<?php
session_start();
header ("Cache-control: private");
include('mjl-includes/settings.inc.php');
include('mjl-includes/db.inc.php');
if(($_SERVER['REQUEST_METHOD'] == 'GET') && isset($_GET['recover']) && !empty($_GET['recover'])){
$recover = trim(htmlspecialchars($_GET['recover'], ENT_QUOTES));
$strtest = substr($recover, 0, 4);
if($strtest == 'empl'){
$recover = substr($recover, 4);
$result = mysql_query('SELECT USERNAME,CONTACTEMAIL FROM companies WHERE TEMP = "'.$recover.'" LIMIT 1');
$cnt = mysql_num_rows($result);
if($cnt > 0){
$row = mysql_fetch_array($result);
$newpass = FUNCT_QUICK_PASS();
mysql_query('UPDATE companies SET PASSWORD = "'.md5($newpass).'", TEMP = "" WHERE TEMP = "'.$recover.'" LIMIT 1');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error changing your password. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
if(MAIL_NEW_PASS($row['USERNAME'],$row['CONTACTEMAIL'], $newpass)){
$mainpage = $statusmsg.'<br /><br />Your new password has been emailed to the address provided.';
}else{
$statusmsg = '<div class="errorbox">There was an error emailing your password. Please contact support.</div>';
}
}
}
}else{
$result = mysql_query('SELECT USERNAME, EMAIL FROM users WHERE TEMP = "'.$recover.'" LIMIT 1');
$cnt = mysql_num_rows($result);
if($cnt > 0){
$row = mysql_fetch_array($result);
$newpass = FUNCT_QUICK_PASS();
mysql_query('UPDATE users SET PASSWORD = "'.md5($newpass).'", TEMP = "" WHERE TEMP = "'.$recover.'" LIMIT 1');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error changing your password. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
if(MAIL_NEW_PASS($row['USERNAME'],$row['EMAIL'], $newpass)){
$mainpage = $statusmsg.'<br /><br />Your new password has been emailed to the address provided.';
}else{
$statusmsg = '<div class="errorbox">There was an error emailing your password. Please contact support.</div>';
}
}
}
}
$pagehdr = file_get_contents('mjl-themes/'.$theme.'/master_header.theme.html');
$pageftr = file_get_contents('mjl-themes/'.$theme.'/master_footer.theme.html');
$mainpage = $pagehdr.$mainpage.$pageftr;
echo $mainpage;
exit;
}
// Verification to see if a token is being passed or the person
// is visiting the registration page to register
if(($_SERVER['REQUEST_METHOD'] == 'GET') && isset($_GET['token']) && !empty($_GET['token'])){
$token = trim(htmlspecialchars($_GET['token'], ENT_QUOTES));
$strtest = substr($token, 0, 4);
// validate whether the users is a job seeker or employer registering
if($strtest == 'empl'){
// validate if you have autoregistration turned on for employers
if($autoreg == 1){
// remove the empl tag and update the status of the employer
$token = substr($token, 4);
$mainpage = FUNCT_UPDATE_EMPLOYER_STATUS($token);
}
}else{
$mainpage = FUNCT_UPDATE_USER_STATUS($token);
}
}else{
// if the page is loaded we verify if it is being loaded because of a post or
// because the page was loaded directly
if($_SERVER['REQUEST_METHOD'] == 'POST'){
// if we get a post method response then we check to see if recaptcha was enabled
// if it was enabled then we check for the proper entry of the recaptcha statement
if ($recaptcha == 1){
require_once('mjl-includes/recaptchalib.php');
$resp = recaptcha_check_answer ($recaptcha_private,$_SERVER["REMOTE_ADDR"],$_POST["recaptcha_challenge_field"],$_POST["recaptcha_response_field"]);
if ($resp->is_valid) {
$captcha_ok = 1;
} else {
$captcha_ok = 0;
}
}else{
$captcha_ok = 1;
}
$mainpage = file_get_contents('mjl-themes/'.$theme.'/register_results.theme.html');
// if the recaptcha statement was correct we send the data along its way.
if($captcha_ok == 1){
// Now lets verify that the registration type was selected and if selected we allow
// entry into the data area. If the select is not made it will be equal to zero
// if it is selected then it will equal 1.
if (count($_POST['regtype']) == 0){
$statusmsg = '<div class="errorbox">Are you a Job Seeker or Employer? Hit your back button and make a selection</div>';
$mainpage = str_replace('%RESULTS%',$statusmsg,$mainpage);
}elseif(count($_POST['regtype']) == 1){
// so we learned that the user successfully selected one of the radio options
// and we take all the form variables and scrub them so that there wont be any
// concern of having some sort of sql injection that would make everyones day aweful.
$regtype = $_POST['regtype'];
$uname = htmlspecialchars($_POST['uname'],ENT_QUOTES);
$fname = htmlspecialchars($_POST['fname'],ENT_QUOTES);
$lname = htmlspecialchars($_POST['lname'],ENT_QUOTES);
$cname = htmlspecialchars($_POST['coname'],ENT_QUOTES);
$email = htmlspecialchars($_POST['email'],ENT_QUOTES);
$phone = htmlspecialchars($_POST['phone'],ENT_QUOTES);
$add1 = htmlspecialchars($_POST['add1'],ENT_QUOTES);
$add2 = htmlspecialchars($_POST['add2'],ENT_QUOTES);
$city = htmlspecialchars($_POST['city'],ENT_QUOTES);
$state = htmlspecialchars($_POST['state'],ENT_QUOTES);
$zip = htmlspecialchars($_POST['zip'],ENT_QUOTES);
// We got out datas and scrubbed it now we want to check to see if the person submitting the
// form is a job seeker or an emplyer.
if ($regtype == 'employer'){
// if it's an employer lets make sure that the name has not been registred before.
// and that it is the proper length.
$result = mysql_query('SELECT * FROM companies WHERE USERNAME = "'.$uname.'" OR CONTACTEMAIL = "'.$email.'"');
$cnt = mysql_num_rows($result);
//if no employers with the same username and email are currently registered then lets continue
if($cnt == 0 ){
$contact = $fname.' '.$lname;
// using the md5 hash we make their registration key based off of
// username, email and first and last name.
$temp_key = md5($uname.$email.$contact);
// lets verify that the email is properly written out and
// if it is then lets add the data to the database.
if(isValidEmail($email)){
$result = mysql_query('INSERT INTO companies (USERNAME,COMPANYNAME,MAILADDRESS1,MAILADDRESS2,CITY,STATE,ZIP,PHONE,CONTACT,CONTACTEMAIL,APPROVED) VALUES ("'.$uname.'","'.$cname.'","'.$add1.'","'.$add2.'","'.$city.'","'.$state.'","'.$zip.'","'.$phone.'","'.$contact.'","'.$email.'","'.$temp_key.'")');
// check for errors while adding to the database
// if no errors then thank the user for registering.
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error updating the position. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
// Employer information was successfully added to the database so
// it's time to verify if auto registration is turned on and if sso
// send the registration email and let the employer know
// that they need to confirm their account.
//<--we are going to do some email stuff here -->
if($autoreg == 1){
employmail($email,$temp_key);
}
$statusmsg = '<DIV class="acctreg">'.file_get_contents('mjl-letters/employer_registration.letter.html').'</DIV>';
}
}else{
// Employer has entered an invalid email format.
$statusmsg = '<div class="errorbox">The email you entered is not in the right format please hit the back button and reenter it.</div>';
}
$mainpage = str_replace('%RESULTS%',$statusmsg,$mainpage);
}else{
// The employer is trying to register a name that has already been registered.
$statusmsg = '<div class="errorbox">The account has been registered, please login with your username and password.</div>';
$mainpage = str_replace('%RESULTS%',$statusmsg,$mainpage);
}
}elseif($regtype=='seeker') {
// if it's an seeker lets make sure that the name has not been registred before.
// and that it is the proper length.
$result = mysql_query('SELECT * FROM users WHERE USERNAME = "'.$uname.'" OR EMAIL = "'.$email.'"');
$cnt = mysql_num_rows($result);
// if the job seeker hasn't been registered then lets continue and add the datas
if($cnt == 0 ){
// create a registration key based off username and email.
$temp_key = md5($uname.$email);
// We have to validate the email and make sure it is in the right format
// we dont want job seekers and bots not being able to recieve our emails
// especially for auto registration.
if(isValidEmail($email)){
$result = mysql_query('INSERT INTO users (USERNAME,FIRSTNAME,LASTNAME,STREETADDRESS1,STREETADDRESS2,CITY,STATE,ZIP,PHONE,EMAIL,APPROVED) VALUES ("'.$uname.'","'.$fname.'","'.$lname.'","'.$add1.'","'.$add2.'","'.$city.'","'.$state.'","'.$zip.'","'.$phone.'","'.$email.'","'.$temp_key.'")');
if(mysql_errno()){
$statusmsg = '<div class="errorbox">There was an error updating the position. Please contact support. (<span class="error">Error: '.mysql_errno().', '.mysql_error().'</span>)</div>';
}else{
// Job seeker information was successfully added to the database so
// it's time to send the registration email and let the users know
// that they need to confirm the email address by clicking on the link provided.
if(seekmail($email,$temp_key)){
$statusmsg = '<DIV class="acctreg">'.file_get_contents('mjl-letters/job_seeker_registration.letter.html').'</DIV>';
}else{
$statusmsg = '<div class="errorbox">There was an error in the registration process please contact the administrator.</div>';
}
}
}else{
$statusmsg = '<div class="errorbox">The email you entered is not in the right format please hit the back button and reenter it.</div>';
}
$mainpage = str_replace('%RESULTS%',$statusmsg,$mainpage);
}else{
$statusmsg = '<div class="errorbox">The account has been registered, please login with your username and password.</div>';
$mainpage = str_replace('%RESULTS%',$statusmsg,$mainpage);
}
}
}
}else{
// If the recaptcha statment was incorrect we display an error message
// and let the user know.
$statusmsg = '<div class="errorbox">Your recaptcha response was incorrect, please click the back button and reenter your validation.</div>';
$mainpage = str_replace('%RESULTS%',$statusmsg,$mainpage);
}
}else{
// The page is loaded from the web without a get or post response
// the registration form is displayed
$mainpage = file_get_contents('mjl-themes/'.$theme.'/register_form.theme.html');
// we check to see if recaptcha is displayed and remove the
// theme targets
if ($recaptcha == 1){
require_once('mjl-includes/recaptchalib.php');
$mainpage = str_replace('%RECAPTCHA%',recaptcha_get_html($recaptcha_public, $error),$mainpage);
}else{
$mainpage = str_replace('%RECAPTCHA%','',$mainpage);
}
}
}
$pagehdr = file_get_contents('mjl-themes/'.$theme.'/master_header.theme.html');
$pageftr = file_get_contents('mjl-themes/'.$theme.'/master_footer.theme.html');
$mainpage = $pagehdr.$mainpage.$pageftr;
echo $mainpage;
function seekmail($reciever,$tmpkey){
global $mjlmail;
global $org;
global $regurl;
$org = stripslashes($org);
$headers = "From: ".$mjlmail."\r\n"; // From address
$headers .= "Reply-To: ".$mjlmail."\r\n"; // Reply-to address
$headers .= "Organization: ".$org."\r\n"; // Organisation
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\r\n"; // Type
//This is the subject line that will be displayed in the message as it is recieved in email.
$subject = $org ." Registration Validation\n";
$gotit = file_get_contents('mjl-letters/job_seeker_verification.letter.html');
$keyloc = '<a href="http://'.$regurl.'register.php?token='.$tmpkey.'">http://'.$regurl.'register.php?token='.$tmpkey.'</a>';
$gotit = $gotit."<br /><br />".$keyloc;
mail($reciever, $subject, $gotit, $headers);
return TRUE;
}
function employmail($reciever,$tmpkey){
global $mjlmail;
global $org;
global $regurl;
$org = stripslashes($org);
$headers = "From: ".$mjlmail."\r\n"; // From address
$headers .= "Reply-To: ".$mjlmail."\r\n"; // Reply-to address
$headers .= "Organization: ".$org."\r\n"; // Organisation
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\r\n"; // Type
//This is the subject line that will be displayed in the message as it is recieved in email.
$subject = $org ." Registration Validation\n";
$gotit = file_get_contents('mjl-letters/employer_verification.letter.html');
$keyloc = '<a href="'.$regurl.'register.php?token=empl'.$tmpkey.'">'.$regurl.'register.php?token=empl'.$tmpkey.'</a>';
$gotit = $gotit."<br /><br />".$keyloc;
mail($reciever, $subject, $gotit, $headers);
return TRUE;
}
function MAIL_NEW_PASS($uname,$email,$pword){
global $mjlmail;
global $org;
global $regurl;
$org = stripslashes($org);
$headers = "From: ".$mjlmail."\r\n"; // From address
$headers .= "Reply-To: ".$mjlmail."\r\n"; // Reply-to address
$headers .= "Organization: ".$org."\r\n"; // Organisation
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\r\n"; // Type
$subject = $org ." Password Recovery\n";
$gotit = file_get_contents('mjl-letters/password_recovery.letter.html').'<br /><br /><strong>Username: </strong>'.$uname.'<br /><strong>Password: </strong>'.$pword.'<br />';
if (mail($email, $subject, $gotit, $headers)){
return TRUE;
}else{
return FALSE;
}
}
function isValidEmail($email){
return eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email);
}
function FUNCT_UPDATE_EMPLOYER_STATUS($ssid){
$result = mysql_query('SELECT PASSWORD, CONTACTEMAIL, USERNAME FROM companies WHERE APPROVED = "'.$ssid.'" LIMIT 1');
$cnt = mysql_num_rows($result);
if($cnt == 1){
$row = mysql_fetch_array($result);
$SSID = new r_id;
$newpw = $SSID->Getcnt();
$newpw = substr($newpw, 2, 6);
mysql_query('UPDATE companies SET PASSWORD=\''.md5($newpw).'\', APPROVED = \'1\' WHERE APPROVED = "'.$ssid.'" LIMIT 1') or die("Epic Fail");
sendregemail($newpw, $row['CONTACTEMAIL'],$row['USERNAME']);
echo 'Thank you for registering. An email with your password has been sent to you. Please follow the instructions in the email to login.';
}else{
echo 'The activation key doesn\'t exist or the account is already active.';
}
}
function FUNCT_UPDATE_USER_STATUS($ssid){
$result = mysql_query('SELECT PASSWORD, EMAIL, USERNAME FROM users WHERE APPROVED = "'.$ssid.'" LIMIT 1');
$cnt = mysql_num_rows($result);
if($cnt == 1){
$row = mysql_fetch_array($result);
$SSID = new r_id;
$newpw = $SSID->Getcnt();
$newpw = substr($newpw, 2, 6);
mysql_query('UPDATE users SET PASSWORD=\''.md5($newpw).'\', APPROVED = \'1\' WHERE APPROVED = "'.$ssid.'" LIMIT 1') or die("Epic Fail");
sendregemail($newpw, $row['EMAIL'],$row['USERNAME']);
echo 'Thank you for registering. An email with your password has been sent to you. Please follow the instructions in the email to login.';
}else{
echo 'The activation key doesn\'t exist or the account is already active.';
}
}
function sendregemail($ssid, $rcpt, $uname){
global $mjlmail;
global $org;
global $url;
$org = stripslashes($org);
$headers = "From: ".$mjlmail."\r\n"; // From address
$headers .= "Reply-To: ".$mjlmail."\r\n"; // Reply-to address
$headers .= "Organization: ".$org."\r\n"; // Organisation
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\r\n"; // Type
$subj = $org .' Registration';
$regmsg = 'Thank you for registering with '.$org.' at <a href="'.$url.'">'.$url.'</a>. Below is the information you need to login to the service:<br /><br />
username: <strong>'.$uname.'</strong><br />
password: <strong>'.$ssid.'</strong><br /><br />
You can login at <a href="'.$url.'">'.$url.'</a><br /><br />
Again, thank you for registering with '.$org.'.<br /><br /><br />';
if(ereg("^.+@.+\\..+$", $rcpt)) {
if(mail($rcpt, $subj, $regmsg, $headers)){
return TRUE;
}else{
return FALSE;
}
}else{
return FALSE;
}
}
function FUNCT_QUICK_PASS(){
$rID = md5(mt_rand(1, 2048));
$id = md5($rID . microtime());
$retval = substr($id, 0, 6);
return $retval;
}
class r_id{
var $mid;
var $cnt = 1;
function Getid(){
$rID = md5(mt_rand(1, 2048));
$id = md5($rID . microtime());
return $id;
}
function Getcnt(){
while ($this->cnt > 0){
$this->mid = $this->Getid();
$result = mysql_query("SELECT PASSWORD FROM users WHERE PASSWORD = '" . $this->mid . "' LIMIT 1");
$this->cnt = mysql_num_rows($result);
}
return $this->mid;
}
}
?>