<?php ########################################################################### # Copyright Jamit Software 2012, http://www.jamit.com # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this file, # You can obtain one at http://mozilla.org/MPL/2.0/. ########################################################################### require '../config.php'; //include('../include/functions.php'); require '../include/resumes.inc.php'; JB_template_candidates_header(); $sql = "UPDATE `requests` SET `request_status`='GRANTED' WHERE `key`='" . jb_escape_sql($_REQUEST['k']) . "' "; $result = JB_mysql_query($sql) or die(mysql_error()); if (JB_mysql_affected_rows() > 0) { $label["c_permit_success"] = str_replace("%BASE_HTTP_PATH%", JB_BASE_HTTP_PATH, $label["c_permit_success"]); $label["c_permit_success"] = str_replace("%SITE_NAME%", JB_SITE_NAME, $label["c_permit_success"]); $JBMarkup->ok_msg($label["c_permit_success"]); $sql = "select employer_id, candidate_id FROM `requests` WHERE `key`='" . jb_escape_sql($_REQUEST['k']) . "'"; $result = jb_mysql_query($sql); $row = mysql_fetch_array($result, MYSQL_ASSOC); JB_send_request_granted_email($row['candidate_id'], $row['employer_id']); } else { $label["c_permit_weclome"] = str_replace("%CANDIDATE_FOLDER%", JB_CANDIDATE_FOLDER, $label["c_permit_weclome"]); $label["c_permit_weclome"] = str_replace("%SITE_NAME%", JB_SITE_NAME, $label["c_permit_weclome"]); echo "<br><p style='text-align:center;font-weight:bold;'>" . $label["c_permit_weclome"] . "</p>"; } JB_template_candidates_footer();
<?php $categories = JB_getCatStruct($_REQUEST['cat'], $_SESSION["LANG"], 2); JB_display_categories($categories, JB_CAT_COLS); break; } } if ($_REQUEST['action'] == 'grant') { // get user_id for resume $sql = "SELECT user_id from resumes_table WHERE resume_id='" . jb_escape_sql($_REQUEST['resume_id']) . "' "; $result = JB_mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); $user_id = $row['user_id']; $sql = "UPDATE `requests` SET `request_status`='GRANTED' WHERE `employer_id`='" . jb_escape_sql($_REQUEST['employer_id']) . "' AND candidate_id='" . jb_escape_sql($user_id) . "' "; JB_mysql_query($sql) or die(mysql_error()); JB_send_request_granted_email($user_id, $_REQUEST['employer_id']); $JBMarkup->ok_msg('Resume granted.'); } if ($_REQUEST['action'] == 'refuse') { // get user_id for resume $sql = "SELECT user_id from resumes_table WHERE resume_id='" . jb_escape_sql($_REQUEST['resume_id']) . "' "; $result = JB_mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); $user_id = $row['user_id']; $sql = "UPDATE `requests` SET `request_status`='REFUSED' WHERE `employer_id`='" . jb_escape_sql($_REQUEST['employer_id']) . "' AND candidate_id='" . jb_escape_sql($user_id) . "' "; JB_mysql_query($sql) or die(mysql_error()); $JBMarkup->ok_msg('Resume refused.'); } if ($_REQUEST['action'] == 'suspend') { $sql = "UPDATE `resumes_table` SET `status`='SUS' WHERE `resume_id`='" . jb_escape_sql($_REQUEST['resume_id']) . "' "; JB_mysql_query($sql) or die(mysql_error());
$sql = "INSERT INTO `applications` (`user_id`, `post_id`, `app_date`, `cover_letter`, `employer_id`, `employer_name`, `data1`, `data2`, `data3`) VALUES ( '" . jb_escape_sql($user_id) . "', '" . jb_escape_sql($post_id) . "', '" . jb_escape_sql($now) . "', '" . jb_escape_sql($app_letter) . "', '" . jb_escape_sql($POSTED_BY_ID) . "', '" . jb_escape_sql(addslashes($POSTED_BY)) . "', '" . jb_escape_sql(addslashes($TITLE)) . "', '" . jb_escape_sql(addslashes($LOCATION)) . "', '" . jb_escape_sql(addslashes($EMAIL)) . "') "; JB_mysql_query($sql); ############## # Automatically grant permission for employer to view // If anonymous fields are enabled if (JB_RESUME_REQUEST_SWITCH == 'YES') { if (Jb_is_request_granted($user_id, $PForm->get_value('user_id')) === 0) { // no request was sent / granted if (JB_ONLINE_APP_REVEAL_PREMIUM == 'YES' && $PForm->get_value('post_mode') == 'premium' || JB_ONLINE_APP_REVEAL_STD == 'YES' && $PForm->get_value('post_mode') != 'premium' || JB_ONLINE_APP_REVEAL_RESUME == 'YES') { // Grant the request automatically - this will unblock candidate's resume details // for the user_id of the poster if (JB_grant_request($user_id, $PForm->get_value('user_id'))) { // send an email to employer to notify them that a request has been granted $is_anon = 'N'; // not anonymous JB_send_request_granted_email($user_id, $PForm->get_value('user_id')); } } } } else { $is_anon = 'N'; } } // strip slashes from data before sending it by email // (Jamit job board adds slashes regardless of PHP config) $app_letter = stripslashes(JB_clean_str($_REQUEST['app_letter'])); $app_subject = stripslashes(JB_clean_str($_REQUEST['app_subject'])); $app_name = stripslashes(JB_clean_str($_REQUEST['app_name'])); $to_name = stripslashes(JB_clean_str($POSTED_BY)); $to_address = stripslashes(JB_clean_str($EMAIL)); /*
require "../config.php"; include 'login_functions.php'; require_once "../include/resumes.inc.php"; require_once "../include/profiles.inc.php"; JB_process_login(); $resume_id = JB_get_resume_id($_SESSION['JB_ID']); $JBPage = new JBResumePage($resume_id); // this loads and sets the dynamic forms, data, etc $resume_data =& $JBPage->vars['DynamicForm']->get_values(); JB_template_candidates_header(); JB_display_info_box($label["c_resume_header"], $label["c_resume_intro"], 80); $employer_id = (int) $_REQUEST['employer_id']; if ($_REQUEST['action'] == 'grant') { $sql = "UPDATE `requests` SET `request_status`='GRANTED' WHERE `employer_id`='" . jb_escape_sql($employer_id) . "' AND candidate_id='" . jb_escape_sql($_SESSION['JB_ID']) . "' "; JB_mysql_query($sql) or die(mysql_error()); JB_send_request_granted_email($_SESSION['JB_ID'], $employer_id); } if ($_REQUEST['action'] == 'refuse') { $sql = "UPDATE `requests` SET `request_status`='REFUSED' WHERE `employer_id`='" . jb_escape_sql($employer_id) . "' AND candidate_id='" . jb_escape_sql($_SESSION['JB_ID']) . "' "; JB_mysql_query($sql) or die(mysql_error()); } if (isset($_REQUEST['delete']) && $_REQUEST['delete']) { $sql = "UPDATE `requests` SET `request_status`='REFUSED' WHERE `employer_id`='" . jb_escape_sql($employer_id) . "' AND candidate_id='" . jb_escape_sql($_SESSION['JB_ID']) . "' "; JB_mysql_query($sql) or die(mysql_error()); $candidate_id = $_SESSION['JB_ID']; foreach ($_REQUEST['employer_ids'] as $employer_id) { $sql = "UPDATE`requests` SET `deleted`='Y' WHERE `candidate_id`='" . jb_escape_sql($candidate_id) . "' AND `employer_id`='" . jb_escape_sql($employer_id) . "'"; $result = JB_mysql_query($sql) or die(mysql_error()); } $sql = "UPDATE `requests` SET `request_status` = 'REFUSED' WHERE `deleted`='Y' AND `candidate_id`='" . jb_escape_sql($candidate_id) . "' AND `request_status` = 'REQUEST' "; JB_mysql_query($sql) or die(mysql_error());