function JB_validate_post_data($insert_mode = 'EMPLOYER')
{
global $label;
$error = '';
$errors = array();
/*
Only check for credits if posted by employer
*/
if ($insert_mode == 'EMPLOYER' && $_REQUEST['post_id'] == false) {
$sql = "select * from employers where ID='" . jb_escape_sql($_SESSION['JB_ID']) . "'";
$result = JB_mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$_PRIVILEGED_USER = JB_is_privileged_user($_SESSION['JB_ID'], $_REQUEST['post_mode']);
if ($_REQUEST['type'] != 'premium') {
if (JB_POSTING_FEE_ENABLED == 'YES' && !$_PRIVILEGED_USER) {
// check standard credits
$posts = JB_get_num_posts_remaining($_SESSION['JB_ID']);
if ($posts < 1 && $posts != -1) {
$errors[] = $label['post_no_credits'];
return $errors;
}
}
} else {
if (JB_PREMIUM_POSTING_FEE_ENABLED == 'YES' && !$_PRIVILEGED_USER) {
// check standard credits
$p_posts = JB_get_num_premium_posts_remaining($_SESSION['JB_ID']);
if ($p_posts < 1 && $p_posts != -1) {
$errors[] = $label['post_no_credits'];
return $errors;
}
}
}
}
if ($insert_mode != 'EMPLOYER') {
$_PRIVILEGED_USER = true;
}
// Make sure they are numeric
if ($_REQUEST['post_id'] != '') {
if (!is_numeric($_REQUEST['post_id'])) {
return 'Invalid Input!';
}
}
if ($_REQUEST['user_id'] != '') {
if (!is_numeric($_REQUEST['user_id'])) {
return 'Invalid Input!';
}
}
if ($_REQUEST['pin_x'] != '') {
if (!is_numeric($_REQUEST['pin_x'])) {
return 'Invalid Input!';
}
}
if ($_REQUEST['pin_y'] != '') {
if (!is_numeric($_REQUEST['pin_y'])) {
return 'Invalid Input!';
}
}
// app_type and app_url
if ($_REQUEST['app_type'] == 'R') {
// check the url.
$_REQUEST['app_url'] = trim($_REQUEST['app_url']);
$_REQUEST['app_url'] = JB_clean_str($_REQUEST['app_url']);
if ($_REQUEST['app_url'] == false) {
$errors[] = $label['post_save_app_url_blank'];
} elseif (strpos($_REQUEST['app_url'], 'http://') === false && strpos($_REQUEST['app_url'], 'https://') === false) {
$errors[] = $label['post_save_app_url_bad'];
}
}
// clean any undesired input, leave nothing to chance
$_REQUEST['post_date'] = JB_clean_str($_REQUEST['post_date']);
$_REQUEST['post_mode'] = JB_clean_str($_REQUEST['post_mode']);
$_REQUEST['approved'] = JB_clean_str($_REQUEST['approved']);
$_REQUEST['expired'] = JB_clean_str($_REQUEST['expired']);
$error = '';
JBPLUG_do_callback('validate_post_data', $error);
// deprecated, use validate_post_data_array
if ($error) {
$list = explode('<br>', $error);
foreach ($list as $item) {
$errors[] = $item;
}
}
JBPLUG_do_callback('validate_post_data_array', $errors);
// added in 3.6.6
//append errors
$errors = $errors + JB_validate_form_data(1);
return $errors;
}
function JB_validate_employer_data($form_id)
{
global $label;
$errors = array();
if ($_REQUEST['FirstName'] == false) {
$errors[] = $label['employer_signup_error_name'];
}
if ($_REQUEST['LastName'] == false) {
$errors[] = $label['employer_signup_error_ln'];
}
if ($_REQUEST['user_id'] == false) {
if ($_REQUEST['Password'] != $_REQUEST['Password2']) {
$errors[] = $label['employer_signup_error_pmatch'];
}
if ($_REQUEST['Username'] == false) {
$errors[] = $label["employer_signup_error_user"];
} else {
$sql = "SELECT * FROM `employers` WHERE `Username`='" . jb_escape_sql($_REQUEST['Username']) . "' ";
$result = JB_mysql_query($sql) or die(mysql_error() . $sql);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
if ($row['Username'] != false) {
$errors[] = str_replace('%username%', jb_escape_html($_REQUEST['Username']), $label['employer_signup_error_inuse']);
} elseif (!preg_match('#^[a-z0-9À-ÿ\\-_\\.@]+$#Di', $_REQUEST['Username'])) {
$errors[] = $label['employer_signup_error_uname'];
}
}
if ($_REQUEST['Password'] == false) {
$errors[] = $label["employer_signup_error_p"];
} elseif (strlen(trim($_REQUEST['Password'])) < 6) {
$errors[] = $label['employer_signup_error_pw_too_weak'];
}
if ($_REQUEST['Password2'] == false) {
$errors[] = $label['employer_signup_error_p2'];
}
}
if ($_REQUEST['Email'] == false) {
$errors[] = $label["employer_signup_error_email"];
} elseif (!JB_validate_mail($_REQUEST['Email'])) {
$errors[] = $label['employer_signup_error_invemail'];
} else {
if ($_REQUEST['user_id'] == false) {
// for new account signups, make sure the email does not already exist
$result = JB_mysql_query("SELECT * from `employers` WHERE `Email`='" . jb_escape_sql($_REQUEST['Email']) . "'") or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
}
if ($row['Email'] != false) {
$errors[] = $label['employer_signup_email_in_use'];
}
}
if ($_REQUEST['user_id'] != false) {
if (!is_numeric($_REQUEST['user_id'])) {
return 'Invalid Input!';
}
}
$_REQUEST['FirstName'] = JB_clean_str($_REQUEST['FirstName']);
$_REQUEST['LastName'] = JB_clean_str($_REQUEST['LastName']);
$_REQUEST['CompName'] = JB_clean_str($_REQUEST['CompName']);
$_REQUEST['Username'] = JB_clean_str($_REQUEST['Username']);
$_REQUEST['Email'] = JB_clean_str($_REQUEST['Email']);
$_REQUEST['Newsletter'] = JB_clean_str($_REQUEST['Newsletter']);
$_REQUEST['Notification1'] = JB_clean_str($_REQUEST['Notification1']);
$_REQUEST['Notification2'] = JB_clean_str($_REQUEST['Notification2']);
$_REQUEST['lang'] = JB_clean_str($_REQUEST['lang']);
$error = '';
JBPLUG_do_callback('valiate_employer_account', $error);
if ($error) {
$list = explode('<br>', $error);
foreach ($list as $item) {
$errors[] = $item;
}
}
JBPLUG_do_callback('valiate_employer_account_array', $errors);
// added in 3.6.6 ($errors is a list)
$errors = $errors + JB_validate_form_data(4);
return $errors;
}
function JB_validate_profile_data($form_id)
{
$error = '';
$errors = array();
// Make sure they are numeric
if ($_REQUEST['profile_id'] != '') {
if (!is_numeric($_REQUEST['profile_id'])) {
return 'Invalid Input!';
}
}
if ($_REQUEST['user_id'] != '') {
if (!is_numeric($_REQUEST['user_id'])) {
return 'Invalid Input!';
}
}
$_REQUEST['profile_date'] = JB_clean_str($_REQUEST['profile_date']);
$error = '';
JBPLUG_do_callback('JB_insert_profile_data', $error);
// deprecated, use JB_insert_profile_data_array
if ($error) {
$list = explode('<br>', $error);
foreach ($list as $item) {
$errors[] = $item;
}
}
JBPLUG_do_callback('JB_insert_profile_data_array', $errors);
// added in 3.6.6
$errors = $errors + JB_validate_form_data(3);
return $errors;
}
function JB_validate_candidate_data($form_id)
{
global $label;
$errors = array();
if ($_REQUEST['user_id'] == false) {
if ($_REQUEST['Username'] == false) {
$errors[] = $label["c_signup_error4"];
} else {
$result = JB_mysql_query("SELECT * FROM `users` WHERE `Username`='" . jb_escape_sql($_REQUEST['Username']) . "' ") or die(mysql_error() . "we have error");
$row = mysql_fetch_array($result, MYSQL_ASSOC);
if ($row['Username'] != '') {
$label['c_signup_error5'] = str_replace("%USERNAME%", $row['Username'], $label['c_signup_error5']);
$errors[] = $label['c_signup_error5'];
} elseif (!preg_match('#^[a-z0-9À-ÿ\\-_\\.@]+$#Di', $_REQUEST['Username'])) {
$errors[] = $label['c_signup_error11'];
}
}
if ($_REQUEST['Password'] == false) {
$errors[] = $label['c_signup_error6'];
} elseif (strlen(trim($_REQUEST['Password'])) < 6) {
$errors[] = $label['c_signup_error_pw_too_weak'];
}
if ($_REQUEST['Password2'] == false) {
$errors[] = $label["c_signup_error7"];
}
if ($_REQUEST['Password'] != $_REQUEST['Password2']) {
$errors[] = $label["c_signup_error1"];
}
}
if ($_REQUEST['FirstName'] == false) {
$errors[] = $label["c_signup_error2"];
}
if ($_REQUEST['LastName'] == false) {
$errors[] = $label["c_signup_error3"];
}
if ($_REQUEST['Email'] == false) {
$errors[] = $label["c_signup_error8"];
} elseif (!JB_validate_mail($_REQUEST['Email'])) {
$errors[] = $label["c_signup_error8"];
} else {
if ($_REQUEST['user_id'] == false) {
$result = JB_mysql_query("SELECT * from `users` WHERE `Email`='" . jb_escape_sql($_REQUEST['Email']) . "'") or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
//validate email ";
if ($row['Email'] != '') {
$errors[] = " " . $label["c_signup_error10"] . " ";
}
}
}
if ($_REQUEST['user_id'] != '') {
if (!is_numeric($_REQUEST['user_id'])) {
return 'Invalid Input!';
}
}
$_REQUEST['FirstName'] = JB_clean_str($_REQUEST['FirstName']);
$_REQUEST['LastName'] = JB_clean_str($_REQUEST['LastName']);
$_REQUEST['Username'] = JB_clean_str($_REQUEST['Username']);
$_REQUEST['Email'] = JB_clean_str($_REQUEST['Email']);
$_REQUEST['Newsletter'] = JB_clean_str($_REQUEST['Newsletter']);
$_REQUEST['Notification1'] = JB_clean_str($_REQUEST['Notification1']);
$_REQUEST['Notification2'] = JB_clean_str($_REQUEST['Notification2']);
$_REQUEST['lang'] = JB_clean_str($_REQUEST['lang']);
JBPLUG_do_callback('valiate_candidate_account', $error);
$error = '';
if ($error) {
$list = explode('<br>', $error);
foreach ($list as $item) {
$errors[] = $item;
}
}
JBPLUG_do_callback('valiate_candidate_account_array', $errors);
// added in 3.6.6
$errors = $errors + JB_validate_form_data(5);
return $errors;
}
function JB_validate_resume_data($form_id)
{
global $label;
$errors = array();
// Make sure they are numeric
if ($_REQUEST['resume_id'] != '') {
if (!is_numeric($_REQUEST['resume_id'])) {
return 'Invalid Input!';
}
}
// Make sure they are numeric
if ($_REQUEST['user_id'] != '') {
if (!is_numeric($_REQUEST['user_id'])) {
return 'Invalid Input!';
}
}
$_REQUEST['list_on_web'] = JB_clean_str($_REQUEST['list_on_web']);
$_REQUEST['resume_date'] = JB_clean_str($_REQUEST['resume_date']);
$_REQUEST['anon'] = JB_clean_str($_REQUEST['anon']);
$_REQUEST['approved'] = JB_clean_str($_REQUEST['approved']);
JBPLUG_do_callback('validate_resume_data_array', $errors);
// added in 3.6.6 to replace validate_resume_data. $errors is a list of reasons why the form cannot be saved
$error = false;
JBPLUG_do_callback('validate_resume_data', $error);
// deprecated, use validate_resume_data_array instead
if ($error) {
$list = explode('<br>', $error);
// in the old version, $error was just a string separated by <br>'s
foreach ($list as $item) {
$errors[] = $item;
}
}
$errors = $errors + JB_validate_form_data(2);
return $errors;
}
