}
$is_allowed_type = false;
foreach ($GLOBALS['allowable_resume_types'] as $mime_type) {
if ($resume_file['type'] == $mime_type) {
$is_allowed_type = true;
break;
}
}
if (!$is_allowed_type) {
?>
<script type="text/javascript">top.stop_quick_upload('-1');</script><?php
exit;
}
$data = array();
$data['file_name'] = str_replace(array('\'', '"', '\\'), '', basename($resume_file['name']));
$data['file_hash'] = generate_random_string_of(3) . '.' . generate_random_string_of(6);
$data['file_type'] = $resume_file['type'];
$data['file_size'] = $resume_file['size'];
$resume_file['new_name'] = $data['file_hash'];
if (move_uploaded_file($resume_file['tmp_name'], $GLOBALS['buffered_resume_dir'] . '/' . $resume_file['new_name']) === false) {
?>
<script type="text/javascript">top.stop_quick_upload('-1');</script><?php
exit;
}
$i = 0;
$query = "UPDATE users_contributed_resumes SET ";
foreach ($data as $key => $value) {
$query .= "`" . $key . "` = '" . $value . "'";
if ($i < count($data) - 1) {
$query .= ", ";
}
$sid = $seed['login']['id'];
}
$_SESSION['yel']['member']['id'] = $id;
$_SESSION['yel']['member']['hash'] = $hash;
$_SESSION['yel']['member']['sid'] = $sid;
$_SESSION['yel']['member']['linkedin_id'] = $linkedin_id;
header('Content-type: text/xml');
$member = new Member($id, $sid);
// 1. find whether this member exists, from the ID
$criteria = array('columns' => "COUNT(*) AS is_exists", 'match' => "email_addr = '" . $id . "'");
$result = $member->find($criteria);
if ($result[0]['is_exists'] != '1') {
// sign the member up
$joined_on = today();
$data = array();
$data['password'] = md5(generate_random_string_of(6));
$data['phone_num'] = '0';
$data['firstname'] = $_POST['linkedin_firstname'];
$data['lastname'] = $_POST['linkedin_lastname'];
$data['linkedin_id'] = $linkedin_id;
$data['joined_on'] = $joined_on;
$data['updated_on'] = $joined_on;
$data['active'] = 'Y';
$data['checked_profile'] = 'Y';
if (is_null($data['firstname']) || empty($data['firstname']) || is_null($data['lastname']) || empty($data['lastname'])) {
$data['firstname'] = 'Unknown';
$data['lastname'] = 'Unknown';
}
if ($member->create($data) === false) {
$_SESSION['yel']['member']['hash'] = "";
$response['errors'] = array('error' => 'create_error');
exit;
}
if (!$result) {
echo 'ko';
exit;
}
foreach ($result as $i => $row) {
$result[$i]['employer'] = htmlspecialchars_decode($row['employer']);
}
$response = array('employers' => array('employer' => $result));
header('Content-type: text/xml');
echo $xml_dom->get_xml_from_array($response);
exit;
}
if ($_POST['action'] == 'reset_password') {
$new_password = generate_random_string_of(6);
$data = array();
$data['password'] = md5($new_password);
$employer = new Employer($_POST['id']);
if (!$employer->update($data, true)) {
echo "ko";
exit;
}
$query = "SELECT email_addr FROM employers WHERE id = '" . $_POST['id'] . "' LIMIT 1";
$mysqli = Database::connect();
$result = $mysqli->query($query);
$lines = file(dirname(__FILE__) . '/../private/mail/employer_password_reset_admin.txt');
$message = '';
foreach ($lines as $line) {
$message .= $line;
}
// member already exists
exit;
}
// create resume
$has_error = false;
if (!empty($buffer['file_name']) && !is_null($buffer['file_name'])) {
$resume = new Resume($_POST['candidate_email']);
$data = array();
$data['modified_on'] = $buffer['added_on'];
$data['name'] = $buffer['file_name'];
$data['private'] = 'N';
if (!$resume->create($data)) {
echo '-9';
exit;
}
$file_hash = generate_random_string_of(6);
$new_name = $resume->id() . '.' . $file_hash;
if (rename($GLOBALS['buffered_resume_dir'] . '/' . $buffer['file_hash'], $GLOBALS['resume_dir'] . '/' . $new_name)) {
$query = "UPDATE resumes SET \n file_name = '" . $buffer['file_name'] . "', \n file_hash = '" . $file_hash . "', \n file_size = '" . $buffer['file_size'] . "',\n file_type = '" . $buffer['file_type'] . "' \n WHERE id = " . $resume->id();
if (!$mysqli->execute($query)) {
echo '-10';
exit;
}
$resume_text = '';
switch ($buffer['file_type']) {
case 'text/plain':
$tmp = file_get_contents($GLOBALS['resume_dir'] . "/" . $new_name);
$resume_text = sanitize($tmp);
break;
case 'text/html':
$tmp = file_get_contents($GLOBALS['resume_dir'] . "/" . $new_name);
public function upload_resume_file($_buffer_id, $_file = array())
{
if (empty($_buffer_id) || $_buffer_id <= 0 || $_buffer_id === false) {
$this->error = 'upload_resume_file : the buffer_id is invalid.';
return false;
}
$file_path = '';
$resume_text = '';
if (!empty($_file['name'])) {
$type = $_file['type'];
$size = $_file['size'];
$name = $_file['name'];
$temp = $_file['tmp_name'];
if ($size <= $GLOBALS['resume_size_limit'] && $size > 0) {
$is_upload_ok = false;
foreach ($GLOBALS['allowable_resume_types'] as $mime_type) {
if ($type == $mime_type) {
$hash = generate_random_string_of(6);
$new_name = $buffer_id . "." . $hash;
$file_path = $GLOBALS['buffered_resume_dir'] . "/" . $new_name;
if (move_uploaded_file($temp, $file_path)) {
$data = array();
$data['resume_file_name'] = $name;
$data['resume_file_type'] = $type;
$data['resume_file_hash'] = $hash;
$data['resume_file_size'] = $size;
if ($referral_buffer->update($data)) {
if ($type == 'application/msword') {
$data['needs_indexing'] = '1';
if ($referral_buffer->update($data) === true) {
$is_upload_ok = true;
} else {
@unlink($file_path);
}
break;
}
switch ($type) {
case 'text/plain':
$tmp = file_get_contents($file_path);
$resume_text = sanitize($tmp);
break;
case 'text/html':
$tmp = file_get_contents($file_path);
$resume_text = sanitize(strip_tags($tmp));
break;
case 'application/pdf':
$cmd = "/usr/local/bin/pdftotext " . $file_path . " /tmp/" . $new_name;
shell_exec($cmd);
$tmp = file_get_contents('/tmp/' . $new_name);
$resume_text = sanitize($tmp);
if (!empty($tmp)) {
unlink('/tmp/' . $new_name);
}
break;
case 'application/msword':
// $tmp = Resume::getTextFromMsword($file_path);
// if (empty($tmp)) {
// $tmp = Resume::getTextFromRTF($file_path);
// }
// $resume_text = sanitize($tmp);
break;
}
if (!empty($resume_text)) {
$keywords = preg_split("/[\\s,]+/", $resume_text);
$resume_text = '';
foreach ($keywords as $i => $keyword) {
$resume_text .= $keyword;
if ($i < count($keywords) - 1) {
$resume_text .= ' ';
}
}
$data['resume_file_text'] = sanitize(stripslashes($resume_text));
if ($referral_buffer->update($data) === true) {
$is_upload_ok = true;
} else {
@unlink($file_path);
}
break;
}
}
}
}
}
if (!$is_upload_ok) {
$this->error = 'upload_resume_file : file type is not allowed.';
return false;
}
} else {
$this->error = 'upload_resume_file : resume is over the allowed size of ' . $GLOBALS['resume_size_limit'] . ' bytes.';
return false;
}
}
return true;
}
}
if (!$is_free_replacement) {
$item_added = Invoice::add_item($invoice, $discount, $_POST['id'], 'Discount');
if (!$item_added) {
echo "ko";
exit;
}
$item_added = Invoice::add_item($invoice, $extra_charges, $_POST['id'], 'Extra charges');
if (!$item_added) {
echo "ko";
exit;
}
} else {
if ($credit_amount > 0) {
$credit_note_desc = 'Refund of balance for Invoice: ' . pad($previous_invoice, 11, '0');
$filename = generate_random_string_of(8) . '.' . generate_random_string_of(8);
$issued_on = today();
$expire_on = sql_date_add($issued_on, 30, 'day');
Invoice::accompany_credit_note_with($previous_invoice, $invoice, $issued_on, $credit_amount);
$branch = $employer->get_branch();
$sales = 'sales.' . strtolower($branch[0]['country']) . '@yellowelevator.com';
$branch[0]['address'] = str_replace(array("\r\n", "\r"), "\n", $branch[0]['address']);
$branch['address_lines'] = explode("\n", $branch[0]['address']);
$currency = Currency::getSymbolFromCountryCode($branch[0]['country']);
$pdf = new CreditNote();
$pdf->AliasNbPages();
$pdf->SetAuthor('Yellow Elevator. This credit note was automatically generated. Signature is not required.');
$pdf->SetTitle($GLOBALS['COMPANYNAME'] . ' - Credit Note ' . pad($invoice, 11, '0'));
$pdf->SetRefundAmount($credit_amount);
$pdf->SetDescription($credit_note_desc);
$pdf->SetCurrency($currency);
function create_member_from($_email_addr, $_fullname, $_phone, $_employee_id)
{
if (empty($_email_addr) || empty($_fullname) || empty($_phone)) {
return false;
}
$employee = new Employee($_employee_id);
$password = generate_random_string_of(6);
$timestamp = now();
$lastname = '(n/a)';
$firstname = $_fullname;
$names = explode(',', $_fullname);
if (count($names) > 1) {
$lastname = trim($names[0]);
$firstname = trim($names[1]);
}
$data = array();
$data['phone_num'] = $_phone;
$data['firstname'] = $firstname;
$data['lastname'] = $lastname;
$data['password'] = md5($password);
$data['forget_password_question'] = '1';
$data['forget_password_answer'] = '(System Generated)';
$data['joined_on'] = $timestamp;
$data['active'] = 'Y';
$data['like_newsletter'] = 'N';
$member = new Member($_email_addr);
$member->setAdmin(true);
if ($member->create($data) === false) {
return false;
}
// send email out
$mail_lines = file('../private/mail/member_sign_up_with_password.txt');
$message = '';
foreach ($mail_lines as $line) {
$message .= $line;
}
$candidate_name = $data['lastname'] . ', ' . $data['firstname'];
$message = str_replace('%candidate%', $candidate_name, $message);
$message = str_replace('%password%', $password, $message);
$message = str_replace('%protocol%', $GLOBALS['protocol'], $message);
$message = str_replace('%root%', $GLOBALS['root'], $message);
//$subject = '['. $_email_addr. '] New Membership from Yellow Elevator';
$subject = 'Recent correspondence with YellowElevator.com\'s recruitment consultant - ' . $candidate_name;
$headers = 'From: YellowElevator.com <*****@*****.**>' . "\n";
if (!is_null($employee)) {
$emp_email = $employee->getEmailAddress();
if ($emp_email !== false && !empty($emp_email)) {
$headers .= 'Reply-To: ' . $emp_email . "\n";
}
}
$headers .= 'Cc: team.my@yellowelevator.com' . "\n";
mail($_email_addr, $subject, $message, $headers);
//mail('*****@*****.**', $subject, $message, $headers);
// $file_name = '/tmp/email_to_'. $_email_addr. '.txt';
// if (file_exists($file_name)) {
// $file_name .= '.'. generate_random_string_of(6). '.txt';
// }
// $handle = fopen($file_name, 'w');
// fwrite($handle, 'Header: '. $headers. "\n\n");
// fwrite($handle, 'Subject: '. $subject. "\n\n");
// fwrite($handle, $message);
// fclose($handle);
return true;
}
public function savePhoto($_file_data)
{
$type = $_file_data['FILE']['type'];
$size = $_file_data['FILE']['size'];
$temp = $_file_data['FILE']['tmp_name'];
$image_resolution = getimagesize($temp);
$max_resolution = $GLOBALS['max_photo_resolution'];
if ($image_resolution[0] > $max_resolution['width'] || $image_resolution[1] > $max_resolution['height']) {
return false;
}
if ($size <= $GLOBALS['photo_size_limit'] && $size > 0) {
$allowed_type = false;
foreach ($GLOBALS['allowable_photo_types'] as $mime_type) {
if ($type == $mime_type) {
if ($this->hasPhoto()) {
$query = "SELECT id, photo_hash FROM member_photos WHERE member = '" . $this->id . "' LIMIT 1";
$result = $this->mysqli->query($query);
$file_name = $result[0]['id'] . "." . $result[0]['photo_hash'];
if (move_uploaded_file($temp, $GLOBALS['photo_dir'] . "/" . $file_name)) {
$query = "UPDATE member_photos SET \n photo_hash = '" . $result[0]['photo_hash'] . "',\n photo_type = '" . $type . "', \n approved = 'N' \n WHERE id = " . $result[0]['id'];
return $this->mysqli->execute($query);
}
} else {
$query = "INSERT INTO member_photos SET \n member = '" . $this->id . "',\n photo_hash = 'new', photo_type = 'new'";
if (($id = $this->mysqli->execute($query, true)) > 0) {
$hash = generate_random_string_of(6);
$new_name = $id . "." . $hash;
if (move_uploaded_file($temp, $GLOBALS['photo_dir'] . "/" . $new_name)) {
$query = "UPDATE member_photos SET \n photo_hash = '" . $hash . "',\n photo_type = '" . $type . "', \n approved = 'N' \n WHERE id = " . $id;
return $this->mysqli->execute($query);
}
}
}
}
}
}
return false;
}
function generate_pdf_file($_contacts, $_cover_note, $_educations, $_experiences, $_skill, $_technical_skills, $_resume_id)
{
$hash = generate_random_string_of(6);
$file = $_resume_id . '.' . $hash;
$pdf = new ResumePdf();
$pdf->AliasNbPages();
$pdf->SetAuthor('YellowElevator.com Resume Generator. Terms of Use subjected.');
$pdf->SetTitle(htmlspecialchars_decode($_contacts['name']) . '\'s Resume');
$pdf->SetFontSize(10);
$pdf->AddPage('P');
$pdf->SetDisplayMode('real', 'default');
$pdf->make_title(htmlspecialchars_decode($_contacts['name']) . '\'s Resume');
$pdf->Ln();
$pdf->make_title('Contacts');
$pdf->show_contacts($_contacts);
$pdf->make_title('Work Experiences');
$pdf->show_experiences($_experiences);
$pdf->make_title('Educations');
$pdf->show_educations($_educations);
$pdf->make_title('General Skills');
$pdf->show_skills($_skills);
$pdf->make_title('Technical/Computer/I.T. Skills');
$pdf->show_technical_skills($_technical_skills);
$pdf->make_title('Cover Note');
$pdf->show_cover_note($_cover_note);
$pdf->Close();
$pdf->Output($GLOBALS['path_to_copy'] . $file, 'F');
return $hash;
}
public function uploadFile($_file_data, $_update = false)
{
if (!is_array($_file_data)) {
return false;
}
if ($this->id == 0) {
return false;
}
if ($_update) {
$query = "SELECT file_hash FROM resumes WHERE id = " . $this->id . " LIMIT 1";
$result = $this->mysqli->query($query);
$file = $GLOBALS['resume_dir'] . '/' . $this->id . '.' . $result[0]['file_hash'];
@unlink($file);
}
$type = $_file_data['FILE']['type'];
$size = $_file_data['FILE']['size'];
$name = $_file_data['FILE']['name'];
$temp = $_file_data['FILE']['tmp_name'];
if ($size <= $GLOBALS['resume_size_limit'] && $size > 0) {
$allowed_type = false;
foreach ($GLOBALS['allowable_resume_types'] as $mime_type) {
if ($type == $mime_type) {
$allowed_type = true;
$hash = generate_random_string_of(6);
$new_name = $this->id . "." . $hash;
if (move_uploaded_file($temp, $GLOBALS['resume_dir'] . "/" . $new_name)) {
$query = "UPDATE resumes SET \n file_name = '" . basename($name) . "', \n file_hash = '" . $hash . "', \n file_size = '" . $size . "',\n file_type = '" . $type . "'";
if ($type == 'application/msword') {
$query .= ", needs_indexing = TRUE";
}
$query .= " WHERE id = " . $this->id;
if ($this->mysqli->execute($query)) {
//return true;
$resume_text = '';
switch ($type) {
case 'text/plain':
$tmp = file_get_contents($GLOBALS['resume_dir'] . "/" . $new_name);
$resume_text = sanitize($tmp);
break;
case 'text/html':
$tmp = file_get_contents($GLOBALS['resume_dir'] . "/" . $new_name);
$resume_text = sanitize(strip_tags($tmp));
break;
case 'application/pdf':
$cmd = "/usr/local/bin/pdftotext " . $GLOBALS['resume_dir'] . "/" . $new_name . " /tmp/" . $new_name;
shell_exec($cmd);
$tmp = file_get_contents('/tmp/' . $new_name);
$resume_text = sanitize($tmp);
if (!empty($tmp)) {
unlink('/tmp/' . $new_name);
}
break;
case 'application/msword':
// $tmp = Resume::getTextFromMsword($GLOBALS['resume_dir']. "/". $new_name);
// if (empty($tmp)) {
// $tmp = Resume::getTextFromRTF($GLOBALS['resume_dir']. "/". $new_name);
// }
// $resume_text = sanitize($tmp);
// break;
return true;
}
if (!empty($resume_text)) {
$keywords = preg_split("/[\\s,]+/", $resume_text);
$resume_text = '';
foreach ($keywords as $i => $keyword) {
$resume_text .= $keyword;
if ($i < count($keywords) - 1) {
$resume_text .= ' ';
}
}
$query = "SELECT COUNT(*) AS is_exists FROM resume_index \n WHERE resume = " . $this->id . " AND member = '" . $this->member_id . "'";
$result = $this->mysqli->query($query);
if ($result[0]['is_exists'] == '0') {
$query = "INSERT INTO resume_index SET \n resume = " . $this->id . ", \n member = '" . $this->member_id . "', \n file_text = '" . $resume_text . "'";
} else {
$query = "UPDATE resume_index SET file_text = '" . $resume_text . "' \n WHERE resume = " . $this->id . " AND \n member = '" . $this->member_id . "'";
}
return $this->mysqli->execute($query);
}
}
}
}
}
}
return false;
}