Location: PHPKode > projects > MyJobList > MyJobList.v0.1/index.php
<?php

session_start();

error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);

include('mjl-includes/settings.inc.php');
include('mjl-includes/db.inc.php');
include('mjl-includes/employer.inc.php');
include('mjl-includes/users.inc.php');
include('mjl-includes/functions.inc.php');

if (!isset($_SESSION['USERRUN'])){
	$_SESSION['USERRUN'] = '';
}else{
	if ($_SESSION['USERRUN'] != 'BEENDONE'){
		if ($runcron <> 1){
			$result = mysql_query('UPDATE jobs SET `ISENABLED` = 0 WHERE (SELECT DATEDIFF(NOW(),`DATEPOSTED`) > `NUMDAYS`)');
			$_SESSION['USERRUN'] = 'BEENDONE';
		}
	}
}

if (isset($_GET['loc']) && !empty($_GET['loc'])){
	$loc = htmlspecialchars($_GET['loc'], ENT_QUOTES);
}else{
	$loc = '';
}

$mainpage 	= file_get_contents('mjl-themes/'.$theme.'/index.theme.html');

$loginerror	= '';
$statusmsg 	= '';
 
if (isset($loc) && ($loc == "logout")){
	session_destroy();
	header('Location: index.php');
}

if (($_SERVER['REQUEST_METHOD'] == 'POST') && (@$_POST['usertype'] == 'employer')){
	if(!empty($_POST['uname']) || !empty($_POST['pword'])){
		$uname 	= htmlspecialchars($_POST['uname'], ENT_QUOTES);
		$pword 	= htmlspecialchars($_POST['pword'], ENT_QUOTES);
		$result = mysql_query('SELECT * FROM companies WHERE `USERNAME` = "'.$uname.'" LIMIT 1');
		$cnt 	= mysql_num_rows($result);

		if ($cnt > 0){
			$row = mysql_fetch_array($result);
			if (md5($pword) ==  $row['PASSWORD'] && ($row['APPROVED'] == 1)){
				$_SESSION['acctype']		=	'employer';
				$_SESSION['cid'] 			= $row['CID'];
				$_SESSION['companyname'] 	= $row['COMPANYNAME'];
				$_SESSION['mailaddress1'] 	= $row['MAILADDRESS1'];
				$_SESSION['mailaddress2'] 	= $row['MAILADDRESS2'];
				$_SESSION['city'] 			= $row['CITY'];
				$_SESSION['state'] 			= $row['STATE'];
				$_SESSION['zip'] 			= $row['ZIP'];
				$_SESSION['phone'] 			= $row['PHONE'];
				$_SESSION['fax'] 			= $row['FAX'];
				$_SESSION['contact'] 		= $row['CONTACT'];
				$_SESSION['contactemail'] 	= $row['CONTACTEMAIL'];
				$_SESSION['contacttitle'] 	= $row['CONTACTTITLE'];
				$_SESSION['website'] 		= $row['WEBSITE'];
				$_SESSION['about'] 			= $row['ABOUT'];
				$_SESSION['username'] 		= $row['USERNAME'];		
			}else{
				$loginerror = 'Incorrect Username/Password Combination.';
			}
		} else {
			$loginerror = 'Incorrect Username/Password Combination';
		}
	}
} elseif (($_SERVER['REQUEST_METHOD'] == 'POST') && (@$_POST['usertype'] == 'seeker')){
	if(!empty($_POST['uname']) || !empty($_POST['pword'])){
		$uname 	= htmlspecialchars($_POST['uname'], ENT_QUOTES);
		$pword 	= htmlspecialchars($_POST['pword'], ENT_QUOTES);
		$result = mysql_query('SELECT * FROM users WHERE `USERNAME` = "'.$uname.'" LIMIT 1');
		$cnt 	= mysql_num_rows($result);
		if ($cnt > 0){
			$row = mysql_fetch_array($result);
			if ((md5($pword) ==  $row['PASSWORD']) && ($row['APPROVED'] == 1)){
				$_SESSION['acctype']	=	'seeker';
				$_SESSION['cid'] 		= $row['UID'];
				$_SESSION['fname'] 		= $row['FIRSTNAME'];
				$_SESSION['lname'] 		= $row['LASTNAME'];
				$_SESSION['addr1'] 		= $row['STREETADDRESS1'];
				$_SESSION['addr2'] 		= $row['STREETADDRESS2'];
				$_SESSION['city'] 		= $row['CITY'];
				$_SESSION['state'] 		= $row['STATE'];
				$_SESSION['zip'] 		= $row['ZIP'];
				$_SESSION['phone'] 		= $row['PHONE'];
				$_SESSION['email'] 		= $row['EMAIL'];
				$_SESSION['website'] 	= $row['WEBSITE'];
				$_SESSION['username'] 	= $row['USERNAME'];
			}else{
				$loginerror = 'Incorrect Username/Password Combination.';
			}
		} else {
			$loginerror = 'Incorrect Username/Password Combination';
		}
	} 
}

if(!isset($_SESSION['acctype'])){
				$_SESSION['acctype']	= '';
				$_SESSION['cid'] 		= '';
				$_SESSION['fname'] 		= '';
				$_SESSION['lname'] 		= '';
				$_SESSION['addr1'] 		= '';
				$_SESSION['addr2'] 		= '';
				$_SESSION['city'] 		= '';
				$_SESSION['state'] 		= '';
				$_SESSION['zip'] 		= '';
				$_SESSION['phone'] 		= '';
				$_SESSION['email'] 		= '';
				$_SESSION['website'] 	= '';
				$_SESSION['username'] 	= '';	
}

if (!$_SESSION['cid']){
	$loginfrm = file_get_contents('mjl-themes/'.$theme.'/loginfrm.theme.html');
	$usermenu = '';
} elseif ($_SESSION['cid'] && ($_SESSION['acctype'] == 'employer')){
	$loginfrm = '';
	$usermenu = file_get_contents('mjl-themes/'.$theme.'/employermenu.theme.html');
} elseif ($_SESSION['cid'] && ($_SESSION['acctype'] == 'seeker')){
	$loginfrm = '';
	$usermenu = file_get_contents('mjl-themes/'.$theme.'/seekermenu.theme.html');
}
// ==========================================================	
// ==========================================================	
// ==========================================================
if(isset($_GET['page']) && is_numeric($_GET['page'])){
	$page = $_GET['page'];
}else{
	$page = 0;
}
if (isset($_GET['num_per_page']) && is_numeric($_GET['num_per_page'])){
	$num_per_page = $_GET['num_per_page'];
}
if (!($num_per_page)){
	$num_per_page = num_per_page;
}
// ==========================================================	
// ==========================================================	
// ==========================================================

if (isset($_GET['id']) && is_numeric($_GET['id'])){
	$id = htmlspecialchars($_GET['id'], ENT_QUOTES);
}
if (isset($_GET['cat']) && !empty($_GET['cat'])){
	$cat = htmlspecialchars($_GET['cat'],ENT_QUOTES);
}else{ $cat = '%'; };

	switch ($loc){
		case 'view':
			$jid = htmlspecialchars($_GET['jid'],ENT_QUOTES);
			if (isset($_GET['act']) && !empty($_GET['act'])){
				$act = htmlspecialchars($_GET['act'],ENT_QUOTES);
				if($act == 'app'){
					if($_SESSION['cid'] && ($_SESSION['acctype'] == 'seeker')){
						$pagedata = SHOW_EMAIL_FORM($jid);
					}else{
						$pagedata = '<div class="errorbox">You must be logged in with a job seeker account to use this feature.</div>'.FUNCT_JOB_DATA($jid);
					}
				}else{
					$pagedata = FUNCT_JOB_DATA($jid);
				}
			}elseif($_SERVER['REQUEST_METHOD'] == 'POST'){
				$coid = $_POST['cid'];
				$jtitle = $_POST['jtitle'];
				$opmsg = $_POST['opmsg'];
				$covselect = $_POST['covselect'];
				$reselect = $_POST['reselect'];
				
				if(FUNCT_SEND_APP($coid,$jtitle,$opmsg,$covselect,$reselect)){
					$pagedata = '<div class="errorbox">Thank you, the message has been sent.</div>'.FUNCT_JOB_DATA($jid);
				}else{
					$pagedata = '<div class="errorbox">There was an error please contact support.</div>'.FUNCT_JOB_DATA($jid);
				}
			}else{
				$pagedata = FUNCT_JOB_DATA($jid);
			}
			break;
		case 'employer':
			break;
		case 'profile':
			$eid = htmlspecialchars($_GET['eid'],ENT_QUOTES);
			$pagedata = SOW_CO_PROFILE($eid);
			break;
		case 'search':
			if($_SERVER['REQUEST_METHOD'] == 'POST'){
				if(isset($_POST['searchstuff']) && !empty($_POST['searchstuff'])){
					$searching = $_POST['searchstuff'];
				}
				if(isset($_GET['search']) && !empty($_GET['search'])){
					$searching = base64_decode($_GET['search']);
				}
				$pagedata = BASIC_SEARCH($searching,$num_per_page,$page);
			}
			break;
		case 'lpw':
			if ($_SERVER['REQUEST_METHOD'] == 'POST'){
				if (isset($_POST['email']) && !empty($_POST['email'])){
					$youremail = htmlspecialchars($_POST['email'], ENT_QUOTES);
					if ($_POST['usertype'] == 'seeker'){
						$pagedata = FUNCT_EMPLOYEE_RECOVER_PW($youremail);
					}else if ($_POST['usertype'] == 'employer'){
						$pagedata = FUNCT_EMPLOYER_RECOVER_PW($youremail);
					}else{
						$pagedata = '<div class="errorbox">You must select if you are a job seeker or an employer.</div>'.file_get_contents('mjl-themes/'.$theme.'/change_pw_form.theme.html');
					}
				}else{
					$pagedata = '<div class="errorbox">You must enter an email address.</div>'.file_get_contents('mjl-themes/'.$theme.'/change_pw_form.theme.html');
				}
			}else{
				$pagedata = file_get_contents('mjl-themes/'.$theme.'/change_pw_form.theme.html');
			}
			break;
		case 'cview':
			FUNCT_SHOW_COVER($id);
			break;
		case 'rview':
			FUNCT_SHOW_RESUME($id);
			break;
		case 'jview':
			FUNCT_SHOW_JOB($id);
			break;
		default:			
			$pagedata = FUNCT_JOB_DATA_LIST($num_per_page,$page,$cat);
}

if($_SESSION['cid'] && ($_SESSION['acctype'] == 'employer')){
	if (($_SERVER['REQUEST_METHOD'] == 'POST') && ($loc == 'enter') || ($loc == 'ed')){
			$jobtitle		= htmlspecialchars(@$_POST['jobtitle'], ENT_QUOTES);
			$joblocation 	= htmlspecialchars(@$_POST['joblocation'], ENT_QUOTES);
			$jobdesc		= htmlspecialchars(@$_POST['jobdescription'], ENT_QUOTES);
			$experience		= htmlspecialchars(@$_POST['jobrequirements'], ENT_QUOTES);
			$edreq			= htmlspecialchars(@$_POST['edrequirements'], ENT_QUOTES);
			$benefits		= htmlspecialchars(@$_POST['benefits'], ENT_QUOTES);
			$category		= htmlspecialchars(@$_POST['categories'], ENT_QUOTES);
			$howtoapp[]		= @$_POST['howapply'];
			$jobdur			= htmlspecialchars(@$_POST['jobduration'], ENT_QUOTES);
			$jobtype		= htmlspecialchars(@$_POST['jobtype'], ENT_QUOTES);
			$wagetype		= htmlspecialchars(@$_POST['wagetype'], ENT_QUOTES);
			$serializedhowto = serialize(@$howtoapp);
			$serializedhowto = addslashes(@$serializedhowto);
	}
	switch ($loc){
		case 'esrch':
			$pagedata = FUNCT_EMPLOYEE_SEARCH_FORM();
			if($_SERVER['REQUEST_METHOD'] == 'POST'){
				if(isset($_POST['searchstuff']) && !empty($_POST['searchstuff'])){
					$searching = $_POST['searchstuff'];
				}
				if(isset($_GET['search']) && !empty($_GET['search'])){
					$searching = base64_decode($_GET['search']);
				}
				$pagedata = FUNCT_EMPLOYEE_SEARCH($searching,$num_per_page,$page);
			}
			
			break;
		case 'ena':
			$jid = htmlspecialchars($_GET['jid'],ENT_QUOTES);
			
			mysql_query('UPDATE jobs SET `DATEPOSTED` = NOW(),`ISENABLED` = 1 WHERE `ISENABLED` = 0 AND `JID` = '.$jid.' AND `CID` = '.$_SESSION['cid'].' LIMIT 1');
				if(mysql_errno()){
					$statusmsg =  '<div class="errorbox">There was an error making the position active. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
				}else{
					$statusmsg =  '<div class="errorbox">Position is active.</div>';
				}	
			$pagedata = $statusmsg.FUNCT_JOB_LIST();						
			break;
		case 'list':
			$pagedata = $statusmsg.FUNCT_JOB_LIST();
			break;
		case 'ed':
			$jid = htmlspecialchars($_GET['jid'],ENT_QUOTES);
			if (!empty($jobtitle) && !empty($category)){
				mysql_query('UPDATE jobs SET CATID="'.$category.'",JOBTITLE="'.$jobtitle.'",JOBLOCATION="'.$joblocation.'",JOBDESCRIPTION="'.$jobdesc.'",JOBREQUIREMENTS="'.$experience.'",EDREQUIREMENTS="'.$edreq.'",BENEFITS="'.$benefits.'",DATEPOSTED=NOW(),HOWTOAPPLY="'.$serializedhowto.'",JOBDURATION="'.$jobdur.'",JOBTYPE="'.$jobtype.'",WAGETYPE="'.$wagetype.'" WHERE JID = '.$jid.' AND CID = '.$_SESSION['cid'].' LIMIT 1');
				if(mysql_errno()){
					$statusmsg =  '<div class="errorbox">There was an error updating the position. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
				}else{
					$statusmsg =  '<div class="errorbox">Position has been updated.</div>';
				}				 
			}
			$pagedata = $statusmsg.FUNCT_EDIT_JOB_FORM($jid);
			break;
		case 'del':
			$jid = htmlspecialchars($_GET['jid'], ENT_QUOTES);
			
			mysql_query('DELETE FROM jobs WHERE `JID` = '.$jid.' AND CID = '.$_SESSION['cid'].' LIMIT 1');
			if(mysql_errno()){
				$statusmsg =  '<div class="errorbox">There was an error deleting the position. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
			}else{
				$statusmsg =  '<div class="errorbox">The position has been deleted.</div>';
			}
			$pagedata = $statusmsg.FUNCT_JOB_LIST();
			break;
		case 'enter':
			if (($_SERVER['REQUEST_METHOD'] == 'POST') && $_SESSION['cid'] && isset($_POST['jobtitle']) && !empty($_POST['jobtitle'])){
				$result = mysql_query('INSERT INTO jobs (CID,CATID,JOBTITLE,JOBLOCATION,JOBDESCRIPTION,JOBREQUIREMENTS,EDREQUIREMENTS,BENEFITS,DATEPOSTED,HOWTOAPPLY,JOBDURATION,JOBTYPE,WAGETYPE,NUMDAYS) VALUES ('.$_SESSION['cid'].',"'.$category.'","'.$jobtitle.'","'.$joblocation.'","'.$jobdesc.'","'.$experience.'","'.$edreq.'","'.$benefits.'",NOW(),"'.$serializedhowto.'","'.$jobdur.'","'.$jobtype.'","'.$wagetype.'",7)');
				
				if(mysql_errno()){
					$statusmsg =  '<div class="errorbox">There was an error adding the position. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
				}else{
					$statusmsg =  '<div class="errorbox">Position has been added.</div>';
				}
			
			}
			$pagedata = $statusmsg.FUNCT_POST_JOB_FORM();
			break;
		case 'pw':
			if (($_SERVER['REQUEST_METHOD'] == 'POST') && !empty($_POST['pw0']) && !empty($_POST['pw1']) && !empty($_POST['pw2'])){
				$pw0 = htmlspecialchars($_POST['pw0'], ENT_QUOTES);
				$pw1 = htmlspecialchars($_POST['pw1'], ENT_QUOTES);
				$pw2 = htmlspecialchars($_POST['pw2'], ENT_QUOTES);
				if(strlen($pw1) < 6){
					$statusmsg =  '<div class="errorbox">Password must be at least 6 characters.</div>';
				} else {
					if($pw1 == $pw2){
						$result = mysql_query('SELECT * FROM companies WHERE `CID` = '.$_SESSION['cid'].' AND `PASSWORD` = "'.md5($pw0).'" LIMIT 1');
						$cnt = mysql_num_rows($result);
						if ($cnt == 0){
							$statusmsg =  '<div class="errorbox">Entered password does not match your current password.</div>';
						}else{
							mysql_query('UPDATE companies SET `PASSWORD` = "'.md5($pw1).'" WHERE `CID` = '.$_SESSION['cid'].' AND `PASSWORD` = "'.md5($pw0).'"');
							if(mysql_errno()){
								$statusmsg =  '<div class="errorbox">There was an error updating the password. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
							}else{
								$statusmsg =  '<div class="errorbox">Password has been changed.</div>';
							} 
						}
					}else{
						$statusmsg =  '<div class="errorbox">The new passwords do not match.</div>';
					}
				}
			}
			$pagedata = $statusmsg.FUNCT_COMPANY_PASSWORD_FRM();
			break;
		case 'coprofile':
			if (($_SERVER['REQUEST_METHOD'] == 'POST') && isset($_POST['coname']) && !empty($_POST['coname']) && isset($_POST['cid']) && ($_POST['cid'] == $_SESSION['cid'])){
				$cname	= htmlspecialchars($_POST['coname'], ENT_QUOTES);
				$add1	= htmlspecialchars($_POST['add1'], ENT_QUOTES);
				$add2	= htmlspecialchars($_POST['add2'], ENT_QUOTES);
				$city	= htmlspecialchars($_POST['city'], ENT_QUOTES);
				$state	= htmlspecialchars($_POST['state'], ENT_QUOTES);
				$zip	= htmlspecialchars($_POST['zip'], ENT_QUOTES);
				$phone	= htmlspecialchars($_POST['phone'], ENT_QUOTES);
				$fax	= htmlspecialchars($_POST['fax'], ENT_QUOTES);
				$name	= htmlspecialchars($_POST['contact'], ENT_QUOTES);
				$email	= htmlspecialchars($_POST['email'], ENT_QUOTES);
				$title	= htmlspecialchars($_POST['title'], ENT_QUOTES);
				$webste	= htmlspecialchars($_POST['website'], ENT_QUOTES);
				$about	= htmlspecialchars($_POST['about'], ENT_QUOTES);
				$result = mysql_query('UPDATE companies SET COMPANYNAME="'.$cname.'",MAILADDRESS1="'.$add1.'",MAILADDRESS2="'.$add2.'",CITY="'.$city.'",STATE="'.$state.'",ZIP="'.$zip.'",PHONE="'.$phone.'",FAX="'.$fax.'",CONTACT="'.$name.'",CONTACTEMAIL="'.$email.'",CONTACTTITLE="'.$title.'",WEBSITE="'.$webste.'",ABOUT="'.$about.'" WHERE CID = '.$_SESSION['cid']);
				if(mysql_errno()){
					$statusmsg =  '<div class="errorbox">There was an error updating your Company profile. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
				}else{
					$statusmsg =  '<div class="errorbox">Company profile has been updated</div>';
				}
			}
			$pagedata = $statusmsg.FUNCT_COMPANY_PROFILE();
			break;
		case 'messages':
			$statusmsg = '';
			
			$act = htmlspecialchars(@$_GET['act'],ENT_QUOTES);
			
			if (isset($_GET['a']) && !empty($_GET['a'])){
				$ar = htmlspecialchars($_GET['a'],ENT_QUOTES);
				$mid = htmlspecialchars($_GET['mid'],ENT_QUOTES);
				if(($ar == 'del') && is_numeric($mid)){
					// set company id to nothing specific so will delete from the list and still
					// be in the users list. 
					mysql_query('UPDATE mail SET TCID = -2, FCID = -2 WHERE ID='.$mid.' AND (TCID = '.$_SESSION['cid'].' OR FCID = '.$_SESSION['cid'].') LIMIT 1') or die();
					// now verify that the msg ids are not all -1 if so then delete the
					// line of code.
					mysql_query('DELETE FROM mail WHERE ID = '.$mid.' AND TUID = -2 AND FUID = -2 AND TCID = -2 AND FCID = -2 LIMIT 1') or die();
					$statusmsg = '<div class="errorbox">Item has been deleted</div><br />';
				}
			}  
			$pagedata = $statusmsg.FUNCT_EMPLOYER_EMAIL($act);
			break;
		case 'msg':
			$statusmsg = "";
			$act  = htmlspecialchars($_GET['act'],ENT_QUOTES);
			if(isset($_GET['a']) && !empty($_GET['a'])){
				$a = htmlspecialchars($_GET['a'],ENT_QUOTES);
			}else{
				$a = '';
			}
			if (($_SERVER['REQUEST_METHOD'] == 'POST') && isset($_POST['touser']) && !empty($_POST['touser'])){
				$tuid = htmlspecialchars($_POST['touser'], ENT_QUOTES);
				$tsbj = htmlspecialchars($_POST['tsbj'], ENT_QUOTES);
				$tmsg = htmlspecialchars($_POST['myreply'], ENT_QUOTES);
				
				mysql_query('INSERT INTO mail (TUID,FCID,UID,CID,SUBJECT,MESSAGE,SENTDATE) VALUES ('.$tuid.','.$_SESSION['cid'].','.$tuid.','.$_SESSION['cid'].',"'.$tsbj.'","'.$tmsg.'",NOW())') or die();
				$statusmsg = '<div class="errorbox">Mail has been sent.</div>';
			}
			$pagedata = $statusmsg.FUNCT_SHOW_EMPLOYER_MSG($act,$a);
			break;

	}
}elseif($_SESSION['cid'] && ($_SESSION['acctype'] == 'seeker')){
	$statusmsg = '';
	switch ($loc){
		case 'resumes':
			if (isset($_GET['act']) && is_numeric($_GET['act'])){
				$act = htmlspecialchars($_GET['act'], ENT_QUOTES);
				switch ($act){
					case 1:  // add a resume
						if($_SERVER['REQUEST_METHOD'] == 'POST'){
							$restit = htmlspecialchars($_POST['resumetitle'], ENT_QUOTES);
							$resbod = htmlspecialchars($_POST['resumebody'], ENT_QUOTES);
							$searchable = '';
							if ( htmlspecialchars($_POST['searchable'], ENT_QUOTES) == 'on') {
								$searchable = 'CHECKED';
							}
							$result = mysql_query('SELECT * FROM resumes WHERE UID = '.$_SESSION['cid']);
							$cnt = mysql_num_rows($result);
							if ($cnt < $numresumes){
								$result = mysql_query('INSERT INTO resumes (UID,RESUMETITLE,RESUMEBODY,SEARCHABLE,DATEPOSTED) VALUES ('.$_SESSION['cid'].',"'.$restit.'","'.$resbod.'","'.$searchable.'",NOW())');
								if(mysql_errno()){
									$statusmsg =  '<div class="errorbox">There was an error inserting your resume. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
									$pagedata = $statusmsg.FUNCT_RESUME_LIST();
								}else{
									$statusmsg = '<div class="errorbox">The resume has been added successfully.</div>';
									$pagedata = $statusmsg.FUNCT_RESUME_LIST();
								}
							}else{
								$statusmsg = '<div class="errorbox">You may only enter '.$numresumes.' resumes.</span></div>';
							}
						}else{
							$pagedata = $statusmsg.FUNCT_RESUME_FORM();
						}
						break;
					case 2:  // edit a resume
						if(is_numeric($_GET['id'])){
							$id = htmlspecialchars($_GET['id'], ENT_QUOTES);
							if($_SERVER['REQUEST_METHOD'] == 'POST'){
								$restit = htmlspecialchars($_POST['resumetitle'], ENT_QUOTES);
								$resbod = htmlspecialchars($_POST['resumebody'], ENT_QUOTES);
								$searchable = '';
								if ( htmlspecialchars(@$_POST['searchable'], ENT_QUOTES) == 'on') {
									$searchable = 'CHECKED';
								}
								
								mysql_query('UPDATE resumes SET RESUMETITLE = "'.$restit.'", RESUMEBODY = "'.$resbod.'", SEARCHABLE="'.$searchable.'", DATEPOSTED = NOW() WHERE ID = '.$id.' AND UID = '.$_SESSION['cid'].' LIMIT 1');
								if(mysql_errno()){
									$statusmsg =  '<div class="errorbox">There was an error updating the resume. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
									$pagedata = $statusmsg.FUNCT_RESUME_LIST();
								}else{
									$statusmsg =  '<div class="errorbox">Resume updated successfully.</div>';
									$pagedata = $statusmsg.FUNCT_RESUME_LIST();
								}
								
							}else{
								$pagedata = $statusmsg.FUNCT_EDIT_RESUME_FORM($id);
							}
						}
						break;
					case 3:  //  delete a resume
						if(is_numeric($_GET['id'])){
							$id = htmlspecialchars($_GET['id'], ENT_QUOTES);
							mysql_query('DELETE FROM resumes WHERE UID = '.$_SESSION['cid'].' AND ID = '.$id.' LIMIT 1');
							if(mysql_errno()){
								$statusmsg =  '<div class="errorbox">There was an error attempting to delete the resume. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
							}else{
								$statusmsg =  '<div class="errorbox">Resume deleted successfully.</div>';
								$pagedata = $statusmsg.FUNCT_RESUME_LIST();
							}
						}
						break;
				}
			}else{
				$pagedata = $statusmsg.FUNCT_RESUME_LIST();
			}
			break;
		case 'covers':
			if (isset($_GET['act']) && is_numeric($_GET['act'])){
				$act = htmlspecialchars($_GET['act'], ENT_QUOTES);
				switch ($act){
					case 1:  // add a cover letter
						if($_SERVER['REQUEST_METHOD'] == 'POST'){
							$covtit = htmlspecialchars($_POST['covertitle'], ENT_QUOTES);
							$covbod = htmlspecialchars($_POST['coverbody'], ENT_QUOTES);
							$searchable = '';
							if ( htmlspecialchars(@$_POST['searchable'], ENT_QUOTES) == 'on') {
								$searchable = 'CHECKED';
							}
							$result = mysql_query('SELECT * FROM covers WHERE UID = '.$_SESSION['cid']);
							$cnt = mysql_num_rows($result);
							if ($cnt < $numcovers){
								$result = mysql_query('INSERT INTO covers (UID,COVERTITLE,COVERBODY,SEARCHABLE,DATEPOSTED) VALUES ('.$_SESSION['cid'].',"'.$covtit.'","'.$covbod.'","'.$searchable.'",NOW())');
								if(mysql_errno()){
									$statusmsg =  '<div class="errorbox">There was an error inserting your cover letter. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
									$pagedata = $statusmsg.FUNCT_COVER_LIST();
								}else{
									$statusmsg = '<div class="errorbox">The cover letter has been added successfully.</div>';
									$pagedata = $statusmsg.FUNCT_COVER_LIST();
								}
							}else{
								$statusmsg = '<div class="errorbox">You may only enter '.$numcovers.' cover letter.</span></div>';
							}
						}else{
							$pagedata = $statusmsg.FUNCT_COVER_FORM();
						}
						break;
					case 2:  // edit a cover letter
						if(is_numeric($_GET['id'])){
							$id = htmlspecialchars($_GET['id'], ENT_QUOTES);
							if($_SERVER['REQUEST_METHOD'] == 'POST'){
								$covtit = htmlspecialchars($_POST['covertitle'], ENT_QUOTES);
								$covbod = htmlspecialchars($_POST['coverbody'], ENT_QUOTES);
								$searchable = '';
								if ( htmlspecialchars($_POST['searchable'], ENT_QUOTES) == 'on') {
									$searchable = 'CHECKED';
								}
															
								mysql_query('UPDATE covers SET COVERTITLE = "'.$covtit.'", COVERBODY = "'.$covbod.'", SEARCHABLE= "'.$searchable.'", DATEPOSTED = NOW() WHERE ID = '.$id.' AND UID = '.$_SESSION['cid'].' LIMIT 1');
								if(mysql_errno()){
									$statusmsg =  '<div class="errorbox">There was an error updating the cover letter. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
									$pagedata = $statusmsg.FUNCT_COVER_LIST();
								}else{
									$statusmsg =  '<div class="errorbox">Cover letter updated successfully.</div>';
									$pagedata = $statusmsg.FUNCT_COVER_LIST();
								}
								
							}else{
								$pagedata = $statusmsg.FUNCT_EDIT_COVER_FORM($id);
							}
						}
						break;
					case 3:  //  delete a cover letter
						if(is_numeric($_GET['id'])){
							$id = htmlspecialchars($_GET['id'], ENT_QUOTES);
							mysql_query('DELETE FROM covers WHERE UID = '.$_SESSION['cid'].' AND ID = '.$id.' LIMIT 1');
							if(mysql_errno()){
								$statusmsg =  '<div class="errorbox">There was an error attempting to delete the cover letter. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
							}else{
								$statusmsg =  '<div class="errorbox">Cover letter deleted successfully.</div>';
								$pagedata = $statusmsg.FUNCT_COVER_LIST();
							}
						}
						break;
				}
			}else{
				$pagedata = $statusmsg.FUNCT_COVER_LIST();
			}
			break;
		case 'pw':
			if (($_SERVER['REQUEST_METHOD'] == 'POST') && !empty($_POST['pw0']) && !empty($_POST['pw1']) && !empty($_POST['pw2'])){
				$pw0 = htmlspecialchars($_POST['pw0'], ENT_QUOTES);
				$pw1 = htmlspecialchars($_POST['pw1'], ENT_QUOTES);
				$pw2 = htmlspecialchars($_POST['pw2'], ENT_QUOTES);
				if(strlen($pw1) < 6){
					$statusmsg =  '<div class="errorbox">Password must be at least 6 characters.</div>';
				} else {
					if($pw1 == $pw2){
						$result = mysql_query('SELECT * FROM users WHERE `UID` = '.$_SESSION['cid'].' AND `PASSWORD` = "'.md5($pw0).'" LIMIT 1');

							$cnt = mysql_num_rows($result);
							if ($cnt == 0){
								$statusmsg =  '<div class="errorbox">Entered password does not match your current password.</div>';
							}else{
								$result = mysql_query('UPDATE users SET `PASSWORD` = "'.md5($pw1).'" WHERE `UID` = '.$_SESSION['cid'].' LIMIT 1');
								if(mysql_errno()){
									$statusmsg =  '<div class="errorbox">There was an error updating the password. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
								}else{
									$statusmsg =  '<div class="errorbox">Password has been changed.</div>';
								}
							
						}
					}else{
						$statusmsg =  '<div class="errorbox">The new passwords do not match.</div>';
					}
				}
			}
			$pagedata = $statusmsg.FUNCT_USER_PASSWORD_FRM();		
			break;
		case 'prof':
			if (isset($_GET['act']) && is_numeric($_GET['act'])){
				if($_GET['act'] == 1){
					$statusmsg = '<div class="errorbox">Profile updated.</div>';
					$fname 	= 	htmlspecialchars($_POST['fname'], ENT_QUOTES);
					$lname 	= 	htmlspecialchars($_POST['lname'], ENT_QUOTES);
					$add1	=	htmlspecialchars($_POST['add1'], ENT_QUOTES);
					$add2	=	htmlspecialchars($_POST['add2'], ENT_QUOTES);
					$city	=	htmlspecialchars($_POST['city'], ENT_QUOTES);
					$state	=	htmlspecialchars($_POST['state'], ENT_QUOTES);
					$zip	=	htmlspecialchars($_POST['zip'], ENT_QUOTES);
					$phone	=	htmlspecialchars($_POST['phone'], ENT_QUOTES);
					$email	=	htmlspecialchars($_POST['email'], ENT_QUOTES);
					$web	=	htmlspecialchars($_POST['website'], ENT_QUOTES);
					mysql_query('UPDATE users SET FIRSTNAME = "'.$fname.'", LASTNAME = "'.$lname.'",STREETADDRESS1 = "'.$add1.'", STREETADDRESS2 = "'.$add2.'", CITY = "'.$city.'", STATE = "'.$state.'", ZIP = "'.$zip.'", PHONE = "'.$phone.'", EMAIL = "'.$email.'", WEBSITE = "'.$web.'" WHERE UID = '.$_SESSION['cid'].' LIMIT 1');
					if(mysql_errno()){
						$statusmsg =  '<div class="errorbox">There was an error updating the profile. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
					}else{
						$statusmsg =  '<div class="errorbox">Profile has been updated.</div>';
					}
				}
			}
			$pagedata = $statusmsg.FUNCT_USER_PROFILE();
			break;
		case 'messages':
			
			$statusmsg = '';
			if(isset($_GET['act'])&& !empty($_GET['act'])){
				$act = htmlspecialchars($_GET['act'],ENT_QUOTES);
			}else{ $act =''; }

			if (isset($_GET['a']) && !empty($_GET['a'])){
				$ar = htmlspecialchars($_GET['a'],ENT_QUOTES);
				$mid = htmlspecialchars($_GET['mid'],ENT_QUOTES);
				if(($ar == 'del') && is_numeric($mid)){
					// set company id to nothing specific so will delete from the list and still
					// be in the users list. 
					mysql_query('UPDATE mail SET TUID = -2, FUID = -2 WHERE ID='.$mid.' AND (TUID = '.$_SESSION['cid'].' OR FUID = '.$_SESSION['cid'].') LIMIT 1') or die();
					// now verify that the msg ids are not all -1 if so then delete the
					// line of code.
					mysql_query('DELETE FROM mail WHERE ID = '.$mid.' AND TUID = -2 AND FUID = -2 AND TCID = -2 AND FCID = -2 LIMIT 1') or die();
					$statusmsg = '<div class="errorbox">Item has been deleted</div><br />';
				}
			}  
			$pagedata = $statusmsg.FUNCT_USER_EMAIL($act);
			break;
		case 'msg':
			$statusmsg = "";
			$act  = htmlspecialchars($_GET['act'],ENT_QUOTES);
			if(isset($_GET['a']) && !empty($_GET['a'])){
				$a = htmlspecialchars($_GET['a'],ENT_QUOTES);
			}else{
				$a ='';
			}
			if (($_SERVER['REQUEST_METHOD'] == 'POST') && isset($_POST['touser']) && !empty($_POST['touser'])){
				$tuid = htmlspecialchars($_POST['touser'], ENT_QUOTES);
				$tsbj = htmlspecialchars($_POST['tsbj'], ENT_QUOTES);
				$tmsg = htmlspecialchars($_POST['myreply'], ENT_QUOTES);
				
				mysql_query('INSERT INTO mail (TCID,FUID,UID,CID,SUBJECT,MESSAGE,SENTDATE) VALUES ('.$tuid.','.$_SESSION['cid'].','.$_SESSION['cid'].','.$tuid.',"'.$tsbj.'","'.$tmsg.'",NOW())') or die();
				$statusmsg = '<div class="errorbox">Mail has been sent.</div>';
			}
			$pagedata = $statusmsg.FUNCT_SHOW_USER_MSG($act,$a);
			break;
	}
}


$loginfrm = str_replace('%LOGINERROR%',$loginerror,$loginfrm);
$mainpage = str_replace('%JOBDATA%',$pagedata,$mainpage);
$mainpage = str_replace('%USERMENU%',$usermenu,$mainpage);
$mainpage = str_replace('%LOGINFORM%',$loginfrm,$mainpage);

if (strrpos($mainpage, '%CATEGORIES%') > 0){
	$cats = FUNCT_CATS_LIST();
	$mainpage = str_replace('%CATEGORIES%',$cats,$mainpage);
}

if (strrpos($mainpage, '%SEARCHFORM%') > 0){
	$searchfrm = SEARCH_FORM();
	$mainpage = str_replace('%SEARCHFORM%',$searchfrm,$mainpage);
}
$pagehdr = file_get_contents('mjl-themes/'.$theme.'/master_header.theme.html');
$pageftr = file_get_contents('mjl-themes/'.$theme.'/master_footer.theme.html');
echo $pagehdr.$mainpage.$pageftr;

function FUNCT_CATS_LIST(){
	
	$result = mysql_query("SELECT * FROM categories ORDER BY CATEGORY ASC");
	$retval = '<div class="catblock"><table border="0"  cellspacing="0" cellpadding="0" class="cattbl">';
	while($row = mysql_fetch_array($result)){
		$retval .= '<tr><td class="catcl"><a href="?loc=cat&cat='.$row['CATEGORY'].'">'.$row['CATEGORY'].'</a></td></tr>';
	}
	$retval .= '</table></div>';
	return $retval; 
}

?>
Return current item: MyJobList