<?php
session_start();
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
include('mjl-includes/settings.inc.php');
include('mjl-includes/db.inc.php');
include('mjl-includes/employer.inc.php');
include('mjl-includes/users.inc.php');
include('mjl-includes/functions.inc.php');
if (!isset($_SESSION['USERRUN'])){
$_SESSION['USERRUN'] = '';
}else{
if ($_SESSION['USERRUN'] != 'BEENDONE'){
if ($runcron <> 1){
$result = mysql_query('UPDATE jobs SET `ISENABLED` = 0 WHERE (SELECT DATEDIFF(NOW(),`DATEPOSTED`) > `NUMDAYS`)');
$_SESSION['USERRUN'] = 'BEENDONE';
}
}
}
if (isset($_GET['loc']) && !empty($_GET['loc'])){
$loc = htmlspecialchars($_GET['loc'], ENT_QUOTES);
}else{
$loc = '';
}
$mainpage = file_get_contents('mjl-themes/'.$theme.'/index.theme.html');
$loginerror = '';
$statusmsg = '';
if (isset($loc) && ($loc == "logout")){
session_destroy();
header('Location: index.php');
}
if (($_SERVER['REQUEST_METHOD'] == 'POST') && (@$_POST['usertype'] == 'employer')){
if(!empty($_POST['uname']) || !empty($_POST['pword'])){
$uname = htmlspecialchars($_POST['uname'], ENT_QUOTES);
$pword = htmlspecialchars($_POST['pword'], ENT_QUOTES);
$result = mysql_query('SELECT * FROM companies WHERE `USERNAME` = "'.$uname.'" LIMIT 1');
$cnt = mysql_num_rows($result);
if ($cnt > 0){
$row = mysql_fetch_array($result);
if (md5($pword) == $row['PASSWORD'] && ($row['APPROVED'] == 1)){
$_SESSION['acctype'] = 'employer';
$_SESSION['cid'] = $row['CID'];
$_SESSION['companyname'] = $row['COMPANYNAME'];
$_SESSION['mailaddress1'] = $row['MAILADDRESS1'];
$_SESSION['mailaddress2'] = $row['MAILADDRESS2'];
$_SESSION['city'] = $row['CITY'];
$_SESSION['state'] = $row['STATE'];
$_SESSION['zip'] = $row['ZIP'];
$_SESSION['phone'] = $row['PHONE'];
$_SESSION['fax'] = $row['FAX'];
$_SESSION['contact'] = $row['CONTACT'];
$_SESSION['contactemail'] = $row['CONTACTEMAIL'];
$_SESSION['contacttitle'] = $row['CONTACTTITLE'];
$_SESSION['website'] = $row['WEBSITE'];
$_SESSION['about'] = $row['ABOUT'];
$_SESSION['username'] = $row['USERNAME'];
}else{
$loginerror = 'Incorrect Username/Password Combination.';
}
} else {
$loginerror = 'Incorrect Username/Password Combination';
}
}
} elseif (($_SERVER['REQUEST_METHOD'] == 'POST') && (@$_POST['usertype'] == 'seeker')){
if(!empty($_POST['uname']) || !empty($_POST['pword'])){
$uname = htmlspecialchars($_POST['uname'], ENT_QUOTES);
$pword = htmlspecialchars($_POST['pword'], ENT_QUOTES);
$result = mysql_query('SELECT * FROM users WHERE `USERNAME` = "'.$uname.'" LIMIT 1');
$cnt = mysql_num_rows($result);
if ($cnt > 0){
$row = mysql_fetch_array($result);
if ((md5($pword) == $row['PASSWORD']) && ($row['APPROVED'] == 1)){
$_SESSION['acctype'] = 'seeker';
$_SESSION['cid'] = $row['UID'];
$_SESSION['fname'] = $row['FIRSTNAME'];
$_SESSION['lname'] = $row['LASTNAME'];
$_SESSION['addr1'] = $row['STREETADDRESS1'];
$_SESSION['addr2'] = $row['STREETADDRESS2'];
$_SESSION['city'] = $row['CITY'];
$_SESSION['state'] = $row['STATE'];
$_SESSION['zip'] = $row['ZIP'];
$_SESSION['phone'] = $row['PHONE'];
$_SESSION['email'] = $row['EMAIL'];
$_SESSION['website'] = $row['WEBSITE'];
$_SESSION['username'] = $row['USERNAME'];
}else{
$loginerror = 'Incorrect Username/Password Combination.';
}
} else {
$loginerror = 'Incorrect Username/Password Combination';
}
}
}
if(!isset($_SESSION['acctype'])){
$_SESSION['acctype'] = '';
$_SESSION['cid'] = '';
$_SESSION['fname'] = '';
$_SESSION['lname'] = '';
$_SESSION['addr1'] = '';
$_SESSION['addr2'] = '';
$_SESSION['city'] = '';
$_SESSION['state'] = '';
$_SESSION['zip'] = '';
$_SESSION['phone'] = '';
$_SESSION['email'] = '';
$_SESSION['website'] = '';
$_SESSION['username'] = '';
}
if (!$_SESSION['cid']){
$loginfrm = file_get_contents('mjl-themes/'.$theme.'/loginfrm.theme.html');
$usermenu = '';
} elseif ($_SESSION['cid'] && ($_SESSION['acctype'] == 'employer')){
$loginfrm = '';
$usermenu = file_get_contents('mjl-themes/'.$theme.'/employermenu.theme.html');
} elseif ($_SESSION['cid'] && ($_SESSION['acctype'] == 'seeker')){
$loginfrm = '';
$usermenu = file_get_contents('mjl-themes/'.$theme.'/seekermenu.theme.html');
}
// ==========================================================
// ==========================================================
// ==========================================================
if(isset($_GET['page']) && is_numeric($_GET['page'])){
$page = $_GET['page'];
}else{
$page = 0;
}
if (isset($_GET['num_per_page']) && is_numeric($_GET['num_per_page'])){
$num_per_page = $_GET['num_per_page'];
}
if (!($num_per_page)){
$num_per_page = num_per_page;
}
// ==========================================================
// ==========================================================
// ==========================================================
if (isset($_GET['id']) && is_numeric($_GET['id'])){
$id = htmlspecialchars($_GET['id'], ENT_QUOTES);
}
if (isset($_GET['cat']) && !empty($_GET['cat'])){
$cat = htmlspecialchars($_GET['cat'],ENT_QUOTES);
}else{ $cat = '%'; };
switch ($loc){
case 'view':
$jid = htmlspecialchars($_GET['jid'],ENT_QUOTES);
if (isset($_GET['act']) && !empty($_GET['act'])){
$act = htmlspecialchars($_GET['act'],ENT_QUOTES);
if($act == 'app'){
if($_SESSION['cid'] && ($_SESSION['acctype'] == 'seeker')){
$pagedata = SHOW_EMAIL_FORM($jid);
}else{
$pagedata = '<div class="errorbox">You must be logged in with a job seeker account to use this feature.</div>'.FUNCT_JOB_DATA($jid);
}
}else{
$pagedata = FUNCT_JOB_DATA($jid);
}
}elseif($_SERVER['REQUEST_METHOD'] == 'POST'){
$coid = $_POST['cid'];
$jtitle = $_POST['jtitle'];
$opmsg = $_POST['opmsg'];
$covselect = $_POST['covselect'];
$reselect = $_POST['reselect'];
if(FUNCT_SEND_APP($coid,$jtitle,$opmsg,$covselect,$reselect)){
$pagedata = '<div class="errorbox">Thank you, the message has been sent.</div>'.FUNCT_JOB_DATA($jid);
}else{
$pagedata = '<div class="errorbox">There was an error please contact support.</div>'.FUNCT_JOB_DATA($jid);
}
}else{
$pagedata = FUNCT_JOB_DATA($jid);
}
break;
case 'employer':
break;
case 'profile':
$eid = htmlspecialchars($_GET['eid'],ENT_QUOTES);
$pagedata = SOW_CO_PROFILE($eid);
break;
case 'search':
if($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['searchstuff']) && !empty($_POST['searchstuff'])){
$searching = $_POST['searchstuff'];
}
if(isset($_GET['search']) && !empty($_GET['search'])){
$searching = base64_decode($_GET['search']);
}
$pagedata = BASIC_SEARCH($searching,$num_per_page,$page);
}
break;
case 'lpw':
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if (isset($_POST['email']) && !empty($_POST['email'])){
$youremail = htmlspecialchars($_POST['email'], ENT_QUOTES);
if ($_POST['usertype'] == 'seeker'){
$pagedata = FUNCT_EMPLOYEE_RECOVER_PW($youremail);
}else if ($_POST['usertype'] == 'employer'){
$pagedata = FUNCT_EMPLOYER_RECOVER_PW($youremail);
}else{
$pagedata = '<div class="errorbox">You must select if you are a job seeker or an employer.</div>'.file_get_contents('mjl-themes/'.$theme.'/change_pw_form.theme.html');
}
}else{
$pagedata = '<div class="errorbox">You must enter an email address.</div>'.file_get_contents('mjl-themes/'.$theme.'/change_pw_form.theme.html');
}
}else{
$pagedata = file_get_contents('mjl-themes/'.$theme.'/change_pw_form.theme.html');
}
break;
case 'cview':
FUNCT_SHOW_COVER($id);
break;
case 'rview':
FUNCT_SHOW_RESUME($id);
break;
case 'jview':
FUNCT_SHOW_JOB($id);
break;
default:
$pagedata = FUNCT_JOB_DATA_LIST($num_per_page,$page,$cat);
}
if($_SESSION['cid'] && ($_SESSION['acctype'] == 'employer')){
if (($_SERVER['REQUEST_METHOD'] == 'POST') && ($loc == 'enter') || ($loc == 'ed')){
$jobtitle = htmlspecialchars(@$_POST['jobtitle'], ENT_QUOTES);
$joblocation = htmlspecialchars(@$_POST['joblocation'], ENT_QUOTES);
$jobdesc = htmlspecialchars(@$_POST['jobdescription'], ENT_QUOTES);
$experience = htmlspecialchars(@$_POST['jobrequirements'], ENT_QUOTES);
$edreq = htmlspecialchars(@$_POST['edrequirements'], ENT_QUOTES);
$benefits = htmlspecialchars(@$_POST['benefits'], ENT_QUOTES);
$category = htmlspecialchars(@$_POST['categories'], ENT_QUOTES);
$howtoapp[] = @$_POST['howapply'];
$jobdur = htmlspecialchars(@$_POST['jobduration'], ENT_QUOTES);
$jobtype = htmlspecialchars(@$_POST['jobtype'], ENT_QUOTES);
$wagetype = htmlspecialchars(@$_POST['wagetype'], ENT_QUOTES);
$serializedhowto = serialize(@$howtoapp);
$serializedhowto = addslashes(@$serializedhowto);
}
switch ($loc){
case 'esrch':
$pagedata = FUNCT_EMPLOYEE_SEARCH_FORM();
if($_SERVER['REQUEST_METHOD'] == 'POST'){
if(isset($_POST['searchstuff']) && !empty($_POST['searchstuff'])){
$searching = $_POST['searchstuff'];
}
if(isset($_GET['search']) && !empty($_GET['search'])){
$searching = base64_decode($_GET['search']);
}
$pagedata = FUNCT_EMPLOYEE_SEARCH($searching,$num_per_page,$page);
}
break;
case 'ena':
$jid = htmlspecialchars($_GET['jid'],ENT_QUOTES);
mysql_query('UPDATE jobs SET `DATEPOSTED` = NOW(),`ISENABLED` = 1 WHERE `ISENABLED` = 0 AND `JID` = '.$jid.' AND `CID` = '.$_SESSION['cid'].' LIMIT 1');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error making the position active. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
$statusmsg = '<div class="errorbox">Position is active.</div>';
}
$pagedata = $statusmsg.FUNCT_JOB_LIST();
break;
case 'list':
$pagedata = $statusmsg.FUNCT_JOB_LIST();
break;
case 'ed':
$jid = htmlspecialchars($_GET['jid'],ENT_QUOTES);
if (!empty($jobtitle) && !empty($category)){
mysql_query('UPDATE jobs SET CATID="'.$category.'",JOBTITLE="'.$jobtitle.'",JOBLOCATION="'.$joblocation.'",JOBDESCRIPTION="'.$jobdesc.'",JOBREQUIREMENTS="'.$experience.'",EDREQUIREMENTS="'.$edreq.'",BENEFITS="'.$benefits.'",DATEPOSTED=NOW(),HOWTOAPPLY="'.$serializedhowto.'",JOBDURATION="'.$jobdur.'",JOBTYPE="'.$jobtype.'",WAGETYPE="'.$wagetype.'" WHERE JID = '.$jid.' AND CID = '.$_SESSION['cid'].' LIMIT 1');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error updating the position. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
$statusmsg = '<div class="errorbox">Position has been updated.</div>';
}
}
$pagedata = $statusmsg.FUNCT_EDIT_JOB_FORM($jid);
break;
case 'del':
$jid = htmlspecialchars($_GET['jid'], ENT_QUOTES);
mysql_query('DELETE FROM jobs WHERE `JID` = '.$jid.' AND CID = '.$_SESSION['cid'].' LIMIT 1');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error deleting the position. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
$statusmsg = '<div class="errorbox">The position has been deleted.</div>';
}
$pagedata = $statusmsg.FUNCT_JOB_LIST();
break;
case 'enter':
if (($_SERVER['REQUEST_METHOD'] == 'POST') && $_SESSION['cid'] && isset($_POST['jobtitle']) && !empty($_POST['jobtitle'])){
$result = mysql_query('INSERT INTO jobs (CID,CATID,JOBTITLE,JOBLOCATION,JOBDESCRIPTION,JOBREQUIREMENTS,EDREQUIREMENTS,BENEFITS,DATEPOSTED,HOWTOAPPLY,JOBDURATION,JOBTYPE,WAGETYPE,NUMDAYS) VALUES ('.$_SESSION['cid'].',"'.$category.'","'.$jobtitle.'","'.$joblocation.'","'.$jobdesc.'","'.$experience.'","'.$edreq.'","'.$benefits.'",NOW(),"'.$serializedhowto.'","'.$jobdur.'","'.$jobtype.'","'.$wagetype.'",7)');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error adding the position. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
$statusmsg = '<div class="errorbox">Position has been added.</div>';
}
}
$pagedata = $statusmsg.FUNCT_POST_JOB_FORM();
break;
case 'pw':
if (($_SERVER['REQUEST_METHOD'] == 'POST') && !empty($_POST['pw0']) && !empty($_POST['pw1']) && !empty($_POST['pw2'])){
$pw0 = htmlspecialchars($_POST['pw0'], ENT_QUOTES);
$pw1 = htmlspecialchars($_POST['pw1'], ENT_QUOTES);
$pw2 = htmlspecialchars($_POST['pw2'], ENT_QUOTES);
if(strlen($pw1) < 6){
$statusmsg = '<div class="errorbox">Password must be at least 6 characters.</div>';
} else {
if($pw1 == $pw2){
$result = mysql_query('SELECT * FROM companies WHERE `CID` = '.$_SESSION['cid'].' AND `PASSWORD` = "'.md5($pw0).'" LIMIT 1');
$cnt = mysql_num_rows($result);
if ($cnt == 0){
$statusmsg = '<div class="errorbox">Entered password does not match your current password.</div>';
}else{
mysql_query('UPDATE companies SET `PASSWORD` = "'.md5($pw1).'" WHERE `CID` = '.$_SESSION['cid'].' AND `PASSWORD` = "'.md5($pw0).'"');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error updating the password. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
$statusmsg = '<div class="errorbox">Password has been changed.</div>';
}
}
}else{
$statusmsg = '<div class="errorbox">The new passwords do not match.</div>';
}
}
}
$pagedata = $statusmsg.FUNCT_COMPANY_PASSWORD_FRM();
break;
case 'coprofile':
if (($_SERVER['REQUEST_METHOD'] == 'POST') && isset($_POST['coname']) && !empty($_POST['coname']) && isset($_POST['cid']) && ($_POST['cid'] == $_SESSION['cid'])){
$cname = htmlspecialchars($_POST['coname'], ENT_QUOTES);
$add1 = htmlspecialchars($_POST['add1'], ENT_QUOTES);
$add2 = htmlspecialchars($_POST['add2'], ENT_QUOTES);
$city = htmlspecialchars($_POST['city'], ENT_QUOTES);
$state = htmlspecialchars($_POST['state'], ENT_QUOTES);
$zip = htmlspecialchars($_POST['zip'], ENT_QUOTES);
$phone = htmlspecialchars($_POST['phone'], ENT_QUOTES);
$fax = htmlspecialchars($_POST['fax'], ENT_QUOTES);
$name = htmlspecialchars($_POST['contact'], ENT_QUOTES);
$email = htmlspecialchars($_POST['email'], ENT_QUOTES);
$title = htmlspecialchars($_POST['title'], ENT_QUOTES);
$webste = htmlspecialchars($_POST['website'], ENT_QUOTES);
$about = htmlspecialchars($_POST['about'], ENT_QUOTES);
$result = mysql_query('UPDATE companies SET COMPANYNAME="'.$cname.'",MAILADDRESS1="'.$add1.'",MAILADDRESS2="'.$add2.'",CITY="'.$city.'",STATE="'.$state.'",ZIP="'.$zip.'",PHONE="'.$phone.'",FAX="'.$fax.'",CONTACT="'.$name.'",CONTACTEMAIL="'.$email.'",CONTACTTITLE="'.$title.'",WEBSITE="'.$webste.'",ABOUT="'.$about.'" WHERE CID = '.$_SESSION['cid']);
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error updating your Company profile. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
$statusmsg = '<div class="errorbox">Company profile has been updated</div>';
}
}
$pagedata = $statusmsg.FUNCT_COMPANY_PROFILE();
break;
case 'messages':
$statusmsg = '';
$act = htmlspecialchars(@$_GET['act'],ENT_QUOTES);
if (isset($_GET['a']) && !empty($_GET['a'])){
$ar = htmlspecialchars($_GET['a'],ENT_QUOTES);
$mid = htmlspecialchars($_GET['mid'],ENT_QUOTES);
if(($ar == 'del') && is_numeric($mid)){
// set company id to nothing specific so will delete from the list and still
// be in the users list.
mysql_query('UPDATE mail SET TCID = -2, FCID = -2 WHERE ID='.$mid.' AND (TCID = '.$_SESSION['cid'].' OR FCID = '.$_SESSION['cid'].') LIMIT 1') or die();
// now verify that the msg ids are not all -1 if so then delete the
// line of code.
mysql_query('DELETE FROM mail WHERE ID = '.$mid.' AND TUID = -2 AND FUID = -2 AND TCID = -2 AND FCID = -2 LIMIT 1') or die();
$statusmsg = '<div class="errorbox">Item has been deleted</div><br />';
}
}
$pagedata = $statusmsg.FUNCT_EMPLOYER_EMAIL($act);
break;
case 'msg':
$statusmsg = "";
$act = htmlspecialchars($_GET['act'],ENT_QUOTES);
if(isset($_GET['a']) && !empty($_GET['a'])){
$a = htmlspecialchars($_GET['a'],ENT_QUOTES);
}else{
$a = '';
}
if (($_SERVER['REQUEST_METHOD'] == 'POST') && isset($_POST['touser']) && !empty($_POST['touser'])){
$tuid = htmlspecialchars($_POST['touser'], ENT_QUOTES);
$tsbj = htmlspecialchars($_POST['tsbj'], ENT_QUOTES);
$tmsg = htmlspecialchars($_POST['myreply'], ENT_QUOTES);
mysql_query('INSERT INTO mail (TUID,FCID,UID,CID,SUBJECT,MESSAGE,SENTDATE) VALUES ('.$tuid.','.$_SESSION['cid'].','.$tuid.','.$_SESSION['cid'].',"'.$tsbj.'","'.$tmsg.'",NOW())') or die();
$statusmsg = '<div class="errorbox">Mail has been sent.</div>';
}
$pagedata = $statusmsg.FUNCT_SHOW_EMPLOYER_MSG($act,$a);
break;
}
}elseif($_SESSION['cid'] && ($_SESSION['acctype'] == 'seeker')){
$statusmsg = '';
switch ($loc){
case 'resumes':
if (isset($_GET['act']) && is_numeric($_GET['act'])){
$act = htmlspecialchars($_GET['act'], ENT_QUOTES);
switch ($act){
case 1: // add a resume
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$restit = htmlspecialchars($_POST['resumetitle'], ENT_QUOTES);
$resbod = htmlspecialchars($_POST['resumebody'], ENT_QUOTES);
$searchable = '';
if ( htmlspecialchars($_POST['searchable'], ENT_QUOTES) == 'on') {
$searchable = 'CHECKED';
}
$result = mysql_query('SELECT * FROM resumes WHERE UID = '.$_SESSION['cid']);
$cnt = mysql_num_rows($result);
if ($cnt < $numresumes){
$result = mysql_query('INSERT INTO resumes (UID,RESUMETITLE,RESUMEBODY,SEARCHABLE,DATEPOSTED) VALUES ('.$_SESSION['cid'].',"'.$restit.'","'.$resbod.'","'.$searchable.'",NOW())');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error inserting your resume. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
$pagedata = $statusmsg.FUNCT_RESUME_LIST();
}else{
$statusmsg = '<div class="errorbox">The resume has been added successfully.</div>';
$pagedata = $statusmsg.FUNCT_RESUME_LIST();
}
}else{
$statusmsg = '<div class="errorbox">You may only enter '.$numresumes.' resumes.</span></div>';
}
}else{
$pagedata = $statusmsg.FUNCT_RESUME_FORM();
}
break;
case 2: // edit a resume
if(is_numeric($_GET['id'])){
$id = htmlspecialchars($_GET['id'], ENT_QUOTES);
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$restit = htmlspecialchars($_POST['resumetitle'], ENT_QUOTES);
$resbod = htmlspecialchars($_POST['resumebody'], ENT_QUOTES);
$searchable = '';
if ( htmlspecialchars(@$_POST['searchable'], ENT_QUOTES) == 'on') {
$searchable = 'CHECKED';
}
mysql_query('UPDATE resumes SET RESUMETITLE = "'.$restit.'", RESUMEBODY = "'.$resbod.'", SEARCHABLE="'.$searchable.'", DATEPOSTED = NOW() WHERE ID = '.$id.' AND UID = '.$_SESSION['cid'].' LIMIT 1');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error updating the resume. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
$pagedata = $statusmsg.FUNCT_RESUME_LIST();
}else{
$statusmsg = '<div class="errorbox">Resume updated successfully.</div>';
$pagedata = $statusmsg.FUNCT_RESUME_LIST();
}
}else{
$pagedata = $statusmsg.FUNCT_EDIT_RESUME_FORM($id);
}
}
break;
case 3: // delete a resume
if(is_numeric($_GET['id'])){
$id = htmlspecialchars($_GET['id'], ENT_QUOTES);
mysql_query('DELETE FROM resumes WHERE UID = '.$_SESSION['cid'].' AND ID = '.$id.' LIMIT 1');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error attempting to delete the resume. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
$statusmsg = '<div class="errorbox">Resume deleted successfully.</div>';
$pagedata = $statusmsg.FUNCT_RESUME_LIST();
}
}
break;
}
}else{
$pagedata = $statusmsg.FUNCT_RESUME_LIST();
}
break;
case 'covers':
if (isset($_GET['act']) && is_numeric($_GET['act'])){
$act = htmlspecialchars($_GET['act'], ENT_QUOTES);
switch ($act){
case 1: // add a cover letter
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$covtit = htmlspecialchars($_POST['covertitle'], ENT_QUOTES);
$covbod = htmlspecialchars($_POST['coverbody'], ENT_QUOTES);
$searchable = '';
if ( htmlspecialchars(@$_POST['searchable'], ENT_QUOTES) == 'on') {
$searchable = 'CHECKED';
}
$result = mysql_query('SELECT * FROM covers WHERE UID = '.$_SESSION['cid']);
$cnt = mysql_num_rows($result);
if ($cnt < $numcovers){
$result = mysql_query('INSERT INTO covers (UID,COVERTITLE,COVERBODY,SEARCHABLE,DATEPOSTED) VALUES ('.$_SESSION['cid'].',"'.$covtit.'","'.$covbod.'","'.$searchable.'",NOW())');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error inserting your cover letter. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
$pagedata = $statusmsg.FUNCT_COVER_LIST();
}else{
$statusmsg = '<div class="errorbox">The cover letter has been added successfully.</div>';
$pagedata = $statusmsg.FUNCT_COVER_LIST();
}
}else{
$statusmsg = '<div class="errorbox">You may only enter '.$numcovers.' cover letter.</span></div>';
}
}else{
$pagedata = $statusmsg.FUNCT_COVER_FORM();
}
break;
case 2: // edit a cover letter
if(is_numeric($_GET['id'])){
$id = htmlspecialchars($_GET['id'], ENT_QUOTES);
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$covtit = htmlspecialchars($_POST['covertitle'], ENT_QUOTES);
$covbod = htmlspecialchars($_POST['coverbody'], ENT_QUOTES);
$searchable = '';
if ( htmlspecialchars($_POST['searchable'], ENT_QUOTES) == 'on') {
$searchable = 'CHECKED';
}
mysql_query('UPDATE covers SET COVERTITLE = "'.$covtit.'", COVERBODY = "'.$covbod.'", SEARCHABLE= "'.$searchable.'", DATEPOSTED = NOW() WHERE ID = '.$id.' AND UID = '.$_SESSION['cid'].' LIMIT 1');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error updating the cover letter. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
$pagedata = $statusmsg.FUNCT_COVER_LIST();
}else{
$statusmsg = '<div class="errorbox">Cover letter updated successfully.</div>';
$pagedata = $statusmsg.FUNCT_COVER_LIST();
}
}else{
$pagedata = $statusmsg.FUNCT_EDIT_COVER_FORM($id);
}
}
break;
case 3: // delete a cover letter
if(is_numeric($_GET['id'])){
$id = htmlspecialchars($_GET['id'], ENT_QUOTES);
mysql_query('DELETE FROM covers WHERE UID = '.$_SESSION['cid'].' AND ID = '.$id.' LIMIT 1');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error attempting to delete the cover letter. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
$statusmsg = '<div class="errorbox">Cover letter deleted successfully.</div>';
$pagedata = $statusmsg.FUNCT_COVER_LIST();
}
}
break;
}
}else{
$pagedata = $statusmsg.FUNCT_COVER_LIST();
}
break;
case 'pw':
if (($_SERVER['REQUEST_METHOD'] == 'POST') && !empty($_POST['pw0']) && !empty($_POST['pw1']) && !empty($_POST['pw2'])){
$pw0 = htmlspecialchars($_POST['pw0'], ENT_QUOTES);
$pw1 = htmlspecialchars($_POST['pw1'], ENT_QUOTES);
$pw2 = htmlspecialchars($_POST['pw2'], ENT_QUOTES);
if(strlen($pw1) < 6){
$statusmsg = '<div class="errorbox">Password must be at least 6 characters.</div>';
} else {
if($pw1 == $pw2){
$result = mysql_query('SELECT * FROM users WHERE `UID` = '.$_SESSION['cid'].' AND `PASSWORD` = "'.md5($pw0).'" LIMIT 1');
$cnt = mysql_num_rows($result);
if ($cnt == 0){
$statusmsg = '<div class="errorbox">Entered password does not match your current password.</div>';
}else{
$result = mysql_query('UPDATE users SET `PASSWORD` = "'.md5($pw1).'" WHERE `UID` = '.$_SESSION['cid'].' LIMIT 1');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error updating the password. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
$statusmsg = '<div class="errorbox">Password has been changed.</div>';
}
}
}else{
$statusmsg = '<div class="errorbox">The new passwords do not match.</div>';
}
}
}
$pagedata = $statusmsg.FUNCT_USER_PASSWORD_FRM();
break;
case 'prof':
if (isset($_GET['act']) && is_numeric($_GET['act'])){
if($_GET['act'] == 1){
$statusmsg = '<div class="errorbox">Profile updated.</div>';
$fname = htmlspecialchars($_POST['fname'], ENT_QUOTES);
$lname = htmlspecialchars($_POST['lname'], ENT_QUOTES);
$add1 = htmlspecialchars($_POST['add1'], ENT_QUOTES);
$add2 = htmlspecialchars($_POST['add2'], ENT_QUOTES);
$city = htmlspecialchars($_POST['city'], ENT_QUOTES);
$state = htmlspecialchars($_POST['state'], ENT_QUOTES);
$zip = htmlspecialchars($_POST['zip'], ENT_QUOTES);
$phone = htmlspecialchars($_POST['phone'], ENT_QUOTES);
$email = htmlspecialchars($_POST['email'], ENT_QUOTES);
$web = htmlspecialchars($_POST['website'], ENT_QUOTES);
mysql_query('UPDATE users SET FIRSTNAME = "'.$fname.'", LASTNAME = "'.$lname.'",STREETADDRESS1 = "'.$add1.'", STREETADDRESS2 = "'.$add2.'", CITY = "'.$city.'", STATE = "'.$state.'", ZIP = "'.$zip.'", PHONE = "'.$phone.'", EMAIL = "'.$email.'", WEBSITE = "'.$web.'" WHERE UID = '.$_SESSION['cid'].' LIMIT 1');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error updating the profile. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
$statusmsg = '<div class="errorbox">Profile has been updated.</div>';
}
}
}
$pagedata = $statusmsg.FUNCT_USER_PROFILE();
break;
case 'messages':
$statusmsg = '';
if(isset($_GET['act'])&& !empty($_GET['act'])){
$act = htmlspecialchars($_GET['act'],ENT_QUOTES);
}else{ $act =''; }
if (isset($_GET['a']) && !empty($_GET['a'])){
$ar = htmlspecialchars($_GET['a'],ENT_QUOTES);
$mid = htmlspecialchars($_GET['mid'],ENT_QUOTES);
if(($ar == 'del') && is_numeric($mid)){
// set company id to nothing specific so will delete from the list and still
// be in the users list.
mysql_query('UPDATE mail SET TUID = -2, FUID = -2 WHERE ID='.$mid.' AND (TUID = '.$_SESSION['cid'].' OR FUID = '.$_SESSION['cid'].') LIMIT 1') or die();
// now verify that the msg ids are not all -1 if so then delete the
// line of code.
mysql_query('DELETE FROM mail WHERE ID = '.$mid.' AND TUID = -2 AND FUID = -2 AND TCID = -2 AND FCID = -2 LIMIT 1') or die();
$statusmsg = '<div class="errorbox">Item has been deleted</div><br />';
}
}
$pagedata = $statusmsg.FUNCT_USER_EMAIL($act);
break;
case 'msg':
$statusmsg = "";
$act = htmlspecialchars($_GET['act'],ENT_QUOTES);
if(isset($_GET['a']) && !empty($_GET['a'])){
$a = htmlspecialchars($_GET['a'],ENT_QUOTES);
}else{
$a ='';
}
if (($_SERVER['REQUEST_METHOD'] == 'POST') && isset($_POST['touser']) && !empty($_POST['touser'])){
$tuid = htmlspecialchars($_POST['touser'], ENT_QUOTES);
$tsbj = htmlspecialchars($_POST['tsbj'], ENT_QUOTES);
$tmsg = htmlspecialchars($_POST['myreply'], ENT_QUOTES);
mysql_query('INSERT INTO mail (TCID,FUID,UID,CID,SUBJECT,MESSAGE,SENTDATE) VALUES ('.$tuid.','.$_SESSION['cid'].','.$_SESSION['cid'].','.$tuid.',"'.$tsbj.'","'.$tmsg.'",NOW())') or die();
$statusmsg = '<div class="errorbox">Mail has been sent.</div>';
}
$pagedata = $statusmsg.FUNCT_SHOW_USER_MSG($act,$a);
break;
}
}
$loginfrm = str_replace('%LOGINERROR%',$loginerror,$loginfrm);
$mainpage = str_replace('%JOBDATA%',$pagedata,$mainpage);
$mainpage = str_replace('%USERMENU%',$usermenu,$mainpage);
$mainpage = str_replace('%LOGINFORM%',$loginfrm,$mainpage);
if (strrpos($mainpage, '%CATEGORIES%') > 0){
$cats = FUNCT_CATS_LIST();
$mainpage = str_replace('%CATEGORIES%',$cats,$mainpage);
}
if (strrpos($mainpage, '%SEARCHFORM%') > 0){
$searchfrm = SEARCH_FORM();
$mainpage = str_replace('%SEARCHFORM%',$searchfrm,$mainpage);
}
$pagehdr = file_get_contents('mjl-themes/'.$theme.'/master_header.theme.html');
$pageftr = file_get_contents('mjl-themes/'.$theme.'/master_footer.theme.html');
echo $pagehdr.$mainpage.$pageftr;
function FUNCT_CATS_LIST(){
$result = mysql_query("SELECT * FROM categories ORDER BY CATEGORY ASC");
$retval = '<div class="catblock"><table border="0" cellspacing="0" cellpadding="0" class="cattbl">';
while($row = mysql_fetch_array($result)){
$retval .= '<tr><td class="catcl"><a href="?loc=cat&cat='.$row['CATEGORY'].'">'.$row['CATEGORY'].'</a></td></tr>';
}
$retval .= '</table></div>';
return $retval;
}
?>