function JB_validate_post_data($insert_mode = 'EMPLOYER') { global $label; $error = ''; $errors = array(); /* Only check for credits if posted by employer */ if ($insert_mode == 'EMPLOYER' && $_REQUEST['post_id'] == false) { $sql = "select * from employers where ID='" . jb_escape_sql($_SESSION['JB_ID']) . "'"; $result = JB_mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); $_PRIVILEGED_USER = JB_is_privileged_user($_SESSION['JB_ID'], $_REQUEST['post_mode']); if ($_REQUEST['type'] != 'premium') { if (JB_POSTING_FEE_ENABLED == 'YES' && !$_PRIVILEGED_USER) { // check standard credits $posts = JB_get_num_posts_remaining($_SESSION['JB_ID']); if ($posts < 1 && $posts != -1) { $errors[] = $label['post_no_credits']; return $errors; } } } else { if (JB_PREMIUM_POSTING_FEE_ENABLED == 'YES' && !$_PRIVILEGED_USER) { // check standard credits $p_posts = JB_get_num_premium_posts_remaining($_SESSION['JB_ID']); if ($p_posts < 1 && $p_posts != -1) { $errors[] = $label['post_no_credits']; return $errors; } } } } if ($insert_mode != 'EMPLOYER') { $_PRIVILEGED_USER = true; } // Make sure they are numeric if ($_REQUEST['post_id'] != '') { if (!is_numeric($_REQUEST['post_id'])) { return 'Invalid Input!'; } } if ($_REQUEST['user_id'] != '') { if (!is_numeric($_REQUEST['user_id'])) { return 'Invalid Input!'; } } if ($_REQUEST['pin_x'] != '') { if (!is_numeric($_REQUEST['pin_x'])) { return 'Invalid Input!'; } } if ($_REQUEST['pin_y'] != '') { if (!is_numeric($_REQUEST['pin_y'])) { return 'Invalid Input!'; } } // app_type and app_url if ($_REQUEST['app_type'] == 'R') { // check the url. $_REQUEST['app_url'] = trim($_REQUEST['app_url']); $_REQUEST['app_url'] = JB_clean_str($_REQUEST['app_url']); if ($_REQUEST['app_url'] == false) { $errors[] = $label['post_save_app_url_blank']; } elseif (strpos($_REQUEST['app_url'], 'http://') === false && strpos($_REQUEST['app_url'], 'https://') === false) { $errors[] = $label['post_save_app_url_bad']; } } // clean any undesired input, leave nothing to chance $_REQUEST['post_date'] = JB_clean_str($_REQUEST['post_date']); $_REQUEST['post_mode'] = JB_clean_str($_REQUEST['post_mode']); $_REQUEST['approved'] = JB_clean_str($_REQUEST['approved']); $_REQUEST['expired'] = JB_clean_str($_REQUEST['expired']); $error = ''; JBPLUG_do_callback('validate_post_data', $error); // deprecated, use validate_post_data_array if ($error) { $list = explode('<br>', $error); foreach ($list as $item) { $errors[] = $item; } } JBPLUG_do_callback('validate_post_data_array', $errors); // added in 3.6.6 //append errors $errors = $errors + JB_validate_form_data(1); return $errors; }
function JB_validate_employer_data($form_id) { global $label; $errors = array(); if ($_REQUEST['FirstName'] == false) { $errors[] = $label['employer_signup_error_name']; } if ($_REQUEST['LastName'] == false) { $errors[] = $label['employer_signup_error_ln']; } if ($_REQUEST['user_id'] == false) { if ($_REQUEST['Password'] != $_REQUEST['Password2']) { $errors[] = $label['employer_signup_error_pmatch']; } if ($_REQUEST['Username'] == false) { $errors[] = $label["employer_signup_error_user"]; } else { $sql = "SELECT * FROM `employers` WHERE `Username`='" . jb_escape_sql($_REQUEST['Username']) . "' "; $result = JB_mysql_query($sql) or die(mysql_error() . $sql); $row = mysql_fetch_array($result, MYSQL_ASSOC); if ($row['Username'] != false) { $errors[] = str_replace('%username%', jb_escape_html($_REQUEST['Username']), $label['employer_signup_error_inuse']); } elseif (!preg_match('#^[a-z0-9À-ÿ\\-_\\.@]+$#Di', $_REQUEST['Username'])) { $errors[] = $label['employer_signup_error_uname']; } } if ($_REQUEST['Password'] == false) { $errors[] = $label["employer_signup_error_p"]; } elseif (strlen(trim($_REQUEST['Password'])) < 6) { $errors[] = $label['employer_signup_error_pw_too_weak']; } if ($_REQUEST['Password2'] == false) { $errors[] = $label['employer_signup_error_p2']; } } if ($_REQUEST['Email'] == false) { $errors[] = $label["employer_signup_error_email"]; } elseif (!JB_validate_mail($_REQUEST['Email'])) { $errors[] = $label['employer_signup_error_invemail']; } else { if ($_REQUEST['user_id'] == false) { // for new account signups, make sure the email does not already exist $result = JB_mysql_query("SELECT * from `employers` WHERE `Email`='" . jb_escape_sql($_REQUEST['Email']) . "'") or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); } if ($row['Email'] != false) { $errors[] = $label['employer_signup_email_in_use']; } } if ($_REQUEST['user_id'] != false) { if (!is_numeric($_REQUEST['user_id'])) { return 'Invalid Input!'; } } $_REQUEST['FirstName'] = JB_clean_str($_REQUEST['FirstName']); $_REQUEST['LastName'] = JB_clean_str($_REQUEST['LastName']); $_REQUEST['CompName'] = JB_clean_str($_REQUEST['CompName']); $_REQUEST['Username'] = JB_clean_str($_REQUEST['Username']); $_REQUEST['Email'] = JB_clean_str($_REQUEST['Email']); $_REQUEST['Newsletter'] = JB_clean_str($_REQUEST['Newsletter']); $_REQUEST['Notification1'] = JB_clean_str($_REQUEST['Notification1']); $_REQUEST['Notification2'] = JB_clean_str($_REQUEST['Notification2']); $_REQUEST['lang'] = JB_clean_str($_REQUEST['lang']); $error = ''; JBPLUG_do_callback('valiate_employer_account', $error); if ($error) { $list = explode('<br>', $error); foreach ($list as $item) { $errors[] = $item; } } JBPLUG_do_callback('valiate_employer_account_array', $errors); // added in 3.6.6 ($errors is a list) $errors = $errors + JB_validate_form_data(4); return $errors; }
function JB_validate_profile_data($form_id) { $error = ''; $errors = array(); // Make sure they are numeric if ($_REQUEST['profile_id'] != '') { if (!is_numeric($_REQUEST['profile_id'])) { return 'Invalid Input!'; } } if ($_REQUEST['user_id'] != '') { if (!is_numeric($_REQUEST['user_id'])) { return 'Invalid Input!'; } } $_REQUEST['profile_date'] = JB_clean_str($_REQUEST['profile_date']); $error = ''; JBPLUG_do_callback('JB_insert_profile_data', $error); // deprecated, use JB_insert_profile_data_array if ($error) { $list = explode('<br>', $error); foreach ($list as $item) { $errors[] = $item; } } JBPLUG_do_callback('JB_insert_profile_data_array', $errors); // added in 3.6.6 $errors = $errors + JB_validate_form_data(3); return $errors; }
function JB_validate_candidate_data($form_id) { global $label; $errors = array(); if ($_REQUEST['user_id'] == false) { if ($_REQUEST['Username'] == false) { $errors[] = $label["c_signup_error4"]; } else { $result = JB_mysql_query("SELECT * FROM `users` WHERE `Username`='" . jb_escape_sql($_REQUEST['Username']) . "' ") or die(mysql_error() . "we have error"); $row = mysql_fetch_array($result, MYSQL_ASSOC); if ($row['Username'] != '') { $label['c_signup_error5'] = str_replace("%USERNAME%", $row['Username'], $label['c_signup_error5']); $errors[] = $label['c_signup_error5']; } elseif (!preg_match('#^[a-z0-9À-ÿ\\-_\\.@]+$#Di', $_REQUEST['Username'])) { $errors[] = $label['c_signup_error11']; } } if ($_REQUEST['Password'] == false) { $errors[] = $label['c_signup_error6']; } elseif (strlen(trim($_REQUEST['Password'])) < 6) { $errors[] = $label['c_signup_error_pw_too_weak']; } if ($_REQUEST['Password2'] == false) { $errors[] = $label["c_signup_error7"]; } if ($_REQUEST['Password'] != $_REQUEST['Password2']) { $errors[] = $label["c_signup_error1"]; } } if ($_REQUEST['FirstName'] == false) { $errors[] = $label["c_signup_error2"]; } if ($_REQUEST['LastName'] == false) { $errors[] = $label["c_signup_error3"]; } if ($_REQUEST['Email'] == false) { $errors[] = $label["c_signup_error8"]; } elseif (!JB_validate_mail($_REQUEST['Email'])) { $errors[] = $label["c_signup_error8"]; } else { if ($_REQUEST['user_id'] == false) { $result = JB_mysql_query("SELECT * from `users` WHERE `Email`='" . jb_escape_sql($_REQUEST['Email']) . "'") or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); //validate email "; if ($row['Email'] != '') { $errors[] = " " . $label["c_signup_error10"] . " "; } } } if ($_REQUEST['user_id'] != '') { if (!is_numeric($_REQUEST['user_id'])) { return 'Invalid Input!'; } } $_REQUEST['FirstName'] = JB_clean_str($_REQUEST['FirstName']); $_REQUEST['LastName'] = JB_clean_str($_REQUEST['LastName']); $_REQUEST['Username'] = JB_clean_str($_REQUEST['Username']); $_REQUEST['Email'] = JB_clean_str($_REQUEST['Email']); $_REQUEST['Newsletter'] = JB_clean_str($_REQUEST['Newsletter']); $_REQUEST['Notification1'] = JB_clean_str($_REQUEST['Notification1']); $_REQUEST['Notification2'] = JB_clean_str($_REQUEST['Notification2']); $_REQUEST['lang'] = JB_clean_str($_REQUEST['lang']); JBPLUG_do_callback('valiate_candidate_account', $error); $error = ''; if ($error) { $list = explode('<br>', $error); foreach ($list as $item) { $errors[] = $item; } } JBPLUG_do_callback('valiate_candidate_account_array', $errors); // added in 3.6.6 $errors = $errors + JB_validate_form_data(5); return $errors; }
function JB_validate_resume_data($form_id) { global $label; $errors = array(); // Make sure they are numeric if ($_REQUEST['resume_id'] != '') { if (!is_numeric($_REQUEST['resume_id'])) { return 'Invalid Input!'; } } // Make sure they are numeric if ($_REQUEST['user_id'] != '') { if (!is_numeric($_REQUEST['user_id'])) { return 'Invalid Input!'; } } $_REQUEST['list_on_web'] = JB_clean_str($_REQUEST['list_on_web']); $_REQUEST['resume_date'] = JB_clean_str($_REQUEST['resume_date']); $_REQUEST['anon'] = JB_clean_str($_REQUEST['anon']); $_REQUEST['approved'] = JB_clean_str($_REQUEST['approved']); JBPLUG_do_callback('validate_resume_data_array', $errors); // added in 3.6.6 to replace validate_resume_data. $errors is a list of reasons why the form cannot be saved $error = false; JBPLUG_do_callback('validate_resume_data', $error); // deprecated, use validate_resume_data_array instead if ($error) { $list = explode('<br>', $error); // in the old version, $error was just a string separated by <br>'s foreach ($list as $item) { $errors[] = $item; } } $errors = $errors + JB_validate_form_data(2); return $errors; }