function show_stats() { // this is a function called back from the hook, initialized on the StatsBox() constructor global $label; $sql = "SELECT * FROM jb_variables WHERE `key`='POST_COUNT_AP' or `key`='EMPLOYER_COUNT' or `key`='USER_COUNT' "; $result = JB_mysql_query($sql) or die(mysql_error()); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { if ($row['key'] == 'POST_COUNT_AP') { $jobs = $row['val']; } elseif ($row['key'] == 'EMPLOYER_COUNT') { $emp = $row['val']; } elseif ($row['key'] == 'USER_COUNT') { $seek = $row['val']; } } // you can call any of the functions defined by the job board: //echo "<p >"; if ($this->config['frame_border'] == 'YES') { JB_render_box_top($width = "98%", $label['StatsBox_heading'], $body_bg_color = '#ffffff'); } $label['StatsBox_jobs'] = str_replace('%COUNT%', $jobs, $label['StatsBox_jobs']); $label['StatsBox_seekers'] = str_replace('%COUNT%', $seek, $label['StatsBox_seekers']); $label['StatsBox_emp'] = str_replace('%COUNT%', $emp, $label['StatsBox_emp']); echo $label['StatsBox_jobs'] . "<br>"; echo $label['StatsBox_seekers'] . "<br>"; echo $label['StatsBox_emp'] . "<br>"; if ($this->config['frame_border'] == 'YES') { JB_render_box_bottom(); } //echo "</p>"; }
function JB_load_sitemap_data() { $data = array(); $sql = "SELECT val FROM jb_variables where `key`='SMAP_MAIN_PRIORITY' "; $result = JB_mysql_query($sql); $row = mysql_fetch_row($result); $data['main_priority'] = $row[0]; if ($data['main_priority'] == '') { $data['main_priority'] = '0.5'; } $sql = "SELECT val FROM jb_variables where `key`='SMAP_JOBS_PRIORITY' "; $result = JB_mysql_query($sql); $row = mysql_fetch_row($result); $data['jobs_priority'] = $row[0]; if ($data['jobs_priority'] == '') { $data['jobs_priority'] = '0.5'; } $sql = "SELECT val FROM jb_variables where `key`='SMAP_JOBS_MAX' "; $result = JB_mysql_query($sql); $row = mysql_fetch_row($result); $data['jobs_max'] = $row[0]; if ($data['jobs_max'] == '') { $data['jobs_max'] = '10000'; } $sql = "SELECT val FROM jb_variables where `key`='SMAP_EMP_PRIORITY' "; $result = JB_mysql_query($sql); $row = mysql_fetch_row($result); $data['emp_priority'] = $row[0]; if ($data['emp_priority'] == '') { $data['emp_priority'] = '0.5'; } $sql = "SELECT val FROM jb_variables where `key`='SMAP_CAT_PRIORITY' "; $result = JB_mysql_query($sql); $row = mysql_fetch_row($result); $data['cat_priority'] = $row[0]; if ($data['cat_priority'] == '') { $data['cat_priority'] = '0.5'; } $sql = "SELECT * FROM sitemaps_urls "; $result = JB_mysql_query($sql); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $data['extra_urls'] = $data['extra_urls'] . $row['url'] . ' ' . $row['priority'] . ' ' . $row['changefreq'] . "\n"; } return $data; }
function JB_load_motd($type) { if ($type != 'E' && $type != 'U') { return false; } $data = array(); $sql = "SELECT * FROM `motd` where `motd_type` = '" . jb_escape_sql($type) . "' AND `motd_lang`='" . jb_escape_sql($_SESSION['LANG']) . "' "; $result = @JB_mysql_query($sql) or $DB_ERROR = mysql_error(); $row = @mysql_fetch_array($result, MYSQL_ASSOC); $data['title'] = $row['motd_title']; $data['message'] = $row['motd_message']; $data['updated'] = $row['motd_date_updated']; $sql = "SELECT * FROM `jb_variables` where `key` = 'MOTD_" . jb_escape_sql($type) . "_DISPLAY' "; $result = @JB_mysql_query($sql) or $DB_ERROR = mysql_error(); $row = @mysql_fetch_array($result, MYSQL_ASSOC); $data['display'] = $row['val']; return $data; }
function membership_plan_list() { global $label; $PLM =& JB_get_ListMarkupObject('JBProductListMarkup'); // get the sublass of JBListMarkup.php, defined in that template file $PLM->list_heading($label['emp_member_header']); $PLM->list_sub_heading($label['emp_member_sub_head']); $PLM->set_colspan(3); $PLM->open_form('form1', 'order.php?action=membership'); $PLM->list_start('membership_plans', 'order_table'); $PLM->list_head_open(); $PLM->list_head_cell_open(); echo $label['emp_member_option']; $PLM->list_head_cell_close(); $PLM->list_head_cell_open(); echo $label['emp_member_price']; $PLM->list_head_cell_close(); $PLM->list_head_cell_open(); echo $label['emp_member_descr']; $PLM->list_head_cell_close(); $PLM->list_head_close(); $PLM->list_head_close(); // employer memberships.. $sql = "SELECT * from memberships WHERE type='E' order by price ASC, name "; $result = JB_mysql_query($sql); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $PLM->set_values($row); $PLM->list_item_open(); $PLM->list_cell_open('nowrap'); $PLM->product_selection('membership_id', $row['membership_id'], $row['name']); $PLM->list_cell_close(); $PLM->list_cell_open('nowrap'); $PLM->data_cell('price'); $PLM->list_cell_close(); $PLM->list_cell_open('fullwidth'); $PLM->product_label($row['membership_id']); $PLM->list_cell_close(); $PLM->list_item_close(); } $PLM->list_end(); $PLM->place_order_button($label['emp_member_placeorder']); $PLM->close_form(); }
function list_code_groups($form_id) { $form_id = (int) $form_id; $sql = "select * FROM `form_fields` WHERE form_id='{$form_id}' AND (field_type='CHECK' OR field_type='RADIO' OR field_type='SELECT' OR field_type='MSELECT' ) "; $result = JB_mysql_query($sql) or die(mysql_error()); if (mysql_num_rows($result) == 0) { echo " (0 codes)"; } echo "<ul>"; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { ?> <li><a href="" onclick="window.open('maintain_codes.php?field_id=<?php echo $row['field_id']; ?> ', '', 'toolbar=no,scrollbars=yes,location=no,statusbar=no,menubar=no,resizable=1,width=400,height=500,left = 150,top = 150');return false;" ><?php echo $row['field_label']; ?> </a> <?php } echo "</ul>"; }
function JB_load_help($type) { if ($type != 'E' && $type != 'U') { return false; } $data = array(); $sql = "SELECT * FROM `help_pages` where `help_type` = '{$type}' AND `help_lang`='" . jb_escape_sql($_SESSION['LANG']) . "' "; $result = @JB_mysql_query($sql) or $DB_ERROR = mysql_error(); $row = @mysql_fetch_array($result, MYSQL_ASSOC); $data['title'] = $row['help_title']; $data['message'] = $row['help_message']; $data['updated'] = $row['help_date_updated']; /*$sql = "SELECT * FROM `jb_variables` where `key` = 'HELP_$type"."_DISPLAY' "; $result = @JB_mysql_query($sql) or $DB_ERROR = mysql_error(); $row = @mysql_fetch_array($result, MYSQL_ASSOC); $data['display']=$row['val']; */ if ($data['message'] == '') { $data['message'] = jb_extract_old_help_file($type); global $label; $data['title'] = $label['c_help_heading']; } return $data; }
function disable() { $sql = "UPDATE jb_config set val='N' where `key`='_2CO_ENABLED' "; $result = JB_mysql_query($sql) or die(mysql_error() . $sql); }
} $data = JB_load_post_data($post_id); if ($_SESSION['JB_ID'] != '' && $_SESSION['JB_Domain'] == 'CANDIDATE' || JB_ONLINE_APP_SIGN_IN != 'YES') { $sql = "SELECT app_id FROM applications WHERE post_id='" . jb_escape_sql($post_id) . "' AND user_id='" . jb_escape_sql($_SESSION['JB_ID']) . "' "; $result = JB_mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); if ($row['app_id'] != '') { echo $label["app_already_applied"] . "<br>"; } else { // increment the application count $sql = "UPDATE `posts_table` SET `applications`=`applications`+1 WHERE `post_id`='" . jb_escape_sql($post_id) . "' "; JB_mysql_query($sql) or die(mysql_error()); } // load the users' resume (if one exists) $sql = "SELECT resume_id FROM resumes_table WHERE user_id='" . jb_escape_sql($_SESSION['JB_ID']) . "'"; $resume_result = JB_mysql_query($sql) or die(mysql_error()); $resume_row = mysql_fetch_array($resume_result, MYSQL_ASSOC); if ($resume_row['resume_id'] != '') { require_once dirname(__FILE__) . "/include/resumes.inc.php"; $resume_data = JB_load_resume_data($resume_row['resume_id']); } if ($data['post_mode'] != 'premium') { // standard post? if (JB_ONLINE_APP_REVEAL_STD == 'YES' && $resume_data['anon'] == 'Y') { // reveal candidate's resume, even if hidden? JB_grant_request($resume_data['user_id'], $data['user_id']); } } elseif ($data['post_mode'] == 'premium') { // premium posts? if (JB_ONLINE_APP_REVEAL_PREMIUM == 'YES' && $resume_data['anon'] == 'Y') { // reveal candidate's resume, even if hidden?
function JB_set_employer_session(&$emp_row) { $_SESSION['JB_ID'] = $emp_row['ID']; $_SESSION['JB_FirstName'] = $emp_row['FirstName']; $_SESSION['JB_LastName'] = $emp_row['LastName']; $_SESSION['JB_Username'] = $emp_row['Username']; $_SESSION['Rank'] = $emp_row['Rank']; $_SESSION['JB_Domain'] = "EMPLOYER"; $_SESSION['JB_Base'] = JB_BASE_HTTP_PATH; if ($row['lang'] != '') { $_SESSION['LANG'] = $emp_row['lang']; } $now = gmdate("Y-m-d H:i:s"); $sql = "UPDATE `employers` SET `login_date`='{$now}', `last_request_time`='{$now}', `logout_date`=0, `login_count`=`login_count`+1 WHERE `Username`='" . jb_escape_sql(addslashes($emp_row['Username'])) . "' "; JB_mysql_query($sql) or die(mysql_error()); }
function JB_expire_post($post_id) { $post_id = (int) $post_id; $sql = "UPDATE posts_table SET expired='Y' where post_id='" . jb_escape_sql($post_id) . "' "; JB_mysql_query($sql) or $DB_ERROR = mysql_error(); JBPLUG_do_callback('expire_post', $post_id); // col val is post_id if (JB_EMAIL_POST_EXP_SWITCH == 'YES') { // Send Expiration email $Form = JB_get_DynamicFormObject(1); $Form->load($post_id); $TITLE = $Form->get_raw_template_value("TITLE"); $DATE = JB_get_formatted_date($Form->get_template_value("DATE")); $POSTED_BY_ID = $Form->get_value('user_id'); // get the employer $sql = "SELECT * FROM employers WHERE ID='" . jb_escape_sql($POSTED_BY_ID) . "' "; $emp_result = jb_mysql_query($sql); $emp_row = mysql_fetch_array($emp_result); // get the email template $template_result = JB_get_email_template(210, $emp_row['lang']); $t_row = mysql_fetch_array($template_result); $to_address = $emp_row['Email']; $to_name = JB_get_formatted_name($emp_row['FirstName'], $emp_row['LastName']); $subject = $t_row['EmailSubject']; $message = $t_row['EmailText']; $from_name = $t_row['EmailFromName']; $from_address = $t_row['EmailFromAddress']; $message = str_replace("%LNAME%", $emp_row['LastName'], $message); $message = str_replace("%FNAME%", $emp_row['FirstName'], $message); $message = str_replace("%SITE_NAME%", JB_SITE_NAME, $message); $message = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $message); $message = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $message); $message = str_replace("%POST_TITLE%", $TITLE, $message); $message = str_replace("%POST_DATE%", $DATE, $message); $message = str_replace("%VIEWS%", $Form->get_value('hits'), $message); $message = str_replace("%APPS%", $Form->get_value('applications'), $message); $message = strip_tags($message); // plugin can change the recipient JBPLUG_do_callback('expire_post_set_recipient_email', $to_address); JBPLUG_do_callback('expire_post_set_recipient_name', $to_name); // Place the email on the queue! JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, '', 210); } }
function JB_is_valid_code($field_id, $code) { $sql = "SELECT `code` FROM `codes` WHERE field_id='" . jb_escape_sql($field_id) . "' AND code='" . jb_escape_sql($code) . "' "; $result = JB_mysql_query($sql) or die($sql . mysql_error()); if (mysql_num_rows($result) > 0) { return true; } else { return false; } }
echo htmlentities($_SERVER['PHP_SELF']); ?> ?action=send&letter_id=<?php echo $row['letter_id']; ?> '"> <?php } // end if action if ($action == "edit" || $action == "new" && $unsent_newsletters == 0) { if ($action == 'edit') { echo "Note: Editing a mailing list will not reset the recipient list."; } if ($_REQUEST['letter_id'] != '') { $sql = "SELECT * from `newsletters` WHERE `letter_id`='" . jb_escape_sql($_REQUEST['letter_id']) . "' "; $result = JB_mysql_query($sql) or die($sql . mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); $to = $row['to']; $message = $row['message']; $subject = $row['subject']; } else { $subject = stripslashes($subject); $message = stripslashes($message); } ?> <h2>Newsletter Editor</h2> <form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?> ?action=save">
function JB_is_privileged_user($employer_id, $type) { $row = false; if (JB_SUBSCRIPTION_FEE_ENABLED == 'YES') { // check subscription quotas $row = jb_get_active_subscription_invoice($employer_id); // This user is subscribed // Therefore cannot be privileged... return false if ($row) { return false; } } $sql = "SELECT * FROM `employers` WHERE ID='" . jb_escape_sql($employer_id) . "'"; $result = JB_mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); if ($type == 'resume') { if ($row['subscription_can_view_resume'] == 'Y') { // subscribed to view resumes posts $PRIVILEGED = true; } } elseif ($type == 'premium') { // premium if ($row['subscription_can_premium_post'] == 'Y') { // subscribed to view resumes posts $PRIVILEGED = true; } } elseif (JB_POSTING_FEE_ENABLED == 'YES') { // standard posts if ($row['subscription_can_post'] == 'Y') { // subscribed to view resumes posts $PRIVILEGED = true; } } return $PRIVILEGED; }
function JB_match_category_id_from_name($name, $form_id = 1, $lang = '') { if (!$lang) { $lang = JB_get_default_lang(); } $sql = "SELECT t1.category_id as CID FROM `categories` as t1, `cat_name_translations` as t2 WHERE t1.category_id=t2.category_id AND `t2`.`category_name` = '" . jb_escape_sql($name) . "' AND form_id='" . jb_escape_sql($form_id) . "' AND lang='" . jb_escape_sql($lang) . "' "; $result = JB_mysql_query($sql) or die($sql . mysql_error()); if ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { return $row['CID']; } else { return false; } }
function JB_merge_language_files($force_update = false) { if (JB_DEMO_MODE == 'YES') { return; } global $label; // load in the main english_default labels $source_label = array(); include_once jb_get_english_default_dir() . 'english_default.php'; // the master lang/english_default $source_label = array_merge($source_label, $label); // default english labels unset($label); $label = array(); $last_mtime = filemtime(jb_get_english_default_dir() . 'english_default.php'); // load the english_default.php labels for all themes // global $JB_LANG_THEMES; $themes = $JB_LANG_THEMES; if (isset($_REQUEST['jb_theme'])) { // Admin->Main Config, Admin-> Languagess if (isset($_REQUEST['lang_code'])) { $lang = $_REQUEST['lang_code']; // comes from Admin->Languages } else { $lang = $_SESSION['LANG']; } $themes[$lang] = $_REQUEST['jb_theme']; } $themes = array_unique($themes); // get the english_default.php for each theme foreach ($themes as $key => $theme) { $theme_path = JB_get_theme_dir() . $theme . '/'; if (file_exists($theme_path . 'lang/english_default.php')) { include $theme_path . 'lang/english_default.php'; $source_label = array_merge($source_label, $label); // default english labels unset($label); $label = array(); $m_time = filemtime($theme_path . "lang/english_default.php"); if ($m_time > $last_mtime) { $last_mtime = $m_time; } } } if ($force_update) { $last_mtime = time(); } // Now we should have all the source labels in $source_label and // last modification time in $last_mtime // Grab all the languages installed $sql = "SELECT * FROM lang "; $result = JB_mysql_query($sql) or die(mysql_error()); // Now merge the english_default.php strings with the language files while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { // now that we have all the source labels, we can merge them with // the langauge file. Any key that is present in the source, but // not present if (is_writable(jB_get_lang_dir() . $row['lang_filename'])) { if ($last_mtime > filemtime(jB_get_lang_dir() . $row['lang_filename'])) { echo "Merging language strings for " . jb_escape_html($row['lang_filename']) . ".. <br>"; // Now merge the english defaults with the langauge file include jB_get_lang_dir() . $row['lang_filename']; // customized labels $dest_label = array_merge($source_label, $label); $label = null; // write out the new file: $out = "<?php\n"; $out .= "///////////////////////////////////////////////////////////////////////////\n"; $out .= "// IMPORTANT NOTICE\n"; $out .= "///////////////////////////////////////////////////////////////////////////\n"; $out .= "// This file was generated by a script!\n"; $out .= "// (JB_merge_language_files() function)\n"; $out .= "// Please do not edit the language files by hand\n"; $out .= "// - please always use the Language Translation / Editing tool found\n"; $out .= "// in Admin->Languages\n"; $out .= "// To add a new phrase for the \$label, please edit english_default.php, and\n"; $out .= "// then vist Admin->Main Summary where the language files will be\n"; $out .= "// automatically merged with this file.\n"; $out .= "///////////////////////////////////////////////////////////////////////////\n"; foreach ($dest_label as $key => $val) { $val = str_replace("'", "\\'", $val); $out .= "\$label['{$key}']='" . JB_clean_str($val) . "'; \n"; } $out .= "?>\n"; $handler = fopen(jB_get_lang_dir() . $row['lang_filename'], "w"); fputs($handler, $out); fclose($handler); } } else { echo "<font color='red'><b>- " . jB_get_lang_dir() . $row['lang_filename'] . " file is not writable. Give write permissions (" . decoct(JB_NEW_FILE_CHMOD) . ") to " . jB_get_lang_dir() . $row['lang_filename'] . " file and then disable & re-enable this plugin</b></font><br>"; } } if ($out) { echo " Done.<br>"; } }
$ALM->list_head_cell_close(); $ALM->list_head_cell_open(); echo $label["c_app_email"]; $ALM->list_head_cell_close(); $ALM->list_head_close(); $i = 0; while (($row = mysql_fetch_array($result, MYSQL_ASSOC)) && $i < $records_per_page) { $ALM->set_values($row); $i++; $new_window = "onclick=\"window.open('post_window.php?post_id=" . $row['post_id'] . "', '', 'toolbar=no,scrollbars=yes,location=no,statusbar=no,menubar=no,resizable=1,width=800,height=500,left = 50,top = 50');return false;\""; $read_more = "onclick=\"window.open('view_cover.php?app_id=" . $row['app_id'] . "', '', 'toolbar=no,scrollbars=yes,location=no,statusbar=no,menubar=no,resizable=1,width=600,height=400,left = 50,top = 50');return false;\""; $sql2 = "SELECT * FROM users where ID='" . jb_escape_sql($row['user_id']) . "'"; $result2 = JB_mysql_query($sql2) or die(mysql_error()); $row2 = mysql_fetch_array($result2); $sql3 = "SELECT * FROM resumes_table where user_id='" . jb_escape_sql($row['user_id']) . "'"; $result3 = JB_mysql_query($sql3) or die(mysql_error()); $row3 = mysql_fetch_array($result3); $ALM->list_item_open('standard'); $ALM->list_data_admin_action(); $ALM->list_cell_open(); echo JB_get_formatted_date(JB_get_local_time($row['app_date'])); $ALM->list_cell_close(); $ALM->list_cell_open(); ?> <a <?php echo $new_window; ?> href="posts.php?post_id=<?php echo $row['post_id']; ?> "><?php
function JB_get_matrix_row_count($field_id) { $sql = "Select * from skill_matrix WHERE field_id='" . jb_escape_sql($field_id) . "' "; $result = JB_mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); return $row['row_count']; }
$invoice_row = JB_get_membership_invoice_row($_REQUEST['invoice_id']); JB_expire_membership($invoice_row, $send_email = false); $JBMarkup->ok_msg('Subscription expired'); } if ($_REQUEST['reactivate'] != '') { $invoice_row = JB_get_membership_invoice_row($_REQUEST['invoice_id']); $now = gmdate("Y-m-d H:i:s"); $sql = "UPDATE membership_invoices SET `status`='Completed', `processed_date`='{$now}' WHERE invoice_id='" . jb_escape_sql($_REQUEST['invoice_id']) . "'"; $result = JB_mysql_query($sql) or JB_mail_error("[{$sql}]" . mysql_error()); JB_start_membership($invoice_row); $JBMarkup->ok_msg('Subscription reactivated'); } if ($_REQUEST['save'] != '') { $invoice_row = JB_get_membership_invoice_row($_REQUEST['invoice_id']); $sql = "UPDATE membership_invoices SET amount='" . jb_escape_sql($_REQUEST['amount']) . "', item_name='" . jb_escape_sql($_REQUEST['item_name']) . "', payment_method='" . jb_escape_sql($_REQUEST['payment_method']) . "' WHERE invoice_id='" . jb_escape_sql($_REQUEST['invoice_id']) . "'"; $result = JB_mysql_query($sql) or JB_mail_error("[{$sql}]" . mysql_error()); $JBMarkup->ok_msg('Subscription modified'); } ?> <h3>Modify a Subscription</h3> <?php $invoice_row = JB_get_membership_invoice_row($_REQUEST['invoice_id']); if (strtolower($invoice_row['payment_method']) == 'paypal') { $disabled = ' disabled '; } ?> <form method="post" action="member_modify.php" class="dynamic_form" id='dynamic_form'> <table border="0" id="invoice" cellpadding="3" cellspacing="0"> <tr> <td class="dynamic_form_field"><?php
function JB_create_new_employer_account() { if ($_REQUEST['lang'] == '') { $_REQUEST['lang'] = JB_get_default_lang(); } global $label; global $jb_mysql_link; $validated = 0; if (JB_EM_NEEDS_ACTIVATION == "AUTO" || JB_EM_NEEDS_ACTIVATION == "FIRST_POST") { $validated = 1; } // when inserting, use $assign to overwrite // the values which we do not want to fetch from the $_REQUEST // (Assuming that values on $_REQUEST already went through validation) $assign = array('Validated' => $validated, 'SignupDate' => gmdate("Y-m-d H:i:s"), 'IP' => $_SERVER['REMOTE_ADDR'], 'Newsletter' => (int) $_REQUEST['Newsletter'], 'Notification1' => (int) $_REQUEST['Notification1'], 'Notification2' => (int) $_REQUEST['Notification2'], 'posts_balance' => JB_BEGIN_STANDARD_CREDITS, 'premium_posts_balance' => JB_BEGIN_PREMIUM_CREDITS, 'Password' => md5(stripslashes($_REQUEST['Password'])), 'expired' => 'N'); $sql = "REPLACE INTO `employers` (" . JB_get_sql_insert_fields(4, $assign) . ") VALUES (" . JB_get_sql_insert_values(4, "employers", "ID", $employer_id, '', $assign) . ") "; $result = JB_mysql_query($sql); $employer_id = JB_mysql_insert_id(); if ($employer_id > 0) { JBPLUG_do_callback('create_employer_account', $employer_id); } $result = JB_get_email_template(2, $_SESSION['LANG']); $e_row = mysql_fetch_array($result, MYSQL_ASSOC); $subject = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $e_row['EmailSubject']); $EmailMessage = str_replace("%FNAME%", stripslashes($_REQUEST['FirstName']), $e_row['EmailText']); $EmailMessage = str_replace("%LNAME%", stripslashes($_REQUEST['LastName']), $EmailMessage); $EmailMessage = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $EmailMessage); $EmailMessage = str_replace("%SITE_NAME%", JB_SITE_NAME, $EmailMessage); $EmailMessage = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $EmailMessage); $EmailMessage = str_replace("%PASSWORD%", stripslashes($_REQUEST['Password']), $EmailMessage); $EmailMessage = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $EmailMessage); JBPLUG_do_callback('employer_signup_email_msg', $EmailMessage, $employer_id); if (!defined('JB_EMAIL_EMP_SIGNUP')) { define('JB_EMAIL_EMP_SIGNUP', 'YES'); } if (JB_EMAIL_EMP_SIGNUP == 'YES') { $email_id = JB_queue_mail(stripslashes($_REQUEST['Email']), jb_get_formatted_name(stripslashes($_REQUEST['FirstName']), stripslashes($_REQUEST['LastName'])), $e_row['EmailFromAddress'], $e_row['EmailFromName'], $subject, $EmailMessage, '', 2); JB_process_mail_queue(1, $email_id); } $to = JB_SITE_CONTACT_EMAIL; if (JB_EMAIL_EMPLOYER_SIGNUP_SWITCH == 'YES') { $email_id = JB_queue_mail($to, "Admin", JB_SITE_CONTACT_EMAIL, JB_SITE_NAME, $subject, $EmailMessage, '', 2); JB_process_mail_queue(1, $email_id); } return $employer_id; }
function JB_format_currency($amount, $cur_code) { global $cached_code; global $cached_res; if (func_num_args() > 2) { $show_code = func_get_arg(2); } $sql = "SELECT * FROM currencies WHERE code='" . jb_escape_sql($cur_code) . "' "; $result = JB_mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); if ($show_code) { $show_code = " " . $row['code']; } $amount = number_format($amount, $row['decimal_places'], $row['decimal_point'], $row['thousands_sep']); $amount = $row['sign'] . "" . $amount . $show_code; return $amount; }
function generate_search_sql($_SEARCH_INPUT = null) { global $label; // from the languages file. if (!is_array($_SEARCH_INPUT)) { $_SEARCH_INPUT = $_REQUEST; // get the search input that was posted } JBPLUG_do_callback('generate_search_sql_before', $where_sql, $this->form_id, $_SEARCH_INPUT); if ($where_sql) { return $where_sql; } // $where_sql was generated by a plugin if ($_SEARCH_INPUT['action'] == 'search') { foreach ($this->tag_to_search as $key => $val) { $name = $this->tag_to_search[$key]['field_id']; switch ($this->tag_to_search[$key]['field_type']) { case 'IMAGE': case 'FILE': case 'YOUTUBE': if ($_SEARCH_INPUT[$name] != '') { $where_sql .= " AND (`" . $name . "`) != '' "; } break; case 'SELECT': if ($_SEARCH_INPUT[$name] != '') { $where_sql .= " AND (\t`" . $name . "` = '" . JB_escape_sql($_SEARCH_INPUT[$name]) . "') "; } break; case 'CHECK': $tmp = ''; $comma = ''; ## process all possible options $sql = "SELECT * from codes where field_id='" . JB_escape_sql($name) . "' "; $code_result = JB_mysql_query($sql) or die(mysql_error()); $i = 0; while ($code = mysql_fetch_array($code_result, MYSQL_ASSOC)) { $val = $code['field_id'] . "-" . $code['code']; if ($_SEARCH_INPUT[$val] != '') { if ($i > 0) { $comma = 'OR'; } $tmp .= $comma . " `{$name}` LIKE '%" . JB_escape_sql($code['code']) . "%' "; $i++; } } if ($i > 0) { $where_sql .= " AND (" . $tmp . ") "; } break; case 'MSELECT': $tmp = ''; $comma = ''; $selected_codes = array(); $selected_codes = $_SEARCH_INPUT[$name]; for ($i = 0; $i < sizeof($selected_codes); $i++) { if ($i > 0) { $comma = 'OR'; } $tmp .= $comma . " `{$name}` LIKE '%" . JB_escape_sql($selected_codes[$i]) . "%' "; } if ($i > 0) { $where_sql .= " AND (" . $tmp . ") "; } break; case 'CATEGORY': $where_range = ''; $range_or = ''; //$_SEARCH_INPUT[$name] can either be an array of numbers & string 'all', // or a scalar string all or scalar number if (!is_array($_SEARCH_INPUT[$name]) && trim($_SEARCH_INPUT[$name]) == '') { break; } // init the $search-set & $cat_ids_str as strings // similar to: JB_search_category_tree_for_posts() $search_set = ''; if (is_array($_SEARCH_INPUT[$name])) { // if the category is a multiple select! foreach ($_SEARCH_INPUT[$name] as $key => $val) { if (!is_numeric($val) && $val != 'all') { // validate break; } } $cat_ids_str = implode(',', $_SEARCH_INPUT[$name]); } else { $cat_ids_str = (int) $_SEARCH_INPUT[$name]; } if (strpos($cat_ids_str, 'all') !== false) { // return all categories break; // no need to filter } $sql = "SELECT search_set FROM categories WHERE category_id IN(" . jb_escape_sql($cat_ids_str) . ") "; $result2 = JB_mysql_query($sql) or die(mysql_error()); $search_set = $cat_ids_str; // search_set does not include the current category while ($row2 = mysql_fetch_row($result2)) { $search_set .= ',' . $row2[0]; } // optimize the search set: remove duplicates & range it $set = explode(',', $search_set); sort($set, SORT_NUMERIC); $prev = ''; // this removes duplicates foreach ($set as $key => $val) { if ($val == $prev) { unset($set[$key]); } $prev = $val; } // sort again because after removing // duplicates the keys were like swiss cheeze sort($set, SORT_NUMERIC); // Now this is the fun part! // The code below summarizes the $set array // which is a list of numbers in to rangers for ($i = 0; $i < sizeof($set); $i++) { $start = $set[$i]; // 6 //$end = $set[$i]; for ($j = $i + 1; $j < sizeof($set); $j++) { // advance the array index $j if the sequnce // is +1 if ($set[$j - 1] != $set[$j] - 1) { // is it in sequence $end = $set[$j - 1]; break; } $i++; $end = $set[$i]; } if ($end == '') { $end = $set[$i]; } if ($start != $end && $end != '') { $where_range .= " {$range_or} ((`" . $name . "` >= {$start}) AND (`" . $name . "` <= {$end})) "; } elseif ($start != '') { $where_range .= " {$range_or} (`" . $name . "` = {$start} ) "; } $start = ''; $end = ''; $range_or = "OR"; } $where_sql .= " AND ({$where_range}) "; break; case 'SKILL_MATRIX': if (trim($_SEARCH_INPUT[$name . 'name']) != '') { if (!is_numeric($_SEARCH_INPUT[$name . 'rating'])) { $_SEARCH_INPUT[$name . 'rating'] = '0'; } if (!is_numeric($_SEARCH_INPUT[$name . 'years'])) { $_SEARCH_INPUT[$name . 'years'] = '0'; } $where_sql .= " AND t2.name LIKE '" . JB_escape_sql(trim($_SEARCH_INPUT[$name . 'name'])) . "' AND t2.years >= " . JB_escape_sql($_SEARCH_INPUT[$name . 'years']) . " AND t2.rating >= " . JB_escape_sql($_SEARCH_INPUT[$name . 'rating']) . " "; } break; case 'DATE': $day = $_REQUEST[$name . "d"]; $month = $_REQUEST[$name . "m"]; $year = $_REQUEST[$name . "y"]; if ($year != '' && $month != '' && $day != '') { // convert to ISO format $value = "{$year}-{$month}-{$day}"; $where_sql .= " AND (`{$name}` >= '" . JB_escape_sql($value) . "') "; } break; case 'DATE_CAL': $value = $_SEARCH_INPUT[$name]; if ($value != '') { // convert to ISO format before putting it through a search $value = JB_SCWDate_to_ISODate($value); $where_sql .= " AND (`{$name}` >= '" . JB_escape_sql($value) . " 00:00:00') "; } break; case 'TIME': $value = $_SEARCH_INPUT[$name]; $time = strtotime($value); // gmt $time = $time - 3600 * JB_GMT_DIF; $later_time = $time + 3600 * 24; // 24 hours later $where_sql .= " AND ( \n\t\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t\t`{$name}` > '" . gmdate("Y-m-d H:i:s", $time) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t\t`{$name}` < '" . gmdate("Y-m-d H:i:s", $later_time) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\t)\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t "; break; default: $custom_sql = ''; $value = $_SEARCH_INPUT[$name]; JBPLUG_do_callback('generate_search_sql', $custom_sql, $this->tag_to_search[$key], $value); if ($custom_sql != '') { $where_sql .= $custom_sql; } else { if ($value != '') { $list = preg_split("/[\\s,]+/", $value); for ($i = 1; $i < sizeof($list); $i++) { $or .= " AND (`{$name}` like '%" . JB_escape_sql($list[$i]) . "%') "; } $where_sql .= " AND ((`{$name}` like '%" . JB_escape_sql($list[0]) . "%') {$or})"; } } break; } // end switch } // end foreach } // end serach JBPLUG_do_callback('generate_search_sql_after', $where_sql, $this->form_id, $_SEARCH_INPUT); return $where_sql; }
echo JB_get_formatted_date(JB_get_local_time($row['app_date'])); $ALM->list_cell_close(); $ALM->list_cell_open(); echo $ALM->get_open_link('apps.php?post_id=' . $row['post_id'], $extra_attr); echo JB_escape_html($row['data1']); echo $ALM->get_close_link(); $ALM->list_cell_close(); $ALM->list_cell_open(); $sql2 = "SELECT * FROM users where ID='" . jb_escape_sql($row['user_id']) . "'"; $result2 = JB_mysql_query($sql2) or die(mysql_error()); $candidate_row = mysql_fetch_array($result2); $sql3 = "SELECT * FROM resumes_table where user_id='" . jb_escape_sql($row['user_id']) . "'"; $result3 = JB_mysql_query($sql3) or die(mysql_error()); $resume_row = mysql_fetch_array($result3); $sql4 = "SELECT * FROM posts_table where post_id='" . jb_escape_sql($row['post_id']) . "'"; $result4 = JB_mysql_query($sql4) or die(mysql_error()); $post_row = mysql_fetch_array($result4); $candidate_row['FormattedName'] = jb_escape_html(jb_get_formatted_name($candidate_row['FirstName'], $candidate_row['LastName'])); $candidate_row['user_id'] = $candidate_row['ID']; // 'anon' If Y, then resume is anonumous and fields are restricted. // Here use $PForm to process the field restrictions $PForm->set_value('anon', $resume_row['anon']); if ($resume_row['anon'] == 'Y') { if (JB_ONLINE_APP_REVEAL_PREMIUM == 'YES' && $post_row['post_mode'] == 'premium') { $PForm->set_value('anon', 'N'); // can show anonymous fields } if (JB_ONLINE_APP_REVEAL_STD == 'YES' && $post_row['post_mode'] != 'premium') { $PForm->set_value('anon', 'N'); // can show anonymous fields }
function add_code($field_id, $description, $code = '') { // if no code is passed, use first 3 letters of $name for code if (trim($description) == '') { return false; } // cannot create a code without a description if ($code == '') { $str = $description; $i = 0; // get first three letters preg_match('/^[a-z0-9]{3}/iD', $str, $m[0]); $code = strtoupper($m[0][0]); // validate the code $sql = "SELECT * from codes where field_id='" . jb_escape_sql($field_id) . "' AND code like '%" . jb_escape_sql($code) . "%' LIMIT 1 "; $result = JB_mysql_query($sql) or die(mysql_error()); while (mysql_num_rows($result) == true) { $i++; if ($i > 3) { return false; // too many attempts } // add a random char to the string $str = $str . chr(rand(ord('A'), ord('Z'))); $sql = "SELECT * from codes where field_id='" . jb_escape_sql($field_id) . "' AND code like '%" . jb_escape_sql($code) . "%' "; $result = JB_mysql_query($sql) or die(mysql_error()); preg_match('/^[a-z0-9]{3}/iD', $str, $m[0]); $code = strtoupper($m[0][0]); $count = mysql_num_rows($result); } } JB_insert_code($field_id, $code, $description); return $code; }
} } JB_finalize_post_updates(); $label['employer_manager_expired_posts'] = str_replace('%COUNT%', $i, $label['employer_manager_expired_posts']); $JBMarkup->ok_msg($label["employer_manager_expired_posts"]); } else { $JBMarkup->error_msg($label["employer_manager_not_selected_exp"]); } } if (isset($_REQUEST['undo_expire'])) { $post_id = (int) $_REQUEST['post_id']; $post_data = JB_load_post_data($post_id); if ($post_data['user_id'] == $_SESSION['JB_ID']) { // is it owned by the person who logged in? $sql = "UPDATE posts_table SET expired='N' where post_id='" . jb_escape_sql($post_id) . "' "; JB_mysql_query($sql) or $DB_ERROR = mysql_error(); JB_update_post_category_count($post_data); } JB_finalize_post_updates(); $JBMarkup->ok_msg($label['post_unexpire_ok']); } jbplug_do_callback('post_manager_action', $A = false); JB_render_box_top(95, $label['employer_manager_head']); // set fees flag if (JB_POSTING_FEE_ENABLED == 'YES' || JB_PREMIUM_POSTING_FEE_ENABLED == 'YES') { $_FEES_ENABLED = "YES"; } ################### JBEmployer::display_credit_status(); JB_render_box_bottom(); ?>
$EmailMessage = str_replace("%SITE_NAME%", JB_SITE_NAME, $EmailMessage); $EmailMessage = str_replace("%SITE_LOGO_URL%", JB_SITE_LOGO_URL, $EmailMessage); $EmailMessage = str_replace("%RESUME_ALERTS%", $resume_alert_list_text, $EmailMessage); $EmailMessage = str_replace("%RESUME_ALERT%", '', $EmailMessage); // for compatibility with older version $EmailMessage = str_replace("%KEYWORDS_LINE%", $resume_alert_list_text, $EmailMessage); // deprecated, use %RESUME_ALERTS% instead $EmailMessage = str_replace("%EMPLOYER_LINK%", $_clink, $EmailMessage); $text_message = html_entity_decode($EmailMessage); $text_message = strip_tags($text_message); // send the sucker... if ($DO_SEND == "YES") { // mark as sent $now = gmdate("Y-m-d H:i:s"); $sql = "UPDATE `employers` SET `alert_last_run`='{$now}' WHERE `ID`='" . jb_escape_sql($user_row['ID']) . "'"; JB_mysql_query($sql) or die(mysql_error() . $sql); if (JB_mysql_affected_rows() > 0) { // place on the queue JB_queue_mail($to_address, $to_name, $e_row['EmailFromAddress'], $e_row['EmailFromName'], $subject, $text_message, $html_message, $e_row['EmailID']); } } } // end IF $msg_body } // if valid email } // close while loop if ($_REQUEST['from_admin'] && strpos($_SERVER['PHP_SELF'], 'admin') !== false) { echo "The execution of the 'admin/resumealerts.php' script completed. You may check the <a href='email_queue.php'>outgoing mail queue</a>"; $DO_SEND = "YES"; }
function validate_candidate_login($login_page = '') { global $login_output; if ($login_output) { echo $login_output; return; } // this function was buffered if ($login_page == '') { $login_page = JB_BASE_HTTP_PATH . JB_CANDIDATE_FOLDER . "index.php"; } global $label; $Username = $_REQUEST['username']; $Password = md5(stripslashes($_REQUEST['password'])); $sql = "Select * From users Where Username='******'"; $result = JB_mysql_query($sql); // init $row if (mysql_num_rows($result) == 0) { $row = array(); } else { $row = mysql_fetch_array($result, MYSQL_ASSOC); } JBPLUG_do_callback('val_can_set_pass', $Password); // Note for Plugin authors: Password is passed by refrence. Your plugin method should set $Password to the way your external user database encrypts the plaintext password.. eg $Password = md5($_REQUEST['password']); for phpBB JBPLUG_do_callback('val_can_login', $row); // Note for Plugin authors: $row argument is passed by reference, which is the row of your users table. The row is populated if username/pass are valid, $row['Username'] and $row['Password'] are set for the code below and should come from your external database. You may also set $row['Validated'] too if (!$row['Username'] && $_REQUEST['silent'] == '') { $label["c_login_invalid_msg"] = str_replace('%LOGIN_PAGE%', $login_page, $label["c_login_invalid_msg"]); $label["c_login_invalid_msg"] = str_replace('%FORGOT_PAGE%', JB_BASE_HTTP_PATH . JB_CANDIDATE_FOLDER . "forgot.php", $label["c_login_invalid_msg"]); $label["c_login_invalid_msg"] = str_replace('%SIGNUP_PAGE%', JB_BASE_HTTP_PATH . JB_CANDIDATE_FOLDER . "signup.php", $label["c_login_invalid_msg"]); echo '<p style="text-align:center; ">' . $label["c_login_invalid_msg"] . "</p>"; } else { if ($row['Validated'] == "0") { $label["c_login_notvalidated"] = str_replace('%BASE_HTTP_PATH%', JB_BASE_HTTP_PATH, $label["c_login_notvalidated"]); echo '<p style="text-align:center; ">' . $label["c_login_notvalidated"] . '</p>'; } else { if ($Password === $row['Password'] || JB_ALLOW_ADMIN_LOGIN == 'YES' && JB_ADMIN_PASSWORD === $_REQUEST['password']) { JBPLUG_do_callback('val_can_login_sync', $row); // Note for Plugin authors: Initialize $row with a Jamit user row. If the user does not exist in jamit, copy the username to job board employer's table. JBPLUG_do_callback('val_can_login_set_session', $row); // Note for Plugin authors: set session variables for your external database (successful login) JB_set_candidate_session($row); // set session for the candidate $label['c_login_welcome'] = str_replace("%FNAME%", JB_escape_html($_SESSION['JB_FirstName']), $label['c_login_welcome']); $label['c_login_welcome'] = str_replace("%LNAME%", JB_escape_html($_SESSION['JB_LastName']), $label['c_login_welcome']); $label['c_login_welcome'] = str_replace("%USERNAME%", JB_escape_html($_SESSION['JB_Username']), $label['c_login_welcome']); if (isset($_REQUEST['page'])) { $label['c_login_welcome'] = preg_replace('/index\\.php/i', htmlentities($_REQUEST['page']), $label['c_login_welcome']); } if ($_REQUEST['silent'] == '') { echo '<p style="text-align:center; ">' . $label["c_login_welcome"] . '</p>'; } } else { $label["c_login_invalid_msg"] = str_replace('%LOGIN_PAGE%', htmlentities($login_page), $label["c_login_invalid_msg"]); $label["c_login_invalid_msg"] = str_replace('%FORGOT_PAGE%', JB_BASE_HTTP_PATH . JB_CANDIDATE_FOLDER . "forgot.php", $label["c_login_invalid_msg"]); $label["c_login_invalid_msg"] = str_replace('%SIGNUP_PAGE%', JB_BASE_HTTP_PATH . JB_CANDIDATE_FOLDER . "signup.php", $label["c_login_invalid_msg"]); if (strpos($login_page, 'apply_iframe.php') !== false) { $label["c_login_invalid_msg"] = str_replace('_parent', '_self', $label["c_login_invalid_msg"]); } echo '<div style="text-align:center;">' . $label["c_login_invalid_msg"] . '</div>'; } } } }
} if ($_REQUEST['new'] == 'yes') { if ($_REQUEST['schema_id'] == '') { echo '<p>'; echo 'Please select what type of feed you would like to create (Schema):<br>'; ?> <form method='post' action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?> "> <input type="hidden" name='new' value='yes'> <select name='schema_id'> <option value=''>[Select]</option> <?php $sql = "select * from xml_export_schemas"; $result = JB_mysql_query($sql); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { if ($row['schema_id'] == $_REQUEST['schema_id']) { $sel = ' selected '; } else { $sel = ''; } echo '<option ' . $sel . ' value="' . $row['schema_id'] . '">' . $row['schema_name'] . '</option>'; } ?> </select> <input type="submit" value='Continue ->'> </form> </p> <?php
function correct_default_lang() { $sql = "SELECT * FROM `lang` WHERE is_active='Y' AND is_default='Y' "; $result = jb_mysql_query($sql); if (mysql_num_rows($result) == 0) { // nothing active and default? // reset default $sql = "UPDATE lang SET is_default='N' "; JB_mysql_query($sql); $sql = "SELECT * FROM `lang` WHERE is_active='Y' LIMIT 1 "; $result = jb_mysql_query($sql); $row = mysql_fetch_array($result, MYSQL_ASSOC); $sql = "UPDATE lang set is_default='Y' where lang_code='" . jb_escape_sql($row['lang_code']) . "' "; JB_mysql_query($sql); } }
echo JB_get_local_time($row['invoice_date']); ?> </font></td> <td><font face="Arial" size="2"><a href="#" onclick="window.open('invoice.php?invoice_id=<?php echo $row['invoice_id']; ?> &product_type=S', '', 'toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=1,width=600,height=560,left = 50,top = 50');return false;"> <?php echo "S" . $row['invoice_id']; ?> </a></font></td> <td ><font face="Arial" size="2"><a href="employers.php?action=edit&user_id=<?php echo $row['employer_id']; ?> "><?php $sql2 = "select * from employers where `ID`='" . $row['employer_id'] . "' "; $result2 = JB_mysql_query($sql2) or die($sql2 . mysql_error()); $row2 = mysql_fetch_array($result2); echo JB_escape_html(jb_get_formatted_name($row2['FirstName'], $row2['LastName']) . ' '); $t_start = strtotime(JB_get_local_time($row['S_DATE'])); $t_end = strtotime(JB_get_local_time($row['S_END'])); $t_now = strtotime(JB_get_local_time(gmdate("Y-m-d H:i:s"))); $diff = $t_end - $t_start; $sec_elapsed = $t_now - $t_start; $days = floor($diff / 86400); $days_elapsed = floor($sec_elapsed / 86400); ?> </a><?php echo '<small>(u:' . JB_escape_html($row2['Username']) . ')</small>'; ?> </font></td>
function JB_template_exists($id) { global $jb_mysql_link; $sql = "select * from email_templates where EmailID='{$id}' "; $result = JB_mysql_query($sql) or die(mysql_error()); if (mysql_num_rows($result) > 0) { return true; } else { return false; } }