KEEP_ORIGINAL_IMAGES == 'YES') { // resize the original image. if (!defined('JB_BIG_IMG_MAX_WIDTH')) { define('JB_BIG_IMG_MAX_WIDTH', 1000); } JB_gd_resize_image($field_id, $uploadfile, $thumbfile . '.tmp', JB_BIG_IMG_MAX_WIDTH); // use GD Library unlink($uploadfile); // move the original image to the upload_files/images/ directory copy($thumbfile . '.tmp', $uploadfile); unlink($thumbfile . '.tmp'); } else { @unlink($uploadfile); // delete the original file. } return $new_name; }
<td width="118">Message (text)</td> <td width="322"></td> </tr> <tr> <td colspan="2"><pre><?php echo JB_escape_html($row['message']); ?> </pre></td> </tr> <tr> <td width="118">Message (HTML)</td> <td width="322"></td> </tr> <tr> <td colspan="2"><?php echo JB_clean_str($row['html_message']); ?> </td> </tr> <tr> <td width="118">Attachments</td> <td width="322"><?php echo JB_escape_html($row['att1_name']); ?> <br> <?php echo JB_escape_html($row['att2_name']); ?> <br> <?php echo JB_escape_html($row['att3_name']);
function JBPLUG_merge_english_default_files() { JBPLUG_require_all_plugins(); global $_JB_PLUGINS; $source_label = array(); // load in the main english_default labels include_once jb_get_english_default_dir() . "english_default.php"; // the master lang/english_default $source_label = array_merge($source_label, $label); // default english labels $label = array(); $last_mtime = filemtime(jb_get_english_default_dir() . "english_default.php"); $sql = "SELECT * FROM lang "; $result = JB_mysql_query($sql); // Now merge the english_default.php strings with the language files while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "Merging language strings for " . jb_escape_html($row['lang_filename']) . "..<br>"; /// for each of the plugins, load in the plugin's english default foreach ($_JB_PLUGINS as $class => $obj) { $plugin_english_default_path = dirname(__FILE__) . "/plugins/{$class}/lang/english_default.php"; if (!file_exists($plugin_english_default_path)) { continue; // skip } include_once $plugin_english_default_path; // load the labels from the plugins $source_label = array_merge($source_label, $label); $label = array(); $m_time = filemtime($plugin_english_default_path); if ($m_time > $last_mtime) { $last_mtime = $m_time; } } // now that we have all the source labels, we can merge them with // the langauge file. Any key that is present in the source, but // not present in the language file then we merge it. if (is_writable(jB_get_lang_dir() . $row['lang_filename'])) { if ($last_mtime > filemtime(jB_get_lang_dir() . $row['lang_filename'])) { // Now merge the english defaults with the langauge file include jB_get_lang_dir() . $row['lang_filename']; // customized labels $dest_label = array_merge($source_label, $label); $label = array(); // write out the new file: $out = "<?php\n"; $out .= "///////////////////////////////////////////////////////////////////////////\n"; $out .= "// IMPORTANT NOTICE\n"; $out .= "///////////////////////////////////////////////////////////////////////////\n"; $out .= "// This file was generated by a script!\n"; $out .= "// (JBPLUG_merge_english_default_files() function)\n"; $out .= "// Please do not edit the language files by hand\n"; $out .= "// - please always use the Language Translation / Editing tool found\n"; $out .= "// in Admin->Languages\n"; $out .= "// To add a new phrase for the \$label, please edit english_default.php, and\n"; $out .= "// then vist Admin->Main Summary where the language files will be\n"; $out .= "// automatically merged with this file.\n"; $out .= "///////////////////////////////////////////////////////////////////////////\n"; foreach ($dest_label as $key => $val) { $val = str_replace("'", "\\'", $val); $out .= "\$label['{$key}']='" . JB_clean_str($val) . "'; \n"; } $out .= "?>\n"; $handler = fopen(jB_get_lang_dir() . $row['lang_filename'], "w"); fputs($handler, $out); fclose($handler); } } else { echo "<font color='red'><b>- " . jB_get_lang_dir() . $row['lang_filename'] . " file is not writable. Give write permissions (" . decoct(JB_NEW_FILE_CHMOD) . ") to " . jB_get_lang_dir() . $row['lang_filename'] . " file and then disable & re-enable this plugin</b></font><br>"; } echo " Done.<br>"; } }
function JB_validate_post_data($insert_mode = 'EMPLOYER') { global $label; $error = ''; $errors = array(); /* Only check for credits if posted by employer */ if ($insert_mode == 'EMPLOYER' && $_REQUEST['post_id'] == false) { $sql = "select * from employers where ID='" . jb_escape_sql($_SESSION['JB_ID']) . "'"; $result = JB_mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); $_PRIVILEGED_USER = JB_is_privileged_user($_SESSION['JB_ID'], $_REQUEST['post_mode']); if ($_REQUEST['type'] != 'premium') { if (JB_POSTING_FEE_ENABLED == 'YES' && !$_PRIVILEGED_USER) { // check standard credits $posts = JB_get_num_posts_remaining($_SESSION['JB_ID']); if ($posts < 1 && $posts != -1) { $errors[] = $label['post_no_credits']; return $errors; } } } else { if (JB_PREMIUM_POSTING_FEE_ENABLED == 'YES' && !$_PRIVILEGED_USER) { // check standard credits $p_posts = JB_get_num_premium_posts_remaining($_SESSION['JB_ID']); if ($p_posts < 1 && $p_posts != -1) { $errors[] = $label['post_no_credits']; return $errors; } } } } if ($insert_mode != 'EMPLOYER') { $_PRIVILEGED_USER = true; } // Make sure they are numeric if ($_REQUEST['post_id'] != '') { if (!is_numeric($_REQUEST['post_id'])) { return 'Invalid Input!'; } } if ($_REQUEST['user_id'] != '') { if (!is_numeric($_REQUEST['user_id'])) { return 'Invalid Input!'; } } if ($_REQUEST['pin_x'] != '') { if (!is_numeric($_REQUEST['pin_x'])) { return 'Invalid Input!'; } } if ($_REQUEST['pin_y'] != '') { if (!is_numeric($_REQUEST['pin_y'])) { return 'Invalid Input!'; } } // app_type and app_url if ($_REQUEST['app_type'] == 'R') { // check the url. $_REQUEST['app_url'] = trim($_REQUEST['app_url']); $_REQUEST['app_url'] = JB_clean_str($_REQUEST['app_url']); if ($_REQUEST['app_url'] == false) { $errors[] = $label['post_save_app_url_blank']; } elseif (strpos($_REQUEST['app_url'], 'http://') === false && strpos($_REQUEST['app_url'], 'https://') === false) { $errors[] = $label['post_save_app_url_bad']; } } // clean any undesired input, leave nothing to chance $_REQUEST['post_date'] = JB_clean_str($_REQUEST['post_date']); $_REQUEST['post_mode'] = JB_clean_str($_REQUEST['post_mode']); $_REQUEST['approved'] = JB_clean_str($_REQUEST['approved']); $_REQUEST['expired'] = JB_clean_str($_REQUEST['expired']); $error = ''; JBPLUG_do_callback('validate_post_data', $error); // deprecated, use validate_post_data_array if ($error) { $list = explode('<br>', $error); foreach ($list as $item) { $errors[] = $item; } } JBPLUG_do_callback('validate_post_data_array', $errors); // added in 3.6.6 //append errors $errors = $errors + JB_validate_form_data(1); return $errors; }
function JB_validate_candidate_data($form_id) { global $label; $errors = array(); if ($_REQUEST['user_id'] == false) { if ($_REQUEST['Username'] == false) { $errors[] = $label["c_signup_error4"]; } else { $result = JB_mysql_query("SELECT * FROM `users` WHERE `Username`='" . jb_escape_sql($_REQUEST['Username']) . "' ") or die(mysql_error() . "we have error"); $row = mysql_fetch_array($result, MYSQL_ASSOC); if ($row['Username'] != '') { $label['c_signup_error5'] = str_replace("%USERNAME%", $row['Username'], $label['c_signup_error5']); $errors[] = $label['c_signup_error5']; } elseif (!preg_match('#^[a-z0-9À-ÿ\\-_\\.@]+$#Di', $_REQUEST['Username'])) { $errors[] = $label['c_signup_error11']; } } if ($_REQUEST['Password'] == false) { $errors[] = $label['c_signup_error6']; } elseif (strlen(trim($_REQUEST['Password'])) < 6) { $errors[] = $label['c_signup_error_pw_too_weak']; } if ($_REQUEST['Password2'] == false) { $errors[] = $label["c_signup_error7"]; } if ($_REQUEST['Password'] != $_REQUEST['Password2']) { $errors[] = $label["c_signup_error1"]; } } if ($_REQUEST['FirstName'] == false) { $errors[] = $label["c_signup_error2"]; } if ($_REQUEST['LastName'] == false) { $errors[] = $label["c_signup_error3"]; } if ($_REQUEST['Email'] == false) { $errors[] = $label["c_signup_error8"]; } elseif (!JB_validate_mail($_REQUEST['Email'])) { $errors[] = $label["c_signup_error8"]; } else { if ($_REQUEST['user_id'] == false) { $result = JB_mysql_query("SELECT * from `users` WHERE `Email`='" . jb_escape_sql($_REQUEST['Email']) . "'") or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); //validate email "; if ($row['Email'] != '') { $errors[] = " " . $label["c_signup_error10"] . " "; } } } if ($_REQUEST['user_id'] != '') { if (!is_numeric($_REQUEST['user_id'])) { return 'Invalid Input!'; } } $_REQUEST['FirstName'] = JB_clean_str($_REQUEST['FirstName']); $_REQUEST['LastName'] = JB_clean_str($_REQUEST['LastName']); $_REQUEST['Username'] = JB_clean_str($_REQUEST['Username']); $_REQUEST['Email'] = JB_clean_str($_REQUEST['Email']); $_REQUEST['Newsletter'] = JB_clean_str($_REQUEST['Newsletter']); $_REQUEST['Notification1'] = JB_clean_str($_REQUEST['Notification1']); $_REQUEST['Notification2'] = JB_clean_str($_REQUEST['Notification2']); $_REQUEST['lang'] = JB_clean_str($_REQUEST['lang']); JBPLUG_do_callback('valiate_candidate_account', $error); $error = ''; if ($error) { $list = explode('<br>', $error); foreach ($list as $item) { $errors[] = $item; } } JBPLUG_do_callback('valiate_candidate_account_array', $errors); // added in 3.6.6 $errors = $errors + JB_validate_form_data(5); return $errors; }
function clean_data($data) { $data = trim($data); if (strpos($data, '<![CDATA[') === 0) { // if is beginning with <![CDATA[ // then transform the CDATA $data = str_replace(array('<![CDATA[', ']]>'), array('', ''), $data); } else { // Treat the data as XML Entities $trans = array('<' => "<", '&' => "&", '>' => ">", '"' => '"', ''' => '\''); $data = strtr($data, $trans); } // convert the UTF-8 data to job board's internal format $data = JB_utf8_to_html($data); // Strip any unwanted tags and scrub data from potential // XSS attacks $data = JB_clean_str($data); return $data; }
function JB_validate_form_data() { global $label; $DFM = $this->get_DynamicFormMarkup(); $errors = array(); $sql = "SELECT *, t2.field_label AS LABEL, t2.error_message as error_message FROM form_fields as t1, form_field_translations as t2 WHERE t1.field_id=t2.field_id AND t2.lang='" . JB_escape_sql($_SESSION['LANG']) . "' AND form_id='" . JB_escape_sql($this->form_id) . "' AND field_type != 'SEPERATOR' AND field_type != 'BLANK' AND field_type != 'NOTE' order by field_sort"; $result = JB_mysql_query($sql) or die(mysql_error()); while ($field_row = mysql_fetch_array($result, MYSQL_ASSOC)) { JBPLUG_do_callback('validate_form_data_init_row', $field_row); // fit to database $_REQUEST[$field_row['field_id']] = jb_fit_to_db_size($field_row['field_type'], $_REQUEST[$field_row['field_id']]); $custom_error = null; // The following is a hook for plugins to set a custom error message // plugins should set the $custom_error to the error message or // false if no error message was set JBPLUG_do_callback('validate_form_data_custom_field', $custom_error, $field_row); if ($custom_error !== null) { if ($custom_error) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $custom_error); } continue; } if ($field_row['field_type'] == 'TEXT' || $field_row['field_type'] == 'TEXTAREA' || $field_row['field_type'] == 'EDITOR') { if (JB_check_for_bad_words($_REQUEST[$field_row['field_id']])) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['bad_words_not_accept']); } } if ($field_row['field_type'] == 'CATEGORY' && is_numeric($_REQUEST[$field_row['field_id']])) { $sql = "SELECT * FROM categories WHERE category_id='" . jb_escape_sql($_REQUEST[$field_row['field_id']]) . "' "; $cat_result = jb_mysql_query($sql); if ($cat_row = mysql_fetch_array($cat_result)) { if ($cat_row['allow_records'] == 'N') { $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['cat_records_not_allow']); } } } if (JB_BREAK_LONG_WORDS == 'YES') { if ($field_row['field_type'] == 'TEXT' || $field_row['field_type'] == 'TEXTAREA') { // HTML not allowed $_REQUEST[$field_row['field_id']] = trim(stripslashes(JB_break_long_words(addslashes($_REQUEST[$field_row['field_id']]), false))); } elseif ($field_row['field_type'] == 'EDITOR') { // HTML allowed, 2nd arg pass true $_REQUEST[$field_row['field_id']] = trim(addslashes(JB_break_long_words(stripslashes($_REQUEST[$field_row['field_id']]), true))); } } // clean the data.. if (JB_STRIP_LATIN1 == 'YES') { $_REQUEST[$field_row['field_id']] = JB_remove_non_latin1_chars($_REQUEST[$field_row['field_id']]); } if ($field_row['field_type'] == 'EDITOR' || $field_row['field_type'] == 'TEXTAREA') { if (JB_STRIP_HTML == 'YES') { // tags are allowed, remove them except on the white list. $_REQUEST[$field_row['field_id']] = stripslashes($_REQUEST[$field_row['field_id']]); $_REQUEST[$field_row['field_id']] = JB_clean_str($_REQUEST[$field_row['field_id']]); $_REQUEST[$field_row['field_id']] = addslashes($_REQUEST[$field_row['field_id']]); } } if (($field_row['field_type'] == 'FILE' || $field_row['field_type'] == 'IMAGE') && $_FILES[$field_row['field_id']]['name'] != '') { $a = explode(".", $_FILES[$field_row['field_id']]['name']); $ext = array_pop($a); if (!JB_is_filetype_allowed($_FILES[$field_row['field_id']]['name']) && $field_row['field_type'] == 'FILE') { $label['vaild_file_ext_error'] = str_replace("%EXT_LIST%", JB_ALLOWED_EXT, $label['vaild_file_ext_error']); $label['vaild_file_ext_error'] = str_replace("%EXT%", $ext, $label['vaild_file_ext_error']); $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['vaild_file_ext_error']); } if (!JB_is_imagetype_allowed($_FILES[$field_row['field_id']]['name']) && $field_row['field_type'] == 'IMAGE') { $label['vaild_image_ext_error'] = str_replace("%EXT_LIST%", JB_ALLOWED_IMG, $label['vaild_image_ext_error']); $label['vaild_image_ext_error'] = str_replace("%EXT%", $ext, $label['vaild_image_ext_error']); $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['vaild_image_ext_error']); } if (get_cfg_var('open_basedir') == NULL) { // open_basedir disabled // file size check when open_basedir is in effect if (@filesize($_FILES[$field_row['field_id']]['tmp_name']) > JB_MAX_UPLOAD_BYTES) { $label['valid_file_size_error'] = str_replace("%FILE_NAME%", $_FILES[$field_row['field_id']]['name'], $label['valid_file_size_error']); $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['vaild_image_ext_error']); } } } if ($field_row['is_required'] == 'Y') { if ($field_row['field_type'] == 'DATE' || $field_row['field_type'] == 'DATE_CAL') { $field_row['reg_expr'] = 'date'; // default to date check } if ($field_row['field_type'] == 'FILE' || $field_row['field_type'] == 'IMAGE') { if ($_REQUEST[$field_row['field_id']]) { // already uploaded a file, no error } continue; // go to the next item in the while() loop to process the next field. } if ($field_row['field_type'] == 'IMAGE') { continue; } switch ($field_row['reg_expr']) { case "not_empty": if ($field_row['field_type'] == 'GMAP') { if ($_REQUEST[$field_row['field_id'] . '_lat'] == 0 || $_REQUEST[$field_row['field_id'] . '_lng'] == 0) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']); } } elseif (trim($_REQUEST[$field_row['field_id']] == '')) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']); } break; case "email": if (!JB_validate_mail(trim($_REQUEST[$field_row['field_id']]))) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']); } break; case "date": if ($field_row['field_type'] == 'DATE') { $day = $_REQUEST[$field_row['field_id'] . "d"]; $month = $_REQUEST[$field_row['field_id'] . "m"]; $year = $_REQUEST[$field_row['field_id'] . "y"]; } if ($field_row['field_type'] == 'DATE_CAL') { $temp_date = JB_SCWDate_to_ISODate($_REQUEST[$field_row['field_id']]); preg_match('/(\\d+)-(\\d+)-(\\d+)/', JB_SCWDate_to_ISODate($_REQUEST[$field_row['field_id']]), $m); $year = $m[1]; $month = $m[2]; $day = $m[3]; } else { $ts = strtotime($field_row['field_id'] . " GMT"); if ($ts > 0) { $day = date('d', $ts); $month = date('m', $ts); $year = date('y', $ts); } } if ($month == '' || $day == '' || $year == '' || !@checkdate(intval($month), intval($day), intval($year))) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']); } break; case 'numeric': if (!is_numeric(trim($_REQUEST[$field_row['field_id']]))) { $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']); } break; default: break; } } } $error = ''; JBPLUG_do_callback('validate_form_data', $error, $this->form_id); if ($error) { $list = explode('<br>', $error); foreach ($list as $item) { $errors[] = $item; } } return $errors; }