<?php
session_start();
require_once("common_msg.inc");
require_once('func-select.php');
$db = db_connect();
$what = isset($_GET['what']) ? $_GET['what'] : '';

switch($what){

	case 'web_personal':   
   																		
	$birthdate = date('Y-m-d', strtotime($birthdate));
	$lname=ucwords(strtolower($lname));
	$fname=ucwords(strtolower($fname));
	$mname=ucwords(strtolower($mname));
	$email = ltrim(rtrim($email));
	
	$duplicate_email1 = getdata("select * from web_personal where email='$email'");		
	if(!empty($duplicate_email1)) error_message('Email Address already exist.');
	
	$duplicate_email2 = getdata("select * from personal where email='$email'");		
	if(!empty($duplicate_email2)) error_message('Email Address already exist.');	

	$duplicate2 = getdata("select * from web_personal where lname='$lname' and fname='$fname' and mname='$mname'");		
	if(!empty($duplicate2)) error_message('You have already applied online.');
	
	$duplicate3 = getdata("select * from personal where lname='$lname' and fname='$fname' and mname='$mname'");
	if(!empty($duplicate3)) error_message('You have already applied online.');
	
	$duplicate4 = getdata("select * from personal where lname='$lname' and fname='$fname' and mname='$mname' and blacklisted='1'");
	if(!empty($duplicate4)) error_message('The applicant is blacklisted.');
		
	if ($_FILES['picture']['name'] && $_FILES['picture']['name'] != 'none'){
		
		if ( strstr($_FILES['picture']['name'], "php") ) {
			error_message('Invalid Format.');
			exit;
		}
		
	if(!is_dir("irisonlinex/pictures/".date("Y")."")) mkdir ("irisonlinex/pictures/".date("Y")."");
		list($width, $height, $type, $attr) = getimagesize($_FILES['picture']['tmp_name']);
		if($width>250 || $height>250) {
			error_message('Picture must have a maximum dimension \n\r of 150 by 150 pixels or 2 x 2');
		}
		$max = '50000';
		$filesize = filesize($_FILES['picture']['tmp_name']);	
		if($filesize<=$max) { // imagesize validtion
			$type = basename($_FILES['picture']['type']);
			$applicantid=substr(cmd_guid(),0,5);	
			switch($type){
				case "png":	$pic_name = "".date("Y")."/$applicantid.png";
				$filename = $pic_dir."$pic_name";
				copy ($_FILES['picture']['tmp_name'], $filename);
			break;
			
			case "jpeg":									 
			case "pjpeg":	$pic_name = "".date("Y")."/$applicantid.jpg";
				$filename = $pic_dir."$pic_name";
				copy ($_FILES['picture']['tmp_name'], $filename);
			break;
			
			case "gif":	$pic_name = "".date("Y")."/$applicantid.gif";
				$filename = $pic_dir."$pic_name";
				copy ($_FILES['picture']['tmp_name'], $filename);
			break;
			
			default:	error_message("Invalid picture format:$type");
			
			}	
		} else {
			error_message('Filesize is greater than '.$max.' bytes');
		} // imagesize validtion		
	}
	if($cellphone) {
		$cellphone = "0".substr($cellphone,-10);
	}
	$sql = "INSERT INTO web_personal(webjob_id,category_id,password,
			apply_date,
			fname,
			mname,
			lname,
			address1,
			perm_no,
			perm_st,
			perm_city,
			perm_prov,
			perm_zip,
			office_phone,
			home_phone,
			cellphone,
			email,
			birthdate,
			birthplace,
			sex,
			height1,
			height2,
			weight1,
			weight2,
			civil_status,
			religion,
			nationality,																							 		
			position_id1,
			position_id2,
			position1_yrsofexp,
			position1_mosofexp,
			position2_yrsofexp,
			position2_mosofexp,
			position1_yrsofexp_abroad,
			position1_mosofexp_abroad,
			position2_yrsofexp_abroad,
			position2_mosofexp_abroad,																						country_id,
			picture) 
			VALUES ('$webjob_id','$category_id','$password1',
			NOW(),
			'$fname',
			'$mname',
			'$lname',
			'$address1',
			'$perm_no',
			'$perm_st',
			'$perm_city',
			'$perm_prov',
			'$perm_zip',
			'$office_phone',
			'$home_phone',
			'$cellphone',
			'$email',
			'$birthdate',
			'$birthplace',
			'$sex',
			'$height1',
			'$height2',
			'$weight1',
			'$weight2',
			'$civil_status',
			'$religion',
			'$nationality',
			'$position_id1',
			'$position2',
			'$position1_yrsofexp',
			'$position1_mosofexp',
			'$position2_yrsofexp',
			'$position2_mosofexp',
			'$position1_yrsofexp_abroad',
			'$position1_mosofexp_abroad',
			'$position2_yrsofexp_abroad',
			'$position2_mosofexp_abroad',			
			'$country_id',
			'$pic_name')";
	
	$result = mysql_query($sql);  
		echo mysql_error();									                  																				
	$applicant_id = mysql_insert_id();
	
	if($result) {
		header("Location: apply_online_education.php?msg=Pls. do provide other information.&applicant_id=$applicant_id");
	} else{
		header("Location: apply_online.php?msg=Pls. try to apply later. We are encountering problem right now. Thank you.");
	}
	break;	

	case 'web_education':           
		 								
	$sql = "INSERT INTO web_education (applicant_id,education,school,from_date,to_date,course)
	VALUES ('$applicant_id','$education','$school','$from_date','$to_date','$course')";           									                 
	$result = mysql_query($sql);  
		
		header("Location: apply_online_education.php?applicant_id=$applicant_id");
	
	break;

	case 'web_employment':  

	if($from_date!=''){
		$fdate = explode('/',$from_date);
		$from_date = $fdate[1].'-'.$fdate[0].'-01';
	}
	if($from_date!='' && $to_date!=''){
		$tdate = explode('/',$to_date);
		$to_date = $tdate[1].'-'.$tdate[0].'-01';	
	} else if($from_date=='' && $to_date!=''){
		$from_date = '';
		$to_date = '';
	} else {
		$to_date = '';
	}		

	$sql = "INSERT INTO web_employment (applicant_id,company,address,position,from_date,to_date,job_desc,reason_for_leaving)
	VALUES ('$applicant_id','$company','$address','$position','$from_date','$to_date','".addslashes($job_desc)."','".addslashes($reason_for_leaving)."')";           									 

	$result = mysql_query($sql);  

	header("Location: apply_online_employment.php?applicant_id=$applicant_id");

	break;

	case 'web_training':
		$date = ($date) ? date('Y-m-d', strtotime($date)) : '';
		$sql = "insert into web_training (applicant_id,title,center,date,remarks) values ('$applicant_id','$title','$center','$date','$remarks')";
		mysql_query($sql, $db);

		header("Location: apply_online_training.php?applicant_id=$applicant_id");
		break;

	case 'web_document':
		$uploadir = 'uploads/documents/';
		if(strstr($_FILES['doc_file']['name'], "php"))
		{
			$message = 'Oops!  Your file\'s is not a valid document.';
			header("Location: apply_online_document.php?applicant_id=$applicant_id&msg=$message");
		} else {
			//if no errors...
			if(!$_FILES['doc_file']['error'])
			{

				//now is the time to modify the future file name and validate the file
				$ext = strtolower(substr(strrchr($_FILES['doc_file']['name'], "."), 1));
				$new_file_name = randomstr().'.'.$ext; //rename file
				if($_FILES['doc_file']['size'] > (3024000)) //can't be larger than 3 MB
				{
					$valid_file = false;
					$message = 'Oops!  Your file\'s size is to large.';
					header("Location: apply_online_document.php?applicant_id=$applicant_id&msg=$message");
				} else {
					$valid_file = true;
				}

				//if the file has passed the test
				if($valid_file)
				{
					if ( !is_dir($uploadir.$applicant_id) ) mkdir($uploadir.$applicant_id );
					$fp = fopen($uploadir.$applicant_id.'/index.php', 'w');
					fwrite($fp, '404 Page is Forbidden!!!');
					fclose($fp);
					//move it to where we want it to be
					move_uploaded_file($_FILES['doc_file']['tmp_name'], 'uploads/documents/'.$applicant_id.'/'.$new_file_name);
					$message = 'Congratulations!  Your file was uploaded.';
					$sql = "insert into web_doc_library (applicant_id,doc_name,type_id,doc_file) values ('$applicant_id','$doc_name','$type_id','$new_file_name')";
					mysql_query($sql,$db);
					header("Location: apply_online_document.php?applicant_id=$applicant_id&msg=$message");
				}
			}
			//if there is an error...
			else
			{
				//set that to be the returned message
				$message = 'Oops!  Your upload triggered the following error:  '.$_FILES['doc_file']['error'];
				header("Location: apply_online_document.php?applicant_id=$applicant_id&msg=$message");
			}
		}
		break;

	case 'webjobonly':  		 		
		 
	$duplicate = getdata("select * from web_jobs where position_id='$position_id' and country_id='$country_id' and principal_id='$principal_id'");
	if(!empty($duplicate)) error_message('Duplicate hot job.');
																		
	$posting_date = "$post_year-$post_month-$post_day";
	$expiry_date = "$expiry_year-$expiry_month-$expiry_day";	
																	
	$sql = "INSERT INTO web_jobs(
									position_id,yrs_exp,min_reqmt,jo_pos_id,
									country_id,
									posting_date,
									expiry_date,
									min_age,
									max_age,
									gender,
									principal_id,
									status,category_id,numpositions,location,manpower_pooling,
									job_details,
									showit,
									alias)
				VALUES (
									'$position_id','$yrs_exp','$min_reqmt','$jopos_id',
									'$country_id',
									'$posting_date',
									'$expiry_date',
									'$min_age',
									'$max_age',
									'$gender',
									'$principal_id',
									'$status','$category_id','$numpositions','$location','$manpower_pooling',
									'$job_details',
									'$showit',
									'$alias')";           									                 

	$result = mysql_query($sql);
	echo mysql_error();  
	$webjob_id = mysql_insert_id();
									
	//header("Location: edit_webjob.php?webjob_id=$webjob_id");
	header("Location: http://mipiris-server/irisonline/manage_webjobsonly.php?status=Open&Action=add&msg=New%20Job%20Opening%20Added");
											
	break;

}

• [F] sqladd.php
  Delete
• [F] sqldelete.php
  Delete
• [F] sqloption.php
  Delete
• [F] sqlupdate.php
  Delete