function JB_insert_post_data($insert_mode = 'EMPLOYER') { if ($_REQUEST['user_id'] != '' && $insert_mode == 'ADMIN') { $user_id = (int) $_REQUEST['user_id']; } else { $user_id = (int) $_SESSION['JB_ID']; } // determine what kind of posting it is $post_mode = "free"; if ($_REQUEST['type'] != 'premium') { if (JB_POSTING_FEE_ENABLED == 'YES') { $post_mode = "normal"; if ($insert_mode != 'ADMIN') { $credits = JB_get_num_posts_remaining($user_id); } } } else { if (JB_PREMIUM_POSTING_FEE_ENABLED == 'YES') { $post_mode = "premium"; if ($insert_mode != 'ADMIN') { $credits = JB_get_num_premium_posts_remaining($user_id); } } } $_PRIVILEGED_USER = false; if ($insert_mode != 'ADMIN') { // check if the user is priveleged $_PRIVILEGED_USER = JB_is_privileged_user($user_id, $post_mode); } elseif ($insert_mode == 'ADMIN') { // Admin mode is always _PRIVILEGED_USER $_PRIVILEGED_USER = true; } $approved = 'N'; if (JB_POSTS_NEED_APPROVAL == 'NO') { $approved = 'Y'; } elseif ($_PRIVILEGED_USER) { $approved = 'Y'; } elseif (JB_POSTS_NEED_APPROVAL == 'NOT_SUBSCRIBERS' && $insert_mode == 'EMPLOYER') { // no approval needed for subscibers.. if (JB_SUBSCRIPTION_FEE_ENABLED == 'YES') { // check subscription if (JB_get_employer_subscription_status($user_id) == 'Active') { $approved = 'Y'; } } if ($post_mode != 'free') { $approved = 'Y'; } } if ($_REQUEST['app_type'] == false) { $_REQUEST['app_type'] = "O"; } $new = false; if ($_REQUEST['post_id'] == false) { $new = true; $now = gmdate("Y-m-d H:i:s"); $assign = array('post_date' => gmdate("Y-m-d H:i:s"), 'post_mode' => $post_mode, 'user_id' => $user_id, 'pin_x' => (int) $_REQUEST['pin_x'], 'pin_y' => (int) $_REQUEST['pin_y'], 'approved' => $approved, 'app_type' => $_REQUEST['app_type'], 'app_url' => $_REQUEST['app_url'], 'cached_summary' => '', 'expired' => 'N'); $sql = "REPLACE INTO `posts_table` (" . JB_get_sql_insert_fields(1, $assign) . ") VALUES (" . JB_get_sql_insert_values(1, "posts_table", "post_id", $post_id, $user_id, $assign) . " )"; // DEDUCT CREDITS (For new posts) if ($post_mode == 'normal' && !$_PRIVILEGED_USER) { JB_deduct_posting_credit($user_id); } if ($post_mode == 'premium' && !$_PRIVILEGED_USER) { JB_deduct_p_posting_credit($user_id); } } else { $post_id = (int) $_REQUEST['post_id']; if ($insert_mode != 'ADMIN') { // verify that the post is owned by this user in case of hacking $sql = "SELECT * from posts_table where post_id='" . jb_escape_sql($_REQUEST['post_id']) . "'"; //echo $sql.'<br>'.$user_id; $result = JB_mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); if ($row['user_id'] != $user_id) { die('hacking attempt'); } } $old_data = JB_load_post_data($post_id); // these old_values will be used to update the category counters & keep the current approved status $approved = $old_data['approved']; $assign = array('pin_x' => (int) $_REQUEST['pin_x'], 'pin_y' => (int) $_REQUEST['pin_y'], 'approved' => $approved, 'app_type' => $_REQUEST['app_type'], 'app_url' => $_REQUEST['app_url']); $sql = "UPDATE `posts_table` SET " . JB_get_sql_update_values(1, "posts_table", "post_id", $_REQUEST['post_id'], $user_id, $assign) . " WHERE post_id='" . jb_escape_sql($post_id) . "'"; } $result = JB_mysql_query($sql) or die(mysql_error() . $sql); if ($new) { $post_id = jb_mysql_insert_id(); } JBPLUG_do_callback('insert_post_data', $post_id); // for the plugin if you want your plugin to do something after a post is saved. Note that if the post is edited then $_REQUEST['post_id'] will be set or else this is a new post. if (JB_PREMIUM_AUTO_UPGRADE == 'YES') { // auto upgrade to premium! $post_mode = "premium"; $sql = "UPDATE `posts_table` SET `post_mode`='" . jb_escape_sql($post_mode) . "' WHERE post_id='" . jb_escape_sql($post_id) . "' "; JB_mysql_query($sql) or die(mysql_error() . $sql); } // rebuild categories count... JB_update_post_category_count($old_data, $_REQUEST); // This will update the category counters only for the affected categories // build categories cache / update counters / update rss, etc. JB_finalize_post_updates(); if (JB_EMAIL_NEW_POST_SWITCH == 'YES' && $new) { $Form = JB_get_DynamicFormObject(1); $Form->load($post_id); $TITLE = $Form->get_raw_template_value("TITLE"); $POSTED_BY = $Form->get_raw_template_value("POSTED_BY"); $POSTED_BY_ID = $Form->get_raw_template_value("USER_ID"); $DATE = JB_get_formatted_date($Form->get_template_value("DATE")); $FORMATTED_DATE = $DATE; $DESCRIPTION = $Form->get_raw_template_value("DESCRIPTION"); // get the email template $template_result = JB_get_email_template(310, $_SESSION['LANG']); $t_row = mysql_fetch_array($template_result); $to_address = JB_SITE_CONTACT_EMAIL; $to_name = JB_SITE_NAME; $subject = $t_row['EmailSubject']; $message = $t_row['EmailText']; $from_name = $t_row['EmailFromName']; $from_address = $t_row['EmailFromAddress']; $subject = str_replace("%SITE_NAME%", JB_SITE_NAME, $subject); $message = str_replace("%SITE_NAME%", JB_SITE_NAME, $message); $message = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $message); $message = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $message); $message = str_replace("%POST_TITLE%", $TITLE, $message); $message = str_replace("%DATE%", $FORMATTED_DATE, $message); $message = str_replace("%POST_DESCRIPTION%", $DESCRIPTION, $message); $message = str_replace("%POSTED_BY%", $POSTED_BY, $message); $message = str_replace("%ADMIN_LINK%", JB_BASE_HTTP_PATH . "admin/ra.php?post_id=" . $Form->get_value('post_id') . "&key=" . md5($Form->get_value('post_id') . JB_ADMIN_PASSWORD), $message); $message = str_replace('<BR>', "\n", $message); $message = str_replace('<P>', "\n\n", $message); $message = html_entity_decode($message); $message = strip_tags($message); $email_id = JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, '', 310); JB_process_mail_queue(1, $email_id); } return $post_id; }
function insert_job($employer_id) { // get guid $element = $this->FMD->getOption('guid'); // get key of guid element $guid = $this->clean_data($this->data[$element]['data']); // check to see if GUID is unique $sql = "SELECT post_id FROM `posts_table` WHERE `guid`='" . jb_escape_sql($guid) . "' "; $result = jb_mysql_query($sql); if (mysql_num_rows($result) > 0) { // return the existing post_id $this->echo_import_error('Post ' . jb_escape_html($guid) . ' already exists'); return array_pop(mysql_fetch_row($result)); } // check if enough credits if (JB_POSTING_FEE_ENABLED == 'YES' && $this->FMD->getOption('deduct_credits') > 0) { $sql = "SELECT `ID` FROM `employers` WHERE (`posts_balance` - " . jb_escape_sql($this->FMD->getOption('deduct_credits')) . ") >= 0 AND `ID`='" . jb_escape_sql($employer_id) . "' "; $result = jb_mysql_query($sql); if (mysql_num_rows($result) == 0) { $this->set_import_error('Not enough credits for employer id:' . $employer_id); return false; } } // get the fiels part of the INSERT query $sql_fields = $this->get_sql_insert_fields(1); if ($sql_fields === false) { return false; } // get the values part of the INSERT query $sql_values = $this->get_sql_insert_values(1); if ($sql_values === false) { return false; } // post_date $element = $this->FMD->getOption('post_date'); $post_date = $this->data[$element]['data']; if ($time = strtotime($post_date)) { $post_date = gmdate("Y-m-d H:i:s", $time); } else { $post_date = gmdate("Y-m-d H:i:s"); // post as now } // post_mode $element = $this->FMD->getOption('post_mode'); // get it from the feed $post_mode = $this->data[$element]['data']; if ($post_mode == '' || $post_mode != 'normal' || $post_mode != 'free' || $post_mode != 'premium') { if (JB_POSTING_FEE_ENABLED == 'YES') { // not present in the feed, default to normal. $post_mode = 'normal'; } } // approval $element = $this->FMD->getOption('approved'); $approved = $this->data[$element]['data']; if ($approved != 'N' && $approved != 'Y') { // get the setting from 'map fields' $approved = $this->FMD->getOption('default_approved'); if ($approved != 'N' && $approved != 'Y') { // get the setting from Admin->Main Config if (JB_POSTS_NEED_APPROVAL == 'NO') { $approved = 'Y'; } else { $approved = 'N'; } } } // application type // get app_url $element = $this->FMD->getOption('app_url'); // get key of guid element $app_url = $this->clean_data($this->data[$element]['data']); //echo $this->FMD->getOption('default_app_type'); die(); if ($app_url != false) { $app_type = "R"; // redirect } elseif ($this->FMD->getOption('default_app_type')) { $app_type = $this->FMD->getOption('default_app_type'); } else { $app_type = "N"; // app_type can be: O=online R = Url, N = None, } $sql = "INSERT INTO `posts_table` ( `guid`, `post_date`, `user_id`, `approved`, `expired`, `post_mode`, `app_type`, `app_url` " . $sql_fields . ") VALUES ( '" . jb_escape_sql($guid) . "', '" . $post_date . "', '" . $employer_id . "', '" . jb_escape_sql($approved) . "', 'N', '" . jb_escape_sql($post_mode) . "', '" . jb_escape_sql($app_type) . "', '" . jb_escape_sql($app_url) . "' " . $sql_values . ") "; //echo $sql.'<br>'."\n"; $result = jb_mysql_query($sql); $post_id = jb_mysql_insert_id(); $this->log_entry('Inserted Job | ID:' . $post_id . ' | GUID:' . $guid . ' | Emp.ID:' . $employer_id); // deduct credits if (JB_POSTING_FEE_ENABLED == 'YES' && $this->FMD->getOption('deduct_credits') > 0) { $sql = "UPDARE `employers` SET `posts_balance`= (`posts_balance` - " . jb_escape_sql($this->FMD->getOption('deduct_credits')) . ") WHERE `ID`='" . jb_escape_sql($employer_id) . "' "; $result = jb_mysql_query($sql); } return $post_id; }
function JB_save_field($error, $NEW_FIELD) { $_REQUEST['field_sort'] = (int) $_REQUEST['field_sort']; $_REQUEST['field_width'] = (int) $_REQUEST['field_width']; $_REQUEST['field_height'] = (int) $_REQUEST['field_height']; $_REQUEST['list_sort_order'] = (int) $_REQUEST['list_sort_order']; $_REQUEST['category_init_id'] = (int) $_REQUEST['category_init_id']; $_REQUEST['search_sort_order'] = (int) $_REQUEST['search_sort_order']; $_REQUEST['cat_multiple_rows'] = (int) $_REQUEST['cat_multiple_rows']; if ($_REQUEST['field_type'] == 'GMAP') { if (!$_REQUEST['field_width']) { $_REQUEST['field_width'] = 300; } if (!$_REQUEST['field_height']) { $_REQUEST['field_height'] = 400; } } if ($_REQUEST['field_type'] == 'EDITOR') { } if ($NEW_FIELD == "YES") { $sql = "INSERT INTO `form_fields` ( `form_id` , `reg_expr` , `field_label` , `field_type` , `field_sort` , `is_required` , `display_in_list` , `error_message` , `field_init`, `field_width`, `field_height`, `is_in_search`, `list_sort_order`, `search_sort_order`, `template_tag`, `section`, `is_hidden`, `is_anon`, `field_comment`, `category_init_id`, `is_cat_multiple`, `cat_multiple_rows`, `is_blocked`, `multiple_sel_all`, `is_member`) VALUES ('" . JB_escape_sql($_REQUEST['form_id']) . "', '" . JB_escape_sql($_REQUEST['reg_expr']) . "', '" . JB_escape_sql($_REQUEST['field_label']) . "', '" . JB_escape_sql($_REQUEST['field_type']) . "', '" . JB_escape_sql($_REQUEST['field_sort']) . "', '" . JB_escape_sql($_REQUEST['is_required']) . "', '" . JB_escape_sql($_REQUEST['display_in_list']) . "', '" . JB_escape_sql($_REQUEST['error_message']) . "', '" . JB_escape_sql($_REQUEST['field_init']) . "', '" . JB_escape_sql($_REQUEST['field_width']) . "', '" . JB_escape_sql($_REQUEST['field_height']) . "', '" . JB_escape_sql($_REQUEST['is_in_search']) . "', '" . JB_escape_sql($_REQUEST['list_sort_order']) . "', '" . JB_escape_sql($_REQUEST['search_sort_order']) . "', '" . JB_escape_sql($_REQUEST['template_tag']) . "', '" . JB_escape_sql($_REQUEST['section']) . "', '" . JB_escape_sql($_REQUEST['is_hidden']) . "', '" . JB_escape_sql($_REQUEST['is_blcoked']) . "', '" . JB_escape_sql($_REQUEST['field_comment']) . "', '" . JB_escape_sql($_REQUEST['category_init_id']) . "', '" . JB_escape_sql($_REQUEST['is_cat_multiple']) . "', '" . JB_escape_sql($_REQUEST['cat_multiple_rows']) . "', '" . JB_escape_sql($_REQUEST['is_blocked']) . "', '" . JB_escape_sql($_REQUEST['multiple_sel_all']) . "', '" . JB_escape_sql($_REQUEST['is_member']) . "' )"; } else { //if ($_SESSION["LANG"] == "EN") { $sql = "SELECT * FROM form_fields WHERE field_id='" . JB_escape_sql($_REQUEST['field_id']) . "' "; $result = JB_mysql_query($sql) or die(mysql_error() . $sql); $row = mysql_fetch_array($result, MYSQL_ASSOC); if (JB_is_reserved_template_tag($_REQUEST['template_tag']) && true) { $tt = ""; // do not update template tag } elseif ($_REQUEST['template_tag'] != '') { $tt = "`template_tag` = '" . JB_escape_sql($_REQUEST['template_tag']) . "',"; } $sql = "UPDATE `form_fields` SET " . "`reg_expr` = '" . JB_escape_sql($_REQUEST['reg_expr']) . "'," . "`field_label` = '" . JB_escape_sql($_REQUEST['field_label']) . "'," . "`field_type` = '" . JB_escape_sql($_REQUEST['field_type']) . "'," . "`field_init` = '" . JB_escape_sql($_REQUEST['field_init']) . "'," . "`is_required` = '" . JB_escape_sql($_REQUEST['is_required']) . "'," . "`field_width` = '" . JB_escape_sql($_REQUEST['field_width']) . "'," . "`field_height` = '" . JB_escape_sql($_REQUEST['field_height']) . "'," . "`is_in_search` = '" . JB_escape_sql($_REQUEST['is_in_search']) . "'," . "`search_sort_order` = '" . JB_escape_sql($_REQUEST['search_sort_order']) . "'," . "`section` = '" . JB_escape_sql($_REQUEST['section']) . "'," . $tt . "`error_message` = '" . JB_escape_sql($_REQUEST['error_message']) . "'," . "`is_hidden` = '" . JB_escape_sql($_REQUEST['is_hidden']) . "', " . "`is_anon` = '" . JB_escape_sql($_REQUEST['is_anon']) . "', " . "`is_cat_multiple` = '" . JB_escape_sql($_REQUEST['is_cat_multiple']) . "', " . "`cat_multiple_rows` = '" . JB_escape_sql($_REQUEST['cat_multiple_rows']) . "', " . "`field_comment` = '" . JB_escape_sql($_REQUEST['field_comment']) . "', " . "`multiple_sel_all` = '" . JB_escape_sql($_REQUEST['multiple_sel_all']) . "', " . "`is_blocked` = '" . JB_escape_sql($_REQUEST['is_blocked']) . "', " . "`is_prefill` = '" . JB_escape_sql($_REQUEST['is_prefill']) . "', " . "`is_member` = '" . JB_escape_sql($_REQUEST['is_member']) . "', " . "category_init_id = '" . JB_escape_sql($_REQUEST['category_init_id']) . "' " . "WHERE `field_id` = '" . JB_escape_sql($_REQUEST['field_id']) . "' ;"; // update template tag on the form_lists if ($_REQUEST['template_tag'] != '') { // sometimes template tag can be blank (reserved tags) $sql_tt = "UPDATE form_lists SET `template_tag`='" . JB_escape_sql($_REQUEST['template_tag']) . "' WHERE `field_id`='" . JB_escape_sql($_REQUEST['field_id']) . "'"; JB_mysql_query($sql_tt) or die($sql . mysql_error()); } } // Do the SQL query, UPDATE or INSERT JB_mysql_query($sql) or die($sql . mysql_error()); if ($_REQUEST['field_id'] == false) { $_REQUEST['field_id'] = jb_mysql_insert_id(); } // update translations $label = $_REQUEST['field_label']; $sql_fft = "RePLACE INTO `form_field_translations` (`field_id`, `lang`, `field_label`, `error_message`, `field_comment`) VALUES ('" . JB_escape_sql($_REQUEST['field_id']) . "', '" . JB_escape_sql($_SESSION["LANG"]) . "', '" . JB_escape_sql($label) . "', '" . JB_escape_sql($_REQUEST['error_message']) . "', '" . JB_escape_sql($_REQUEST['field_comment']) . "' )"; JB_mysql_query($sql_fft) or die($sql . mysql_error()); if ($_REQUEST['field_type'] == 'RADIO' || $_REQUEST['field_type'] == 'CHECK' || $_REQUEST['field_type'] == 'MSELECT' || $_REQUEST['field_type'] == 'SELECT') { //echo 'formatting field..<br>'; if ($NEW_FIELD == 'YES') { $_REQUEST['field_id'] = JB_mysql_insert_id(); } JB_format_codes_translation_table($_REQUEST['field_id']); } if ($NEW_FIELD == 'YES') { $field_id = JB_mysql_insert_id(); } else { $field_id = $_REQUEST['field_id']; } JB_cache_del_keys_for_form($_REQUEST['form_id']); $_REQUEST['mode'] = 'EDIT'; global $NEW_FIELD; $_REQUEST['NEW_FIELD'] = 'NO'; return $field_id; }