function JB_insert_post_data($insert_mode = 'EMPLOYER')
{
if ($_REQUEST['user_id'] != '' && $insert_mode == 'ADMIN') {
$user_id = (int) $_REQUEST['user_id'];
} else {
$user_id = (int) $_SESSION['JB_ID'];
}
// determine what kind of posting it is
$post_mode = "free";
if ($_REQUEST['type'] != 'premium') {
if (JB_POSTING_FEE_ENABLED == 'YES') {
$post_mode = "normal";
if ($insert_mode != 'ADMIN') {
$credits = JB_get_num_posts_remaining($user_id);
}
}
} else {
if (JB_PREMIUM_POSTING_FEE_ENABLED == 'YES') {
$post_mode = "premium";
if ($insert_mode != 'ADMIN') {
$credits = JB_get_num_premium_posts_remaining($user_id);
}
}
}
$_PRIVILEGED_USER = false;
if ($insert_mode != 'ADMIN') {
// check if the user is priveleged
$_PRIVILEGED_USER = JB_is_privileged_user($user_id, $post_mode);
} elseif ($insert_mode == 'ADMIN') {
// Admin mode is always _PRIVILEGED_USER
$_PRIVILEGED_USER = true;
}
$approved = 'N';
if (JB_POSTS_NEED_APPROVAL == 'NO') {
$approved = 'Y';
} elseif ($_PRIVILEGED_USER) {
$approved = 'Y';
} elseif (JB_POSTS_NEED_APPROVAL == 'NOT_SUBSCRIBERS' && $insert_mode == 'EMPLOYER') {
// no approval needed for subscibers..
if (JB_SUBSCRIPTION_FEE_ENABLED == 'YES') {
// check subscription
if (JB_get_employer_subscription_status($user_id) == 'Active') {
$approved = 'Y';
}
}
if ($post_mode != 'free') {
$approved = 'Y';
}
}
if ($_REQUEST['app_type'] == false) {
$_REQUEST['app_type'] = "O";
}
$new = false;
if ($_REQUEST['post_id'] == false) {
$new = true;
$now = gmdate("Y-m-d H:i:s");
$assign = array('post_date' => gmdate("Y-m-d H:i:s"), 'post_mode' => $post_mode, 'user_id' => $user_id, 'pin_x' => (int) $_REQUEST['pin_x'], 'pin_y' => (int) $_REQUEST['pin_y'], 'approved' => $approved, 'app_type' => $_REQUEST['app_type'], 'app_url' => $_REQUEST['app_url'], 'cached_summary' => '', 'expired' => 'N');
$sql = "REPLACE INTO `posts_table` (" . JB_get_sql_insert_fields(1, $assign) . ") VALUES (" . JB_get_sql_insert_values(1, "posts_table", "post_id", $post_id, $user_id, $assign) . " )";
// DEDUCT CREDITS (For new posts)
if ($post_mode == 'normal' && !$_PRIVILEGED_USER) {
JB_deduct_posting_credit($user_id);
}
if ($post_mode == 'premium' && !$_PRIVILEGED_USER) {
JB_deduct_p_posting_credit($user_id);
}
} else {
$post_id = (int) $_REQUEST['post_id'];
if ($insert_mode != 'ADMIN') {
// verify that the post is owned by this user in case of hacking
$sql = "SELECT * from posts_table where post_id='" . jb_escape_sql($_REQUEST['post_id']) . "'";
//echo $sql.'<br>'.$user_id;
$result = JB_mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
if ($row['user_id'] != $user_id) {
die('hacking attempt');
}
}
$old_data = JB_load_post_data($post_id);
// these old_values will be used to update the category counters & keep the current approved status
$approved = $old_data['approved'];
$assign = array('pin_x' => (int) $_REQUEST['pin_x'], 'pin_y' => (int) $_REQUEST['pin_y'], 'approved' => $approved, 'app_type' => $_REQUEST['app_type'], 'app_url' => $_REQUEST['app_url']);
$sql = "UPDATE `posts_table` SET " . JB_get_sql_update_values(1, "posts_table", "post_id", $_REQUEST['post_id'], $user_id, $assign) . " WHERE post_id='" . jb_escape_sql($post_id) . "'";
}
$result = JB_mysql_query($sql) or die(mysql_error() . $sql);
if ($new) {
$post_id = jb_mysql_insert_id();
}
JBPLUG_do_callback('insert_post_data', $post_id);
// for the plugin if you want your plugin to do something after a post is saved. Note that if the post is edited then $_REQUEST['post_id'] will be set or else this is a new post.
if (JB_PREMIUM_AUTO_UPGRADE == 'YES') {
// auto upgrade to premium!
$post_mode = "premium";
$sql = "UPDATE `posts_table` SET `post_mode`='" . jb_escape_sql($post_mode) . "' WHERE post_id='" . jb_escape_sql($post_id) . "' ";
JB_mysql_query($sql) or die(mysql_error() . $sql);
}
// rebuild categories count...
JB_update_post_category_count($old_data, $_REQUEST);
// This will update the category counters only for the affected categories
// build categories cache / update counters / update rss, etc.
JB_finalize_post_updates();
if (JB_EMAIL_NEW_POST_SWITCH == 'YES' && $new) {
$Form = JB_get_DynamicFormObject(1);
$Form->load($post_id);
$TITLE = $Form->get_raw_template_value("TITLE");
$POSTED_BY = $Form->get_raw_template_value("POSTED_BY");
$POSTED_BY_ID = $Form->get_raw_template_value("USER_ID");
$DATE = JB_get_formatted_date($Form->get_template_value("DATE"));
$FORMATTED_DATE = $DATE;
$DESCRIPTION = $Form->get_raw_template_value("DESCRIPTION");
// get the email template
$template_result = JB_get_email_template(310, $_SESSION['LANG']);
$t_row = mysql_fetch_array($template_result);
$to_address = JB_SITE_CONTACT_EMAIL;
$to_name = JB_SITE_NAME;
$subject = $t_row['EmailSubject'];
$message = $t_row['EmailText'];
$from_name = $t_row['EmailFromName'];
$from_address = $t_row['EmailFromAddress'];
$subject = str_replace("%SITE_NAME%", JB_SITE_NAME, $subject);
$message = str_replace("%SITE_NAME%", JB_SITE_NAME, $message);
$message = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $message);
$message = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $message);
$message = str_replace("%POST_TITLE%", $TITLE, $message);
$message = str_replace("%DATE%", $FORMATTED_DATE, $message);
$message = str_replace("%POST_DESCRIPTION%", $DESCRIPTION, $message);
$message = str_replace("%POSTED_BY%", $POSTED_BY, $message);
$message = str_replace("%ADMIN_LINK%", JB_BASE_HTTP_PATH . "admin/ra.php?post_id=" . $Form->get_value('post_id') . "&key=" . md5($Form->get_value('post_id') . JB_ADMIN_PASSWORD), $message);
$message = str_replace('<BR>', "\n", $message);
$message = str_replace('<P>', "\n\n", $message);
$message = html_entity_decode($message);
$message = strip_tags($message);
$email_id = JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, '', 310);
JB_process_mail_queue(1, $email_id);
}
return $post_id;
}
function JB_create_new_employer_account()
{
if ($_REQUEST['lang'] == '') {
$_REQUEST['lang'] = JB_get_default_lang();
}
global $label;
global $jb_mysql_link;
$validated = 0;
if (JB_EM_NEEDS_ACTIVATION == "AUTO" || JB_EM_NEEDS_ACTIVATION == "FIRST_POST") {
$validated = 1;
}
// when inserting, use $assign to overwrite
// the values which we do not want to fetch from the $_REQUEST
// (Assuming that values on $_REQUEST already went through validation)
$assign = array('Validated' => $validated, 'SignupDate' => gmdate("Y-m-d H:i:s"), 'IP' => $_SERVER['REMOTE_ADDR'], 'Newsletter' => (int) $_REQUEST['Newsletter'], 'Notification1' => (int) $_REQUEST['Notification1'], 'Notification2' => (int) $_REQUEST['Notification2'], 'posts_balance' => JB_BEGIN_STANDARD_CREDITS, 'premium_posts_balance' => JB_BEGIN_PREMIUM_CREDITS, 'Password' => md5(stripslashes($_REQUEST['Password'])), 'expired' => 'N');
$sql = "REPLACE INTO `employers` (" . JB_get_sql_insert_fields(4, $assign) . ") VALUES (" . JB_get_sql_insert_values(4, "employers", "ID", $employer_id, '', $assign) . ") ";
$result = JB_mysql_query($sql);
$employer_id = JB_mysql_insert_id();
if ($employer_id > 0) {
JBPLUG_do_callback('create_employer_account', $employer_id);
}
$result = JB_get_email_template(2, $_SESSION['LANG']);
$e_row = mysql_fetch_array($result, MYSQL_ASSOC);
$subject = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $e_row['EmailSubject']);
$EmailMessage = str_replace("%FNAME%", stripslashes($_REQUEST['FirstName']), $e_row['EmailText']);
$EmailMessage = str_replace("%LNAME%", stripslashes($_REQUEST['LastName']), $EmailMessage);
$EmailMessage = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $EmailMessage);
$EmailMessage = str_replace("%SITE_NAME%", JB_SITE_NAME, $EmailMessage);
$EmailMessage = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $EmailMessage);
$EmailMessage = str_replace("%PASSWORD%", stripslashes($_REQUEST['Password']), $EmailMessage);
$EmailMessage = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $EmailMessage);
JBPLUG_do_callback('employer_signup_email_msg', $EmailMessage, $employer_id);
if (!defined('JB_EMAIL_EMP_SIGNUP')) {
define('JB_EMAIL_EMP_SIGNUP', 'YES');
}
if (JB_EMAIL_EMP_SIGNUP == 'YES') {
$email_id = JB_queue_mail(stripslashes($_REQUEST['Email']), jb_get_formatted_name(stripslashes($_REQUEST['FirstName']), stripslashes($_REQUEST['LastName'])), $e_row['EmailFromAddress'], $e_row['EmailFromName'], $subject, $EmailMessage, '', 2);
JB_process_mail_queue(1, $email_id);
}
$to = JB_SITE_CONTACT_EMAIL;
if (JB_EMAIL_EMPLOYER_SIGNUP_SWITCH == 'YES') {
$email_id = JB_queue_mail($to, "Admin", JB_SITE_CONTACT_EMAIL, JB_SITE_NAME, $subject, $EmailMessage, '', 2);
JB_process_mail_queue(1, $email_id);
}
return $employer_id;
}
function JB_insert_profile_data()
{
if (func_num_args() > 0) {
$admin = func_get_arg(0);
// admin mode.
}
$user_id = $_SESSION['JB_ID'];
if ($_REQUEST['profile_id'] == false) {
$assign = array('profile_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $user_id, 'expired' => 'N');
$sql = "REPLACE INTO `profiles_table` ( " . JB_get_sql_insert_fields(3, $assign) . ") VALUES (" . JB_get_sql_insert_values(3, "profiles_table", "profile_id", $_REQUEST['profile_id'], $user_id, $assign) . ") ";
} else {
$profile_id = (int) $_REQUEST['profile_id'];
if (!$admin) {
// make sure that the logged in user is the owner of this resume.
$sql = "select user_id from `profiles_table` WHERE profile_id='" . jb_escape_sql($profile_id) . "'";
$result = JB_mysql_query($sql) or die(mysql_error());
$row = @mysql_fetch_array($result, MYSQL_ASSOC);
if ($_SESSION['JB_ID'] !== $row['user_id']) {
echo "!";
return false;
// not the owner, hacking attempt!
}
}
$now = gmdate("Y-m-d H:i:s");
// the static fields that we want to have on the update
$assign = array('profile_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $_SESSION['JB_ID']);
$sql = "UPDATE `profiles_table` SET " . JB_get_sql_update_values(3, "profiles_table", "profile_id", $_REQUEST['profile_id'], $user_id, $assign) . " WHERE profile_id='" . jb_escape_sql($profile_id) . "'";
}
JB_mysql_query($sql) or die("[{$sql}]" . mysql_error());
if ($_REQUEST['profile_id'] == false) {
$profile_id = JB_mysql_insert_id();
}
JB_build_profile_count(0);
JBPLUG_do_callback('JB_insert_profile_data', $profile_id);
return $profile_id;
}
function JB_create_new_candidate_account()
{
global $label;
if ($_REQUEST['lang'] == '') {
$_REQUEST['lang'] = JB_get_default_lang();
}
$validated = 0;
if (JB_CA_NEEDS_ACTIVATION == "AUTO") {
$validated = 1;
}
// when inserting, use $assign to overwrite
// the values which we do not want to fetch from the $_REQUEST
// (Assuming that values on $_REQUEST already went through validation)
$assign = array('Validated' => $validated, 'SignupDate' => gmdate("Y-m-d H:i:s"), 'IP' => $_SERVER['REMOTE_ADDR'], 'Newsletter' => (int) $_REQUEST['Newsletter'], 'Notification1' => (int) $_REQUEST['Notification1'], 'Notification2' => (int) $_REQUEST['Notification2'], 'Password' => md5(stripslashes($_REQUEST['Password'])), 'expired' => 'N');
$sql = "REPLACE INTO `users` ( " . JB_get_sql_insert_fields(5, $assign) . ") VALUES ( " . JB_get_sql_insert_values(5, "users", "ID", $user_id, '', $assign) . ") ";
JB_mysql_query($sql);
$user_id = JB_mysql_insert_id();
if ($user_id > 0) {
JBPLUG_do_callback('create_candidate_account', $user_id);
}
// Here the emailmessage itself is defined, this will be send to your members. Don't forget to set the validation link here.
$result = JB_get_email_template(1, $_SESSION['LANG']);
$e_row = mysql_fetch_array($result, MYSQL_ASSOC);
$EmailMessage = $e_row['EmailText'];
$from = $e_row['EmailFromAddress'];
$from_name = $e_row['EmailFromName'];
$subject = $e_row['EmailSubject'];
$subject = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $subject);
$EmailMessage = str_replace("%FNAME%", stripslashes($_REQUEST['FirstName']), $EmailMessage);
$EmailMessage = str_replace("%LNAME%", stripslashes($_REQUEST['LastName']), $EmailMessage);
$EmailMessage = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $EmailMessage);
$EmailMessage = str_replace("%SITE_NAME%", JB_SITE_NAME, $EmailMessage);
$EmailMessage = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $EmailMessage);
$EmailMessage = str_replace("%PASSWORD%", stripslashes($_REQUEST['Password']), $EmailMessage);
$EmailMessage = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $EmailMessage);
JBPLUG_do_callback('candidate_signup_email_msg', $EmailMessage, $user_id);
$to = stripslashes($_REQUEST['Email']);
if (!defined('JB_EMAIL_CAN_SIGNUP')) {
define('JB_EMAIL_CAN_SIGNUP', 'YES');
}
if (JB_EMAIL_CAN_SIGNUP == 'YES') {
$email_id = JB_queue_mail($to, stripslashes(jb_get_formatted_name(stripslashes($_REQUEST['FirstName']), stripslashes($_REQUEST['LastName']))), $e_row['EmailFromAddress'], $e_row['EmailFromName'], $subject, $EmailMessage, '', 1);
JB_process_mail_queue(1, $email_id);
}
$to = JB_SITE_CONTACT_EMAIL;
if (JB_EMAIL_CANDIDATE_SIGNUP_SWITCH == 'YES') {
$email_id = JB_queue_mail($to, "Admin", JB_SITE_CONTACT_EMAIL, JB_SITE_NAME, $subject, $EmailMessage, '', 2);
JB_process_mail_queue(1, $email_id);
}
return $user_id;
}
function JB_insert_resume_data()
{
if (func_num_args() > 0) {
$admin = func_get_arg(0);
// admin mode.
}
$list_on_web = 'Y';
$_REQUEST['anon'] = jb_alpha_numeric($_REQUEST['anon']);
$status = "ACT";
$approved = 'Y';
if ($admin == true) {
$sql = "select user_id from `resumes_table` WHERE resume_id='" . jb_escape_sql($_REQUEST['resume_id']) . "'";
$result = JB_mysql_query($sql) or die(mysql_error());
$row = @mysql_fetch_array($result, MYSQL_ASSOC);
$user_id = $row['user_id'];
} else {
$user_id = (int) $_SESSION['JB_ID'];
}
if (JB_RESUMES_NEED_APPROVAL == 'YES' && !$admin) {
$approved = 'N';
}
if ($_REQUEST['resume_id'] == false) {
$assign = array('list_on_web' => 'Y', 'resume_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $user_id, 'approved' => $approved, 'anon' => jb_alpha_numeric($_REQUEST['anon']), 'status' => 'ACT', 'expired' => 'N');
$sql = "REPLACE INTO `resumes_table` ( " . JB_get_sql_insert_fields(2, $assign) . ") VALUES (" . JB_get_sql_insert_values(2, "resumes_table", "resume_id", $resume_id, $user_id, $assign) . ") ";
// JB_get_sql_insert_values() escapes the sql values
$action = "Inserted new resume.";
} else {
$resume_id = (int) $_REQUEST['resume_id'];
$now = gmdate("Y-m-d H:i:s");
$assign = array('resume_date' => gmdate("Y-m-d H:i:s"), 'anon' => jb_alpha_numeric($_REQUEST['anon']), 'approved' => $approved);
$sql = "UPDATE `resumes_table` SET " . JB_get_sql_update_values(2, "resumes_table", "resume_id", $_REQUEST['resume_id'], $user_id, $assign) . " WHERE resume_id='" . jb_escape_sql($resume_id) . "' and user_id='" . jb_escape_sql($user_id) . "' ";
// JB_get_sql_update_values() // escapes the sql values
//$action = "Updated existing resume";
}
JB_mysql_query($sql) or die("[{$sql}]" . mysql_error());
if ($resume_id == false) {
$resume_id = JB_mysql_insert_id();
}
$RForm =& JB_get_DynamicFormObject(2);
$data = $RForm->load($resume_id);
$data['resume_id'] = $resume_id;
JB_build_resume_count(0);
JBPLUG_do_callback('insert_resume_data', $data);
if (JB_EMAIL_ADMIN_RESUPDATE_SWITCH == 'YES') {
// send notification email to Admin
$resume_tag_to_field_id =& $RForm->get_tag_to_field_id();
$RESUME_SUMMARY = $action . "\r\n";
$sql = "SELECT * from form_lists WHERE form_id=2 ORDER BY sort_order ";
$result = JB_mysql_query($sql);
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$label = $field_field_label = $resume_tag_to_field_id[$row['template_tag']]['field_label'];
$RESUME_SUMMARY .= $label . " - " . $RForm->get_raw_template_value($row['template_tag'], $admin) . "\r\n";
}
// get the email template
$template_result = JB_get_email_template(320, 'EN');
$t_row = mysql_fetch_array($template_result);
$to_address = JB_SITE_CONTACT_EMAIL;
$to_name = JB_SITE_NAME;
$subject = $t_row['EmailSubject'];
$message = $t_row['EmailText'];
$from_name = $t_row['EmailFromName'];
$from_address = $t_row['EmailFromAddress'];
$subject = str_replace("%SITE_NAME%", JB_SITE_NAME, $subject);
$message = str_replace("%RESUME_SUMMARY%", $RESUME_SUMMARY, $message);
$message = str_replace("%ADMIN_LINK%", JB_BASE_HTTP_PATH . "admin/ra.php?resume_id=" . $resume_id . "&key=" . md5($resume_id . JB_ADMIN_PASSWORD), $message);
$message = str_replace("%SITE_NAME%", JB_SITE_NAME, $message);
$message = strip_tags($message);
JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, '', 320);
}
return $resume_id;
}