Location: PHPKode > projects > MyJobList > MyJobList.v0.1/mjl-admin/index.php
<?php

session_start();
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
include('../mjl-includes/settings.inc.php');
include('../mjl-includes/db.inc.php');

if(!isset($_SESSION['IS_ADMIN'])){
	$_SESSION['IS_ADMIN'] = '';
}

$act ='';
$a = '';
$loc = '';
$statmsg = '';
$ack = '';

if ( $_SESSION['IS_ADMIN'] == $admin_catch ){
	if(($_SERVER['REQUEST_METHOD'] == 'POST')||($_SERVER['REQUEST_METHOD'] == 'GET')){
		if (isset($_GET['act']) && !empty($_GET['act'])){
			$act = htmlspecialchars($_GET['act'],ENT_QUOTES);
		}
	}
	$sysmsg = '';
	switch ($act) {
		case 'settings':
			if($_SERVER['REQUEST_METHOD'] == 'POST'){
				$theme 				= htmlspecialchars($_POST['theme'],ENT_QUOTES);
				$num_per_page 		= htmlspecialchars($_POST['num_per_page'],ENT_QUOTES);
				$runcron 			= htmlspecialchars($_POST['runcron'],ENT_QUOTES);
				$regurl 			= htmlspecialchars($_POST['regurl'],ENT_QUOTES);
				$mjlmail 			= htmlspecialchars($_POST['mjlmail'],ENT_QUOTES);
				$org 				= htmlspecialchars($_POST['org'],ENT_NOQUOTES);
				$url 				= htmlspecialchars($_POST['url'],ENT_QUOTES);
				$numresumes 		= htmlspecialchars($_POST['numresumes'],ENT_QUOTES);
				$numcovers 			= htmlspecialchars($_POST['numcovers'],ENT_QUOTES);
				$recaptcha 			= htmlspecialchars($_POST['recaptcha'],ENT_QUOTES);
				$recaptcha_public 	= htmlspecialchars($_POST['recaptcha_public'],ENT_QUOTES);
				$recaptcha_private 	= htmlspecialchars($_POST['recaptcha_private'],ENT_QUOTES);
				$autoreg 			= htmlspecialchars($_POST['autoreg'],ENT_QUOTES);
				$admin_uname 		= htmlspecialchars($_POST['admin_uname'],ENT_QUOTES);
				$admin_pw 			= htmlspecialchars($_POST['admin_pw'],ENT_QUOTES);
				$admin_catch 		= htmlspecialchars($_POST['admin_catch'],ENT_NOQUOTES);
				
				$sysmsg = FUNCT_WRITE_SETTINGS($theme, $num_per_page,$runcron,$regurl,$mjlmail,addslashes($org), $url,$numresumes,$numcovers,$recaptcha,$recaptcha_public,$recaptcha_private,$autoreg,$admin_uname,$admin_pw,addslashes($admin_catch));
			}
			$pbody = $sysmsg.'<br />'.FUNCT_SETTINGS($theme, $num_per_page,$runcron,$regurl,$mjlmail,$org, $url,$numresumes,$numcovers,$recaptcha,$recaptcha_public,$recaptcha_private,$autoreg,$admin_uname,$admin_pw,$admin_catch);
			break;
		case 'user':
			if(($_SERVER['REQUEST_METHOD'] == 'GET') || ($_SERVER['REQUEST_METHOD'] == 'POST')) {
				if(isset($_GET['loc']) && !empty($_GET['loc'])){
					$loc = htmlspecialchars($_GET['loc'],ENT_QUOTES);
				}
				if(isset($_GET['a']) && !empty($_GET['a'])){
					$a = htmlspecialchars($_GET['a'],ENT_QUOTES);
				}
				if(isset($_GET['id']) && !empty($_GET['id'])){
					$id = htmlspecialchars($_GET['id'],ENT_QUOTES);
				}
				if(isset($_GET['ack']) && !empty($_GET['ack'])){
					$ack = htmlspecialchars($_GET['ack'],ENT_QUOTES);
				}
			}
			switch($a){
				case 'e':
					if ($_SERVER['REQUEST_METHOD'] == 'POST'){
						$statmsg = '<div class="errorbox">User updated.</div>';
						$fname 	= 	htmlspecialchars($_POST['fname'], ENT_QUOTES);
						$lname 	= 	htmlspecialchars($_POST['lname'], ENT_QUOTES);
						$add1	=	htmlspecialchars($_POST['add1'], ENT_QUOTES);
						$add2	=	htmlspecialchars($_POST['add2'], ENT_QUOTES);
						$city	=	htmlspecialchars($_POST['city'], ENT_QUOTES);
						$state	=	htmlspecialchars($_POST['state'], ENT_QUOTES);
						$zip	=	htmlspecialchars($_POST['zip'], ENT_QUOTES);
						$phone	=	htmlspecialchars($_POST['phone'], ENT_QUOTES);
						$email	=	htmlspecialchars($_POST['email'], ENT_QUOTES);
						$web	=	htmlspecialchars($_POST['website'], ENT_QUOTES);
					
						mysql_query('UPDATE users SET FIRSTNAME = "'.$fname.'", LASTNAME = "'.$lname.'",STREETADDRESS1 = "'.$add1.'", STREETADDRESS2 = "'.$add2.'", CITY = "'.$city.'", STATE = "'.$state.'", ZIP = "'.$zip.'", PHONE = "'.$phone.'", EMAIL = "'.$email.'", WEBSITE = "'.$web.'" WHERE UID = '.$id.' LIMIT 1');
					}
					$statmsg = $statmsg.FUNCT_USER_EDIT($loc, $id);
					break;
				case 'd':
					if ($ack != 'Y'){
						$statmsg =  '<div style="padding:5px;margin:10px">You are about to delete a user account.  This change is permanent.  If you are certain you want to make the change please click <a href="?act=user&loc='.$loc.'&a=d&id='.$id.'&ack=Y">Agree</a></div>';
					}else{
						$statmsg = '';
					}
					if ($ack == 'Y'){
						mysql_query('DELETE FROM users WHERE UID = '.$id) or die(mysql_errno().', '.mysql_error());
						mysql_query('DELETE FROM covers WHERE UID = '.$id) or die(mysql_errno().', '.mysql_error());
						mysql_query('DELETE FROM resumes WHERE UID = '.$id) or die(mysql_errno().', '.mysql_error());
					}				
					break;
				case 'r':
					mysql_query('UPDATE users SET APPROVED = 1 WHERE UID='.$id.' LIMIT 1') or die(mysql_errno().', '.mysql_error());
					$statmsg = FUNT_SEND_USER_APPROVAL($id);
					break;
				
			}
			$pbody = $statmsg.FUNCT_USER($loc);
			break;
		case 'employer':
			if(($_SERVER['REQUEST_METHOD'] == 'GET') || ($_SERVER['REQUEST_METHOD'] == 'POST')) {
				if(isset($_GET['loc']) && !empty($_GET['loc'])){
					$loc = htmlspecialchars($_GET['loc'],ENT_QUOTES);
				}
				if(isset($_GET['a']) && !empty($_GET['a'])){
					$a = htmlspecialchars($_GET['a'],ENT_QUOTES);
				}
				if(isset($_GET['id']) && !empty($_GET['id'])){
					$id = htmlspecialchars($_GET['id'],ENT_QUOTES);
				}
				if(isset($_GET['ack']) && !empty($_GET['ack'])){
					$ack = htmlspecialchars($_GET['ack'],ENT_QUOTES);
				}
				switch($a){
					case 'j':
						if(isset($_GET['p']) && !empty($_GET['p'])){
							if(isset($_GET['jid']) && !empty($_GET['jid'])){
								$p = htmlspecialchars($_GET['p'],ENT_QUOTES);
								$jid = htmlspecialchars($_GET['jid'],ENT_QUOTES);
								switch ($p){
									case 'ena';
										mysql_query('UPDATE jobs SET `DATEPOSTED` = NOW(),`ISENABLED` = 1 WHERE `ISENABLED` = 0 AND `JID` = '.$jid.' AND `CID` = '.$id.' LIMIT 1') or die(mysql_errno().', '.mysql_error());
										break;
									case 'del':		
										mysql_query('DELETE FROM jobs WHERE `JID` = '.$jid.' AND CID = '.$id.' LIMIT 1') or die(mysql_errno().', '.mysql_error());
										break;
									case 'edit':								
										if ($_SERVER['REQUEST_METHOD'] == 'POST'){
											$jobtitle		= htmlspecialchars($_POST['jobtitle'], ENT_QUOTES);
											$joblocation 	=  htmlspecialchars($_POST['joblocation'], ENT_QUOTES);
											$jobdesc		= htmlspecialchars($_POST['jobdescription'], ENT_QUOTES);
											$experience		= htmlspecialchars($_POST['jobrequirements'], ENT_QUOTES);
											$edreq			= htmlspecialchars($_POST['edrequirements'], ENT_QUOTES);
											$benefits		= htmlspecialchars($_POST['benefits'], ENT_QUOTES);
											$category		= htmlspecialchars($_POST['categories'], ENT_QUOTES);
											$howtoapp[]		= $_POST['howapply'];
											$jobdur			= htmlspecialchars($_POST['jobduration'], ENT_QUOTES);
											$jobtype		= htmlspecialchars($_POST['jobtype'], ENT_QUOTES);
											$wagetype		= htmlspecialchars($_POST['wagetype'], ENT_QUOTES);
											$serializedhowto = serialize($howtoapp);
											$serializedhowto = addslashes($serializedhowto);

											if (!empty($jobtitle) && !empty($category)){
												mysql_query('UPDATE jobs SET CATID="'.$category.'",JOBTITLE="'.$jobtitle.'",JOBLOCATION="'.$joblocation.'",JOBDESCRIPTION="'.$jobdesc.'",JOBREQUIREMENTS="'.$experience.'",EDREQUIREMENTS="'.$edreq.'",BENEFITS="'.$benefits.'",DATEPOSTED=NOW(),HOWTOAPPLY="'.$serializedhowto.'",JOBDURATION="'.$jobdur.'",JOBTYPE="'.$jobtype.'",WAGETYPE="'.$wagetype.'" WHERE JID = '.$jid.' AND CID = '.$id.' LIMIT 1');
												if(mysql_errno()){
													$statusmsg =  '<div class="errorbox">There was an error updating the position. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
												}else{
													$statusmsg =  '<div class="errorbox">Position has been updated.</div>';
												}				 
											}
										}
										$statusmsg = $statusmsg.FUNCT_EDIT_JOB_FORM($jid, $id);			
										break;
								}
							}
						}
						$pbody = $statusmsg.FUNCT_JOB_LIST($id).'</td></tr></table>';
						break;
					case 'e': //edit the employer stuff
						if ($_SERVER['REQUEST_METHOD'] == 'POST'){
							$name 				= htmlspecialchars($_POST['name']);
							$addy1 				= htmlspecialchars($_POST['addy1']);
							$addy2 				= htmlspecialchars($_POST['addy2']);
							$city 				= htmlspecialchars($_POST['city']);
							$state 				= htmlspecialchars($_POST['state']);
							$zip 				= htmlspecialchars($_POST['zip']);
							$phone 				= htmlspecialchars($_POST['phone']);
							$fax 				= htmlspecialchars($_POST['fax']);
							$contact 			= htmlspecialchars($_POST['contact']);
							$title 				= htmlspecialchars($_POST['title']);
							$email 				= htmlspecialchars($_POST['email']);
							$website 			= htmlspecialchars($_POST['website']);
							if(!empty($_POST['pw2']) && isset($_POST['pw2'])){
								$pw1 				= htmlspecialchars($_POST['pw']);
								$pw2 				= htmlspecialchars($_POST['pw2']);
							}else{
								$pw1 = '';
								$pw2 = '';
							}
							
							$statmsg .= FUNCT_UPDATE_EMPLOYER($name,$addy1,$addy2,$city,$state,$zip,$phone,$fax,$contact,$title,$email,$website,$pw1,$pw2,$id);
						}
						$statmsg = $statmsg.FUNCT_EMPLOYER_EDIT($loc,$id);
						break;
					case 'd':  // delete the employer stuff
						if ($ack != 'Y'){
							$statmsg =  '<div style="padding:5px;margin:10px">You are about to delete an employer.  This change is permanent.  If you are certain you want to make the change please click <a href="?act=employer&loc='.$loc.'&a=d&id='.$id.'&ack=Y">Agree</a></div>';
						}else{
							$statmsg = '';
						}
						if ($ack == 'Y'){
							mysql_query('DELETE FROM companies WHERE CID = '.$id) or die(mysql_errno().', '.mysql_error());
							mysql_query('DELETE FROM jobs WHERE CID = '.$id) or die(mysql_errno().', '.mysql_error());
						}
						break;
					case 'r':  //enable a waiting employer
						mysql_query('UPDATE companies SET APPROVED = 1 WHERE CID='.$id.' LIMIT 1') or die(mysql_errno().', '.mysql_error());
						$statmsg = FUNT_SEND_EMPLOYER_APPROVAL($id);
						break;
				}
			}
			if ($a != 'j'){
				$pbody = $statmsg.FUNCT_EMPLOYER($loc);
			}
			break;
		case 'categories':
			if($_SERVER['REQUEST_METHOD'] == 'POST'){
				if (isset($_POST['cat']) && !empty($_POST['cat'])){
					$cat = htmlspecialchars($_POST['cat'],ENT_QUOTES);
					mysql_query('INSERT INTO categories (CATEGORY) VALUES ("'.$cat.'")') or die(mysql_errno().', '.mysql_error());
					$statmsg = '<div class="errorbox">Category Added</div>';
				}
			}
			if($_SERVER['REQUEST_METHOD'] == 'GET'){
				if (isset($_GET['loc']) && !empty($_GET['loc'])){
					$loc = htmlspecialchars($_GET['loc'],ENT_QUOTES);
					$id = htmlspecialchars($_GET['id'],ENT_QUOTES);
					if($loc == 'd'){
						mysql_query("DELETE FROM categories WHERE CATID = '.$id.' LIMIT 1") or die(mysql_errno().', '.mysql_error());
						$statmsg = '<div class="errorbox">Category Deleted</div>';
					}
				}
			}
			$pbody = $statmsg.FUNCT_SHOW_CATS();
			break;
		case 'logout':
			session_destroy();
			header("Location: #");
			break;
		default;
			$pbody = '';
			//$pbody = FUNCT_SETTINGS($theme, $num_per_page,$runcron,$regurl,$mjlmail,$org, $url,$numresumes,$numcovers,$recaptcha,$recaptcha_public,$recaptcha_private,$autoreg,$admin_uname,$admin_pw,$admin_catch);
	}
	
	// DO ADMIN STUFF HERE
	echo FUNCT_HDR_HEAD();
	echo '<table width="100%" cellpadding="5" cellspacing="0" border="0">
		<tr>
			<td style="border-bottom:1px solid #888888">
				<table width="100%" cellpadding="0" cellspacing="2" border="0">
					<tr>
						<td align="left" width="100">	
							<a href="?act=settings">Settings</a>
						</td>
						<td align="left" width="100">	
							<a href="?act=user">User Management</a>
						</td>
						<td align="left" width="100">	
							<a href="?act=employer">Employer Management</a>
						</td>
						<td align="left" width="100">	
							<a href="?act=categories">Categories</a>
						</td>
						<td align="left" width="100">
							<a href="?act=logout">Log Out</a>
						</td>
						<td>
						</td>
					</tr>
				</table>
			</td>
		</tr>
		<tr>
			<td>';
	echo $pbody;			
	echo '
				</td>
		</tr>
	</table>';

	echo FUNCT_FTR_FOOT();
}else{
	// NOT ADMIN LETS CHECK TO SEE IF THE FORM AS ACTIVATED
	if( $_SERVER['REQUEST_METHOD'] == 'POST' ){
		if(isset($_POST['auname']) && !empty($_POST['auname'])){
			if(isset($_POST['pw']) && !empty($_POST['pw'])){
				$auname = htmlspecialchars($_POST['auname'],ENT_QUOTES);
				$pw = htmlspecialchars($_POST['pw'],ENT_QUOTES);
				if ( $auname == $admin_uname ){
					if( $pw == $admin_pw ){
						$_SESSION['IS_ADMIN'] = $admin_catch;
						header('LOCATION: #');
					}else{
						header('LOCATION: #');
					}
				}else{
					header('LOCATION: #');
				}
			}else{
				header('LOCATION: #');
			}
		}else{
			header('LOCATION: #');
		}
	}else{
		echo FUNCT_HDR_HEAD();
		echo '<div class="logonfrm">
			<form method="POST" action="index.php">
				Username: <input type="TEXT" name="auname" /><br />
				Password: <input type="PASSWORD" name="pw" /><br />
				<input type="SUBMIT" value="Log On" />
			</form>
		</div>';
		echo FUNCT_FTR_FOOT();	
	}
}

function FUNT_SEND_USER_APPROVAL($uid){
	$result = mysql_query('SELECT * FROM users WHERE UID = '.$uid.' LIMIT 1');
	$row = mysql_fetch_array($result);
	
	if (FUNCT_SEND_EMAIL($row['EMAIL'], $row['USERNAME'], "user", $uid)){
		$retval = '<div class="errorbox">User enabled and message sent.</div>';
	}
	return $retval;

}

function FUNT_SEND_EMPLOYER_APPROVAL($cid){
	$result = mysql_query('SELECT * FROM companies WHERE CID = '.$cid.' LIMIT 1');
	$row = mysql_fetch_array($result);
	
	if (FUNCT_SEND_EMAIL($row['CONTACTEMAIL'], $row['USERNAME'], "employer", $cid)){
		$retval = '<div class="errorbox">Employer enabled and message sent.</div>';
	}
	return $retval;
}

function FUNCT_SEND_EMAIL($rcpt, $uname, $utyp, $eid){

	global $mjlmail;
	global $org;
	global $url;
	
	$org = stripslashes($org);
	
	$headers = "From: ".$mjlmail."\r\n"; // From address
	$headers .= "Reply-To: ".$mjlmail."\r\n"; // Reply-to address
	$headers .= "Organization: ".$org."\r\n"; // Organisation
	$headers .= 'MIME-Version: 1.0' . "\r\n";
	$headers .= "Content-Type: text/html; charset=iso-8859-1\r\n"; // Type
	
	$tmppass = FUNCT_QUICK_PASS();
	
	if ($utyp == 'user'){
		mysql_query('UPDATE users SET PASSWORD = "'.md5($tmppass).'" WHERE UID = '.$eid.' LIMIT 1') or die(mysql_errno().', '.mysql_error());
	}elseif($utyp == 'employer'){
		mysql_query('UPDATE companies SET PASSWORD = "'.md5($tmppass).'" WHERE CID = '.$eid.' LIMIT 1') or die(mysql_errno().', '.mysql_error());
	}
	
	$subj = $org .' Registration';
	$regmsg = 'Your account on '.$org.' has been enabled by the administrator at <a href="'.$url.'">'.$url.'</a>. Below is the information you need to login to the service:<br /><br />
	username: <strong>'.$uname.'</strong><br />
	password: <strong>'.$tmppass.'</strong><br /><br />
	You can login at <a href="'.$url.'">'.$url.'</a><br /><br />';

	if(ereg("^.+@.+\\..+$", $rcpt)) {
		if(mail($rcpt, $subj, $regmsg, $headers)){
			return TRUE;
		}else{
			return FALSE;
		}
	}else{
		return FALSE;
	}
}

function FUNCT_QUICK_PASS(){
	$rID = md5(mt_rand(1, 2048));
	$id = md5($rID . microtime());
	$retval = substr($id, 0, 6);
	
	return $retval;
}

function FUNCT_SHOW_CATS() {
	$result = mysql_query('SELECT * FROM categories ORDER BY CATEGORY ASC');
	
	$retval = '<form method="POST" action="?act=categories">
				<input type="text" name="cat" size="55" /><input type="submit" value="add" />
				</form><hr>';
				
	$retval .= '<table cellpadding="3" cellspacing="0" border="0" style="width:350px; margin:auto;">';
	$bg = '';
	while($row = mysql_fetch_array($result)){
		if($bg == '#eeeeee'){
			$bg = '#dddddd';
		}else{
			$bg = '#eeeeee';
		}
		
		$retval .= '<tr><td align="left" style="background-color:'.$bg.'">'.$row['CATEGORY'].'</td><td align="center" style="background-color:'.$bg.'"><a href="?act=categories&loc=d&id='.$row['CATID'].'">Delete</a></td></tr>';
	}
	$retval .= '</table>';
	
	return $retval;
}

function FUNCT_USER($pointer = 'a'){
	$retval = "<center>";
	foreach(range('a','z') as $i){
		 $retval .= '&nbsp;<a href="?act=user&loc='.$i.'">'.$i.'</a>&nbsp;';
	}
	$retval .= "</center>";
	
	$result = mysql_query('SELECT * FROM users WHERE `USERNAME` LIKE "'.$pointer.'%" ORDER BY `USERNAME` ASC');
	$cnt = mysql_num_rows($result);
	if ($cnt > 0){
		$retval .= '<br /><table width="100%" cellpadding="2" cellspacing="0" border="0">
		<tr><th style="border-bottom:1px dotted #000000;border-right:1px dotted #000000">Username</th><th style="border-bottom:1px dotted #000000;border-right:1px dotted #000000">Lastname, Firstname</th><th style="border-bottom:1px dotted #000000;border-right:1px dotted #000000">Phone</th><th style="border-bottom:1px dotted #000000;border-right:1px dotted #000000">Email</th><th style="border-bottom:1px dotted #000000;border-right:1px dotted #000000">Status</th><th style="border-bottom:1px dotted #000000">Action</th></tr>';
		while($row=mysql_fetch_array($result)){
			if ($row['APPROVED'] == 0){
				$cstatus = 'waiting';
				$caction = '&nbsp;&nbsp;&nbsp;<a href="?act=user&loc='.$pointer.'&a=r&id='.$row['UID'].'">enable</a>';
			}else{
				$cstatus = 'ok';
				$caction = '';
			}
			$retval .= '<TR><TD align="left" style="border-right:1px dotted #000000"><a href="?act=user&loc='.$pointer.'&a=e&id='.$row['UID'].'">'.$row['USERNAME'].'</a></TD><TD align="left"  style="border-right:1px dotted #000000">'.$row['LASTNAME'].', '.$row['FIRSTNAME'].'</TD><TD align="left"  style="border-right:1px dotted #000000">'.$row['PHONE'].'</TD><TD  style="border-right:1px dotted #000000">'.$row['EMAIL'].'</TD><TD align="left"  style="border-right:1px dotted #000000">'.$cstatus.'</TD><TD align="left"><a href="?act=user&loc='.$pointer.'&a=e&id='.$row['UID'].'">edit</a>&nbsp;&nbsp;&nbsp;<a href="?act=user&loc='.$pointer.'&a=d&id='.$row['UID'].'">delete</a> '.$caction.'</TD></TR>';			
		}
		$retval .= '</table>';
	}
	return $retval;
}

function FUNCT_USER_EDIT($position, $cid){

	$result = mysql_query('SELECT * FROM users WHERE UID = '.$cid.' LIMIT 1');
	$cnt = mysql_num_rows($result);
	if ($cnt > 0){
		$row = mysql_fetch_array($result);
	}

$profform = '<br /><form method="POST" action="?act=user&loc='.$position.'&a=e&id='.$cid.'">
<table style="margin:auto" width="450" cellspacing="2" cellpadding="0" border="0">
	<tr>
		<td colspan="2" align="left">
			<< <a href="?act=user&loc='.$position.'">close</a> >><br />
		</td>
	</tr>
	<tr><td align="right">First Name: &nbsp;</td><td align="left"><input type="TEXT" name="fname" size="35" value="'.$row['FIRSTNAME'].'" /></td></tr>
	<tr><td align="right">Last Name: &nbsp;</td><td align="left"><input type="TEXT" name="lname" size="35" value="'.$row['LASTNAME'].'" /></td></tr>
	
	<tr><td align="right">Mail Address 1: &nbsp;</td><td align="left"><input type="TEXT" name="add1" size="45" value="'.$row['STREETADDRESS1'].'" /></td></tr>
	
	<tr><td align="right">Mail Address 2: &nbsp;</td><td align="left"><input type="TEXT" name="add2" size="45" value="'.$row['STREETADDRESS2'].'" /></td></tr>
	
	<tr><td align="right">City: &nbsp;</td><td align="left"><input type="TEXT" name="city" value="'.$row['CITY'].'" /></td></tr>
	
	<tr><td align="right">State: &nbsp;</td><td align="left"><input type="TEXT" name="state" value="'.$row['STATE'].'" /></td></tr>
	
	<tr><td align="right">Zip: &nbsp;</td><td align="left"><input type="TEXT" name="zip" value="'.$row['ZIP'].'" /></td></tr>
	
	<tr><td align="right">Phone: &nbsp;</td><td align="left"><input type="TEXT" name="phone" size="25" value="'.$row['PHONE'].'" /></td></tr>


	<tr><td align="right">Email: &nbsp;</td><td align="left"><input type="TEXT" name="email" size="45" value="'.$row['EMAIL'].'" /></td></tr>
	
	<tr><td align="right">Website: &nbsp;</td><td align="left"><input type="TEXT" name="website" size="55" value="'.$row['WEBSITE'].'" /></td></tr>

	<tr><td colspan="2" align="center"><input type="submit" value="Update User" /></td></tr>
</table></form><br /><br />';

	return $profform;
}

function FUNCT_UPDATE_EMPLOYER($n,$a1,$a2,$c,$s,$z,$p,$fx,$con,$t,$e,$w,$p1,$p2,$eid){

	if(empty($p1) || empty($p2)){
		mysql_query('UPDATE companies SET COMPANYNAME="'.$n.'",MAILADDRESS1="'.$a1.'",MAILADDRESS2="'.$a2.'",CITY="'.$c.'",STATE="'.$s.'",ZIP="'.$z.'",PHONE="'.$p.'",FAX="'.$fx.'",CONTACT="'.$con.'",CONTACTTITLE="'.$t.'",CONTACTEMAIL="'.$e.'",WEBSITE="'.$w.'" WHERE CID = '.$eid.' LIMIT 1') or die(mysql_errno().', '.mysql_error()); 
		$retval = 'Employer account has been updated.';
	}elseif(!empty($p1) && !empty($p2)){
		if($p1 == $p2){
			mysql_query('UPDATE companies SET COMPANYNAME="'.$n.'",MAILADDRESS1="'.$a1.'",MAILADDRESS2="'.$a2.'",CITY="'.$c.'",STATE="'.$s.'",ZIP="'.$z.'",PHONE="'.$p.'",FAX="'.$fx.'",CONTACT="'.$con.'",CONTACTTITLE="'.$t.'",CONTACTEMAIL="'.$e.'",WEBSITE="'.$w.'", PASSWORD="'.md5($p1).'" WHERE CID = '.$eid.' LIMIT 1') or die(mysql_errno().', '.mysql_error()); 
			$retval = 'Employer account and password has been updated.';
		}else{
			mysql_query('UPDATE companies SET COMPANYNAME="'.$n.'",MAILADDRESS1="'.$a1.'",MAILADDRESS2="'.$a2.'",CITY="'.$c.'",STATE="'.$s.'",ZIP="'.$z.'",PHONE="'.$p.'",FAX="'.$fx.'",CONTACT="'.$con.'",CONTACTTITLE="'.$t.'",CONTACTEMAIL="'.$e.'",WEBSITE="'.$w.'" WHERE CID = '.$eid.' LIMIT 1') or die(mysql_errno().', '.mysql_error()); 
			$retval = 'Employer account has been updated, but not the password due to mismatch.';			
		}
	}
	return $retval;
}

function FUNCT_EMPLOYER_EDIT($position,$eid){
	$result = mysql_query('SELECT * FROM companies WHERE CID = '.$eid.' LIMIT 1') or die(mysql_errno().', '.mysql_error());
	$cnt = mysql_num_rows($result);
	if ($cnt > 0 ){
		$row = mysql_fetch_array($result);
		
		$retval = '<br /><br /><form method="POST" action="index.php?act=employer&loc='.$position.'&a=e&id='.$eid.'"><table style="margin:auto" width="450" cellpadding="3" cellspacing="0" border="0"><tr><td align="right">Company Name</td><td align="left"><input type="TEXT" size="45" name="name" value="'.$row['COMPANYNAME'].'" /></td></tr>
		<tr><td align="right">Address 1</td><td align="left"><input type="TEXT" size="45" name="addy1" value="'.$row['MAILADDRESS1'].'" /></td></tr>
		<tr><td align="right">Address 2</td><td align="left"><input type="TEXT" size="45" name="addy2" value="'.$row['MAILADDRESS2'].'" /></td></tr>
		<tr><td align="right">City</td><td align="left"><input type="TEXT" size="45" name="city" value="'.$row['CITY'].'" /></td></tr>
		<tr><td align="right">State</td><td align="left"><input type="TEXT" size="45" name="state" value="'.$row['STATE'].'" /></td></tr>
		<tr><td align="right">Zip</td><td align="left"><input type="TEXT" size="45" name="zip" value="'.$row['ZIP'].'" /></td></tr>
		<tr><td align="right">Phone</td><td align="left"><input type="TEXT" size="45" name="phone" value="'.$row['PHONE'].'" /></td></tr>
		<tr><td align="right">Fax</td><td align="left"><input type="TEXT" size="45" name="fax" value="'.$row['FAX'].'" /></td></tr>
		<tr><td align="right">Contact</td><td align="left"><input type="TEXT" size="45" name="contact" value="'.$row['CONTACT'].'" /></td></tr>
		<tr><td align="right">Title</td><td align="left"><input type="TEXT" size="45" name="title" value="'.$row['CONTACTTITLE'].'" /></td></tr>
		<tr><td align="right">Email</td><td align="left"><input type="TEXT" size="45" name="email" value="'.$row['CONTACTEMAIL'].'" /></td></tr>
		<tr><td align="right">Website</td><td align="left"><input type="TEXT" size="45" name="website" value="'.$row['WEBSITE'].'" /></td></tr>
		<tr><td colspan="2" align="center"><br /><br />Only Enter below if you want to change the password</td></tr>
		<tr><td align="right">Password</td><td align="left"><input type="PASSWORD" size="45" name="pw" value="'.$row['PASSWORD'].'" /></td></tr>
		<tr><td align="right">Re-enter Password</td><td align="left"><input type="PASSWORD" size="45" name="pw2" /></td></tr>
		<tr><td colspan="2" align="right"><input type="SUBMIT" value="Save" /></td></tr></table></form><br /><br />';
		
	}
	
	return $retval;
}

function FUNCT_EMPLOYER($pointer = 'a'){
	$retval = "<center>";
	foreach(range('a','z') as $i){
		 $retval .= '&nbsp;<a href="?act=employer&loc='.$i.'">'.$i.'</a>&nbsp;';
	}
	$retval .= "</center>";
	
	$result = mysql_query('SELECT * FROM companies WHERE `COMPANYNAME` LIKE "'.$pointer.'%" ORDER BY `COMPANYNAME` DESC');
	$cnt = mysql_num_rows($result);
	if ($cnt > 0){
		$retval .= '<br /><table width="100%" cellpadding="2" cellspacing="0" border="0">';
		while($row=mysql_fetch_array($result)){
			if ($row['APPROVED'] == 0){
				$cstatus = 'waiting';
				$caction = '&nbsp;&nbsp;&nbsp;<a href="?act=employer&loc='.$pointer.'&a=r&id='.$row['CID'].'">enable</a>';
			}else{
				$cstatus = 'ok';
				$caction = '';
			}
			$retval .= '<TR><TD align="left"><a href="?act=employer&a=j&id='.$row['CID'].'">'.$row['COMPANYNAME'].'</a></TD><TD align="left">'.$row['CONTACT'].'</TD><TD align="left">'.$row['CONTACTEMAIL'].'</TD><TD align="left">'.$row['PHONE'].'</TD><TD align="left">'.$cstatus.'</TD><TD align="left"><a href="?act=employer&loc='.$pointer.'&a=e&id='.$row['CID'].'">edit</a>&nbsp;&nbsp;&nbsp;<a href="?act=employer&loc='.$pointer.'&a=d&id='.$row['CID'].'">delete</a> '.$caction.'</TD></TR>';
		}
		
		$retval .= '</table>';
	}else{
		$retval .= '<br /><center>No companies to list</center>';
	}
	
	return $retval;
}

function FUNCT_WRITE_SETTINGS($etheme, $enum_per_page,$eruncron,$eregurl,$emjlmail,$eorg, $eurl,$enumresumes,$enumcovers,$erecaptcha,$erecaptcha_public,$erecaptcha_private,$eautoreg,$eadmin_uname,$eadmin_pw,$eadmin_catch){

	$content =
	"<?php\n\n
	\$theme = '".$etheme."';\n
	\$num_per_page = '".$enum_per_page."';\n
	\$runcron = '".$eruncron."';\n
	\$regurl =  '".$eregurl."';\n
	\$mjlmail = '".$emjlmail."';\n
	\$org = '".$eorg."';\n
	\$url =  '".$eurl."';\n
	\$numresumes = '".$enumresumes."';\n
	\$numcovers = '".$enumcovers."';\n
	\$recaptcha = '".$erecaptcha."';\n
	\$recaptcha_public = '".$erecaptcha_public."';\n
	\$recaptcha_private = '".$erecaptcha_private."';\n
	\$autoreg = '".$eautoreg."';\n
	\$admin_uname = '".$eadmin_uname."';\n
	\$admin_pw = '".$eadmin_pw."';\n
	\$admin_catch = '".$eadmin_catch."';\n\n
	?>";
	

	$filename = "../mjl-includes/settings.inc.php";
	$file = fopen($filename, "w") or die("Cannot open ".$file_name);
	fwrite($file, $content );
	fclose($file);
	
	$retval = '<div class="errorbox">Settings saved!</div>';
	
	return $retval;
}

function FUNCT_SETTINGS($etheme, $enum_per_page,$eruncron,$eregurl,$emjlmail,$eorg, $eurl,$enumresumes,$enumcovers,$erecaptcha,$erecaptcha_public,$erecaptcha_private,$eautoreg,$eadmin_uname,$eadmin_pw,$eadmin_catch){
	$content = '';
	
	foreach(glob('../mjl-themes/*', GLOB_ONLYDIR) as $dir) {
    	$dir = str_replace('../mjl-themes/', '', $dir);
    	$content .= '<option value="'.$dir.'">'.$dir.'</option>';
	}
	
	$retval = '<form method="post" action="?act=settings"><table width="100%" cellpadding="5" cellspacing="2" border="0">
		<tr><td align="left">Theme</td><td align="left"><SELECT name="theme"><option selected value="'.$etheme.'">'.$etheme.'</option>'.$content.'</SELECT></td></tr>
		<tr><td align="left">Jobs Per Page</td><td align="left"><input size="15" type="TEXT" name="num_per_page" value="'.$enum_per_page.'" /></td></tr>
		<tr>
		<td colspan="2">&nbsp;</td>
		</tr>
		<tr>
			<td colspan="2" style="text-align:left;background-color:#FFFFCC">Run cron can have a value of 0 being off or 1 being on.  Run Cron allows for the auto clean up of old job listings that are past due.  Turning cron off, will make the system check dates and provide clean up every time the page is reloaded.</td>
		</tr>
		<tr><td align="left">Run Cron</td><td align="left"><input size="15" type="TEXT" name="runcron" value="'.$eruncron.'" /></td></tr>
		<tr>
		<td colspan="2">&nbsp;</td>
		</tr>
		<tr>
			<td colspan="2" style="text-align:left;background-color:#FFFFCC">Registration URL is the absolute web address to register.php entered without the http:// and the should end with trailing slash / example:  yourdomain.com/mjl/</td>
		</tr>
		<tr><td align="left">Registration URL</td><td align="left"><input size="45" type="TEXT" name="regurl" value="'.$eregurl.'" /></td></tr>
		<tr>
		<td colspan="2">&nbsp;</td>
		</tr>
		<tr>
			<td colspan="2" style="text-align:left;background-color:#FFFFCC">Email and Organization should be entered to confirmidentity when sending emails to your users. </td>
		</tr>
		<tr><td align="left">Email</td><td align="left"><input size="45" type="TEXT" name="mjlmail" value="'.$emjlmail.'" /></td></tr>
		<tr><td align="left">Organization</td><td align="left"><input size="45" type="TEXT" name="org" value="'.stripslashes($eorg).'" /></td></tr>
				<tr>
		<td colspan="2">&nbsp;</td>
		</tr>
		<tr>
			<td colspan="2" style="text-align:left;background-color:#FFFFCC">URL is the url to your website where users will login to My Job List.  It should have the http://.</td>
		</tr>
		<tr><td align="left">URL</td><td align="left"><input size="45" type="TEXT" name="url" value="'.$eurl.'" /></td></tr>
		<tr>
		<td colspan="2">&nbsp;</td>
		</tr>
		<tr>
			<td colspan="2" style="text-align:left;background-color:#FFFFCC">Number of Resumes and Number of Cover letters is the total number you will allow a user to save on your system.</td>
		</tr>
		<tr><td align="left">Number of Resumes</td><td align="left"><input size="15" type="TEXT" name="numresumes" value="'.$enumresumes.'" /></td></tr>
		<tr><td align="left">Number of Cover Letters</td><td align="left"><input size="15" type="TEXT" name="numcovers" value="'.$enumcovers.'" /></td></tr>
		<tr>
		<td colspan="2">&nbsp;</td>
		</tr>
		<tr>
			<td colspan="2" style="text-align:left;background-color:#FFFFCC">Available options are 0 for off and 1 for on.  Enabling reCaptcha will turn on the feature during registration to verify if a person is human or not.  You must supply a public and private key for your site.  You can learn more at <a href="http://www.google.com/recaptcha/learnmore" target="_blank">http://www.google.com/recaptcha/learnmore</a></td>
		</tr>
		<tr><td align="left">Use reCaptcha</td><td align="left"><input size="45" type="TEXT" name="recaptcha" value="'.$erecaptcha.'" /></td></tr>
		<tr><td align="left">reCaptcha Public key</td><td align="left"><input size="55" type="TEXT" name="recaptcha_public" value="'.$erecaptcha_public.'" /></td></tr>
		<tr><td align="left">reCaptcha Private Key</td><td align="left"><input size="55" type="TEXT" name="recaptcha_private" value="'.$erecaptcha_private.'" /></td></tr>
		<tr>
		<td colspan="2">&nbsp;</td>
		</tr>
		<tr>
			<td colspan="2" style="text-align:left;background-color:#FFFFCC">Allow auto registration enables auto registration for employers.  Options are 0 for off and 1 for on.  It is our recommendation that auto registration be kept off and manually verify and enable employers to keep shady two bit crooks out of the mix.</td>
		</tr>
		<tr><td align="left">Allow auto registration</td><td align="left"><input size="15" type="TEXT" name="autoreg" value="'.$eautoreg.'" /> (not in place yet, so employers must be manually enabled)</td></tr>
		<tr>
		<td colspan="2">&nbsp;</td>
		</tr>
		<tr>
			<td colspan="2" style="text-align:left;background-color:#FFFFCC">This area gives you access to this page.  The Unique phrase is for verification to enter this page.  If a users session doesn\'t match the unique phrase then that user will not be able to remain logged in.</td>
		</tr>
		<tr><td align="left">Admin Username</td><td align="left"><input size="45" type="TEXT" name="admin_uname" value="'.$eadmin_uname.'" /></td></tr>
		<tr><td align="left">Admin Password</td><td align="left"><input size="45" type="PASSWORD" name="admin_pw" value="'.$eadmin_pw.'" /></td></tr>
		<tr><td align="left">Unique Phrase</td><td align="left"><input size="45" type="TEXT" name="admin_catch" value="'.stripslashes($eadmin_catch).'" /></td></tr>
		<tr><td colspan="2"><input type="SUBMIT" value="Save Settings" /></td></tr>
	</table></form>';
			
	return $retval;
}

function FUNCT_HDR_HEAD(){
	$retval = '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
<title>My Job List - Admin</title>
</head>

<body>
	<div class="wrapper">';

return $retval;

}

function FUNCT_FTR_FOOT(){

	$retval = ' </div></body>
	</html>';
	
	return $retval;
}

function FUNCT_JOB_LIST($cid){  //this is the list seen in the employer area
	global $theme;
	
	$result = mysql_query('SELECT * FROM jobs WHERE `CID` = '.$cid.' ORDER BY `DATEPOSTED` DESC' );
	
	$name_result = mysql_query('SELECT * FROM companies WHERE CID = '.$cid.' LIMIT 1');
	$row2 = mysql_fetch_array($name_result);
	$row2['COMPANYNAME'];
	
	$jobform	.= '<table border="0" cellspacing="0" cellpadding="0" width="100%">
		<tr>
			<td colspan="4" align="left">
				<h2>'.$row2['COMPANYNAME'].' Jobs</h2>
			</td>
		</tr>
		<tr>
			<td>Job Title</td><td>Posted</td><td>Active</td><td>Action</td>
		</tr>';
	while ($row = mysql_fetch_array($result)){
		if ($jlistentry == 'emplistentry1'){
			$jlistentry = 'emplistentry2';
		}else{
			$jlistentry = 'emplistentry1';
		}
		if ($row['ISENABLED'] == 1){
			$isactive = 'Y';
			$enableit = "";
		}else{
			$isactive = 'N';
			$enableit = ' | <a href="?act=employer&a=j&p=ena&jid='.$row['JID'].'&id='.$cid.'" title="Enable Position">Enable</a>';
		} 
		$jobform	.= '<tr><td align="left"><a href="?act=employer&a=j&p=edit&jid='.$row['JID'].'&id='.$cid.'" title="Edit Position">'.$row['JOBTITLE'].'</a></td><td align="center">'.$row['DATEPOSTED'].'</td><td align="center">'.$isactive.'</td><td align="center"><a href="?act=employer&a=j&p=edit&jid='.$row['JID'].'&id='.$cid.'" title="Edit Position">Edit</a> | <a href="?act=employer&a=j&p=del&jid='.$row['JID'].'&id='.$cid.'" title="Delete Position">Delete</a>'.$enableit.'</td></tr>';
	}
	$jobform		.= '</table>';

	return $jobform;
}

function FUNCT_EDIT_JOB_FORM($ejid,$cid){
	global $theme;

	$result = mysql_query('SELECT * FROM jobs WHERE `JID` = '.$ejid.' AND `CID` = '.$cid.' LIMIT 1');

	while ($row = mysql_fetch_array($result)){
		$jtitle 		= $row['JOBTITLE'];
		$jlocation		= $row['JOBLOCATION'];
		$company 		= $row['CID'];
		$catid 			= $row['CATID'];
		$jdescription 	= $row['JOBDESCRIPTION'];
		$jrequirements 	= $row['JOBREQUIREMENTS'];
		$edrequirements	= $row['EDREQUIREMENTS'];
		$benefits 		= $row['BENEFITS'];
		$dateposted 	= $row['DATEPOSTED'];
		$howtoapply 	= unserialize(stripslashes($row['HOWTOAPPLY']));
		$jduration 		= $row['JOBDURATION'];
		$jtype 			= $row['JOBTYPE'];
		$wagetype 		= $row['WAGETYPE'];
	}
	
	$jobform .= '<div style="width:100%;text-align:center;"><form method="POST" action="?act=employer&a=j&p=edit&jid='.$ejid.'&id='.$cid.'">
	
	<table cellspacing="0" cellpadding="4" border="0" width="500" style="margin:auto;">
		<tr>
			<td colspan="2" align="left">
				<< <a href="?act=employer&a=j&id='.$cid.'">Hide</a> >>
			</td>
		</tr>
		<tr>
			<td colspan="2">Job Title:&nbsp;&nbsp;<input type="TEXT" size="50" name="jobtitle" value="'.$jtitle.'" /></td>
		</tr>
		<tr>
			<td colspan="2">Job Location:&nbsp;&nbsp;<input type="TEXT" size="45" name="joblocation" value="'.$jlocation.'" /></td>
		</tr>
		<tr>
			<td colspan="2">Job Description</td>
		</tr>
		<tr>
			<td colspan="2"><TEXTAREA rows="5" name="jobdescription" cols="56" rows="10">'.$jdescription.'</TEXTAREA></td>
		</tr>
		<tr>
			<td colspan="2">Experience Requirements</td>
		</tr>
		<tr>
			<td colspan="2"><TEXTAREA rows="5" name="jobrequirements" cols="56" rows="10">'.$jrequirements.'</TEXTAREA></td>
		</tr>
		<tr>
			<td colspan="2">Educational Requirements</td>
		</tr>
		<tr>
			<td colspan="2"><TEXTAREA rows="5" name="edrequirements" cols="56" rows="10">'.$edrequirements.'</TEXTAREA></td>
		</tr>
		<tr>
			<td colspan="2">Benefits</td>
		</tr>
		<tr>
			<td colspan="2"><TEXTAREA rows="5" name="benefits" cols="56" rows="10">'.$benefits.'</TEXTAREA></td>
		</tr>';
		
	$result = mysql_query('SELECT * FROM categories ORDER BY `CATEGORY` ASC');
	while($row = mysql_fetch_array($result)){
		$selectval .= '<option value="'.trim($row['CATEGORY']).'">'.trim($row['CATEGORY']).'</option>';
	}
	
	$jobform .= '
		<tr>
			<td colspan="2">
			Category<br />
			<select name="categories"><option value="'.$catid.'" SELECTED>'.$catid.'</option>'.$selectval.'</select>
			</td>
		</tr>
		<tr>
			<td colspan="2">How To Apply<br />
				by email<input type="CHECKBOX" value="email" name="howapply[]" />
				by phone<input type="CHECKBOX" value="phone" name="howapply[]" />
				by fax<input type="CHECKBOX" value="fax" name="howapply[]" />
				by regular mail <input type="CHECKBOX" value="mail" name="howapply[]" />
				by online<input type="CHECKBOX" value="online" name="howapply[]" />
			</td>
		</tr>
		<tr>
			<td>Job Duration<br />
				<select name="jobduration">
					<option value="'.$jduration.'" SELECTED>'.$jduration.'</option>
					<option value="Internship">Internship</option>
					<option value="Regular">Regular</option>
					<option value="School Year">School Year</option>
					<option value="Seasonal">Seasonal</option>
					<option value="Services-Domestic">Services-Domestic</option>
					<option value="Temp">Temp</option>
					<option value="Temp to Hire">Temp to Hire</option>
					<option value="Trials - Medical, Clinical">Trials - Medical, Clinical</option>
					<option value="Volunteer">Volunteer</option>
				</select>
			</td>
			<td>
				Job Type<br />
				<select name="jobtype">
					<option value="'.$jtype.'" SELECTED>'.$jtype.'</option>
					<option value="Contract">Contract</option>
					<option value="Full Time">Full Time</option>
					<option value="Part Time - All">Part Time - All</option>
					<option value="Part Time - less than 20 hours">Part Time - less than 20 hours</option>
					<option value="Per Diem">Per Diem</option>
				</select>
			</td>
		</tr>
		<tr>
			<td>
				Wage Type<br />
				<select name="wagetype">
					<option value="'.$wagetype.'" SELECTED>'.$wagetype.'</option>
					<option value="Annual Salary">Annual Salary</option>
					<option value="Commission Only">Commission Only</option>
					<option value="Contract">Contract</option>
					<option value="Draw on Future Comm">Draw on Future Comm</option>
					<option value="Draw Plus Commission">Draw Plus Commission</option>
					<option value="Hourly Wage">Hourly Wage</option>
					<option value="Other Wage Type">Other Wage Type</option>
					<option value="">Per Diem</option>
					<option value="Per Diem">Per Mile</option>
					<option value="Salary Plus Commission">Salary Plus Commission</option>
					<option value="Volunteer">Volunteer</option>
				</select>
			</td><td><input type="SUBMIT" value="Update Position" class="jobbutton" />
		</tr>
	</table>
	</form></div>';

	return $jobform;
}


?>
Return current item: MyJobList