function JB_create_new_employer_account() { if ($_REQUEST['lang'] == '') { $_REQUEST['lang'] = JB_get_default_lang(); } global $label; global $jb_mysql_link; $validated = 0; if (JB_EM_NEEDS_ACTIVATION == "AUTO" || JB_EM_NEEDS_ACTIVATION == "FIRST_POST") { $validated = 1; } // when inserting, use $assign to overwrite // the values which we do not want to fetch from the $_REQUEST // (Assuming that values on $_REQUEST already went through validation) $assign = array('Validated' => $validated, 'SignupDate' => gmdate("Y-m-d H:i:s"), 'IP' => $_SERVER['REMOTE_ADDR'], 'Newsletter' => (int) $_REQUEST['Newsletter'], 'Notification1' => (int) $_REQUEST['Notification1'], 'Notification2' => (int) $_REQUEST['Notification2'], 'posts_balance' => JB_BEGIN_STANDARD_CREDITS, 'premium_posts_balance' => JB_BEGIN_PREMIUM_CREDITS, 'Password' => md5(stripslashes($_REQUEST['Password'])), 'expired' => 'N'); $sql = "REPLACE INTO `employers` (" . JB_get_sql_insert_fields(4, $assign) . ") VALUES (" . JB_get_sql_insert_values(4, "employers", "ID", $employer_id, '', $assign) . ") "; $result = JB_mysql_query($sql); $employer_id = JB_mysql_insert_id(); if ($employer_id > 0) { JBPLUG_do_callback('create_employer_account', $employer_id); } $result = JB_get_email_template(2, $_SESSION['LANG']); $e_row = mysql_fetch_array($result, MYSQL_ASSOC); $subject = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $e_row['EmailSubject']); $EmailMessage = str_replace("%FNAME%", stripslashes($_REQUEST['FirstName']), $e_row['EmailText']); $EmailMessage = str_replace("%LNAME%", stripslashes($_REQUEST['LastName']), $EmailMessage); $EmailMessage = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $EmailMessage); $EmailMessage = str_replace("%SITE_NAME%", JB_SITE_NAME, $EmailMessage); $EmailMessage = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $EmailMessage); $EmailMessage = str_replace("%PASSWORD%", stripslashes($_REQUEST['Password']), $EmailMessage); $EmailMessage = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $EmailMessage); JBPLUG_do_callback('employer_signup_email_msg', $EmailMessage, $employer_id); if (!defined('JB_EMAIL_EMP_SIGNUP')) { define('JB_EMAIL_EMP_SIGNUP', 'YES'); } if (JB_EMAIL_EMP_SIGNUP == 'YES') { $email_id = JB_queue_mail(stripslashes($_REQUEST['Email']), jb_get_formatted_name(stripslashes($_REQUEST['FirstName']), stripslashes($_REQUEST['LastName'])), $e_row['EmailFromAddress'], $e_row['EmailFromName'], $subject, $EmailMessage, '', 2); JB_process_mail_queue(1, $email_id); } $to = JB_SITE_CONTACT_EMAIL; if (JB_EMAIL_EMPLOYER_SIGNUP_SWITCH == 'YES') { $email_id = JB_queue_mail($to, "Admin", JB_SITE_CONTACT_EMAIL, JB_SITE_NAME, $subject, $EmailMessage, '', 2); JB_process_mail_queue(1, $email_id); } return $employer_id; }
function JB_insert_profile_data() { if (func_num_args() > 0) { $admin = func_get_arg(0); // admin mode. } $user_id = $_SESSION['JB_ID']; if ($_REQUEST['profile_id'] == false) { $assign = array('profile_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $user_id, 'expired' => 'N'); $sql = "REPLACE INTO `profiles_table` ( " . JB_get_sql_insert_fields(3, $assign) . ") VALUES (" . JB_get_sql_insert_values(3, "profiles_table", "profile_id", $_REQUEST['profile_id'], $user_id, $assign) . ") "; } else { $profile_id = (int) $_REQUEST['profile_id']; if (!$admin) { // make sure that the logged in user is the owner of this resume. $sql = "select user_id from `profiles_table` WHERE profile_id='" . jb_escape_sql($profile_id) . "'"; $result = JB_mysql_query($sql) or die(mysql_error()); $row = @mysql_fetch_array($result, MYSQL_ASSOC); if ($_SESSION['JB_ID'] !== $row['user_id']) { echo "!"; return false; // not the owner, hacking attempt! } } $now = gmdate("Y-m-d H:i:s"); // the static fields that we want to have on the update $assign = array('profile_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $_SESSION['JB_ID']); $sql = "UPDATE `profiles_table` SET " . JB_get_sql_update_values(3, "profiles_table", "profile_id", $_REQUEST['profile_id'], $user_id, $assign) . " WHERE profile_id='" . jb_escape_sql($profile_id) . "'"; } JB_mysql_query($sql) or die("[{$sql}]" . mysql_error()); if ($_REQUEST['profile_id'] == false) { $profile_id = JB_mysql_insert_id(); } JB_build_profile_count(0); JBPLUG_do_callback('JB_insert_profile_data', $profile_id); return $profile_id; }
function JB_create_new_candidate_account() { global $label; if ($_REQUEST['lang'] == '') { $_REQUEST['lang'] = JB_get_default_lang(); } $validated = 0; if (JB_CA_NEEDS_ACTIVATION == "AUTO") { $validated = 1; } // when inserting, use $assign to overwrite // the values which we do not want to fetch from the $_REQUEST // (Assuming that values on $_REQUEST already went through validation) $assign = array('Validated' => $validated, 'SignupDate' => gmdate("Y-m-d H:i:s"), 'IP' => $_SERVER['REMOTE_ADDR'], 'Newsletter' => (int) $_REQUEST['Newsletter'], 'Notification1' => (int) $_REQUEST['Notification1'], 'Notification2' => (int) $_REQUEST['Notification2'], 'Password' => md5(stripslashes($_REQUEST['Password'])), 'expired' => 'N'); $sql = "REPLACE INTO `users` ( " . JB_get_sql_insert_fields(5, $assign) . ") VALUES ( " . JB_get_sql_insert_values(5, "users", "ID", $user_id, '', $assign) . ") "; JB_mysql_query($sql); $user_id = JB_mysql_insert_id(); if ($user_id > 0) { JBPLUG_do_callback('create_candidate_account', $user_id); } // Here the emailmessage itself is defined, this will be send to your members. Don't forget to set the validation link here. $result = JB_get_email_template(1, $_SESSION['LANG']); $e_row = mysql_fetch_array($result, MYSQL_ASSOC); $EmailMessage = $e_row['EmailText']; $from = $e_row['EmailFromAddress']; $from_name = $e_row['EmailFromName']; $subject = $e_row['EmailSubject']; $subject = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $subject); $EmailMessage = str_replace("%FNAME%", stripslashes($_REQUEST['FirstName']), $EmailMessage); $EmailMessage = str_replace("%LNAME%", stripslashes($_REQUEST['LastName']), $EmailMessage); $EmailMessage = str_replace("%SITE_CONTACT_EMAIL%", JB_SITE_CONTACT_EMAIL, $EmailMessage); $EmailMessage = str_replace("%SITE_NAME%", JB_SITE_NAME, $EmailMessage); $EmailMessage = str_replace("%MEMBERID%", stripslashes($_REQUEST['Username']), $EmailMessage); $EmailMessage = str_replace("%PASSWORD%", stripslashes($_REQUEST['Password']), $EmailMessage); $EmailMessage = str_replace("%SITE_URL%", JB_BASE_HTTP_PATH, $EmailMessage); JBPLUG_do_callback('candidate_signup_email_msg', $EmailMessage, $user_id); $to = stripslashes($_REQUEST['Email']); if (!defined('JB_EMAIL_CAN_SIGNUP')) { define('JB_EMAIL_CAN_SIGNUP', 'YES'); } if (JB_EMAIL_CAN_SIGNUP == 'YES') { $email_id = JB_queue_mail($to, stripslashes(jb_get_formatted_name(stripslashes($_REQUEST['FirstName']), stripslashes($_REQUEST['LastName']))), $e_row['EmailFromAddress'], $e_row['EmailFromName'], $subject, $EmailMessage, '', 1); JB_process_mail_queue(1, $email_id); } $to = JB_SITE_CONTACT_EMAIL; if (JB_EMAIL_CANDIDATE_SIGNUP_SWITCH == 'YES') { $email_id = JB_queue_mail($to, "Admin", JB_SITE_CONTACT_EMAIL, JB_SITE_NAME, $subject, $EmailMessage, '', 2); JB_process_mail_queue(1, $email_id); } return $user_id; }
function JB_insert_resume_data() { if (func_num_args() > 0) { $admin = func_get_arg(0); // admin mode. } $list_on_web = 'Y'; $_REQUEST['anon'] = jb_alpha_numeric($_REQUEST['anon']); $status = "ACT"; $approved = 'Y'; if ($admin == true) { $sql = "select user_id from `resumes_table` WHERE resume_id='" . jb_escape_sql($_REQUEST['resume_id']) . "'"; $result = JB_mysql_query($sql) or die(mysql_error()); $row = @mysql_fetch_array($result, MYSQL_ASSOC); $user_id = $row['user_id']; } else { $user_id = (int) $_SESSION['JB_ID']; } if (JB_RESUMES_NEED_APPROVAL == 'YES' && !$admin) { $approved = 'N'; } if ($_REQUEST['resume_id'] == false) { $assign = array('list_on_web' => 'Y', 'resume_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $user_id, 'approved' => $approved, 'anon' => jb_alpha_numeric($_REQUEST['anon']), 'status' => 'ACT', 'expired' => 'N'); $sql = "REPLACE INTO `resumes_table` ( " . JB_get_sql_insert_fields(2, $assign) . ") VALUES (" . JB_get_sql_insert_values(2, "resumes_table", "resume_id", $resume_id, $user_id, $assign) . ") "; // JB_get_sql_insert_values() escapes the sql values $action = "Inserted new resume."; } else { $resume_id = (int) $_REQUEST['resume_id']; $now = gmdate("Y-m-d H:i:s"); $assign = array('resume_date' => gmdate("Y-m-d H:i:s"), 'anon' => jb_alpha_numeric($_REQUEST['anon']), 'approved' => $approved); $sql = "UPDATE `resumes_table` SET " . JB_get_sql_update_values(2, "resumes_table", "resume_id", $_REQUEST['resume_id'], $user_id, $assign) . " WHERE resume_id='" . jb_escape_sql($resume_id) . "' and user_id='" . jb_escape_sql($user_id) . "' "; // JB_get_sql_update_values() // escapes the sql values //$action = "Updated existing resume"; } JB_mysql_query($sql) or die("[{$sql}]" . mysql_error()); if ($resume_id == false) { $resume_id = JB_mysql_insert_id(); } $RForm =& JB_get_DynamicFormObject(2); $data = $RForm->load($resume_id); $data['resume_id'] = $resume_id; JB_build_resume_count(0); JBPLUG_do_callback('insert_resume_data', $data); if (JB_EMAIL_ADMIN_RESUPDATE_SWITCH == 'YES') { // send notification email to Admin $resume_tag_to_field_id =& $RForm->get_tag_to_field_id(); $RESUME_SUMMARY = $action . "\r\n"; $sql = "SELECT * from form_lists WHERE form_id=2 ORDER BY sort_order "; $result = JB_mysql_query($sql); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $label = $field_field_label = $resume_tag_to_field_id[$row['template_tag']]['field_label']; $RESUME_SUMMARY .= $label . " - " . $RForm->get_raw_template_value($row['template_tag'], $admin) . "\r\n"; } // get the email template $template_result = JB_get_email_template(320, 'EN'); $t_row = mysql_fetch_array($template_result); $to_address = JB_SITE_CONTACT_EMAIL; $to_name = JB_SITE_NAME; $subject = $t_row['EmailSubject']; $message = $t_row['EmailText']; $from_name = $t_row['EmailFromName']; $from_address = $t_row['EmailFromAddress']; $subject = str_replace("%SITE_NAME%", JB_SITE_NAME, $subject); $message = str_replace("%RESUME_SUMMARY%", $RESUME_SUMMARY, $message); $message = str_replace("%ADMIN_LINK%", JB_BASE_HTTP_PATH . "admin/ra.php?resume_id=" . $resume_id . "&key=" . md5($resume_id . JB_ADMIN_PASSWORD), $message); $message = str_replace("%SITE_NAME%", JB_SITE_NAME, $message); $message = strip_tags($message); JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, '', 320); } return $resume_id; }
// "Edit" button must be pressed $sql = "UPDATE packages SET name='" . jb_escape_sql($package_name) . "', price='" . jb_escape_sql($package_price) . "', posts_quantity='" . jb_escape_sql($package_posts_quantity) . "', premium='" . jb_escape_sql($premium) . "', description='" . jb_escape_sql($package_description) . "', currency_code='" . jb_escape_sql($package_currency) . "' WHERE `package_id`='" . jb_escape_sql($selected_package) . "' "; JB_mysql_query($sql) or die(mysql_error()); $JBMarkup->ok_msg('Changes Saved.'); } if ($package_delete_action != '') { // "Delete" button must be pressed. $sql = "DELETE FROM packages WHERE package_id = '" . jb_escape_sql($selected_package) . "' "; JB_mysql_query($sql) or die(mysql_error()); $JBMarkup->ok_msg('Package Deleted.'); } if ($new_package_label != '') { // the "Add" button was pressed, or Enter is hit. $sql = "INSERT INTO packages (`name`, `price`, `posts_quantity`, `premium`, `currency_code`, `description`) VALUES('" . jb_escape_sql($new_package_label) . "', '" . jb_escape_sql($package_price) . "', '" . jb_escape_sql($package_posts_quantity) . "', '" . jb_escape_sql($premium) . "', '" . jb_escape_sql($package_currency) . "', '') "; JB_mysql_query($sql) or die(mysql_error()); $selected_package = JB_mysql_insert_id(); $new_package_label = ""; // need to clear it, so we don't pupulate it back to the form $_REQUEST['new'] = ""; $JBMarkup->ok_msg('New Package Added.'); } // get the updated values from the database if ($selected_package != '') { $sql = "SELECT * FROM `packages` WHERE `package_id`='" . jb_escape_sql($selected_package) . "' "; $result = JB_mysql_query($sql); $row = mysql_fetch_array($result, MYSQL_ASSOC); $package_label = $row['name']; $package_price = $row['price']; $package_description = $row['description']; $package_posts_quantity = $row['posts_quantity']; $premium = $row['premium'];
$sql = "SELECT subscription_id FROM subscription_invoices WHERE subscription_id='" . jb_escape_sql($selected_subscription) . "' AND ((`status`='Completed' ) OR ((`status`='Pending') AND `reason`='jb_credit_advanced'))"; $result = jb_mysql_query($sql); if (mysql_num_rows($result) > 0) { $JBMarkup->error_msg('Subscription plan cannot be deleted. The system found that there are some active subscription(s) which for this subscription plan. Please modify these subscription(s) in Admin->Subscriptions so that they are not active, and try to delete them here again'); } else { $sql = "DELETE FROM subscriptions WHERE subscription_id = '" . jb_escape_sql($selected_subscription) . "' "; JB_mysql_query($sql) or die(mysql_error()); $JBMarkup->ok_msg('Subscription Plan Deleted.'); } } if ($new_subscription_label != '') { // the "Add" button was pressed, or Enter is hit. $sql = "INSERT INTO subscriptions (`name`, `price`, `months_duration`, `can_post`, `can_view_resumes` , `can_post_premium`, `currency_code`, `can_view_blocked`, `description`, posts_quota, p_posts_quota, views_quota) VALUES('" . jb_escape_sql($new_subscription_label) . "', '" . jb_escape_sql($subscription_price) . "', '" . jb_escape_sql($subscription_duration) . "', '" . jb_escape_sql($subscription_can_post) . "', '" . jb_escape_sql($subscription_can_view_resumes) . "' , '" . jb_escape_sql($subscription_can_post_premium) . "', '" . jb_escape_sql($subscription_currency) . "' , '" . jb_escape_sql($subscription_can_view_blocked) . "', '" . jb_escape_sql($description) . "', '" . jb_escape_sql($posts_quota) . "', '" . jb_escape_sql($p_posts_quota) . "', '" . jb_escape_sql($views_quota) . "') "; //echo $sql."<br>"; JB_mysql_query($sql) or die(mysql_error()); $selected_subscription = JB_mysql_insert_id(); $new_subscription_label = ""; // need to clear it, so we don't pupulate it back to the form $_REQUEST['new'] = ""; $JBMarkup->ok_msg('Subscription Plan Updated.'); } if ($selected_subscription != '') { $sql = "SELECT * FROM `subscriptions` WHERE `subscription_id`='" . jb_escape_sql($selected_subscription) . "' "; $result = JB_mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); $subscription_label = $row['name']; $subscription_price = $row['price']; $subscription_currency = $row['currency_code']; $subscription_description = $row['description']; $subscription_duration = $row['months_duration']; $subscription_can_post = $row['can_post'];
function JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, $html_message, $template_id, $att = false) { $to_address = trim($to_address); $to_name = trim($to_name); $from_address = trim($from_address); $from_name = trim($from_name); $subject = trim($subject); $message = trim($message); $html_message = trim($html_message); if (EMAIL_URL_SHORTEN == 'YES') { $message = JB_change_urls_to_short($message); $html_message = JB_change_urls_to_short($html_message); } // legacy addslashes() - this will be removed in the future! $to_address = addslashes($to_address); $to_name = addslashes($to_name); $from_address = addslashes($from_address); $from_name = addslashes($from_name); $subject = addslashes($subject); $message = addslashes($message); $html_message = addslashes($html_message); $now = gmdate("Y-m-d H:i:s"); $attachments = 'N'; $user_type = $_SESSION['JB_Domain'] ? "'" . jb_escape_sql($_SESSION['JB_Domain']) . "'" : 'NULL'; $user_id = $_SESSION['JB_ID'] ? "'" . jb_escape_sql($_SESSION['JB_ID']) . "'" : 'NULL'; $sql = "INSERT INTO mail_queue (mail_date, to_address, to_name, from_address, from_name, subject, message, html_message, attachments, status, error_msg, retry_count, template_id, date_stamp, user_id, user_type) VALUES('" . $now . "', '" . jb_escape_sql($to_address) . "', '" . jb_escape_sql($to_name) . "', '" . jb_escape_sql($from_address) . "', '" . jb_escape_sql($from_name) . "', '" . jb_escape_sql($subject) . "', '" . jb_escape_sql($message) . "', '" . jb_escape_sql($html_message) . "', '" . jb_escape_sql($attachments) . "', 'queued', '', 0, '" . jb_escape_sql($template_id) . "', '" . $now . "', " . $user_id . ", " . $user_type . ")"; // 2005 copyr1ght jam1t softwar3 JB_mysql_query($sql) or JB_q_mail_error(mysql_error() . $sql); $mail_id = JB_mysql_insert_id(); if ($att) { if ($_FILES['att1']['name'] != '') { $filename = JB_move_uploaded_attachment($mail_id, 'att1', $from_name); $sql = "UPDATE mail_queue SET attachments='Y', att1_name='" . jb_escape_sql($filename) . "' WHERE mail_id='" . jb_escape_sql($mail_id) . "' "; JB_mysql_query($sql) or JB_q_mail_error(mysql_error() . $sql); } if ($_FILES['att2']['name'] != '') { $filename = JB_move_uploaded_attachment($mail_id, 'att2', $from_name); $sql = "UPDATE mail_queue SET attachments='Y', att2_name='" . jb_escape_sql($filename) . "' WHERE mail_id='" . jb_escape_sql($mail_id) . "' "; JB_mysql_query($sql) or JB_q_mail_error(mysql_error() . $sql); } if ($_FILES['att3']['name'] != '') { $filename = JB_move_uploaded_attachment($mail_id, 'att3', $from_name); $sql = "UPDATE mail_queue SET attachments='Y', att3_name='" . jb_escape_sql($filename) . "' WHERE mail_id='" . jb_escape_sql($mail_id) . "' "; JB_mysql_query($sql) or JB_q_mail_error(mysql_error() . $sql); } } return $mail_id; }
function JB_save_field($error, $NEW_FIELD) { $_REQUEST['field_sort'] = (int) $_REQUEST['field_sort']; $_REQUEST['field_width'] = (int) $_REQUEST['field_width']; $_REQUEST['field_height'] = (int) $_REQUEST['field_height']; $_REQUEST['list_sort_order'] = (int) $_REQUEST['list_sort_order']; $_REQUEST['category_init_id'] = (int) $_REQUEST['category_init_id']; $_REQUEST['search_sort_order'] = (int) $_REQUEST['search_sort_order']; $_REQUEST['cat_multiple_rows'] = (int) $_REQUEST['cat_multiple_rows']; if ($_REQUEST['field_type'] == 'GMAP') { if (!$_REQUEST['field_width']) { $_REQUEST['field_width'] = 300; } if (!$_REQUEST['field_height']) { $_REQUEST['field_height'] = 400; } } if ($_REQUEST['field_type'] == 'EDITOR') { } if ($NEW_FIELD == "YES") { $sql = "INSERT INTO `form_fields` ( `form_id` , `reg_expr` , `field_label` , `field_type` , `field_sort` , `is_required` , `display_in_list` , `error_message` , `field_init`, `field_width`, `field_height`, `is_in_search`, `list_sort_order`, `search_sort_order`, `template_tag`, `section`, `is_hidden`, `is_anon`, `field_comment`, `category_init_id`, `is_cat_multiple`, `cat_multiple_rows`, `is_blocked`, `multiple_sel_all`, `is_member`) VALUES ('" . JB_escape_sql($_REQUEST['form_id']) . "', '" . JB_escape_sql($_REQUEST['reg_expr']) . "', '" . JB_escape_sql($_REQUEST['field_label']) . "', '" . JB_escape_sql($_REQUEST['field_type']) . "', '" . JB_escape_sql($_REQUEST['field_sort']) . "', '" . JB_escape_sql($_REQUEST['is_required']) . "', '" . JB_escape_sql($_REQUEST['display_in_list']) . "', '" . JB_escape_sql($_REQUEST['error_message']) . "', '" . JB_escape_sql($_REQUEST['field_init']) . "', '" . JB_escape_sql($_REQUEST['field_width']) . "', '" . JB_escape_sql($_REQUEST['field_height']) . "', '" . JB_escape_sql($_REQUEST['is_in_search']) . "', '" . JB_escape_sql($_REQUEST['list_sort_order']) . "', '" . JB_escape_sql($_REQUEST['search_sort_order']) . "', '" . JB_escape_sql($_REQUEST['template_tag']) . "', '" . JB_escape_sql($_REQUEST['section']) . "', '" . JB_escape_sql($_REQUEST['is_hidden']) . "', '" . JB_escape_sql($_REQUEST['is_blcoked']) . "', '" . JB_escape_sql($_REQUEST['field_comment']) . "', '" . JB_escape_sql($_REQUEST['category_init_id']) . "', '" . JB_escape_sql($_REQUEST['is_cat_multiple']) . "', '" . JB_escape_sql($_REQUEST['cat_multiple_rows']) . "', '" . JB_escape_sql($_REQUEST['is_blocked']) . "', '" . JB_escape_sql($_REQUEST['multiple_sel_all']) . "', '" . JB_escape_sql($_REQUEST['is_member']) . "' )"; } else { //if ($_SESSION["LANG"] == "EN") { $sql = "SELECT * FROM form_fields WHERE field_id='" . JB_escape_sql($_REQUEST['field_id']) . "' "; $result = JB_mysql_query($sql) or die(mysql_error() . $sql); $row = mysql_fetch_array($result, MYSQL_ASSOC); if (JB_is_reserved_template_tag($_REQUEST['template_tag']) && true) { $tt = ""; // do not update template tag } elseif ($_REQUEST['template_tag'] != '') { $tt = "`template_tag` = '" . JB_escape_sql($_REQUEST['template_tag']) . "',"; } $sql = "UPDATE `form_fields` SET " . "`reg_expr` = '" . JB_escape_sql($_REQUEST['reg_expr']) . "'," . "`field_label` = '" . JB_escape_sql($_REQUEST['field_label']) . "'," . "`field_type` = '" . JB_escape_sql($_REQUEST['field_type']) . "'," . "`field_init` = '" . JB_escape_sql($_REQUEST['field_init']) . "'," . "`is_required` = '" . JB_escape_sql($_REQUEST['is_required']) . "'," . "`field_width` = '" . JB_escape_sql($_REQUEST['field_width']) . "'," . "`field_height` = '" . JB_escape_sql($_REQUEST['field_height']) . "'," . "`is_in_search` = '" . JB_escape_sql($_REQUEST['is_in_search']) . "'," . "`search_sort_order` = '" . JB_escape_sql($_REQUEST['search_sort_order']) . "'," . "`section` = '" . JB_escape_sql($_REQUEST['section']) . "'," . $tt . "`error_message` = '" . JB_escape_sql($_REQUEST['error_message']) . "'," . "`is_hidden` = '" . JB_escape_sql($_REQUEST['is_hidden']) . "', " . "`is_anon` = '" . JB_escape_sql($_REQUEST['is_anon']) . "', " . "`is_cat_multiple` = '" . JB_escape_sql($_REQUEST['is_cat_multiple']) . "', " . "`cat_multiple_rows` = '" . JB_escape_sql($_REQUEST['cat_multiple_rows']) . "', " . "`field_comment` = '" . JB_escape_sql($_REQUEST['field_comment']) . "', " . "`multiple_sel_all` = '" . JB_escape_sql($_REQUEST['multiple_sel_all']) . "', " . "`is_blocked` = '" . JB_escape_sql($_REQUEST['is_blocked']) . "', " . "`is_prefill` = '" . JB_escape_sql($_REQUEST['is_prefill']) . "', " . "`is_member` = '" . JB_escape_sql($_REQUEST['is_member']) . "', " . "category_init_id = '" . JB_escape_sql($_REQUEST['category_init_id']) . "' " . "WHERE `field_id` = '" . JB_escape_sql($_REQUEST['field_id']) . "' ;"; // update template tag on the form_lists if ($_REQUEST['template_tag'] != '') { // sometimes template tag can be blank (reserved tags) $sql_tt = "UPDATE form_lists SET `template_tag`='" . JB_escape_sql($_REQUEST['template_tag']) . "' WHERE `field_id`='" . JB_escape_sql($_REQUEST['field_id']) . "'"; JB_mysql_query($sql_tt) or die($sql . mysql_error()); } } // Do the SQL query, UPDATE or INSERT JB_mysql_query($sql) or die($sql . mysql_error()); if ($_REQUEST['field_id'] == false) { $_REQUEST['field_id'] = jb_mysql_insert_id(); } // update translations $label = $_REQUEST['field_label']; $sql_fft = "RePLACE INTO `form_field_translations` (`field_id`, `lang`, `field_label`, `error_message`, `field_comment`) VALUES ('" . JB_escape_sql($_REQUEST['field_id']) . "', '" . JB_escape_sql($_SESSION["LANG"]) . "', '" . JB_escape_sql($label) . "', '" . JB_escape_sql($_REQUEST['error_message']) . "', '" . JB_escape_sql($_REQUEST['field_comment']) . "' )"; JB_mysql_query($sql_fft) or die($sql . mysql_error()); if ($_REQUEST['field_type'] == 'RADIO' || $_REQUEST['field_type'] == 'CHECK' || $_REQUEST['field_type'] == 'MSELECT' || $_REQUEST['field_type'] == 'SELECT') { //echo 'formatting field..<br>'; if ($NEW_FIELD == 'YES') { $_REQUEST['field_id'] = JB_mysql_insert_id(); } JB_format_codes_translation_table($_REQUEST['field_id']); } if ($NEW_FIELD == 'YES') { $field_id = JB_mysql_insert_id(); } else { $field_id = $_REQUEST['field_id']; } JB_cache_del_keys_for_form($_REQUEST['form_id']); $_REQUEST['mode'] = 'EDIT'; global $NEW_FIELD; $_REQUEST['NEW_FIELD'] = 'NO'; return $field_id; }
function JB_place_membership_invoice_clone($old_invoice_id) { $status = 'in_cart'; $id = JB_generate_membership_invoice_id(); $sql = "SELECT * FROM membership_invoices WHERE `invoice_id`='" . jb_escape_sql($old_invoice_id) . "' "; $result = JB_mysql_query($sql) or die($sql . mysql_error()); $row = mysql_fetch_array($result, MYSQL_ASSOC); $now = gmdate("Y-m-d H:i:s"); $currency_rate = JB_get_currency_rate($row['currency_code']); if (!$row['currency_code']) { $row['currency_code'] = 'USD'; $currency_rate = 1; } $sql = "INSERT INTO `membership_invoices` ( `invoice_id` , `invoice_date` , `processed_date` , `status` , `user_type` , `user_id` , `membership_id` , `months_duration` , `amount` , `currency_code` , `currency_rate` , `item_name`, `payment_method`, `reason`, `member_date`, `member_end` ) VALUES ('{$id}', '{$now}', NULL, '" . jb_escape_sql($status) . "', '" . jb_escape_sql($row['user_type']) . "', '" . jb_escape_sql($row['user_id']) . "', '" . jb_escape_sql($row['membership_id']) . "', '" . jb_escape_sql($row['months_duration']) . "', '" . jb_escape_sql($row['amount']) . "', '" . jb_escape_sql($row['currency_code']) . "', '" . jb_escape_sql($currency_rate) . "', '" . jb_escape_sql(addslashes($row['item_name'])) . "', '" . jb_escape_sql(addslashes($row['payment_method'])) . "', '', '0000-00-00 00:00:00', '0000-00-00 00:00:00')"; $result = JB_mysql_query($sql) or die($sql . mysql_error()); $invoice_id = JB_mysql_insert_id(); JB_send_admin_new_invoice_alert('M', $invoice_id); return $invoice_id; }
$row[$col_key] = jb_escape_sql(addslashes($col_val)); } $row['schema_id'] = (int) $_REQUEST['schema_id']; $old_element_id = (int) $row['element_id']; if ($row['has_child'] == '') { $row['has_child'] = 'NULL'; } else { $row['has_child'] = "'" . $row['has_child'] . "'"; // add quotes } // Note: data in $row was already escaped above $sql = 'INSERT INTO `xml_export_elements` (`element_id`, `element_name`, `is_cdata`, `parent_element_id`, `form_id`, `field_id`, `schema_id`, `attributes`, `static_data`, `is_pivot`, `description`, `fieldcondition`, `is_boolean`, `qualify_codes`, `qualify_cats`, `truncate`, `strip_tags`, `is_mandatory`, `static_mod`, `multi_fields`, `has_child`) VALUES (NULL, \'' . $row['element_name'] . '\', \'' . $row['is_cdata'] . '\', \'' . $row['parent_element_id'] . '\', \'' . $row['form_id'] . '\', \'' . $row['field_id'] . '\', \'' . $row['schema_id'] . '\', \'' . $row['attributes'] . '\', \'' . $row['static_data'] . '\', \'' . $row['is_pivot'] . '\', \'' . $row['description'] . '\', \'' . $row['fieldcondition'] . '\', \'' . $row['is_boolean'] . '\', \'' . $row['qualify_codes'] . '\', \'' . $row['qualify_cats'] . '\', \'' . $row['truncate'] . '\', \'' . $row['strip_tags'] . '\', \'' . $row['is_mandatory'] . '\', \'' . $row['static_mod'] . '\', \'' . $row['multi_fields'] . '\', ' . $row['has_child'] . ')'; // insert the element jb_mysql_query($sql); // get the element id $element_id = JB_mysql_insert_id(); // update all the parent_element_id refrences in the $arr // find where parent_element_id == old_element_id and change // to the new element_id update_arr_parent_ids($arr, $old_element_id, $element_id); // update all the parent_element_id refrences in the table $sql = "UPDATE xml_export_elements SET parent_element_id='" . $element_id . "' WHERE parent_element_id='" . $old_element_id . "' "; jb_mysql_query($sql); } $JBMarkup->ok_msg('Imported XML Schema'); } } if ($_REQUEST['import'] != '') { ?> <form method="POST" action="xmlschema.php?config=yes&form_id=<?php