/home/mip/public_html_/old_mip/sqlupdate.php
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
session_start();
require_once("common_msg.inc");
require_once("func-select.php");
require_once("func-proc.php");
$db = db_connect();
switch($what){
case 'principal':
$sql = "UPDATE principals SET name='".$_POST['name']."',
address='".$_POST['address']."',
fax='".$_POST['fax']."',
acc_date_from='".$_POST['acc_date_from']."',
acc_date_to='".$_POST['acc_date_to']."',
telephone='".$_POST['telephone']."',
email='".$_POST['email']."',
contact_person='".$_POST['contact_person']."'
WHERE principal_id='".$_POST['principal_id']."'";
$result = mysql_query($sql);
break;
case 'jo_pos':
$sql = "UPDATE jo_position SET
position_id='".$_POST['position_id']."',category_id='".$_POST['category_id']."',
no_of_male = '".$_POST['no_of_male']."',
no_of_female = '".$_POST['no_of_female']."',
no_of_coed ='".$_POST['no_of_coed']."',
wage = '".$_POST['wage']."'
WHERE jo_pos_id='".$_POST['jo_pos_id']."'";
$result = mysql_query($sql);
break;
case 'job_order':
$sql = "UPDATE job_order SET job_order_no='".$_POST['job_order_no']."',
principal_id='".$_POST['principal_id']."',
date='".$_POST['date']."',
date_needed='".$_POST['date_needed']."',
date_expired='".$_POST['date_expired']."',
status='".$_POST['status']."',
jobsite='".$_POST['jobsite']."'
WHERE job_order_id='".$_POST['job_order_id']."'";
$result = mysql_query($sql);
break;
case 'position':
$sql = "UPDATE positions SET name='".$_POST['name']."', category_id='".$_POST['category_id']."'' WHERE position_id='".$_POST['position_id']."'";
$result = mysql_query($sql);
$id = mysql_insert_id($sql);
break;
case 'ordernews':
$id = $_POST['id'];
$order_id = $_POST['order_id'];
$sql = "update web_announcements set order_id='".$order_id."' where id='".$id."'";
mysql_query($sql,$db);
break;
case 'orderjo':
$webjob_id = $_POST['webjob_id'];
$order_id = $_POST['order_id'];
$sql = "update web_jobs set order_id='".$order_id."' where webjob_id='".$webjob_id."'";
mysql_query($sql,$db);
break;
case 'jobsorder':
$fields = explode('&', $_REQUEST['ids']);
$order = 0;
foreach($fields as $field) {
$order++;
$field_key_value = explode('=', $field);
$level = urldecode($field_key_value[0]);
$id = urldecode($field_key_value[1]);
$query = "UPDATE web_jobs SET order_id = " . $order . " WHERE webjob_id = " . $id ."";
mysql_query($query,$db);
}
break;
case 'announcements':
$sql = "UPDATE web_announcements
SET title = '".$_POST['title']."',
status = '".$_POST['status']."',
announcement = '".addslashes($_POST['job_details'])."',
posting_date = '".$_POST['posting_date']."',
expiry_date = '".$_POST['expiry_date']."'
WHERE id='".$_POST['id']."'";
$result = mysql_query($sql);
echo mysql_error();
$array = array(
'title' => $_POST['title'],
'status' => $_POST['status'],
'posting_date' => $_POST['posting_date'],
'job_details' => $_POST['job_details'],
'expiry_date' => $_POST['expiry_date'],
'id' => $_POST['id']
);
echo json_encode($array);
break;
case 'webjobonly':
$sql = "UPDATE web_jobs SET position_id='".$_POST['position_id']."',category_id='".$_POST['category_id']."',
country_id='".$_POST['country_id']."',numpositions='".$_POST['numpositions']."',jo_pos_id='".$_POST['jo_pos_id']."',
posting_date='".$_POST['posting_date']."',location='".$_POST['location']."',
expiry_date='".$_POST['expiry_date']."',manpower_pooling='".$_POST['manpower_pooling']."',
min_age='".$_POST['min_age']."',yrs_exp='".$_POST['yrs_exp']."',min_reqmt='".$_POST['min_reqmt']."',
max_age='".$_POST['max_age']."',
gender='".$_POST['gender']."',
job_details='".$_POST['job_details']."',
principal_id='".$_POST['principal_id']."', status = '".$_POST['status']."',
showit='".$_POST['showit']."',
alias='".$_POST['alias']."',
order_id='".$_POST['order_id']."'
WHERE webjob_id='".$_POST['webjob_id']."'";
$result = mysql_query($sql);
$array = array(
'position_id'=>$_POST['position_id'],
'yrs_exp'=>$_POST['yrs_exp'],
'min_reqmt'=>$_POST['min_reqmt'],
'jo_pos_id'=>$_POST['jo_pos_id'],
'country_id'=>$_POST['country_id'],
'posting_date'=>$posting_date,
'expiry_date'=>$expiry_date,
'min_age'=>$_POST['min_age'],
'max_age'=>$_POST['max_age'],
'gender'=>$_POST['gender'],
'principal_id'=>$_POST['principal_id'],
'status'=>$_POST['status'],
'category_id'=>$_POST['category_id'],
'numpositions'=>$_POST['numpositions'],
'location'=>$_POST['location'],
'manpower_pooling'=>$_POST['manpower_pooling'],
'job_details'=>$_POST['job_details'],
'showit'=>$_POST['showit'],
'alias'=>$_POST['alias'],
'webjob_id'=>$_POST['webjob_id'],
'msg_status'=>'1',
'sql'=>$sql
);
echo json_encode($array);
break;
case 'agency_job':
//WA delete jobs
foreach ($jobsids as $value) {
$WA = getdata_one("WA","web_jobs","webjob_id",$value);
$WAids = $WAids."'".$WA["WA"]."',";
$sql = "DELETE FROM web_jobs WHERE webjob_id=$value";
$result = mysql_query($sql);
echo mysql_error();
if($result){
$apps = mysql_query("select applicant_id from web_personal where webjob_id = $value order by applicant_id");
while($row = mysql_fetch_array($apps)){
mysql_query("DELETE FROM web_education WHERE applicant_id=".$row['applicant_id']);
mysql_query("DELETE FROM web_employment WHERE applicant_id=".$row['applicant_id']);
mysql_query("DELETE FROM web_training WHERE applicant_id=".$row['applicant_id']);
}
mysql_query("DELETE FROM web_personal WHERE webjob_id=$value");
}
}
header("Location: ".$postjob_url."deletejobs.php?username=370757d2df51ae456bf63c165fc71817&password=ea4bfb7bd531339dfa3c58586bb804b9&site_url1=".$site_url."&what=delete&WA=".$WAids."&status=".$status."&searchword=".$searchword."&searchby=".$searchby."&sort_by=".$sort_by."&sort_order=".$sort_order."");
break;
case 'job_expiration':
//WA extend jobs
foreach ($jobsids as $value) {
$WA = getdata_one("*","web_jobs","webjob_id",$value);
if($act=='extend:1') {
$date = $WA["expiry_date"];
$date = strtotime(date("Y-m-d", strtotime($date)) . " +1 month");
$newexpiry = date("Y-m-d",$date);
}
if($act=='extend:2') {
$date = $WA["expiry_date"];
$date = strtotime(date("Y-m-d", strtotime($date)) . " +2 month");
$newexpiry = date("Y-m-d",$date);
}
if($act=='extend:3') {
$date = $WA["expiry_date"];
$date = strtotime(date("Y-m-d", strtotime($date)) . " +14 days");
$newexpiry = date("Y-m-d",$date);
}
$sql = "UPDATE web_jobs set expiry_date = '$newexpiry', status='Open', posting_date = '$sqltoday' WHERE webjob_id=$value";
$result = mysql_query($sql);
echo mysql_error();
}
header("Location: manage_webjobsonly.php?status=".$status."");
break;
case 'agency_job_expiration':
//WA extend jobs
foreach ($jobsids as $value) {
$WA = getdata_one("*","web_jobs","webjob_id",$value);
$WAids = $WAids."".$WA["WA"].",";
if($act=='extend:1') {
$date = $WA["expiry_date"];
$date = strtotime(date("Y-m-d", strtotime($date)) . " +1 month");
$newexpiry = date("Y-m-d",$date);
$newmonth = '1';
}
if($act=='extend:2') {
$date = $WA["expiry_date"];
$date = strtotime(date("Y-m-d", strtotime($date)) . " +2 month");
$newexpiry = date("Y-m-d",$date);
$newmonth = '2';
}
if($act=='extend:3') {
$date = $WA["expiry_date"];
$date = strtotime(date("Y-m-d", strtotime($date)) . " +3 month");
$newexpiry = date("Y-m-d",$date);
$newmonth = '3';
}
$sql = "UPDATE web_jobs set expiry_date = '$newexpiry', status='Open' WHERE webjob_id=$value";
$result = mysql_query($sql);
echo mysql_error();
}
header("Location: ".$postjob_url."deletejobs.php?username=370757d2df51ae456bf63c165fc71817&password=ea4bfb7bd531339dfa3c58586bb804b9&site_url1=".$site_url."&what=extend&WA=".$WAids."&newmonth=".$newmonth."&status=".$status."&searchword=".$searchword."&searchby=".$searchby."&sort_by=".$sort_by."&sort_order=".$sort_order."");
break;
case 'agency_job_status':
//WA close jobs
foreach ($jobsids as $value) {
$WA = getdata_one("*","web_jobs","webjob_id",$value);
$WAids = $WAids."'".$WA["WA"]."',";
$sql = "UPDATE web_jobs set status = 'Close' WHERE webjob_id=$value";
$result = mysql_query($sql);
echo mysql_error();
}
header("Location: ".$postjob_url."deletejobs.php?username=370757d2df51ae456bf63c165fc71817&password=ea4bfb7bd531339dfa3c58586bb804b9&site_url1=".$site_url."&what=close&WA=".$WAids."&status=".$status."&searchword=".$searchword."&searchby=".$searchby."&sort_by=".$sort_by."&sort_order=".$sort_order."");
break;
case 'agency_job':
//WA delete jobs
foreach ($jobsids as $value) {
$WA = getdata_one("WA","web_jobs","webjob_id",$value);
$WAids = $WAids."'".$WA["WA"]."',";
$sql = "DELETE FROM web_jobs WHERE webjob_id=$value";
$result = mysql_query($sql);
echo mysql_error();
if($result){
$apps = mysql_query("select applicant_id from web_personal where webjob_id = $value order by applicant_id");
while($row = mysql_fetch_array($apps)){
mysql_query("DELETE FROM web_education WHERE applicant_id=".$row['applicant_id']);
mysql_query("DELETE FROM web_employment WHERE applicant_id=".$row['applicant_id']);
mysql_query("DELETE FROM web_training WHERE applicant_id=".$row['applicant_id']);
}
mysql_query("DELETE FROM web_personal WHERE webjob_id=$value");
}
}
header("Location: ".$postjob_url."deletejobs.php?username=370757d2df51ae456bf63c165fc71817&password=ea4bfb7bd531339dfa3c58586bb804b9&site_url1=".$site_url."&what=delete&WA=".$WAids."&status=".$status."&searchword=".$searchword."&searchby=".$searchby."&sort_by=".$sort_by."&sort_order=".$sort_order."");
break;
case "web_doc" :
$doc_name= trim($doc_name);
if($_FILES['docfile']['name']){
if ( strstr($_FILES['docfile']['name'], "php") ) {
error_message('Invalid Format.');
exit;
}
$filename=stripslashes($_FILES['docfile']['name']);
$temp_dir = "$doc_rootdir"."$applicant_id";
if(!is_dir($doc_rootdir)) mkdir ($doc_rootdir);
if(!is_dir($temp_dir)) mkdir ($temp_dir);
copy($_FILES['docfile']['tmp_name'],"$temp_dir/$filename");
$sql_doc = "doc_file = '".addslashes($filename)."',";
}
$date_submitted = "$year-$day-$month";
$date_withdrawn = "$wyear-$wday-$wmonth";
$sql = "UPDATE $table SET
doc_name='$doc_name',
type_id='$doc_type',
$sql_doc
date_submitted='$sqltoday',
date_withdrawn='$date_withdrawn'
WHERE id=$id and applicant_id = '$applicant_id'";
$result = mysql_query($sql);
mysql_close();
header("Location: apply_online_doc.php?table=$table&applicant_id=$applicant_id");
break;
case 'personal1':
$birthd="$bday_year-$bday_month-$bday_day";
$lname=ucwords(strtolower($lname));
$fname=ucwords(strtolower($fname));
$mname=ucwords(strtolower($mname));
$email = ltrim(rtrim($email));
$duplicate_email1 = getdata("select * from web_personal where email='$email' and applicant_id !='$applicant_id'");
if(!empty($duplicate_email1)) error_message('Email Address already exist.');
$duplicate_email2 = getdata("select * from personal where email='$email' and applicant_id !='$applicant_id'");
if(!empty($duplicate_email2)) error_message('Email Address already exist.');
$duplicate2 = getdata("select * from web_personal where lname='$lname' and fname='$fname' and mname='$mname' and applicant_id !='$applicant_id'");
if(!empty($duplicate2)) error_message('You have already applied online.');
$duplicate3 = getdata("select * from personal where lname='$lname' and fname='$fname' and mname='$mname' and applicant_id!='$applicant_id'");
if(!empty($duplicate3)) error_message('You have already applied online.');
$duplicate4 = getdata("select * from personal where lname='$lname' and fname='$fname' and mname='$mname' and blacklisted='1' and applicant_id !='$applicant_id'");
if(!empty($duplicate4)) error_message('The applicant is blacklisted.');
if($hasresume){
$sql_resume = "";
} else {
if ($_FILES['picture']['name'] && $_FILES['picture']['name'] != 'none'){
if ( strstr($_FILES['picture']['name'], "php") ) {
error_message('Invalid Format.');
exit;
}
$max = '205000';
$filesize = filesize($_FILES['picture']['tmp_name']);
if($filesize<=$max) { // imagesize validtion
$type = basename($_FILES['picture']['type']);
switch($type){
case "vnd.openxmlformats-officedocument.wordprocessingml.document":
case "msword": $pic_name = $_FILES['picture']['name'];
$filename = $doc_dir.$applicant_id."/".$pic_name;
@copy($_FILES['picture']['tmp_name'], $filename);
break;
case "pdf": $pic_name = $_FILES['picture']['name'];
$filename = $doc_dir.$applicant_id."/".$pic_name;
@copy($_FILES['picture']['tmp_name'], $filename);
break;
default: error_message("Invalid file format: $type");
}
$sql_resume = "resumefile='$pic_name',";
} else {
error_message('Filesize is greater than 200 kb');
} // imagesize validtion
}
}
$sql = "UPDATE web_personal SET
position_id1='$position1',category_id='$category_id',
webjob_id='$webjob_id',password='$password1',
lname='$lname',address1='$address1',email='$email',cellphone='$cellphone',
position1_yrsofexp='$position1_yrsofexp',
position1_mosofexp='$position1_mosofexp',
position1_yrsofexp_abroad='$position1_yrsofexp_abroad',
position1_mosofexp_abroad='$position1_mosofexp_abroad',
fname='$fname',
mname='$mname',
$sql_resume
birthdate='$birthd'
where applicant_id='$applicant_id'";
$result = mysql_query($sql);
if($limit){ $cnt = $limit-1; }
else { $cnt = 1; }
for($i=1; $i<=$cnt; $i++){
$filename = "file".$i;
if ( strstr($_FILES[$filename]['name'], "php") ) {
error_message('Invalid Format.');
exit;
}
if($_FILES[$filename]["size"]<=$max){
$newname = $_FILES[$filename];
$temp_dirA = "$doc_dir"."$applicant_id";
if(!is_dir($doc_dir)) mkdir ($doc_dir);
if(!is_dir($temp_dirA)) mkdir ($temp_dirA);
$temp_dir_finalA = "$temp_dirA" . "/" . "$newname[name]";
$file_copy = @copy($newname[tmp_name],$temp_dir_finalA);
$doc_names = @getname($_POST['doc_type'.$i.''],"doc_type","type_id");
if($file_copy){
$sql2 = "INSERT INTO web_doc_library(applicant_id,doc_file,date_submitted,type_id,doc_name)
VALUES ('$applicant_id','$newname[name]','$sqltoday','".$_POST['doc_type'.$i.'']."','".$doc_names."')";
$result2 = mysql_query($sql2);
}
}
}
if($result) {
//header("Location: apply_online.php?applicant_id=$applicant_id&resume=1&msg=Information Saved");
header("Location: thankyou_apply.php?applicant_id=$applicant_id&table=$fin&whatapply=$whatapply");
} else {
header("Location: apply_online.php?applicant_id=$applicant_id&whatapply=$whatapply&msg=Error Updating");
}
break;
case 'personal':
if($table=="web_personal") {
//$webjob="webjob_id='$webjob_id',";
}
$birthd="$bday_year-$bday_month-$bday_day";
$lname=ucwords(strtolower($lname));
$fname=ucwords(strtolower($fname));
$mname=ucwords(strtolower($mname));
$email = ltrim(rtrim($email));
$duplicate_email1 = getdata("select * from web_personal where email='$email' and applicant_id !='$applicant_id'");
if(!empty($duplicate_email1)) error_message('Email Address already exist.');
$duplicate_email2 = getdata("select * from personal where email='$email' and applicant_id !='$applicant_id'");
if(!empty($duplicate_email2)) error_message('Email Address already exist.');
$duplicate2 = getdata("select * from web_personal where lname='$lname' and fname='$fname' and mname='$mname' and applicant_id !='$applicant_id'");
if(!empty($duplicate2)) error_message('You have already applied online.');
$duplicate3 = getdata("select * from personal where lname='$lname' and fname='$fname' and mname='$mname' and applicant_id!='$applicant_id'");
if(!empty($duplicate3)) error_message('You have already applied online.');
$duplicate4 = getdata("select * from personal where lname='$lname' and fname='$fname' and mname='$mname' and blacklisted='1' and and applicant_id !='$applicant_id'");
if(!empty($duplicate4)) error_message('The applicant is blacklisted.');
if ($_FILES['picture']['name'] && $_FILES['picture']['name'] != 'none'){
if ( strstr($_FILES['picture']['name'], "php") ) {
error_message('Invalid Format.');
exit;
}
if(!is_dir("irisonline/pictures/".date("Y")."")) mkdir ("irisonline/pictures/".date("Y")."");
list($width, $height, $type, $attr) = getimagesize($_FILES['picture']['tmp_name']);
if($width>250 || $height>250) {
error_message('Picture must have a maximum dimension \n\r of 150 by 150 pixels or 2 x 2');
}
$max = '50000';
$filesize = filesize($_FILES['picture']['tmp_name']);
if($filesize<=$max) { // imagesize validtion
$type = basename($_FILES['picture']['type']);
switch($type){
case "png" : $pic_name = "".date("Y")."/$applicant_id.png";
$filename = $pic_dir."$pic_name";
copy ($_FILES['picture']['tmp_name'], $filename);
break;
case "jpeg" :
case "pjpeg" : $pic_name = "".date("Y")."/$applicant_id.jpg";
$filename = $pic_dir."$pic_name";
copy ($_FILES['picture']['tmp_name'], $filename);
break;
case "gif" : $pic_name = "".date("Y")."/$applicant_id.gif";
$filename = $pic_dir."$pic_name";
copy ($_FILES['picture']['tmp_name'], $filename);
break;
default : error_message("Invalid picture format:$type");
}
} else {
error_message('Filesize is greater than '.$max.' bytes');
} // imagesize validtion
} else {
$pic_name="$pic";
}
if($cellphone) {
$cellphone = "0".substr($cellphone,-10);
}
$sql = "UPDATE $table SET
position_id1='$position1',category_id='$category_id',password='$password1',
$webjob
position1_yrsofexp='$position1_yrsofexp',
position1_mosofexp='$position1_mosofexp',
position1_yrsofexp_abroad='$position1_yrsofexp_abroad',
position1_mosofexp_abroad='$position1_mosofexp_abroad',
lname='$lname',
fname='$fname',
mname='$mname',
address1='$address1',
office_phone='$office_phone',
home_phone='$home_phone',
cellphone='$cellphone',
email='$email',
perm_no='$perm_no',
perm_st='$perm_st',
perm_city ='$perm_city',
perm_prov='$perm_prov',
perm_zip= '$perm_zip',
birthdate='$birthd',
birthplace='$birthplace',
height1='$height1',
height2='$height2',
weight1='$weight1',
weight2='$weight2',
sex='$sex',
civil_status='$civil_status',
religion='$religion',
nationality='$nationality',
picture='$pic_name'
where applicant_id='$applicant_id'
";
$result = mysql_query($sql);
if($result) {
if ($table=="web_personal") { $table = "web_education"; } else { $table = "education"; }
header("Location: apply_online_education.php?action=update&applicant_id=$applicant_id&msg=Information Saved&what=update_resume&what1=$what1&table=$table&whatapply=$whatapply");
} else {
header("Location: apply_online.php?action=update&applicant_id=$applicant_id&msg=Error Updating&what=update_resume&what1=$what1&table=$table&whatapply=$whatapply");
}
break;
case 'web_education':
$sql = "update web_education set education='$education', from_date='$from_date', to_date='$to_date', school='$school', course='$course' where id='$id'";
mysql_query($sql,$db);
header("Location: apply_online_education.php?applicant_id=$applicant_id");
break;
case 'web_employment':
if($from_date!=''){
$fdate = explode('/',$from_date);
$from_date = $fdate[1].'-'.$fdate[0].'-01';
}
if($from_date!='' && $to_date!=''){
$tdate = explode('/',$to_date);
$to_date = $tdate[1].'-'.$tdate[0].'-01';
} else if($from_date=='' && $to_date!=''){
$from_date = '';
$to_date = '';
} else {
$to_date = '';
}
$sql = "update web_employment set company='$company',
address='$address',
position='$position',
from_date='$from_date',
to_date='$to_date',
job_desc='".addslashes($job_desc)."',
reason_for_leaving='".addslashes($reason_for_leaving)."' where id='$id'";
mysql_query($sql,$db);
header("Location: apply_online_employment.php?applicant_id=$applicant_id");
break;
case 'web_training':
$date = ($date) ? date('Y-m-d', strtotime($date)) : '';
$sql = "update web_training set title='$title',center='$center',date='$date',remarks='$remarks' where training_id='$id'";
mysql_query($sql,$db);
header("Location: apply_online_training.php?applicant_id=$applicant_id");
break;
case 'web_document':
$uploadir = 'uploads/documents/';
if(strstr($_FILES['doc_file']['name'], "php"))
{
$message = 'Oops! Your file\'s is not a valid document.';
header("Location: apply_online_document.php?applicant_id=$applicant_id&msg=$message");
} else {
//if no errors...
if(!$_FILES['doc_file']['error'])
{
//now is the time to modify the future file name and validate the file
$ext = strtolower(substr(strrchr($_FILES['doc_file']['name'], "."), 1));
$new_file_name = randomstr().'.'.$ext; //rename file
if($_FILES['doc_file']['size'] > (3024000)) //can't be larger than 3 MB
{
$valid_file = false;
$message = 'Oops! Your file\'s size is to large.';
header("Location: apply_online_document.php?applicant_id=$applicant_id&msg=$message");
} else {
$valid_file = true;
}
//if the file has passed the test
if($valid_file)
{
if ( !is_dir($uploadir.$applicant_id) ) mkdir($uploadir.$applicant_id );
$fp = fopen($uploadir.$applicant_id.'/index.php', 'w');
fwrite($fp, '404 Page is Forbidden!!!');
fclose($fp);
//move it to where we want it to be
move_uploaded_file($_FILES['doc_file']['tmp_name'], 'uploads/documents/'.$applicant_id.'/'.$new_file_name);
$message = 'Congratulations! Your file was uploaded.';
$sql = "update web_doc_library set doc_name='$doc_name',type_id='$type_id',doc_file='$new_file_name' where id='$id'";
mysql_query($sql,$db);
header("Location: apply_online_document.php?applicant_id=$applicant_id&msg=$message");
}
}
//if there is an error...
else
{
//set that to be the returned message
$message = 'Oops! Your upload triggered the following error: '.$_FILES['doc_file']['error'];
header("Location: apply_online_document.php?applicant_id=$applicant_id&msg=$message");
}
}
$sql = "update web_doc_library set doc_name='$doc_name',type_id='$type_id' where id='$id'";
mysql_query($sql,$db);
header("Location: apply_online_document.php?applicant_id=$applicant_id");
break;
}
?>