function JB_insert_post_data($insert_mode = 'EMPLOYER')
{
if ($_REQUEST['user_id'] != '' && $insert_mode == 'ADMIN') {
$user_id = (int) $_REQUEST['user_id'];
} else {
$user_id = (int) $_SESSION['JB_ID'];
}
// determine what kind of posting it is
$post_mode = "free";
if ($_REQUEST['type'] != 'premium') {
if (JB_POSTING_FEE_ENABLED == 'YES') {
$post_mode = "normal";
if ($insert_mode != 'ADMIN') {
$credits = JB_get_num_posts_remaining($user_id);
}
}
} else {
if (JB_PREMIUM_POSTING_FEE_ENABLED == 'YES') {
$post_mode = "premium";
if ($insert_mode != 'ADMIN') {
$credits = JB_get_num_premium_posts_remaining($user_id);
}
}
}
$_PRIVILEGED_USER = false;
if ($insert_mode != 'ADMIN') {
// check if the user is priveleged
$_PRIVILEGED_USER = JB_is_privileged_user($user_id, $post_mode);
} elseif ($insert_mode == 'ADMIN') {
// Admin mode is always _PRIVILEGED_USER
$_PRIVILEGED_USER = true;
}
$approved = 'N';
if (JB_POSTS_NEED_APPROVAL == 'NO') {
$approved = 'Y';
} elseif ($_PRIVILEGED_USER) {
$approved = 'Y';
} elseif (JB_POSTS_NEED_APPROVAL == 'NOT_SUBSCRIBERS' && $insert_mode == 'EMPLOYER') {
// no approval needed for subscibers..
if (JB_SUBSCRIPTION_FEE_ENABLED == 'YES') {
// check subscription
if (JB_get_employer_subscription_status($user_id) == 'Active') {
$approved = 'Y';
}
}
if ($post_mode != 'free') {
$approved = 'Y';
}
}
if ($_REQUEST['app_type'] == false) {
$_REQUEST['app_type'] = "O";
}
$new = false;
if ($_REQUEST['post_id'] == false) {
$new = true;
$now = gmdate("Y-m-d H:i:s");
$assign = array('post_date' => gmdate("Y-m-d H:i:s"), 'post_mode' => $post_mode, 'user_id' => $user_id, 'pin_x' => (int) $_REQUEST['pin_x'], 'pin_y' => (int) $_REQUEST['pin_y'], 'approved' => $approved, 'app_type' => $_REQUEST['app_type'], 'app_url' => $_REQUEST['app_url'], 'cached_summary' => '', 'expired' => 'N');
$sql = "REPLACE INTO `posts_table` (" . JB_get_sql_insert_fields(1, $assign) . ") VALUES (" . JB_get_sql_insert_values(1, "posts_table", "post_id", $post_id, $user_id, $assign) . " )";
// DEDUCT CREDITS (For new posts)
if ($post_mode == 'normal' && !$_PRIVILEGED_USER) {
JB_deduct_posting_credit($user_id);
}
if ($post_mode == 'premium' && !$_PRIVILEGED_USER) {
JB_deduct_p_posting_credit($user_id);
}
} else {
$post_id = (int) $_REQUEST['post_id'];
if ($insert_mode != 'ADMIN') {
// verify that the post is owned by this user in case of hacking
$sql = "SELECT * from posts_table where post_id='" . jb_escape_sql($_REQUEST['post_id']) . "'";
//echo $sql.'<br>'.$user_id;
$result = JB_mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
if ($row['user_id'] != $user_id) {
die('hacking attempt');
}
}
$old_data = JB_load_post_data($post_id);
// these old_values will be used to update the category counters & keep the current approved status
$approved = $old_data['approved'];
$assign = array('pin_x' => (int) $_REQUEST['pin_x'], 'pin_y' => (int) $_REQUEST['pin_y'], 'approved' => $approved, 'app_type' => $_REQUEST['app_type'], 'app_url' => $_REQUEST['app_url']);
$sql = "UPDATE `posts_table` SET " . JB_get_sql_update_values(1, "posts_table", "post_id", $_REQUEST['post_id'], $user_id, $assign) . " WHERE post_id='" . jb_escape_sql($post_id) . "'";
}
$result = JB_mysql_query($sql) or die(mysql_error() . $sql);
if ($new) {
$post_id = jb_mysql_insert_id();
}
JBPLUG_do_callback('insert_post_data', $post_id);
// for the plugin if you want your plugin to do something after a post is saved. Note that if the post is edited then $_REQUEST['post_id'] will be set or else this is a new post.
if (JB_PREMIUM_AUTO_UPGRADE == 'YES') {
// auto upgrade to premium!
$post_mode = "premium";
$sql = "UPDATE `posts_table` SET `post_mode`='" . jb_escape_sql($post_mode) . "' WHERE post_id='" . jb_escape_sql($post_id) . "' ";
JB_mysql_query($sql) or die(mysql_error() . $sql);
}
// rebuild categories count...
JB_update_post_category_count($old_data, $_REQUEST);
// This will update the category counters only for the affected categories
// build categories cache / update counters / update rss, etc.
JB_finalize_post_updates();
if (JB_EMAIL_NEW_POST_SWITCH == 'YES' && $new) {
$Form = JB_get_DynamicFormObject(1);
$Form->load($post_id);
$TITLE = $Form->get_raw_template_value("TITLE");
$POSTED_BY = $Form->get_raw_template_value("POSTED_BY");
$POSTED_BY_ID = $Form->get_raw_template_value("USER_ID");
$DATE = JB_get_formatted_date($Form->get_template_value("DATE"));
$FORMATTED_DATE = $DATE;
$DESCRIPTION = $Form->get_raw_template_value("DESCRIPTION");
// get the email template
$template_result = JB_get_email_template(310, $_SESSION['LANG']);
$t_row = mysql_fetch_array($template_result);
$to_address = JB_SITE_CONTACT_EMAIL;
$to_name = JB_SITE_NAME;
$subject = $t_row['EmailSubject'];
$message = $t_row['EmailText'];
$from_name = $t_row['EmailFromName'];
$from_address = $t_row['EmailFromAddress'];
$subject = str_replace("%SITE_NAME%", JB_SITE_NAME, $subject);
$message = str_replace("%SITE_NAME%", JB_SITE_NAME, $message);
$message = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $message);
$message = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $message);
$message = str_replace("%POST_TITLE%", $TITLE, $message);
$message = str_replace("%DATE%", $FORMATTED_DATE, $message);
$message = str_replace("%POST_DESCRIPTION%", $DESCRIPTION, $message);
$message = str_replace("%POSTED_BY%", $POSTED_BY, $message);
$message = str_replace("%ADMIN_LINK%", JB_BASE_HTTP_PATH . "admin/ra.php?post_id=" . $Form->get_value('post_id') . "&key=" . md5($Form->get_value('post_id') . JB_ADMIN_PASSWORD), $message);
$message = str_replace('<BR>', "\n", $message);
$message = str_replace('<P>', "\n\n", $message);
$message = html_entity_decode($message);
$message = strip_tags($message);
$email_id = JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, '', 310);
JB_process_mail_queue(1, $email_id);
}
return $post_id;
}
function insert_job($employer_id)
{
// get guid
$element = $this->FMD->getOption('guid');
// get key of guid element
$guid = $this->clean_data($this->data[$element]['data']);
// check to see if GUID is unique
$sql = "SELECT post_id FROM `posts_table` WHERE `guid`='" . jb_escape_sql($guid) . "' ";
$result = jb_mysql_query($sql);
if (mysql_num_rows($result) > 0) {
// return the existing post_id
$this->echo_import_error('Post ' . jb_escape_html($guid) . ' already exists');
return array_pop(mysql_fetch_row($result));
}
// check if enough credits
if (JB_POSTING_FEE_ENABLED == 'YES' && $this->FMD->getOption('deduct_credits') > 0) {
$sql = "SELECT `ID` FROM `employers` WHERE (`posts_balance` - " . jb_escape_sql($this->FMD->getOption('deduct_credits')) . ") >= 0 AND `ID`='" . jb_escape_sql($employer_id) . "' ";
$result = jb_mysql_query($sql);
if (mysql_num_rows($result) == 0) {
$this->set_import_error('Not enough credits for employer id:' . $employer_id);
return false;
}
}
// get the fiels part of the INSERT query
$sql_fields = $this->get_sql_insert_fields(1);
if ($sql_fields === false) {
return false;
}
// get the values part of the INSERT query
$sql_values = $this->get_sql_insert_values(1);
if ($sql_values === false) {
return false;
}
// post_date
$element = $this->FMD->getOption('post_date');
$post_date = $this->data[$element]['data'];
if ($time = strtotime($post_date)) {
$post_date = gmdate("Y-m-d H:i:s", $time);
} else {
$post_date = gmdate("Y-m-d H:i:s");
// post as now
}
// post_mode
$element = $this->FMD->getOption('post_mode');
// get it from the feed
$post_mode = $this->data[$element]['data'];
if ($post_mode == '' || $post_mode != 'normal' || $post_mode != 'free' || $post_mode != 'premium') {
if (JB_POSTING_FEE_ENABLED == 'YES') {
// not present in the feed, default to normal.
$post_mode = 'normal';
}
}
// approval
$element = $this->FMD->getOption('approved');
$approved = $this->data[$element]['data'];
if ($approved != 'N' && $approved != 'Y') {
// get the setting from 'map fields'
$approved = $this->FMD->getOption('default_approved');
if ($approved != 'N' && $approved != 'Y') {
// get the setting from Admin->Main Config
if (JB_POSTS_NEED_APPROVAL == 'NO') {
$approved = 'Y';
} else {
$approved = 'N';
}
}
}
// application type
// get app_url
$element = $this->FMD->getOption('app_url');
// get key of guid element
$app_url = $this->clean_data($this->data[$element]['data']);
//echo $this->FMD->getOption('default_app_type'); die();
if ($app_url != false) {
$app_type = "R";
// redirect
} elseif ($this->FMD->getOption('default_app_type')) {
$app_type = $this->FMD->getOption('default_app_type');
} else {
$app_type = "N";
// app_type can be: O=online R = Url, N = None,
}
$sql = "INSERT INTO `posts_table` ( `guid`, `post_date`, `user_id`, `approved`, `expired`, `post_mode`, `app_type`, `app_url` " . $sql_fields . ") VALUES ( '" . jb_escape_sql($guid) . "', '" . $post_date . "', '" . $employer_id . "', '" . jb_escape_sql($approved) . "', 'N', '" . jb_escape_sql($post_mode) . "', '" . jb_escape_sql($app_type) . "', '" . jb_escape_sql($app_url) . "' " . $sql_values . ") ";
//echo $sql.'<br>'."\n";
$result = jb_mysql_query($sql);
$post_id = jb_mysql_insert_id();
$this->log_entry('Inserted Job | ID:' . $post_id . ' | GUID:' . $guid . ' | Emp.ID:' . $employer_id);
// deduct credits
if (JB_POSTING_FEE_ENABLED == 'YES' && $this->FMD->getOption('deduct_credits') > 0) {
$sql = "UPDARE `employers` SET `posts_balance`= (`posts_balance` - " . jb_escape_sql($this->FMD->getOption('deduct_credits')) . ") WHERE `ID`='" . jb_escape_sql($employer_id) . "' ";
$result = jb_mysql_query($sql);
}
return $post_id;
}
function JB_save_field($error, $NEW_FIELD)
{
$_REQUEST['field_sort'] = (int) $_REQUEST['field_sort'];
$_REQUEST['field_width'] = (int) $_REQUEST['field_width'];
$_REQUEST['field_height'] = (int) $_REQUEST['field_height'];
$_REQUEST['list_sort_order'] = (int) $_REQUEST['list_sort_order'];
$_REQUEST['category_init_id'] = (int) $_REQUEST['category_init_id'];
$_REQUEST['search_sort_order'] = (int) $_REQUEST['search_sort_order'];
$_REQUEST['cat_multiple_rows'] = (int) $_REQUEST['cat_multiple_rows'];
if ($_REQUEST['field_type'] == 'GMAP') {
if (!$_REQUEST['field_width']) {
$_REQUEST['field_width'] = 300;
}
if (!$_REQUEST['field_height']) {
$_REQUEST['field_height'] = 400;
}
}
if ($_REQUEST['field_type'] == 'EDITOR') {
}
if ($NEW_FIELD == "YES") {
$sql = "INSERT INTO `form_fields` ( `form_id` , `reg_expr` , `field_label` , `field_type` , `field_sort` , `is_required` , `display_in_list` , `error_message` , `field_init`, `field_width`, `field_height`, `is_in_search`, `list_sort_order`, `search_sort_order`, `template_tag`, `section`, `is_hidden`, `is_anon`, `field_comment`, `category_init_id`, `is_cat_multiple`, `cat_multiple_rows`, `is_blocked`, `multiple_sel_all`, `is_member`) VALUES ('" . JB_escape_sql($_REQUEST['form_id']) . "', '" . JB_escape_sql($_REQUEST['reg_expr']) . "', '" . JB_escape_sql($_REQUEST['field_label']) . "', '" . JB_escape_sql($_REQUEST['field_type']) . "', '" . JB_escape_sql($_REQUEST['field_sort']) . "', '" . JB_escape_sql($_REQUEST['is_required']) . "', '" . JB_escape_sql($_REQUEST['display_in_list']) . "', '" . JB_escape_sql($_REQUEST['error_message']) . "', '" . JB_escape_sql($_REQUEST['field_init']) . "', '" . JB_escape_sql($_REQUEST['field_width']) . "', '" . JB_escape_sql($_REQUEST['field_height']) . "', '" . JB_escape_sql($_REQUEST['is_in_search']) . "', '" . JB_escape_sql($_REQUEST['list_sort_order']) . "', '" . JB_escape_sql($_REQUEST['search_sort_order']) . "', '" . JB_escape_sql($_REQUEST['template_tag']) . "', '" . JB_escape_sql($_REQUEST['section']) . "', '" . JB_escape_sql($_REQUEST['is_hidden']) . "', '" . JB_escape_sql($_REQUEST['is_blcoked']) . "', '" . JB_escape_sql($_REQUEST['field_comment']) . "', '" . JB_escape_sql($_REQUEST['category_init_id']) . "', '" . JB_escape_sql($_REQUEST['is_cat_multiple']) . "', '" . JB_escape_sql($_REQUEST['cat_multiple_rows']) . "', '" . JB_escape_sql($_REQUEST['is_blocked']) . "', '" . JB_escape_sql($_REQUEST['multiple_sel_all']) . "', '" . JB_escape_sql($_REQUEST['is_member']) . "' )";
} else {
//if ($_SESSION["LANG"] == "EN") {
$sql = "SELECT * FROM form_fields WHERE field_id='" . JB_escape_sql($_REQUEST['field_id']) . "' ";
$result = JB_mysql_query($sql) or die(mysql_error() . $sql);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
if (JB_is_reserved_template_tag($_REQUEST['template_tag']) && true) {
$tt = "";
// do not update template tag
} elseif ($_REQUEST['template_tag'] != '') {
$tt = "`template_tag` = '" . JB_escape_sql($_REQUEST['template_tag']) . "',";
}
$sql = "UPDATE `form_fields` SET " . "`reg_expr` = '" . JB_escape_sql($_REQUEST['reg_expr']) . "'," . "`field_label` = '" . JB_escape_sql($_REQUEST['field_label']) . "'," . "`field_type` = '" . JB_escape_sql($_REQUEST['field_type']) . "'," . "`field_init` = '" . JB_escape_sql($_REQUEST['field_init']) . "'," . "`is_required` = '" . JB_escape_sql($_REQUEST['is_required']) . "'," . "`field_width` = '" . JB_escape_sql($_REQUEST['field_width']) . "'," . "`field_height` = '" . JB_escape_sql($_REQUEST['field_height']) . "'," . "`is_in_search` = '" . JB_escape_sql($_REQUEST['is_in_search']) . "'," . "`search_sort_order` = '" . JB_escape_sql($_REQUEST['search_sort_order']) . "'," . "`section` = '" . JB_escape_sql($_REQUEST['section']) . "'," . $tt . "`error_message` = '" . JB_escape_sql($_REQUEST['error_message']) . "'," . "`is_hidden` = '" . JB_escape_sql($_REQUEST['is_hidden']) . "', " . "`is_anon` = '" . JB_escape_sql($_REQUEST['is_anon']) . "', " . "`is_cat_multiple` = '" . JB_escape_sql($_REQUEST['is_cat_multiple']) . "', " . "`cat_multiple_rows` = '" . JB_escape_sql($_REQUEST['cat_multiple_rows']) . "', " . "`field_comment` = '" . JB_escape_sql($_REQUEST['field_comment']) . "', " . "`multiple_sel_all` = '" . JB_escape_sql($_REQUEST['multiple_sel_all']) . "', " . "`is_blocked` = '" . JB_escape_sql($_REQUEST['is_blocked']) . "', " . "`is_prefill` = '" . JB_escape_sql($_REQUEST['is_prefill']) . "', " . "`is_member` = '" . JB_escape_sql($_REQUEST['is_member']) . "', " . "category_init_id = '" . JB_escape_sql($_REQUEST['category_init_id']) . "' " . "WHERE `field_id` = '" . JB_escape_sql($_REQUEST['field_id']) . "' ;";
// update template tag on the form_lists
if ($_REQUEST['template_tag'] != '') {
// sometimes template tag can be blank (reserved tags)
$sql_tt = "UPDATE form_lists SET `template_tag`='" . JB_escape_sql($_REQUEST['template_tag']) . "' WHERE `field_id`='" . JB_escape_sql($_REQUEST['field_id']) . "'";
JB_mysql_query($sql_tt) or die($sql . mysql_error());
}
}
// Do the SQL query, UPDATE or INSERT
JB_mysql_query($sql) or die($sql . mysql_error());
if ($_REQUEST['field_id'] == false) {
$_REQUEST['field_id'] = jb_mysql_insert_id();
}
// update translations
$label = $_REQUEST['field_label'];
$sql_fft = "RePLACE INTO `form_field_translations` (`field_id`, `lang`, `field_label`, `error_message`, `field_comment`) VALUES ('" . JB_escape_sql($_REQUEST['field_id']) . "', '" . JB_escape_sql($_SESSION["LANG"]) . "', '" . JB_escape_sql($label) . "', '" . JB_escape_sql($_REQUEST['error_message']) . "', '" . JB_escape_sql($_REQUEST['field_comment']) . "' )";
JB_mysql_query($sql_fft) or die($sql . mysql_error());
if ($_REQUEST['field_type'] == 'RADIO' || $_REQUEST['field_type'] == 'CHECK' || $_REQUEST['field_type'] == 'MSELECT' || $_REQUEST['field_type'] == 'SELECT') {
//echo 'formatting field..<br>';
if ($NEW_FIELD == 'YES') {
$_REQUEST['field_id'] = JB_mysql_insert_id();
}
JB_format_codes_translation_table($_REQUEST['field_id']);
}
if ($NEW_FIELD == 'YES') {
$field_id = JB_mysql_insert_id();
} else {
$field_id = $_REQUEST['field_id'];
}
JB_cache_del_keys_for_form($_REQUEST['form_id']);
$_REQUEST['mode'] = 'EDIT';
global $NEW_FIELD;
$_REQUEST['NEW_FIELD'] = 'NO';
return $field_id;
}
