示例#1
0
function JB_move_uploaded_attachment($mail_id, $att_file, $from_name)
{
    $mail_id = (int) $mail_id;
    $att_tmp = $_FILES[$att_file]['tmp_name'];
    $temp = explode('.', $_FILES[$att_file]['name']);
    $ext = array_pop($temp);
    if (!file_exists(JB_FILE_PATH . "temp/")) {
        mkdir(JB_FILE_PATH . "temp/", JB_NEW_DIR_CHMOD);
        //chmod(JB_FILE_PATH."temp/", JB_NEW_DIR_CHMOD);
    }
    if (strpos(strtoupper(PHP_OS), 'WIN') !== false) {
        // sometimes the dir can have double slashes on Win, remove 'em
        $att_tmp = str_replace('\\\\', '\\', $att_tmp);
    }
    // strip out non-alphanumeric characters from from_name
    $from_name = preg_replace('/[^a-z^0-9^&^;^.^#]+/i', "", $from_name);
    $from_name = JB_clean_str($from_name);
    $ext = preg_replace('/[^a-z^0-9]+/i', "", $ext);
    $new_name = JB_FILE_PATH . "temp/{$from_name}" . $mail_id . "{$att_file}." . $ext;
    if (move_uploaded_file($att_tmp, $new_name)) {
        chmod($new_name, JB_NEW_FILE_CHMOD);
    } else {
        //echo htmlentities('Could not move the image form the temp directory.  (FROM: '.$_FILES[$field_id]['tmp_name'].' ->> TO: '.$uploadfile.') ').PHP_OS."<br>\n";
        switch ($_FILES[$field_id]["error"]) {
            case UPLOAD_ERR_OK:
                break;
            case UPLOAD_ERR_INI_SIZE:
                jb_custom_error_handler('upload', "The uploaded file exceeds the upload_max_filesize directive (" . ini_get("upload_max_filesize") . ") in php.ini.", __FILE__, __LINE__, $vars);
                break;
            case UPLOAD_ERR_FORM_SIZE:
                jb_custom_error_handler('upload', "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.", __FILE__, 0, $vars);
                break;
            case UPLOAD_ERR_PARTIAL:
                jb_custom_error_handler('upload', "The uploaded file was only partially uploaded.", __FILE__, 0, $vars);
                break;
            case UPLOAD_ERR_NO_FILE:
                jb_custom_error_handler('upload', "No file was uploaded.", __FILE__, __LINE__, $vars);
                break;
            case UPLOAD_ERR_NO_TMP_DIR:
                jb_custom_error_handler('upload', "Missing a temporary folder.", __FILE__, __LINE__, $vars);
                break;
            case UPLOAD_ERR_CANT_WRITE:
                jb_custom_error_handler('upload', "Failed to write file to disk", __FILE__, __LINE__, $vars);
                break;
            default:
                jb_custom_error_handler('upload', "Unknown File Error", __FILE__, __LINE__, $vars);
        }
    }
    return $new_name;
}
示例#2
0
<?php 
echo $label["c_alert_head2"];
?>
<p>
<?php 
echo $label["c_alert_intro"];
?>
 
</p>
<form method="post" action="alerts.php">
<input type="hidden" name="key" value="<?php 
echo JB_escape_html(JB_clean_str($_REQUEST['key']));
?>
">
<input type="hidden" name="id" value="<?php 
echo JB_escape_html(JB_clean_str($_REQUEST['id']));
?>
">
<table border="0" cellSpacing="1" cellPadding="3" class="dynamic_form" id='dynamic_form'>

<tr><td class="dynamic_form_field"><?php 
echo $label["c_alert_receive"];
?>
</td>
<td class="dynamic_form_value"><input type="radio" name="notification" <?php 
if ($notification == '1') {
    echo " checked ";
}
?>
 value="1"><?php 
echo $label["c_alert_yes"];
示例#3
0
function JB_merge_language_files($force_update = false)
{
    if (JB_DEMO_MODE == 'YES') {
        return;
    }
    global $label;
    // load in the main english_default labels
    $source_label = array();
    include_once jb_get_english_default_dir() . 'english_default.php';
    // the master lang/english_default
    $source_label = array_merge($source_label, $label);
    // default english labels
    unset($label);
    $label = array();
    $last_mtime = filemtime(jb_get_english_default_dir() . 'english_default.php');
    // load the english_default.php labels for all themes
    //
    global $JB_LANG_THEMES;
    $themes = $JB_LANG_THEMES;
    if (isset($_REQUEST['jb_theme'])) {
        // Admin->Main Config, Admin-> Languagess
        if (isset($_REQUEST['lang_code'])) {
            $lang = $_REQUEST['lang_code'];
            // comes from Admin->Languages
        } else {
            $lang = $_SESSION['LANG'];
        }
        $themes[$lang] = $_REQUEST['jb_theme'];
    }
    $themes = array_unique($themes);
    // get the english_default.php for each theme
    foreach ($themes as $key => $theme) {
        $theme_path = JB_get_theme_dir() . $theme . '/';
        if (file_exists($theme_path . 'lang/english_default.php')) {
            include $theme_path . 'lang/english_default.php';
            $source_label = array_merge($source_label, $label);
            // default english labels
            unset($label);
            $label = array();
            $m_time = filemtime($theme_path . "lang/english_default.php");
            if ($m_time > $last_mtime) {
                $last_mtime = $m_time;
            }
        }
    }
    if ($force_update) {
        $last_mtime = time();
    }
    // Now we should have all the source labels in $source_label and
    // last modification time in $last_mtime
    // Grab all the languages installed
    $sql = "SELECT * FROM lang  ";
    $result = JB_mysql_query($sql) or die(mysql_error());
    // Now merge the english_default.php strings with the language files
    while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
        // now that we have all the source labels, we can merge them with
        // the langauge file. Any key that is present in the source, but
        // not present
        if (is_writable(jB_get_lang_dir() . $row['lang_filename'])) {
            if ($last_mtime > filemtime(jB_get_lang_dir() . $row['lang_filename'])) {
                echo "Merging language strings for " . jb_escape_html($row['lang_filename']) . ".. <br>";
                // Now merge the english defaults with the langauge file
                include jB_get_lang_dir() . $row['lang_filename'];
                // customized labels
                $dest_label = array_merge($source_label, $label);
                $label = null;
                // write out the new file:
                $out = "<?php\n";
                $out .= "///////////////////////////////////////////////////////////////////////////\n";
                $out .= "// IMPORTANT NOTICE\n";
                $out .= "///////////////////////////////////////////////////////////////////////////\n";
                $out .= "// This file was generated by a script!\n";
                $out .= "// (JB_merge_language_files() function)\n";
                $out .= "// Please do not edit the language files by hand\n";
                $out .= "// - please always use the Language Translation / Editing tool found\n";
                $out .= "// in Admin->Languages\n";
                $out .= "// To add a new phrase for the \$label, please edit english_default.php, and\n";
                $out .= "// then vist Admin->Main Summary where the language files will be\n";
                $out .= "// automatically merged with this file.\n";
                $out .= "///////////////////////////////////////////////////////////////////////////\n";
                foreach ($dest_label as $key => $val) {
                    $val = str_replace("'", "\\'", $val);
                    $out .= "\$label['{$key}']='" . JB_clean_str($val) . "'; \n";
                }
                $out .= "?>\n";
                $handler = fopen(jB_get_lang_dir() . $row['lang_filename'], "w");
                fputs($handler, $out);
                fclose($handler);
            }
        } else {
            echo "<font color='red'><b>- " . jB_get_lang_dir() . $row['lang_filename'] . " file is not writable. Give write permissions (" . decoct(JB_NEW_FILE_CHMOD) . ") to " . jB_get_lang_dir() . $row['lang_filename'] . " file and then disable & re-enable this plugin</b></font><br>";
        }
    }
    if ($out) {
        echo " Done.<br>";
    }
}
function JB_save_skill_matrix_data($field_id, $object_id, $user_id)
{
    if ($object_id == '') {
        return false;
    }
    $row_count = JB_get_matrix_row_count($field_id);
    $sql = "DELETE FROM skill_matrix_data WHERE field_id='" . jb_escape_sql($field_id) . "' AND `object_id`='" . jb_escape_sql($object_id) . "' AND user_id='" . jb_escape_sql($user_id) . "' ";
    JB_mysql_query($sql) or die($sql . mysql_error());
    for ($i = 0; $i < $row_count; $i++) {
        // field id=110, row=0, user_id
        /* primary key is:
        		field_id
        		row
        		user_id
        		*/
        $sql = "REPLACE INTO skill_matrix_data (field_id, row, name, years, rating, object_id, user_id) values({$field_id}, {$i}, '" . JB_clean_str($_REQUEST[$field_id . "name" . $i]) . "', '" . jb_escape_sql($_REQUEST[$field_id . "years" . $i]) . "', '" . jb_escape_sql($_REQUEST[$field_id . "rating" . $i]) . "', '" . jb_escape_sql($object_id) . "', '" . jb_escape_sql($user_id) . "') ";
        if (trim($_REQUEST[$field_id . "name" . $i]) != '') {
            JB_mysql_query($sql) or die("[skill matrix]" . $sql . mysql_error());
        }
    }
}
示例#5
0
function JB_validate_employer_data($form_id)
{
    global $label;
    $errors = array();
    if ($_REQUEST['FirstName'] == false) {
        $errors[] = $label['employer_signup_error_name'];
    }
    if ($_REQUEST['LastName'] == false) {
        $errors[] = $label['employer_signup_error_ln'];
    }
    if ($_REQUEST['user_id'] == false) {
        if ($_REQUEST['Password'] != $_REQUEST['Password2']) {
            $errors[] = $label['employer_signup_error_pmatch'];
        }
        if ($_REQUEST['Username'] == false) {
            $errors[] = $label["employer_signup_error_user"];
        } else {
            $sql = "SELECT * FROM `employers` WHERE `Username`='" . jb_escape_sql($_REQUEST['Username']) . "' ";
            $result = JB_mysql_query($sql) or die(mysql_error() . $sql);
            $row = mysql_fetch_array($result, MYSQL_ASSOC);
            if ($row['Username'] != false) {
                $errors[] = str_replace('%username%', jb_escape_html($_REQUEST['Username']), $label['employer_signup_error_inuse']);
            } elseif (!preg_match('#^[a-z0-9À-ÿ\\-_\\.@]+$#Di', $_REQUEST['Username'])) {
                $errors[] = $label['employer_signup_error_uname'];
            }
        }
        if ($_REQUEST['Password'] == false) {
            $errors[] = $label["employer_signup_error_p"];
        } elseif (strlen(trim($_REQUEST['Password'])) < 6) {
            $errors[] = $label['employer_signup_error_pw_too_weak'];
        }
        if ($_REQUEST['Password2'] == false) {
            $errors[] = $label['employer_signup_error_p2'];
        }
    }
    if ($_REQUEST['Email'] == false) {
        $errors[] = $label["employer_signup_error_email"];
    } elseif (!JB_validate_mail($_REQUEST['Email'])) {
        $errors[] = $label['employer_signup_error_invemail'];
    } else {
        if ($_REQUEST['user_id'] == false) {
            // for new account signups, make sure the email does not already exist
            $result = JB_mysql_query("SELECT * from `employers` WHERE `Email`='" . jb_escape_sql($_REQUEST['Email']) . "'") or die(mysql_error());
            $row = mysql_fetch_array($result, MYSQL_ASSOC);
        }
        if ($row['Email'] != false) {
            $errors[] = $label['employer_signup_email_in_use'];
        }
    }
    if ($_REQUEST['user_id'] != false) {
        if (!is_numeric($_REQUEST['user_id'])) {
            return 'Invalid Input!';
        }
    }
    $_REQUEST['FirstName'] = JB_clean_str($_REQUEST['FirstName']);
    $_REQUEST['LastName'] = JB_clean_str($_REQUEST['LastName']);
    $_REQUEST['CompName'] = JB_clean_str($_REQUEST['CompName']);
    $_REQUEST['Username'] = JB_clean_str($_REQUEST['Username']);
    $_REQUEST['Email'] = JB_clean_str($_REQUEST['Email']);
    $_REQUEST['Newsletter'] = JB_clean_str($_REQUEST['Newsletter']);
    $_REQUEST['Notification1'] = JB_clean_str($_REQUEST['Notification1']);
    $_REQUEST['Notification2'] = JB_clean_str($_REQUEST['Notification2']);
    $_REQUEST['lang'] = JB_clean_str($_REQUEST['lang']);
    $error = '';
    JBPLUG_do_callback('valiate_employer_account', $error);
    if ($error) {
        $list = explode('<br>', $error);
        foreach ($list as $item) {
            $errors[] = $item;
        }
    }
    JBPLUG_do_callback('valiate_employer_account_array', $errors);
    // added in 3.6.6 ($errors is a list)
    $errors = $errors + JB_validate_form_data(4);
    return $errors;
}
示例#6
0
    }
    if (JB_request_was_made($candidate['ID'], $_SESSION['JB_ID']) == false && $error == '') {
        jb_add_new_request($candidate['ID'], $_SESSION['JB_ID'], 'REQUEST', $message);
        JB_mysql_query($sql) or die(mysql_error());
        $result = JB_mysql_query("SELECT * from `employers` where `ID`='" . $_SESSION['JB_ID'] . "' ") or die(mysql_error());
        $employer = mysql_fetch_array($result, MYSQL_ASSOC);
        $result = JB_get_email_template(4, $_SESSION['LANG']);
        $e_row = mysql_fetch_array($result, MYSQL_ASSOC);
        $EmailMessage = $e_row['EmailText'];
        //$from = $e_row[EmailFromAddress];
        //$from_name = $e_row[EmailFromName];
        $subject = $e_row['EmailSubject'];
        $EmailMessage = str_replace("%FNAME%", $candidate['FirstName'], $EmailMessage);
        $EmailMessage = str_replace("%LNAME%", $candidate['LastName'], $EmailMessage);
        $EmailMessage = str_replace("%EMPLOYER_NAME%", JB_clean_str($_REQUEST['from']), $EmailMessage);
        $EmailMessage = str_replace("%REPLY_TO%", JB_clean_str($_REQUEST['reply_to']), $EmailMessage);
        $EmailMessage = str_replace("%PERMIT_LINK%", JB_BASE_HTTP_PATH . JB_CANDIDATE_FOLDER . "permit.php?k=" . $key, $EmailMessage);
        $EmailMessage = str_replace("%SITE_NAME%", JB_SITE_NAME, $EmailMessage);
        $EmailMessage = str_replace("%MESSAGE%", $_REQUEST['message'], $EmailMessage);
        //echo $EmailMessage;
        $label["employer_request_letter_subject"] = str_replace("%SITE_NAME%", JB_SITE_NAME, $label["employer_request_letter_subject"]);
        $subject = $e_row['EmailSubject'];
        //$label["employer_request_letter_subject"];
        $to = $candidate['Email'];
        $reply_to = stripslashes($reply_to);
        $from = stripslashes($from);
        $email_id = JB_queue_mail($to, jb_get_formatted_name($candidate['FirstName'], $candidate['LastName']), $reply_to, $from, $subject, $EmailMessage, '', 4);
        JB_process_mail_queue(1, $email_id);
        $JBMarkup->ok_msg($label['employer_request_sent']);
    }
}
示例#7
0
function jb_get_config_definitions()
{
    $input = $_REQUEST;
    // do not allow evil tags
    foreach ($input as $key => $val) {
        $val = str_replace('\\', '\\\\', $input[$key]);
        // escape any '\' characters
        $input[$key] = str_replace('\'', "\\'", trim(JB_clean_str($val)));
        // escape ' characters
    }
    // clean the sensitive settings
    $input['jb_cache_driver'] = preg_replace('/[^a-z^0-9^-^_]+/i', '', $input['jb_cache_driver']);
    $input['jb_theme'] = preg_replace('/[^a-z^0-9^-^_]+/i', '', $input['jb_theme']);
    $input['jb_default_pay_meth'] = preg_replace('/[^a-z^0-9^-^_]+/i', '', $input['jb_default_pay_meth']);
    // process the lat and lng from a google map link
    // eg http://maps.google.com/maps?showlabs=1&ie=UTF8&ll=38.891033,-93.427734&spn=33.74472,73.740234&t=h&z=4
    if (preg_match('/&ll=(-?[0-9\\.\\+\\-]+),(-?[0-9\\.\\+\\-]+)?&/', $input['gmap_location'], $m)) {
        $input['gmap_lat'] = $m[1];
        $input['gmap_lng'] = $m[2];
    }
    if (!$input['jb_new_file_chmod']) {
        $input['jb_new_file_chmod'] = '0666';
    }
    if (!$input['jb_new_dir_chmod']) {
        $input['jb_new_dir_chmod'] = '0777';
    }
    if (!defined('JB_DEMO_MODE')) {
        define('JB_DEMO_MODE', 'NO');
    }
    $str = " \n\ndefine('JB_SITE_NAME',  '" . $input['site_name'] . "');\ndefine('JB_SITE_HEADING',  '" . $input['site_heading'] . "');\ndefine('JB_SITE_DESCRIPTION',  '" . $input['site_description'] . "');\ndefine('JB_SITE_KEYWORDS', '" . $input['site_keywords'] . "');\ndefine('JB_SITE_CONTACT_EMAIL', '" . $input['site_contact_email'] . "');\ndefine('JB_ADMIN_PASSWORD', '" . $input['admin_password'] . "');\ndefine('JB_THEME', '" . $input['jb_theme'] . "');\n\ndefine('JB_CRON_EMULATION_ENABLED', '" . $input['cron_emulation_enabled'] . "');\ndefine('JB_CRON_HTTP_ALLOW', '" . $input['cron_http_allow'] . "');\ndefine('JB_CRON_HTTP_USER', '" . $input['cron_http_user'] . "');\ndefine('JB_CRON_HTTP_PASS', '" . $input['cron_http_pass'] . "');\n\ndefine('JB_CACHE_ENABLED', '" . $input['jb_cache_enabled'] . "');\ndefine('JB_USE_SERIALIZE', '" . $input['use_serialize'] . "');\n\ndefine('JB_PLUGIN_SWITCH', '" . $input['jb_plugin_switch'] . "');\n// Paths and Locations\n\ndefine('JB_CANDIDATE_FOLDER', '" . $input['candidate_folder'] . "');\ndefine('JB_EMPLOYER_FOLDER', '" . $input['employer_folder'] . "');\n\n\ndefine('JB_IMG_MAX_WIDTH',  '" . intval($input['img_max_width']) . "');\ndefine('JB_KEEP_ORIGINAL_IMAGES',  '" . $input['jb_keep_original_images'] . "');\ndefine('JB_BIG_IMG_MAX_WIDTH',  '" . intval($input['big_img_max_width']) . "');\ndefine('JB_IMG_PATH',  '" . $input['img_path'] . "');\ndefine('JB_FILE_PATH',  '" . $input['file_path'] . "');\ndefine('JB_IM_PATH',  '" . $input['im_path'] . "');\ndefine('JB_USE_GD_LIBRARY',  '" . $input['use_gd_library'] . "');\n\ndefine('JB_RSS_FEED_PATH',  '" . $input['rss_feed_path'] . "');\ndefine('JB_RSS_FEED_LOGO',  '" . $input['rss_feed_logo'] . "');\n\ndefine('JB_NEW_FILE_CHMOD',  " . $input['jb_new_file_chmod'] . ");\ndefine('JB_NEW_DIR_CHMOD',  " . $input['jb_new_dir_chmod'] . ");\n\n\n\nif (isset(\$_SERVER['HTTPS']) && !empty(\$_SERVER['HTTPS']) && (strtolower(\$_SERVER['HTTPS']) != 'off')) {\n//if (true) {\n\tdefine('JB_SITE_LOGO_URL',  str_replace('http:', 'https:', '" . $input['site_logo_url'] . "'));\n\tdefine('JB_FILE_HTTP_PATH',  str_replace('http:', 'https:', '" . $input['file_http_path'] . "'));\n\tdefine('JB_BASE_HTTP_PATH',  str_replace('http:', 'https:', '" . $input['base_http_path'] . "'));\n\tdefine('JB_IMG_HTTP_PATH',  str_replace('http:', 'https:', '" . $input['img_http_path'] . "'));\n\t\n} else {\n\t\n\tdefine('JB_SITE_LOGO_URL', '" . $input['site_logo_url'] . "');\n\tdefine('JB_FILE_HTTP_PATH', '" . $input['file_http_path'] . "');\n\tdefine('JB_BASE_HTTP_PATH',  '" . $input['base_http_path'] . "');\n\tdefine('JB_IMG_HTTP_PATH', '" . $input['img_http_path'] . "');\n}\n\ndefine('JB_NAME_FORMAT', '" . $input['jb_name_format'] . "');\n// categories\n\ndefine('JB_CAT_PATH_ONLY_LEAF', '" . $input['jb_cat_path_only_leaf'] . "');\ndefine('JB_CAT_RSS_SWITCH', '" . $input['jb_cat_rss_switch'] . "');\ndefine('JB_SHOW_SUBCATS', '" . intval($input['show_subcats']) . "');\ndefine('JB_CAT_COLS_FP', '" . intval($input['cat_cols_fp']) . "');\ndefine('JB_CAT_COLS', '" . intval($input['cat_cols']) . "');\ndefine('JB_FORMAT_SUB_CATS', '" . $input['format_sub_cats'] . "');\ndefine('JB_SUB_CATEGORY_COLS', '" . intval($input['sub_category_cols']) . "');\ndefine('JB_CAT_NAME_CUTOFF', '" . $input['cat_name_cutoff'] . "');\ndefine('JB_CAT_NAME_CUTOFF_CHARS', '" . $input['cat_name_cutoff_chars'] . "');\ndefine('JB_INDENT_CATEGORY_LIST', '" . $input['indent_category_list'] . "');\ndefine('JB_CAT_SHOW_OBJ_COUNT', '" . $input['cat_show_obj_count'] . "');\ndefine('JB_MOD_REWRITE_REMOVE_ACCENTS', '" . $input['mod_rewrite_remove_accents'] . "');\ndefine('JB_CAT_MOD_REWRITE', '" . $input['cat_mod_rewrite'] . "');\ndefine('JB_JOB_MOD_REWRITE', '" . $input['job_mod_rewrite'] . "');\ndefine('JB_PRO_MOD_REWRITE', '" . $input['pro_mod_rewrite'] . "');\ndefine('JB_MOD_REWRITE_DIR', '" . $input['mod_rewrite_dir'] . "');\ndefine('JB_MOD_REWRITE_JOB_DIR', '" . $input['mod_rewrite_job_dir'] . "');\ndefine('JB_MOD_REWRITE_PRO_DIR', '" . $input['mod_rewrite_pro_dir'] . "');\ndefine('JB_JOB_PAGES_MOD_REWRITE', '" . $input['job_pages_mod_rewrite'] . "');\ndefine('JB_MOD_REWRITE_JOB_PAGES_PREFIX', '" . $input['mod_rewrite_job_pages_prefix'] . "');\n// data cleaning\ndefine('JB_STRIP_HTML', 'YES');\ndefine('JB_STRIP_LATIN1', '" . $input['strip_latin1'] . "');\ndefine('JB_BREAK_LONG_WORDS', '" . $input['break_long_words'] . "');\ndefine('JB_LNG_MAX', '" . intval($input['lng_max']) . "');\ndefine('JB_CLEAN_STRINGS', '" . $input['clean_strings'] . "');\ndefine('JB_ALLOWED_EXT', '" . trim($input['allowed_ext']) . "');\ndefine('JB_ALLOWED_IMG', '" . trim($input['allowed_img']) . "');\ndefine('JB_MAX_UPLOAD_BYTES', '" . intval($input['max_upload_bytes']) . "');\n\n// features\ndefine('JB_CAN_LANG_ENABLED', '" . $input['can_lang_enabled'] . "');\ndefine('JB_EMP_LANG_ENABLED', '" . $input['emp_lang_enabled'] . "');\ndefine('JB_MAP_DISABLED', '" . $input['map_disabled'] . "');\n\ndefine('JB_GMAP_LOCATION', '" . $input['gmap_location'] . "');\ndefine('JB_GMAP_LAT', '" . $input['gmap_lat'] . "');\ndefine('JB_GMAP_LNG', '" . $input['gmap_lng'] . "');\ndefine('JB_GMAP_ZOOM', '" . $input['gmap_zoom'] . "');\ndefine('JB_GMAP_SHOW_IF_MAP_EMPTY', '" . $input['gmap_show_if_map_empty'] . "');\ndefine('JB_PIN_IMAGE_FILE', '" . $input['pin_image_file'] . "');\ndefine('JB_MAP_IMAGE_FILE', '" . $input['map_image_file'] . "');\ndefine('JB_PREVIEW_RESUME_IMAGE', '" . $input['preview_resume_image'] . "');\ndefine('JB_BAD_WORD_FILTER', '" . $input['bad_word_filter'] . "');\ndefine('JB_BAD_WORDS', '" . trim($input['bad_words']) . "');\ndefine('JB_ONLINE_APP_ENABLED', '" . $input['online_app_enabled'] . "');\ndefine('JB_APP_CHOICE_SWITCH', '" . $input['jb_app_choice_switch'] . "');\n\ndefine('JB_RESUME_REPLY_ENABLED', '" . $input['resume_reply_enabled'] . "');\ndefine('JB_FIELD_BLOCK_APP_SWITCH', '" . $input['field_block_app_switch'] . "');\n\ndefine('JB_JOB_ALERTS_ENABLED', '" . $input['job_alerts_enabled'] . "');\ndefine('JB_RESUME_ALERTS_ENABLED', '" . $input['resume_alerts_enabled'] . "');\n\ndefine('JB_JOB_ALERTS_DAYS', '" . intval($input['job_alerts_days']) . "');\n\ndefine('JB_RESUME_ALERTS_DAYS', '" . intval($input['resume_alerts_days']) . "');\ndefine('JB_TAF_ENABLED', '" . $input['taf_enabled'] . "');\ndefine('JB_SAVE_JOB_ENABLED', '" . $input['save_job_enabled'] . "');\ndefine('JB_SHOW_PREMIUM_LIST', '" . $input['jb_show_premium_list'] . "');\ndefine('JB_DONT_REPEAT_PREMIUM', '" . $input['jb_dont_repeat_premium'] . "');\ndefine('JB_ONLINE_APP_SIGN_IN', '" . $input['online_app_sign_in'] . "');\ndefine('JB_ONLINE_APP_EMAIL_ADMIN', '" . $input['online_app_email_admin'] . "');\ndefine('JB_ONLINE_APP_EMAIL_PREMIUM', '" . $input['online_app_email_premium'] . "');\ndefine('JB_ONLINE_APP_EMAIL_STD', '" . $input['online_app_email_std'] . "');\ndefine('JB_ONLINE_APP_REVEAL_PREMIUM', '" . $input['online_app_reveal_premium'] . "');\ndefine('JB_ONLINE_APP_REVEAL_STD', '" . $input['online_app_reveal_std'] . "');\ndefine('JB_ONLINE_APP_REVEAL_RESUME', '" . $input['online_app_reveal_resume'] . "');\ndefine('JB_TAF_SIGN_IN', '" . $input['taf_sign_in'] . "');\ndefine('JB_ANON_RESUME_ENABLED', '" . $input['anon_resume_enabled'] . "');\ndefine('JB_FIELD_BLOCK_SWITCH', '" . $input['field_block_switch'] . "');\ndefine('JB_MEMBER_FIELD_SWITCH', '" . $input['member_field_switch'] . "');\ndefine('JB_MEMBER_FIELD_IGNORE_PREMIUM', '" . $input['jb_member_field_ignore_premium'] . "');\ndefine('JB_NEED_SUBSCR_FOR_REQUEST', '" . $input['need_subscr_for_request'] . "');\ndefine('JB_JOB_ALERTS_ACTIVE_DAYS', '" . intval($input['job_alerts_active_days']) . "');\ndefine('JB_JOB_ALERTS_ITEMS', '" . intval($input['job_alerts_items']) . "');\ndefine('JB_RESUME_ALERTS_ACTIVE_DAYS', '" . intval($input['resume_alerts_active_days']) . "');\ndefine('JB_RESUME_ALERTS_ITEMS', '" . intval($input['resume_alerts_items']) . "');\ndefine('JB_RESUME_ALERTS_SUB_IGNORE', '" . $input['jb_resume_alerts_sub_ignore'] . "');\ndefine('JB_CODE_ORDER_BY', '" . $input['jb_code_order_by'] . "');\n// Database\ndefine('JB_MYSQL_HOST', '" . $input['jb_mysql_host'] . "');\ndefine('JB_MYSQL_USER', '" . $input['jb_mysql_user'] . "');\ndefine('JB_MYSQL_PASS', '" . $input['jb_mysql_pass'] . "');\ndefine('JB_MYSQL_DB', '" . $input['jb_mysql_db'] . "');\n//date & time\ndefine('JB_DATE_FORMAT', '" . $input['date_format'] . "');\ndefine('JB_GMT_DIF', '" . $input['gmt_dif'] . "');\n\ndefine('JB_SCW_INPUT_SEQ', '" . $input['scw_input_seq'] . "');\ndefine('JB_SCW_DATE_FORMAT', '" . $input['scw_date_format'] . "');\n\n\ndefine('JB_DATE_INPUT_SEQ', '" . $input['date_input_seq'] . "');\n// Accounts permissions\ndefine('JB_CA_NEEDS_ACTIVATION',  '" . $input['ca_needs_activation'] . "');\ndefine('JB_EM_NEEDS_ACTIVATION',  '" . $input['em_needs_activation'] . "');\ndefine('JB_FREE_POST_LIMIT', '" . $input['free_post_limit'] . "');\ndefine('JB_FREE_POST_LIMIT_MAX', '" . intval($input['free_post_limit_max']) . "');\ndefine('JB_BEGIN_PREMIUM_CREDITS', '" . intval($input['begin_premium_credits']) . "');\ndefine('JB_BEGIN_STANDARD_CREDITS', '" . intval($input['begin_standard_credits']) . "');\ndefine('JB_ALLOW_ADMIN_LOGIN', '" . $input['allow_admin_login'] . "');\n\n\n// menu\ndefine('JB_CANDIDATE_MENU_TYPE', '" . $input['candidate_menu_type'] . "');\ndefine('JB_EMPLOYER_MENU_TYPE', '" . $input['employer_menu_type'] . "');\n//search form\ndefine('JB_SEARCH_FORM_LAYOUT', '" . $input['search_form_layout'] . "');\n\ndefine('JB_SUBSCRIPTION_FEE_ENABLED', '" . $input['subscription_fee_enabled'] . "');\ndefine('JB_POSTING_FEE_ENABLED', '" . $input['posting_fee_enabled'] . "');\ndefine('JB_PREMIUM_AUTO_UPGRADE', '" . $input['premium_auto_upgrade'] . "');\n\ndefine('JB_CANDIDATE_MEMBERSHIP_ENABLED',  '" . $input['candidate_membership_enabled'] . "');\ndefine('JB_EMPLOYER_MEMBERSHIP_ENABLED',  '" . $input['employer_membership_enabled'] . "');\ndefine('JB_PREMIUM_POSTING_FEE_ENABLED', '" . $input['premium_posting_fee_enabled'] . "');\ndefine('JB_INVOICE_ID_START', '" . intval($input['invoice_id_start']) . "');\ndefine('JB_DEFAULT_PAY_METH', '" . $input['jb_default_pay_meth'] . "');\n\n// Posts...\ndefine('JB_POSTS_NEED_APPROVAL', '" . $input['posts_need_approval'] . "');\ndefine('JB_POSTS_PER_PAGE', '" . intval($input['posts_per_page']) . "');\ndefine('JB_POSTS_PER_RSS', '" . intval($input['posts_per_rss']) . "');\ndefine('JB_PREMIUM_POSTS_PER_PAGE', '" . intval($input['premium_posts_per_page']) . "');\ndefine('JB_PREMIUM_POSTS_LIMIT', '" . $input['premium_posts_limit'] . "');\ndefine('JB_P_POSTS_DISPLAY_DAYS', '" . intval($input['p_posts_display_days']) . "');\n\ndefine('JB_POSTS_DISPLAY_DAYS', '" . intval($input['posts_display_days']) . "');\ndefine('JB_POSTS_DESCRIPTION_CHARS', '" . intval($input['posts_description_chars']) . "');\ndefine('JB_POSTS_SHOW_DESCRIPTION', '" . $input['posts_show_description'] . "');\ndefine('JB_POSTS_SHOW_JOB_TYPE', '" . $input['posts_show_job_type'] . "');\ndefine('JB_POSTS_SHOW_POSTED_BY', '" . $input['posts_show_posted_by'] . "');\ndefine('JB_POSTS_SHOW_POSTED_BY_BR', '" . $input['posts_show_posted_by_br'] . "');\ndefine('POSTS_SHOW_CATEGORY', '" . $input['posts_show_category'] . "');\ndefine('POSTS_SHOW_CATEGORY_BR', '" . $input['posts_show_category_br'] . "');\ndefine('JB_POSTS_SHOW_DAYS_ELAPSED', '" . $input['posts_show_days_elapsed'] . "');\n\ndefine('JB_P_POSTS_SHOW_DAYS_ELAPSED', '" . $input['p_posts_show_days_elapsed'] . "');\ndefine('JB_SHOW_PREMIUM_HITS', '" . $input['show_premium_hits'] . "');\ndefine('JB_MANAGER_POSTS_PER_PAGE', '" . intval($input['manager_posts_per_page']) . "');\ndefine('JB_POSTING_FORM_HEIGHT', '" . intval($input['posting_form_height']) . "');\n\n// Resumes\ndefine('JB_RESUMES_NEED_APPROVAL', '" . $input['resumes_need_approval'] . "');\ndefine('JB_RESUMES_PER_PAGE', '" . intval($input['resumes_per_page']) . "');\ndefine('JB_RESUME_REQUEST_SWITCH', '" . $input['resume_request_switch'] . "');\n\n// Email\n\ndefine('JB_USE_MAIL_FUNCTION', '" . $input['use_mail_function'] . "');\ndefine('JB_EMAIL_HOSTNAME', '" . $input['email_hostname'] . "');\ndefine('JB_EMAIL_SMTP_SERVER', '" . $input['email_smtp_server'] . "');\ndefine('JB_EMAIL_POP_SERVER', '" . $input['email_pop_server'] . "');\ndefine('JB_EMAIL_SMTP_USER', '" . $input['email_smtp_user'] . "');\ndefine('JB_EMAIL_SMTP_PASS', '" . $input['email_smtp_pass'] . "');\ndefine('JB_EMAIL_SMTP_AUTH_HOST', '" . $input['email_smtp_auth_host'] . "');\ndefine('JB_EMAIL_SMTP_PORT', '" . intval($input['email_smtp_port']) . "');\ndefine('JB_POP3_PORT', '" . intval($input['pop3_port']) . "');\ndefine('JB_EMAIL_SIG_SWITCH', '" . $input['email_sig_switch'] . "');\ndefine('JB_EMAIL_ADMIN_RECEIPT_SWITCH', '" . $input['email_admin_receipt_switch'] . "');\ndefine('JB_EMAIL_ORDER_COMPLETED_SWITCH', '" . $input['email_order_completed_switch'] . "');\ndefine('JB_EMAIL_MEMBER_EXP_SWITCH', '" . $input['email_member_exp_switch'] . "');\ndefine('JB_EMAIL_SUBSCR_EXP_SWITCH', '" . $input['email_subscr_exp_switch'] . "');\ndefine('JB_EMAIL_CANDIDATE_RECEIPT_SWITCH', '" . $input['email_candidate_receipt_switch'] . "');\ndefine('JB_EMAIL_DEBUG_SWITCH', '" . $input['email_debug_switch'] . "');\ndefine('EMAIL_URL_SHORTEN', '" . $input['email_url_shorten'] . "');\ndefine('JB_EMAIL_EMPLOYER_SIGNUP_SWITCH', '" . $input['email_employer_signup_switch'] . "');\ndefine('JB_EMAIL_CANDIDATE_SIGNUP_SWITCH', '" . $input['jb_email_candidate_signup_switch'] . "');\ndefine('JB_EMAIL_EMP_SIGNUP', '" . $input['jb_email_emp_signup'] . "');\ndefine('JB_EMAIL_CAN_SIGNUP', '" . $input['jb_email_can_signup'] . "');\ndefine('JB_EMAIL_AT_REPLACE', '" . $input['email_at_replace'] . "');\ndefine('JB_EMAIL_NEW_POST_SWITCH', '" . $input['email_new_post_switch'] . "');\ndefine('JB_EMAILS_PER_BATCH', '" . intval($input['emails_per_batch']) . "');\ndefine('JB_EMAILS_MAX_RETRY', '" . intval($input['emails_max_retry']) . "');\ndefine('JB_EMAILS_ERROR_WAIT', '" . intval($input['emails_error_wait']) . "');\ndefine('JB_EMAILS_DAYS_KEEP', '" . intval($input['emails_days_keep']) . "');\ndefine('JB_EMAIL_POP_BEFORE_SMTP', '" . $input['email_pop_before_smtp'] . "');\ndefine('JB_EMAIL_SMTP_SSL', '" . $input['jb_email_smtp_ssl'] . "');\ndefine('JB_ENABLED_PLUGINS', '" . $input['jb_enabled_plugins'] . "');\ndefine('JB_PLUGIN_CONFIG', '" . str_replace('\'', '\\\'', JB_PLUGIN_CONFIG) . "');\ndefine('JB_EMAIL_ADMIN_RESUPDATE_SWITCH', '" . $input['jb_email_admin_resupdate_switch'] . "');\ndefine('JB_EMAIL_ADMIN_NEWORD_SWITCH', '" . $input['jb_email_admin_neword_switch'] . "');\ndefine('JB_EMAIL_POST_EXP_SWITCH', '" . $input['jb_email_post_exp_switch'] . "');\ndefine('JB_EMAIL_POST_APPR_SWITCH', '" . $input['jb_email_post_appr_switch'] . "');\ndefine('JB_EMAIL_POST_DISAPP_SWITCH', '" . $input['jb_email_post_disapp_switch'] . "');\ndefine('JB_CRON_LIMIT', '" . $input['jb_cron_limit'] . "');\ndefine('JB_LIST_HOVER_COLOR', '" . $input['jb_list_hover_color'] . "');\ndefine('JB_LIST_BG_COLOR', '" . $input['jb_list_bg_color'] . "');\ndefine('JB_SET_CUSTOM_ERROR', '" . $input['jb_set_custom_error'] . "');\ndefine('JB_DEMO_MODE', '" . JB_DEMO_MODE . "');\ndefine('JB_MEMCACHE_HOST', '" . $input['jb_memcache_host'] . "');\ndefine('JB_MEMCACHE_PORT', '" . $input['jb_memcache_port'] . "');\ndefine('JB_MEMCACHE_COMPRESSED', '" . $input['jb_memcache_compressed'] . "');\ndefine('JB_CACHE_DRIVER', '" . $input['jb_cache_driver'] . "');\ndefine('JB_POSTS_SHOW_JOB_TYPE_BR', '" . $input['posts_show_job_type_br'] . "');\n\n\n\n\t";
    JBPLUG_do_callback('set_edit_config_str', $str);
    //A plugin can modify the $val
    return $str;
}
示例#8
0
$JBMarkup->charset_meta_tag();
// character set
$JBMarkup->no_robots_meta_tag();
// do not follow, do not index
$JBMarkup->head_close();
$JBMarkup->body_open('style="background-color:white"');
$submit = JB_clean_str($_REQUEST['submit']);
$post_id = (int) $_REQUEST['post_id'];
$url = JB_clean_str($_REQUEST['url']);
// Assume quotes is always On, we need to strip slashes.
$subject = JB_clean_str(stripslashes($_REQUEST['subject']));
$message = JB_clean_str(stripslashes($_REQUEST['message']));
$your_name = JB_clean_str(stripslashes($_REQUEST['your_name']));
$your_email = JB_clean_str(stripslashes($_REQUEST['your_email']));
$to_email = JB_clean_str(stripslashes($_REQUEST['to_email']));
$to_name = JB_clean_str(stripslashes($_REQUEST['to_name']));
if (strlen(trim($to_name)) == 0) {
    $to_name = $to_email;
}
if (strlen(trim($your_name)) == 0) {
    $your_name = JB_get_formatted_name($_SESSION['JB_FirstName'], $_SESSION['JB_LastName']);
}
if (strlen(trim($your_email)) == 0) {
    //$your_email =
    $sql = "SELECT Email from users WHERE ID='" . jb_escape_sql($_SESSION['JB_ID']) . "'";
    $result = jb_mysql_query($sql);
    if (mysql_num_rows($result)) {
        $your_email = array_pop(mysql_fetch_row($result));
    }
}
if ($submit != '') {
示例#9
0
function JB_validate_profile_data($form_id)
{
    $error = '';
    $errors = array();
    // Make sure they are numeric
    if ($_REQUEST['profile_id'] != '') {
        if (!is_numeric($_REQUEST['profile_id'])) {
            return 'Invalid Input!';
        }
    }
    if ($_REQUEST['user_id'] != '') {
        if (!is_numeric($_REQUEST['user_id'])) {
            return 'Invalid Input!';
        }
    }
    $_REQUEST['profile_date'] = JB_clean_str($_REQUEST['profile_date']);
    $error = '';
    JBPLUG_do_callback('JB_insert_profile_data', $error);
    // deprecated, use JB_insert_profile_data_array
    if ($error) {
        $list = explode('<br>', $error);
        foreach ($list as $item) {
            $errors[] = $item;
        }
    }
    JBPLUG_do_callback('JB_insert_profile_data_array', $errors);
    // added in 3.6.6
    $errors = $errors + JB_validate_form_data(3);
    return $errors;
}
示例#10
0
function JB_validate_resume_data($form_id)
{
    global $label;
    $errors = array();
    // Make sure they are numeric
    if ($_REQUEST['resume_id'] != '') {
        if (!is_numeric($_REQUEST['resume_id'])) {
            return 'Invalid Input!';
        }
    }
    // Make sure they are numeric
    if ($_REQUEST['user_id'] != '') {
        if (!is_numeric($_REQUEST['user_id'])) {
            return 'Invalid Input!';
        }
    }
    $_REQUEST['list_on_web'] = JB_clean_str($_REQUEST['list_on_web']);
    $_REQUEST['resume_date'] = JB_clean_str($_REQUEST['resume_date']);
    $_REQUEST['anon'] = JB_clean_str($_REQUEST['anon']);
    $_REQUEST['approved'] = JB_clean_str($_REQUEST['approved']);
    JBPLUG_do_callback('validate_resume_data_array', $errors);
    // added in 3.6.6 to replace validate_resume_data. $errors is a list of reasons why the form cannot be saved
    $error = false;
    JBPLUG_do_callback('validate_resume_data', $error);
    // deprecated, use validate_resume_data_array instead
    if ($error) {
        $list = explode('<br>', $error);
        // in the old version, $error was just a string separated by <br>'s
        foreach ($list as $item) {
            $errors[] = $item;
        }
    }
    $errors = $errors + JB_validate_form_data(2);
    return $errors;
}
示例#11
0
                     // not anonymous
                     JB_send_request_granted_email($user_id, $PForm->get_value('user_id'));
                 }
             }
         }
     } else {
         $is_anon = 'N';
     }
 }
 // strip slashes from data before sending it by email
 // (Jamit job board adds slashes regardless of PHP config)
 $app_letter = stripslashes(JB_clean_str($_REQUEST['app_letter']));
 $app_subject = stripslashes(JB_clean_str($_REQUEST['app_subject']));
 $app_name = stripslashes(JB_clean_str($_REQUEST['app_name']));
 $to_name = stripslashes(JB_clean_str($POSTED_BY));
 $to_address = stripslashes(JB_clean_str($EMAIL));
 /*
  *  Trying to guess your e-mail address.
  *  It is better that you change this line to your address explicitly.
  *  $from_address="*****@*****.**";
  *  $from_name="My Name";
  */
 $from_address = $app_email;
 $from_name = $app_name;
 $reply_name = $app_name;
 $reply_address = $app_email;
 $text_message = $app_letter;
 // Assign the Application template
 $e_result = JB_get_email_template(12, $_SESSION['LANG']);
 // html alert template
 if (mysql_num_rows($e_result) > 0) {
示例#12
0
if (trim($e_row['CompName']) != '') {
    $EMPLOYER_NAME = $e_row['CompName'];
} else {
    $EMPLOYER_NAME = jb_get_formatted_name($e_row['FirstName'], $e_row['LastName']);
}
$EMPLOYER_NAME = trim(strip_tags($EMPLOYER_NAME));
// just to make sure.
if (JB_EMAIL_SIG_SWITCH == "YES") {
    $sig = "\n\n---\n" . $label["em_email_sent_from_sig"] . JB_SITE_NAME;
    $sig_html = "<p>---<br>" . $label["em_email_sent_from_sig"] . JB_SITE_NAME;
}
$apply = $_REQUEST['apply'];
$email_letter = JB_clean_str(trim($_REQUEST['email_letter']));
$c_email = JB_clean_str(trim($_REQUEST['c_email']));
$c_name = JB_clean_str(trim($_REQUEST['c_name']));
$email_subject = JB_clean_str(trim($_REQUEST['email_subject']));
$success = false;
if ($apply != '') {
    if ($email_letter == '') {
        $error .= $label['em_letter_error'] . "<br>";
    }
    if ($c_email == '') {
        $error .= $label['em_email_error'] . "<br>";
    } elseif (!JB_validate_mail($c_email)) {
        $error .= $label['em_email_invalid'] . "<br>";
    }
    if ($c_name == '') {
        $error .= $label["em_name_error"] . "<br>";
    }
    if ($error != '') {
        $JBMarkup->error_msg($label['em_error']);
示例#13
0
function JB_saveImage($field_id, $user_id = false)
{
    if ($user_id === false) {
        $user_id = $_SESSION['JB_ID'];
    }
    $a = explode(".", JB_clean_str($_FILES[$field_id]['name']));
    if (sizeof($a) < 2) {
        // must have name and extension
        return false;
    }
    $ext = strtolower(array_pop($a));
    $name = strtolower(array_shift($a));
    if (!$name) {
        return false;
    }
    $name = $user_id . "_" . $name;
    // prefix the file with the user id
    $name = preg_replace('#[^a-z^0-9]+#i', "_", $name);
    // strip out unwanted characters
    $ext = preg_replace('#[^a-z^0-9]+#i', "_", $ext);
    // strip out unwanted characters
    $new_name = $name . time() . "." . $ext;
    //$new_name = $name.".".$ext;
    $uploadfile = jb_provision_archive_path($new_name, 'IMAGE');
    $thumbfile = jb_provision_archive_path($new_name, 'THUMB');
    if (strpos(strtoupper(PHP_OS), 'WIN') !== false) {
        // sometimes the dir can have double slashes on Win, remove 'em
        $_FILES[$field_id]['tmp_name'] = str_replace('\\\\', '\\', $_FILES[$field_id]['tmp_name']);
    }
    if (move_uploaded_file($_FILES[$field_id]['tmp_name'], $uploadfile)) {
        //if unix, update permissions
        chmod($uploadfile, JB_NEW_FILE_CHMOD);
        // plugins can hook here to do extra processing on the file
        JBPLUG_do_callback('save_image', $uploadfile, $field_id, $user_id);
    } else {
        //echo htmlentities('Could not move the image form the temp directory.  (FROM: '.$_FILES[$field_id]['tmp_name'].' ->> TO: '.$uploadfile.') ').PHP_OS."<br>\n";
        switch ($_FILES[$field_id]["error"]) {
            case UPLOAD_ERR_OK:
                jb_custom_error_handler('upload', "Uploaded the file OK, but the move failed", __FILE__, __LINE__, $vars);
                break;
            case UPLOAD_ERR_INI_SIZE:
                jb_custom_error_handler('upload', "The uploaded file exceeds the upload_max_filesize directive (" . ini_get("upload_max_filesize") . ") in php.ini.", __FILE__, __LINE__, $vars);
                break;
            case UPLOAD_ERR_FORM_SIZE:
                jb_custom_error_handler('upload', "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.", __FILE__, 0, $vars);
                break;
            case UPLOAD_ERR_PARTIAL:
                jb_custom_error_handler('upload', "The uploaded file was only partially uploaded.", __FILE__, 0, $vars);
                break;
            case UPLOAD_ERR_NO_FILE:
                jb_custom_error_handler('upload', "No file was uploaded.", __FILE__, __LINE__, $vars);
                break;
            case UPLOAD_ERR_NO_TMP_DIR:
                jb_custom_error_handler('upload', "Missing a temporary folder.", __FILE__, __LINE__, $vars);
                break;
            case UPLOAD_ERR_CANT_WRITE:
                jb_custom_error_handler('upload', "Failed to write file to disk", __FILE__, __LINE__, $vars);
                break;
            default:
                jb_custom_error_handler('upload', "Unknown File Error", __FILE__, __LINE__, $vars);
        }
    }
    // resize
    JB_gd_resize_image($field_id, $uploadfile, $thumbfile);
    // use GD Library
    @chmod($thumbfile, JB_NEW_FILE_CHMOD);
    if (JB_KEEP_ORIGINAL_IMAGES == 'YES') {
        // resize the original image.
        if (!defined('JB_BIG_IMG_MAX_WIDTH')) {
            define('JB_BIG_IMG_MAX_WIDTH', 1000);
        }
        JB_gd_resize_image($field_id, $uploadfile, $thumbfile . '.tmp', JB_BIG_IMG_MAX_WIDTH);
        // use GD Library
        unlink($uploadfile);
        // move the original image to the upload_files/images/ directory
        copy($thumbfile . '.tmp', $uploadfile);
        unlink($thumbfile . '.tmp');
    } else {
        @unlink($uploadfile);
        // delete the original file.
    }
    return $new_name;
}
示例#14
0
		<td width="118">Message (text)</td>
		<td width="322"></td>
	</tr>
	<tr>
		<td colspan="2"><pre><?php 
echo JB_escape_html($row['message']);
?>
</pre></td>
	</tr>
	<tr>
		<td width="118">Message (HTML)</td>
		<td width="322"></td>
	</tr>
	<tr>
		<td colspan="2"><?php 
echo JB_clean_str($row['html_message']);
?>
</td>
	</tr>
	<tr>
		<td width="118">Attachments</td>
		<td width="322"><?php 
echo JB_escape_html($row['att1_name']);
?>
<br>
		<?php 
echo JB_escape_html($row['att2_name']);
?>
<br>
		<?php 
echo JB_escape_html($row['att3_name']);
示例#15
0
function JBPLUG_merge_english_default_files()
{
    JBPLUG_require_all_plugins();
    global $_JB_PLUGINS;
    $source_label = array();
    // load in the main english_default labels
    include_once jb_get_english_default_dir() . "english_default.php";
    // the master lang/english_default
    $source_label = array_merge($source_label, $label);
    // default english labels
    $label = array();
    $last_mtime = filemtime(jb_get_english_default_dir() . "english_default.php");
    $sql = "SELECT * FROM lang  ";
    $result = JB_mysql_query($sql);
    // Now merge the english_default.php strings with the language files
    while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
        echo "Merging language strings for " . jb_escape_html($row['lang_filename']) . "..<br>";
        /// for each of the plugins, load in the plugin's english default
        foreach ($_JB_PLUGINS as $class => $obj) {
            $plugin_english_default_path = dirname(__FILE__) . "/plugins/{$class}/lang/english_default.php";
            if (!file_exists($plugin_english_default_path)) {
                continue;
                // skip
            }
            include_once $plugin_english_default_path;
            // load the labels from the plugins
            $source_label = array_merge($source_label, $label);
            $label = array();
            $m_time = filemtime($plugin_english_default_path);
            if ($m_time > $last_mtime) {
                $last_mtime = $m_time;
            }
        }
        // now that we have all the source labels, we can merge them with
        // the langauge file. Any key that is present in the source, but
        // not present in the language file then we merge it.
        if (is_writable(jB_get_lang_dir() . $row['lang_filename'])) {
            if ($last_mtime > filemtime(jB_get_lang_dir() . $row['lang_filename'])) {
                // Now merge the english defaults with the langauge file
                include jB_get_lang_dir() . $row['lang_filename'];
                // customized labels
                $dest_label = array_merge($source_label, $label);
                $label = array();
                // write out the new file:
                $out = "<?php\n";
                $out .= "///////////////////////////////////////////////////////////////////////////\n";
                $out .= "// IMPORTANT NOTICE\n";
                $out .= "///////////////////////////////////////////////////////////////////////////\n";
                $out .= "// This file was generated by a script!\n";
                $out .= "// (JBPLUG_merge_english_default_files() function)\n";
                $out .= "// Please do not edit the language files by hand\n";
                $out .= "// - please always use the Language Translation / Editing tool found\n";
                $out .= "// in Admin->Languages\n";
                $out .= "// To add a new phrase for the \$label, please edit english_default.php, and\n";
                $out .= "// then vist Admin->Main Summary where the language files will be\n";
                $out .= "// automatically merged with this file.\n";
                $out .= "///////////////////////////////////////////////////////////////////////////\n";
                foreach ($dest_label as $key => $val) {
                    $val = str_replace("'", "\\'", $val);
                    $out .= "\$label['{$key}']='" . JB_clean_str($val) . "'; \n";
                }
                $out .= "?>\n";
                $handler = fopen(jB_get_lang_dir() . $row['lang_filename'], "w");
                fputs($handler, $out);
                fclose($handler);
            }
        } else {
            echo "<font color='red'><b>- " . jB_get_lang_dir() . $row['lang_filename'] . " file is not writable. Give write permissions (" . decoct(JB_NEW_FILE_CHMOD) . ") to " . jB_get_lang_dir() . $row['lang_filename'] . " file and then disable & re-enable this plugin</b></font><br>";
        }
        echo " Done.<br>";
    }
}
示例#16
0
function JB_validate_post_data($insert_mode = 'EMPLOYER')
{
    global $label;
    $error = '';
    $errors = array();
    /*
    Only check for credits if posted by employer
    */
    if ($insert_mode == 'EMPLOYER' && $_REQUEST['post_id'] == false) {
        $sql = "select * from employers where ID='" . jb_escape_sql($_SESSION['JB_ID']) . "'";
        $result = JB_mysql_query($sql) or die(mysql_error());
        $row = mysql_fetch_array($result, MYSQL_ASSOC);
        $_PRIVILEGED_USER = JB_is_privileged_user($_SESSION['JB_ID'], $_REQUEST['post_mode']);
        if ($_REQUEST['type'] != 'premium') {
            if (JB_POSTING_FEE_ENABLED == 'YES' && !$_PRIVILEGED_USER) {
                // check standard credits
                $posts = JB_get_num_posts_remaining($_SESSION['JB_ID']);
                if ($posts < 1 && $posts != -1) {
                    $errors[] = $label['post_no_credits'];
                    return $errors;
                }
            }
        } else {
            if (JB_PREMIUM_POSTING_FEE_ENABLED == 'YES' && !$_PRIVILEGED_USER) {
                // check standard credits
                $p_posts = JB_get_num_premium_posts_remaining($_SESSION['JB_ID']);
                if ($p_posts < 1 && $p_posts != -1) {
                    $errors[] = $label['post_no_credits'];
                    return $errors;
                }
            }
        }
    }
    if ($insert_mode != 'EMPLOYER') {
        $_PRIVILEGED_USER = true;
    }
    // Make sure they are numeric
    if ($_REQUEST['post_id'] != '') {
        if (!is_numeric($_REQUEST['post_id'])) {
            return 'Invalid Input!';
        }
    }
    if ($_REQUEST['user_id'] != '') {
        if (!is_numeric($_REQUEST['user_id'])) {
            return 'Invalid Input!';
        }
    }
    if ($_REQUEST['pin_x'] != '') {
        if (!is_numeric($_REQUEST['pin_x'])) {
            return 'Invalid Input!';
        }
    }
    if ($_REQUEST['pin_y'] != '') {
        if (!is_numeric($_REQUEST['pin_y'])) {
            return 'Invalid Input!';
        }
    }
    // app_type and app_url
    if ($_REQUEST['app_type'] == 'R') {
        // check the url.
        $_REQUEST['app_url'] = trim($_REQUEST['app_url']);
        $_REQUEST['app_url'] = JB_clean_str($_REQUEST['app_url']);
        if ($_REQUEST['app_url'] == false) {
            $errors[] = $label['post_save_app_url_blank'];
        } elseif (strpos($_REQUEST['app_url'], 'http://') === false && strpos($_REQUEST['app_url'], 'https://') === false) {
            $errors[] = $label['post_save_app_url_bad'];
        }
    }
    // clean any undesired input, leave nothing to chance
    $_REQUEST['post_date'] = JB_clean_str($_REQUEST['post_date']);
    $_REQUEST['post_mode'] = JB_clean_str($_REQUEST['post_mode']);
    $_REQUEST['approved'] = JB_clean_str($_REQUEST['approved']);
    $_REQUEST['expired'] = JB_clean_str($_REQUEST['expired']);
    $error = '';
    JBPLUG_do_callback('validate_post_data', $error);
    // deprecated, use validate_post_data_array
    if ($error) {
        $list = explode('<br>', $error);
        foreach ($list as $item) {
            $errors[] = $item;
        }
    }
    JBPLUG_do_callback('validate_post_data_array', $errors);
    // added in 3.6.6
    //append errors
    $errors = $errors + JB_validate_form_data(1);
    return $errors;
}
示例#17
0
function JB_validate_candidate_data($form_id)
{
    global $label;
    $errors = array();
    if ($_REQUEST['user_id'] == false) {
        if ($_REQUEST['Username'] == false) {
            $errors[] = $label["c_signup_error4"];
        } else {
            $result = JB_mysql_query("SELECT * FROM `users` WHERE `Username`='" . jb_escape_sql($_REQUEST['Username']) . "' ") or die(mysql_error() . "we have error");
            $row = mysql_fetch_array($result, MYSQL_ASSOC);
            if ($row['Username'] != '') {
                $label['c_signup_error5'] = str_replace("%USERNAME%", $row['Username'], $label['c_signup_error5']);
                $errors[] = $label['c_signup_error5'];
            } elseif (!preg_match('#^[a-z0-9À-ÿ\\-_\\.@]+$#Di', $_REQUEST['Username'])) {
                $errors[] = $label['c_signup_error11'];
            }
        }
        if ($_REQUEST['Password'] == false) {
            $errors[] = $label['c_signup_error6'];
        } elseif (strlen(trim($_REQUEST['Password'])) < 6) {
            $errors[] = $label['c_signup_error_pw_too_weak'];
        }
        if ($_REQUEST['Password2'] == false) {
            $errors[] = $label["c_signup_error7"];
        }
        if ($_REQUEST['Password'] != $_REQUEST['Password2']) {
            $errors[] = $label["c_signup_error1"];
        }
    }
    if ($_REQUEST['FirstName'] == false) {
        $errors[] = $label["c_signup_error2"];
    }
    if ($_REQUEST['LastName'] == false) {
        $errors[] = $label["c_signup_error3"];
    }
    if ($_REQUEST['Email'] == false) {
        $errors[] = $label["c_signup_error8"];
    } elseif (!JB_validate_mail($_REQUEST['Email'])) {
        $errors[] = $label["c_signup_error8"];
    } else {
        if ($_REQUEST['user_id'] == false) {
            $result = JB_mysql_query("SELECT * from `users` WHERE `Email`='" . jb_escape_sql($_REQUEST['Email']) . "'") or die(mysql_error());
            $row = mysql_fetch_array($result, MYSQL_ASSOC);
            //validate email ";
            if ($row['Email'] != '') {
                $errors[] = " " . $label["c_signup_error10"] . " ";
            }
        }
    }
    if ($_REQUEST['user_id'] != '') {
        if (!is_numeric($_REQUEST['user_id'])) {
            return 'Invalid Input!';
        }
    }
    $_REQUEST['FirstName'] = JB_clean_str($_REQUEST['FirstName']);
    $_REQUEST['LastName'] = JB_clean_str($_REQUEST['LastName']);
    $_REQUEST['Username'] = JB_clean_str($_REQUEST['Username']);
    $_REQUEST['Email'] = JB_clean_str($_REQUEST['Email']);
    $_REQUEST['Newsletter'] = JB_clean_str($_REQUEST['Newsletter']);
    $_REQUEST['Notification1'] = JB_clean_str($_REQUEST['Notification1']);
    $_REQUEST['Notification2'] = JB_clean_str($_REQUEST['Notification2']);
    $_REQUEST['lang'] = JB_clean_str($_REQUEST['lang']);
    JBPLUG_do_callback('valiate_candidate_account', $error);
    $error = '';
    if ($error) {
        $list = explode('<br>', $error);
        foreach ($list as $item) {
            $errors[] = $item;
        }
    }
    JBPLUG_do_callback('valiate_candidate_account_array', $errors);
    // added in 3.6.6
    $errors = $errors + JB_validate_form_data(5);
    return $errors;
}
示例#18
0
 function clean_data($data)
 {
     $data = trim($data);
     if (strpos($data, '<![CDATA[') === 0) {
         // if is beginning with <![CDATA[
         // then transform the CDATA
         $data = str_replace(array('<![CDATA[', ']]>'), array('', ''), $data);
     } else {
         // Treat the data as XML Entities
         $trans = array('&lt;' => "<", '&amp;' => "&", '&gt;' => ">", '&quot;' => '"', '&apos;' => '\'');
         $data = strtr($data, $trans);
     }
     // convert the UTF-8 data to job board's internal format
     $data = JB_utf8_to_html($data);
     // Strip any unwanted tags and scrub data from potential
     // XSS attacks
     $data = JB_clean_str($data);
     return $data;
 }
示例#19
0
 function JB_validate_form_data()
 {
     global $label;
     $DFM = $this->get_DynamicFormMarkup();
     $errors = array();
     $sql = "SELECT *, t2.field_label AS LABEL, t2.error_message as error_message FROM form_fields as t1, form_field_translations as t2 WHERE t1.field_id=t2.field_id AND t2.lang='" . JB_escape_sql($_SESSION['LANG']) . "' AND form_id='" . JB_escape_sql($this->form_id) . "' AND field_type != 'SEPERATOR' AND field_type != 'BLANK' AND field_type != 'NOTE' order by field_sort";
     $result = JB_mysql_query($sql) or die(mysql_error());
     while ($field_row = mysql_fetch_array($result, MYSQL_ASSOC)) {
         JBPLUG_do_callback('validate_form_data_init_row', $field_row);
         // fit to database
         $_REQUEST[$field_row['field_id']] = jb_fit_to_db_size($field_row['field_type'], $_REQUEST[$field_row['field_id']]);
         $custom_error = null;
         // The following is a hook for plugins to set a custom error message
         // plugins should set the $custom_error to the error message or
         // false if no error message was set
         JBPLUG_do_callback('validate_form_data_custom_field', $custom_error, $field_row);
         if ($custom_error !== null) {
             if ($custom_error) {
                 $errors[] = $DFM->get_error_line($field_row['LABEL'], $custom_error);
             }
             continue;
         }
         if ($field_row['field_type'] == 'TEXT' || $field_row['field_type'] == 'TEXTAREA' || $field_row['field_type'] == 'EDITOR') {
             if (JB_check_for_bad_words($_REQUEST[$field_row['field_id']])) {
                 $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['bad_words_not_accept']);
             }
         }
         if ($field_row['field_type'] == 'CATEGORY' && is_numeric($_REQUEST[$field_row['field_id']])) {
             $sql = "SELECT * FROM categories WHERE category_id='" . jb_escape_sql($_REQUEST[$field_row['field_id']]) . "' ";
             $cat_result = jb_mysql_query($sql);
             if ($cat_row = mysql_fetch_array($cat_result)) {
                 if ($cat_row['allow_records'] == 'N') {
                     $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['cat_records_not_allow']);
                 }
             }
         }
         if (JB_BREAK_LONG_WORDS == 'YES') {
             if ($field_row['field_type'] == 'TEXT' || $field_row['field_type'] == 'TEXTAREA') {
                 // HTML not allowed
                 $_REQUEST[$field_row['field_id']] = trim(stripslashes(JB_break_long_words(addslashes($_REQUEST[$field_row['field_id']]), false)));
             } elseif ($field_row['field_type'] == 'EDITOR') {
                 // HTML allowed, 2nd arg pass true
                 $_REQUEST[$field_row['field_id']] = trim(addslashes(JB_break_long_words(stripslashes($_REQUEST[$field_row['field_id']]), true)));
             }
         }
         // clean the data..
         if (JB_STRIP_LATIN1 == 'YES') {
             $_REQUEST[$field_row['field_id']] = JB_remove_non_latin1_chars($_REQUEST[$field_row['field_id']]);
         }
         if ($field_row['field_type'] == 'EDITOR' || $field_row['field_type'] == 'TEXTAREA') {
             if (JB_STRIP_HTML == 'YES') {
                 // tags are allowed, remove them except on the white list.
                 $_REQUEST[$field_row['field_id']] = stripslashes($_REQUEST[$field_row['field_id']]);
                 $_REQUEST[$field_row['field_id']] = JB_clean_str($_REQUEST[$field_row['field_id']]);
                 $_REQUEST[$field_row['field_id']] = addslashes($_REQUEST[$field_row['field_id']]);
             }
         }
         if (($field_row['field_type'] == 'FILE' || $field_row['field_type'] == 'IMAGE') && $_FILES[$field_row['field_id']]['name'] != '') {
             $a = explode(".", $_FILES[$field_row['field_id']]['name']);
             $ext = array_pop($a);
             if (!JB_is_filetype_allowed($_FILES[$field_row['field_id']]['name']) && $field_row['field_type'] == 'FILE') {
                 $label['vaild_file_ext_error'] = str_replace("%EXT_LIST%", JB_ALLOWED_EXT, $label['vaild_file_ext_error']);
                 $label['vaild_file_ext_error'] = str_replace("%EXT%", $ext, $label['vaild_file_ext_error']);
                 $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['vaild_file_ext_error']);
             }
             if (!JB_is_imagetype_allowed($_FILES[$field_row['field_id']]['name']) && $field_row['field_type'] == 'IMAGE') {
                 $label['vaild_image_ext_error'] = str_replace("%EXT_LIST%", JB_ALLOWED_IMG, $label['vaild_image_ext_error']);
                 $label['vaild_image_ext_error'] = str_replace("%EXT%", $ext, $label['vaild_image_ext_error']);
                 $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['vaild_image_ext_error']);
             }
             if (get_cfg_var('open_basedir') == NULL) {
                 // open_basedir disabled
                 // file size check when open_basedir is in effect
                 if (@filesize($_FILES[$field_row['field_id']]['tmp_name']) > JB_MAX_UPLOAD_BYTES) {
                     $label['valid_file_size_error'] = str_replace("%FILE_NAME%", $_FILES[$field_row['field_id']]['name'], $label['valid_file_size_error']);
                     $errors[] = $DFM->get_error_line($field_row['LABEL'], $label['vaild_image_ext_error']);
                 }
             }
         }
         if ($field_row['is_required'] == 'Y') {
             if ($field_row['field_type'] == 'DATE' || $field_row['field_type'] == 'DATE_CAL') {
                 $field_row['reg_expr'] = 'date';
                 // default to date check
             }
             if ($field_row['field_type'] == 'FILE' || $field_row['field_type'] == 'IMAGE') {
                 if ($_REQUEST[$field_row['field_id']]) {
                     // already uploaded a file, no error
                 }
                 continue;
                 // go to the next item in the while() loop to process the next field.
             }
             if ($field_row['field_type'] == 'IMAGE') {
                 continue;
             }
             switch ($field_row['reg_expr']) {
                 case "not_empty":
                     if ($field_row['field_type'] == 'GMAP') {
                         if ($_REQUEST[$field_row['field_id'] . '_lat'] == 0 || $_REQUEST[$field_row['field_id'] . '_lng'] == 0) {
                             $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']);
                         }
                     } elseif (trim($_REQUEST[$field_row['field_id']] == '')) {
                         $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']);
                     }
                     break;
                 case "email":
                     if (!JB_validate_mail(trim($_REQUEST[$field_row['field_id']]))) {
                         $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']);
                     }
                     break;
                 case "date":
                     if ($field_row['field_type'] == 'DATE') {
                         $day = $_REQUEST[$field_row['field_id'] . "d"];
                         $month = $_REQUEST[$field_row['field_id'] . "m"];
                         $year = $_REQUEST[$field_row['field_id'] . "y"];
                     }
                     if ($field_row['field_type'] == 'DATE_CAL') {
                         $temp_date = JB_SCWDate_to_ISODate($_REQUEST[$field_row['field_id']]);
                         preg_match('/(\\d+)-(\\d+)-(\\d+)/', JB_SCWDate_to_ISODate($_REQUEST[$field_row['field_id']]), $m);
                         $year = $m[1];
                         $month = $m[2];
                         $day = $m[3];
                     } else {
                         $ts = strtotime($field_row['field_id'] . " GMT");
                         if ($ts > 0) {
                             $day = date('d', $ts);
                             $month = date('m', $ts);
                             $year = date('y', $ts);
                         }
                     }
                     if ($month == '' || $day == '' || $year == '' || !@checkdate(intval($month), intval($day), intval($year))) {
                         $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']);
                     }
                     break;
                 case 'numeric':
                     if (!is_numeric(trim($_REQUEST[$field_row['field_id']]))) {
                         $errors[] = $DFM->get_error_line($field_row['LABEL'], $field_row['error_message']);
                     }
                     break;
                 default:
                     break;
             }
         }
     }
     $error = '';
     JBPLUG_do_callback('validate_form_data', $error, $this->form_id);
     if ($error) {
         $list = explode('<br>', $error);
         foreach ($list as $item) {
             $errors[] = $item;
         }
     }
     return $errors;
 }