function JobListAttributes($list_mode = 'ALL', $show = '') { $this->set_list_mode($list_mode); $this->params = array(); $q_string = JB_generate_q_string(1); // Split up the $q_string in to key/val pairs and place in to $this->params if ($q_string) { $parts = explode('&', $q_string); if (is_array($parts) && sizeof(is_array($parts)) > 0) { $this->params['action'] = 'search'; foreach ($parts as $pair_str) { if ($pair_str) { $pair = explode('=', $pair_str); if (strpos($pair[0], '3%5B%5D') === strlen($pair[0]) - 7) { // does it end with square brackets? [] is 3%5B%5D // its an array $key = substr($pair[0], 0, strlen($pair[0]) - 6); // remove the square brackets $this->params[$key][] = $pair[1]; } else { $this->params[$pair[0]] = $pair[1]; } } } } } if (isset($_REQUEST['post_permalink'])) { // came from a permalink // so remove redundant variables from the $q_string // which are already encoded in the permalink global $post_tag_to_field_id; $parts = explode('/', JB_MOD_REWRITE_JOB_DIR); foreach ($parts as $part) { if (strpos($part, '%', 0) !== false) { $template_tag = substr($part, 1, strlen($part) - 2); $key = $post_tag_to_field_id[$template_tag]['field_id']; unset($this->params['action']); unset($this->params[$key]); } } } if ($_REQUEST['offset'] != '') { $_REQUEST['offset'] = (int) $_REQUEST['offset']; $this->params['offset'] = $_REQUEST['offset']; } if ($_REQUEST['show_emp'] != '') { $_REQUEST['show_emp'] = (int) $_REQUEST['show_emp']; $this->params['show_emp'] = $_REQUEST['show_emp']; } if ($_REQUEST['cat'] != '') { $_REQUEST['cat'] = (int) $_REQUEST['cat']; $this->params['cat'] = $_REQUEST['cat']; } if ($_REQUEST['order_by'] != '') { $ord = jb_alpha_numeric($_REQUEST['ord']); $_REQUEST['order_by'] = jb_alpha_numeric($_REQUEST['order_by']); $this->params['order_by'] = $_REQUEST['order_by']; $this->params['ord'] = $ord; } if ($_REQUEST['show'] != '') { $_REQUEST['show'] = preg_match('#[a-z]+#i', $_REQUEST['show'], $m); $_REQUEST['show'] = $m[0]; $this->params['show'] = $_REQUEST['show']; } $this->internal_page = strpos($_SERVER['PHP_SELF'], JB_CANDIDATE_FOLDER) !== false || strpos($_SERVER['PHP_SELF'], JB_EMPLOYER_FOLDER) !== false || strpos($_SERVER['PHP_SELF'], 'posts.php') !== false; // eg. 1 http://loaclhost/index.php?post_id=3&search=1 (prefix is &) // eg. 2 http://loaclhost/job/3?search=1 (prefix is ?) if ($this->list_mode == 'PREMIUM') { $this->params['p'] = '1'; } }
function JB_list_jobs($list_mode) { if (func_num_args() > 1) { // what kind of posts to show $show = func_get_arg(1); } global $label; global $post_count; $post_count = null; // reset post count. ############################################# # Build the apporved SQL part $approved_sql = " approved='Y' "; if ($show == "WA") { // waiting $approved_sql = " approved='N' "; $where_sql .= " AND `reason` ='' "; } elseif ($show == "NA") { // not approved $approved_sql = " approved ='N' "; $where_sql .= " AND `reason` !='' "; } elseif ($show == "EX") { // expired $approved_sql = ' 1=1 '; } elseif ($show == "EMP") { // expired $approved_sql = ' 1=1 '; } ############################################# # Build the ORDER BY part $order = jb_alpha_numeric($_REQUEST['order_by']); if ($_REQUEST['ord'] == 'asc') { $ord = 'ASC'; } elseif ($_REQUEST['ord'] == 'desc') { $ord = 'DESC'; } else { $ord = 'DESC'; // sort descending by default } if ($order == '' || !JB_is_field_valid($order, 1)) { // by default, order by the post_date, if the field is invalid $order = " `post_date` "; } elseif ($order == 'summary') { // order by title instead $order = JB_get_template_field_id('TITLE', 1); } else { $order = " `" . jb_escape_sql($order) . "` "; } ############################################ # Search Posts $where_sql .= JB_generate_search_sql(1); ############################################ # PREMIUM list mode # To list only premium jobs, call like this: JB_list_jobs('PREMIUM') if (!defined('JB_SHOW_PREMIUM_LIST')) { // new setting since 3.4.13, may not be in config.php JB_SHOW_PREMIUM_LIST == 'YES'; } # Set $premium_sql # This determines whether to: # - include only premium posts to the list # - include only standard posts to the list # - do not show the premium list at all, return the call if ($list_mode == 'PREMIUM') { if (JB_SHOW_PREMIUM_LIST != 'YES') { // PREMIUM list is turned off in Admin->Main Config // do not show the premium list at all, return the call return; } // - include only premium posts to the list $premium_sql = "AND ( " . "post_mode " . "= 'premium'" . ") "; $post_count = JB_get_post_count('PAP'); // PAP - Approved premium posts, not expired } elseif (JB_DONT_REPEAT_PREMIUM == 'YES') { // Premium posts are listed on top in a seperate list // This ensures that when listing the standard posts, the premium // posts are not repeated. // If listing jobs on the front page, no search executed and the page is index.php global $JB_HOME_PAGE, $JOB_LIST_PAGE; if ($JB_HOME_PAGE | $JOB_LIST_PAGE && $list_mode == 'ALL' && JB_SHOW_PREMIUM_LIST == 'YES') { // - include only standard posts to the list $premium_sql .= "AND ( " . "post_mode " . "!= 'premium'" . ") "; $post_count = JB_get_post_count('SAP'); // Approved, not premium, not expired } } ############################################# # Show posts by employer? $_REQUEST['show_emp'] = (int) $_REQUEST['show_emp']; if ($_REQUEST['show_emp'] > 0) { // is user_id > 0 ? $show_emp_sql = " AND user_id='" . jb_escape_sql($_REQUEST['show_emp']) . "' "; } ############################################# # Get todays date (in GMT) $now = gmdate("Y-m-d"); ############################################# # build the LIMIT part $offset = (int) $_REQUEST['offset']; if ($offset < 0) { $offset = abs($offset); } $limit_sql = " LIMIT {$offset}, "; if ($list_mode == 'PREMIUM') { if (JB_PREMIUM_POSTS_LIMIT == 'YES') { $limit_sql .= JB_PREMIUM_POSTS_PER_PAGE; } else { // there's no limit $limit_sql = ''; } } elseif ($list_mode == 'EMPLOYER') { $limit_sql .= JB_MANAGER_POSTS_PER_PAGE; } else { $limit_sql .= JB_POSTS_PER_PAGE; } # Include a SQL_CALC_FOUND_ROWS option to count the number of posts returned # See http://dev.mysql.com/doc/refman/5.0/en/information-functions.html#function_found-rows if ($where_sql != '' || $show_emp_sql != '' || $post_count === null) { // If its not a search, or by listing employer, and the post count // is unknown, we need to tell MySQL to count the posts returned without // the LIMIT clause $calc_found_rows_sql = 'SQL_CALC_FOUND_ROWS'; } ############################################# # Glue the SQL query, basted on $list_mode if ($list_mode == 'SAVED') { $calc_found_rows_sql = 'SQL_CALC_FOUND_ROWS'; $sql = "SELECT {$calc_found_rows_sql} *, posts_table.user_id as user_id FROM `posts_table`, `saved_jobs` WHERE saved_jobs.user_id='" . jb_escape_sql($_SESSION['JB_ID']) . "' AND (saved_jobs.post_id=posts_table.post_id) AND expired='N' ORDER BY {$order} {$ord} {$limit_sql}"; } elseif ($list_mode == 'BY_CATEGORY' || $list_mode == "BY_CATEGORY_ADMIN") { $calc_found_rows_sql = 'SQL_CALC_FOUND_ROWS'; $cat = JB_search_category_tree_for_posts(); $sql = "SELECT {$calc_found_rows_sql} * FROM posts_table where {$approved_sql} {$where_sql} {$show_emp_sql} AND expired='N' {$cat} ORDER BY ({$order}) {$ord} {$limit_sql}"; } elseif ($list_mode == 'EMPLOYER') { // employer's post manager. $calc_found_rows_sql = 'SQL_CALC_FOUND_ROWS'; if ($show == "OFFLINE") { $date_range_sql = ''; // include posts that are expired. $date_range_sql = "AND expired='Y' "; $approved_sql = " OR (approved='N' AND user_id='" . jb_escape_sql($_SESSION['JB_ID']) . "') "; } else { // show current posts $date_range_sql = "AND expired='N' "; $approved_sql = " AND approved='Y' "; } $sql = "SELECT {$calc_found_rows_sql} * FROM posts_table where (1=1 {$where_sql} {$date_range_sql} AND user_id='" . jb_escape_sql($_SESSION['JB_ID']) . "') {$approved_sql} ORDER BY ({$order}) {$ord} {$limit_sql}"; } else { if ($show == 'EX') { // show expired? $expired_sql = " AND expired='Y' "; } else { $expired_sql = " AND expired='N' "; } $sql = "SELECT {$calc_found_rows_sql} * FROM posts_table where {$approved_sql} {$expired_sql} {$premium_sql} {$where_sql} {$show_emp_sql} ORDER BY ({$order}) {$ord} {$limit_sql} "; } //echo '<hr>sql:'.$sql." where_sql:[$where_sql] show_emp:[$show_emp_sql] cat:[$cat] calc_found_rows_sql:[$calc_found_rows_sql] (LM: $list_mode)<br>"; // some debugging & performance test //$result = JB_mysql_query("EXPLAIN ".$sql) or die ("[$sql]".mysql_error()); //$row = mysql_fetch_array($result, MYSQL_ASSOC); //echo "<pre>";print_r($row);echo "</pre>"; //echo "<br>".$sql."<br>"; ################################# # Execute the SQL query if (!JBPLUG_do_callback('job_list_custom_query', $result, $sql)) { // A plugin can modify the result with a custom query $result = JB_mysql_query($sql); } ################################# # Get the post_count # If $calc_found_rows_sql was not used, then we assume that the post # was is cashed in the database. if ($calc_found_rows_sql == '') { // MySQL did not count the number of posts // that were returned, then get the cached number. if ($list_mode == 'PREMIUM') { $post_count = JB_get_post_count('PAP'); // premium approved } elseif ($post_count == '') { if ($show == 'NA') { // not approved (admin) $post_count = JB_get_post_count('NA'); // get non approved posts count, admin list } elseif ($show == 'ALL') { $post_count = JB_get_post_count('AP'); // AP - Approved (expired='N' AND approved='Y'), admin list } elseif ($show == "WA") { // waiting count, admin list $post_count = JB_get_post_count('WA'); } elseif ($show == "EX") { // expired count, admin list $post_count = JB_get_post_count('EX'); } else { // get all the count of all apporved and not expired $post_count = JB_get_post_count('AP'); // AP - Approved (expired='N' AND approved='Y') } } } else { # Ask MySQL to get the number of rows from the last query # Even though the last query had a LIMIT clause $row = mysql_fetch_row(jb_mysql_query("SELECT FOUND_ROWS()")); $post_count = $row[0]; } JBPLUG_do_callback('job_list_set_count', $post_count, $list_mode); // A plugin can modify the post count ######################################## # Print how many jobs returned $PLM =& JB_get_PostListMarkupObject(); // load the ListMarkup Class if ($post_count == 0) { if ($list_mode == "PREMIUM") { //echo "<p> </p>"; } elseif ($list_mode == "SAVED") { //echo "<p> </p>"; } elseif ($list_mode == "BY_CATEGORY") { //echo "<p> </p>"; } elseif ($list_mode == "EMPLOYER") { $PLM->no_posts_employer(); } else { $PLM->no_posts(); } } else { if ($list_mode == "PREMIUM") { $PLM->sponsored_heading($post_count); } elseif ($list_mode == "ALL") { $label['post_list_count'] = str_replace("%COUNT%", $post_count, $label['post_list_count']); $label['post_list_count'] = str_replace("%POSTS_DISPLAY_DAYS%", JB_POSTS_DISPLAY_DAYS, $label['post_list_count']); $PLM->post_count($post_count); } elseif ($list_mode == "BY_CATEGORY") { $label['post_list_cat_count'] = str_replace("%COUNT%", $post_count, $label['post_list_cat_count']); $label['post_list_cat_count'] = str_replace("%POSTS_DISPLAY_DAYS%", JB_POSTS_DISPLAY_DAYS, $label['post_list_cat_count']); $PLM->post_count_category($post_count); } ################################################# JB_display_post_list($result, $list_mode, $show); } // end else if mysql num rows > 0 return $post_count; }
function JB_echo_proile_list_data($admin) { global $label, $cur_offset, $order_str, $q_offset, $show_emp, $cat, $list_mode; $LM =& JB_get_ListMarkupObject(3); // load the ListMarkup Class $Form =& JB_get_DynamicFormObject(3); $ttf =& $Form->get_tag_to_field_id(); if ($_REQUEST['order_by'] != '') { $ord = jb_alpha_numeric($_REQUEST['ord']); if ($ord == 'asc') { $ord = 'desc'; } elseif ($ord == 'desc') { $ord = 'asc'; } else { $ord = 'asc'; } $order_str = "&order_by=" . JB_escape_html($_REQUEST['order_by']) . "&ord=" . $ord; } foreach ($LM->column_list as $template_tag) { if ($LM->column_info[$template_tag]['admin'] == 'Y' && !$admin) { continue; // do not render this column } $val = $Form->get_value($ttf[$template_tag]['field_id'], $admin); if ($LM->column_info[$template_tag]['trunc'] > 0) { $val = JB_truncate_html_str($val, $LM->column_info[$template_tag]['trunc'], $trunc_str_len); } $val = JB_get_list_template_value($ttf[$template_tag], $val, $admin, 3); JBPLUG_do_callback('pro_list_column_data_filter', $val, $template_tag); if ($LM->column_info[$template_tag]['clean'] == 'Y') { // fix up punctuation spacing $val = preg_replace(JB_CLEAN_PUN_REGEX, '$1 ', $val); } if ($LM->column_info[$template_tag]['is_bold'] == 'Y') { $b1 = "<b>"; $b2 = "</b>"; } else { $b1 = ''; $b2 = ''; } if ($LM->column_info[$template_tag]['link'] == 'Y') { // Render as a Link to the record? $val = "<a href='" . htmlentities($_SERVER['PHP_SELF']) . "?profile_id=" . $Form->get_template_value('PROFILE_ID', $admin) . "{$order_str}{$q_string}{$q_offset}{$show_emp}{$cat}'>" . $val . "</a>"; } ?> <td class="list_data_cell" <?php if ($LM->column_info[$template_tag]['no_wrap'] == 'Y') { echo ' nowrap '; } ?> > <?php echo $b1 . $val . $b2; ?> </td> <?php } }
<?php ########################################################################### # Copyright Jamit Software 2012, http://www.jamit.com # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this file, # You can obtain one at http://mozilla.org/MPL/2.0/. ########################################################################### require "../config.php"; $post_id = (int) $_REQUEST['post_id']; $key = jb_alpha_numeric($_REQUEST['key']); $approve_post = jb_alpha_numeric($_REQUEST['approve_post']); $disapprove_post = jb_alpha_numeric($_REQUEST['disapprove_post']); $reason = $_REQUEST['reason']; if ($post_id > 0) { $JBPage = new JBJobPage($post_id, $admin = true); } global $JBMarkup; echo $JBMarkup->get_admin_doctype(); $JBMarkup->markup_open(); $JBMarkup->head_open(); $JBMarkup->title_meta_tag($title); $JBMarkup->stylesheet_link(JB_get_admin_maincss_url()); $JBMarkup->charset_meta_tag(); $JBMarkup->head_close(); $JBMarkup->body_open(); if ($post_id != '') { $comp_key = md5($post_id . JB_ADMIN_PASSWORD); if ($comp_key === $key) { require_once '../include/posts.inc.php'; if ($approve_post != '') {
function JB_insert_resume_data() { if (func_num_args() > 0) { $admin = func_get_arg(0); // admin mode. } $list_on_web = 'Y'; $_REQUEST['anon'] = jb_alpha_numeric($_REQUEST['anon']); $status = "ACT"; $approved = 'Y'; if ($admin == true) { $sql = "select user_id from `resumes_table` WHERE resume_id='" . jb_escape_sql($_REQUEST['resume_id']) . "'"; $result = JB_mysql_query($sql) or die(mysql_error()); $row = @mysql_fetch_array($result, MYSQL_ASSOC); $user_id = $row['user_id']; } else { $user_id = (int) $_SESSION['JB_ID']; } if (JB_RESUMES_NEED_APPROVAL == 'YES' && !$admin) { $approved = 'N'; } if ($_REQUEST['resume_id'] == false) { $assign = array('list_on_web' => 'Y', 'resume_date' => gmdate("Y-m-d H:i:s"), 'user_id' => $user_id, 'approved' => $approved, 'anon' => jb_alpha_numeric($_REQUEST['anon']), 'status' => 'ACT', 'expired' => 'N'); $sql = "REPLACE INTO `resumes_table` ( " . JB_get_sql_insert_fields(2, $assign) . ") VALUES (" . JB_get_sql_insert_values(2, "resumes_table", "resume_id", $resume_id, $user_id, $assign) . ") "; // JB_get_sql_insert_values() escapes the sql values $action = "Inserted new resume."; } else { $resume_id = (int) $_REQUEST['resume_id']; $now = gmdate("Y-m-d H:i:s"); $assign = array('resume_date' => gmdate("Y-m-d H:i:s"), 'anon' => jb_alpha_numeric($_REQUEST['anon']), 'approved' => $approved); $sql = "UPDATE `resumes_table` SET " . JB_get_sql_update_values(2, "resumes_table", "resume_id", $_REQUEST['resume_id'], $user_id, $assign) . " WHERE resume_id='" . jb_escape_sql($resume_id) . "' and user_id='" . jb_escape_sql($user_id) . "' "; // JB_get_sql_update_values() // escapes the sql values //$action = "Updated existing resume"; } JB_mysql_query($sql) or die("[{$sql}]" . mysql_error()); if ($resume_id == false) { $resume_id = JB_mysql_insert_id(); } $RForm =& JB_get_DynamicFormObject(2); $data = $RForm->load($resume_id); $data['resume_id'] = $resume_id; JB_build_resume_count(0); JBPLUG_do_callback('insert_resume_data', $data); if (JB_EMAIL_ADMIN_RESUPDATE_SWITCH == 'YES') { // send notification email to Admin $resume_tag_to_field_id =& $RForm->get_tag_to_field_id(); $RESUME_SUMMARY = $action . "\r\n"; $sql = "SELECT * from form_lists WHERE form_id=2 ORDER BY sort_order "; $result = JB_mysql_query($sql); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $label = $field_field_label = $resume_tag_to_field_id[$row['template_tag']]['field_label']; $RESUME_SUMMARY .= $label . " - " . $RForm->get_raw_template_value($row['template_tag'], $admin) . "\r\n"; } // get the email template $template_result = JB_get_email_template(320, 'EN'); $t_row = mysql_fetch_array($template_result); $to_address = JB_SITE_CONTACT_EMAIL; $to_name = JB_SITE_NAME; $subject = $t_row['EmailSubject']; $message = $t_row['EmailText']; $from_name = $t_row['EmailFromName']; $from_address = $t_row['EmailFromAddress']; $subject = str_replace("%SITE_NAME%", JB_SITE_NAME, $subject); $message = str_replace("%RESUME_SUMMARY%", $RESUME_SUMMARY, $message); $message = str_replace("%ADMIN_LINK%", JB_BASE_HTTP_PATH . "admin/ra.php?resume_id=" . $resume_id . "&key=" . md5($resume_id . JB_ADMIN_PASSWORD), $message); $message = str_replace("%SITE_NAME%", JB_SITE_NAME, $message); $message = strip_tags($message); JB_queue_mail($to_address, $to_name, $from_address, $from_name, $subject, $message, '', 320); } return $resume_id; }
function init_data_from_request(&$data) { // Init the static fields $fields =& JB_schema_get_static_fields($this->form_id, JB_DB_MAP); foreach ($fields as $field_id => $field) { if (!isset($data[$field_id]) && isset($_REQUEST[$field_id])) { switch ($field['field_type']) { case 'PASS': // password fields have a 'confirm' password field $data[$field_id] = $_REQUEST[$field_id]; $data[$field_id . '2'] = $_REQUEST[$field_id . '2']; break; case 'ID': $data[$field_id] = (int) $_REQUEST[$field_id]; break; default: $data[$field_id] = stripslashes($_REQUEST[$field_id]); break; } } } // init the dynamic fields foreach ($this->tag_to_field_id as $field) { switch ($field['field_type']) { case 'SEPERATOR': case 'BLANK': case 'NOTE': // do nothing for these break; case 'DATE': // Date field always comes out of the DB as Y-m-d $day = jb_alpha_numeric($_REQUEST[$field['field_id'] . "d"]); $month = jb_alpha_numeric($_REQUEST[$field['field_id'] . "m"]); $year = jb_alpha_numeric($_REQUEST[$field['field_id'] . "y"]); $data[$field['field_id']] = "{$year}-{$month}-{$day}"; break; case 'DATE_CAL': // SCW calendar field $data[$field['field_id']] = JB_SCWDate_to_ISODate($_REQUEST[$field['field_id']]); break; case 'MSELECT': case 'CHECK': // multiple select and checkboxes - these fields come in // as an array, need to be comma delimited if (is_array($_REQUEST[$field['field_id']])) { $data[$field['field_id']] = implode(",", $_REQUEST[$field['field_id']]); } else { $data[$field['field_id']] = $_REQUEST[$field['field_id']]; } break; case 'GMAP': $data[$field['field_id'] . '_lat'] = $_REQUEST[$field['field_id'] . '_lat']; $data[$field['field_id'] . '_lng'] = $_REQUEST[$field['field_id'] . '_lng']; break; case 'SKILL_MATRIX': $row_count = JB_get_matrix_row_count($field_row['field_id']); for ($i = 0; $i < $row_count; $i++) { $data[$field['field_id'] . "name" . $i] = stripslashes($_REQUEST[$field['field_id'] . "name" . $i]); $data[$field['field_id'] . "years" . $i] = jb_alpha_numeric($_REQUEST[$field['field_id'] . "years" . $i]); $data[$field['field_id'] . "rating" . $i] = jb_alpha_numeric($_REQUEST[$field['field_id'] . "rating" . $i]); } break; case 'TEXT': case 'TEXTAREA': case 'EDITOR': $data[$field['field_id']] = stripslashes($_REQUEST[$field['field_id']]); break; default: $val = false; JBPLUG_do_callback('init_data_from_request', $val, $field, $this->form_id); if ($val !== false) { $data[$field['field_id']] = $val; break; } elseif (isset($_REQUEST[$field['field_id']])) { $data[$field['field_id']] = stripslashes($_REQUEST[$field['field_id']]); } break; } } }