Commit 87691fe8 authored by Eric Rasmussen's avatar Eric Rasmussen
Browse files

initial commit

parent e175116a
<?xml version="1.0" encoding="UTF-8"?>
<buildpath>
<buildpathentry kind="src" path=""/>
<buildpathentry kind="con" path="org.eclipse.php.core.LANGUAGE"/>
</buildpath>
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>UNL_Studentjobs</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.wst.jsdt.core.javascriptValidator</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.wst.validation.validationbuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.dltk.core.scriptbuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.php.core.PHPNature</nature>
<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
</natures>
</projectDescription>
database: studentjobs
####application
####a new row is created for each edit so that previous submissions display the application as it looked at the time of submission
id int(10) No auto_increment
username varchar(255) utf8_general_ci No
firstname varchar(255) utf8_general_ci No
mi varchar(5) utf8_general_ci Yes NULL
lastname varchar(255) utf8_general_ci No
address varchar(255) utf8_general_ci No
city varchar(255) utf8_general_ci No
state varchar(255) utf8_general_ci No
zip varchar(10) utf8_general_ci No
phone varchar(255) utf8_general_ci No
email varchar(255) utf8_general_ci No
misdemeanor varchar(5) utf8_general_ci No
misdetails longtext utf8_general_ci Yes NULL
felony varchar(5) utf8_general_ci No
feldetails longtext utf8_general_ci Yes NULL
courtorder varchar(5) utf8_general_ci No
codetails longtext utf8_general_ci Yes NULL
####contacts
####users granted permission to view submissions for the appropriate dept
id int(10) No auto_increment
department_id int(10) No
username varchar(255) utf8_general_ci No
name varchar(255) utf8_general_ci No
email varchar(255) utf8_general_ci No
phone varchar(255) utf8_general_ci Yes NULL
####department
####departments that are part of the system, these are the depts that submissions can be made to
id int(10) No auto_increment
name varchar(255) utf8_general_ci No
address varchar(255) utf8_general_ci Yes NULL
sup_app_url varchar(255) utf8_general_ci Yes NULL
####education
####0 or more education records are made for each application
id int(10) No auto_increment
application_id int(10) No
name varchar(255) utf8_general_ci No
frommonth varchar(10) utf8_general_ci Yes NULL
fromyear varchar(10) utf8_general_ci Yes NULL
tomonth varchar(10) utf8_general_ci Yes NULL
toyear varchar(10) utf8_general_ci Yes NULL
major varchar(255) utf8_general_ci Yes NULL
graduate varchar(10) utf8_general_ci Yes NULL
degree varchar(255) utf8_general_ci Yes NULL
####employer
####0 or more previous employer records are made for each application
id int(10) No auto_increment
application_id int(10) No
name varchar(255) utf8_general_ci No
address varchar(255) utf8_general_ci Yes NULL
city varchar(255) utf8_general_ci Yes NULL
state varchar(255) utf8_general_ci Yes NULL
zip varchar(255) utf8_general_ci Yes NULL
supervisor varchar(255) utf8_general_ci Yes NULL
phone varchar(255) utf8_general_ci Yes NULL
frommonth varchar(10) utf8_general_ci Yes NULL
fromyear varchar(10) utf8_general_ci Yes NULL
tomonth varchar(10) utf8_general_ci Yes NULL
toyear varchar(10) utf8_general_ci Yes NULL
hoursweek varchar(255) utf8_general_ci Yes NULL
title varchar(255) utf8_general_ci Yes NULL
duties longtext utf8_general_ci Yes NULL
salary varchar(255) utf8_general_ci Yes NULL
####submissions
####these are the actual submissions for consideration made to the departments
id int(10) No auto_increment
username varchar(255) utf8_general_ci No
application_id int(10) No
department_id int(10) No
positionappliedfor varchar(255) utf8_general_ci Yes NULL
timestamp timestamp No CURRENT_TIMESTAMP
resume_id int(10) No
cover_id int(10) No
####uploads
####file uploads: resumes and cover letters
id int(10) No auto_increment
username varchar(255) utf8_general_ci No
showflag tinyint(4) No
kind varchar(20) utf8_general_ci No
name varchar(255) utf8_general_ci No
type varchar(255) utf8_general_ci No
size int(10) No
content longblob BINARY No
\ No newline at end of file
This diff is collapsed.
<?php
$GLOBALS['mysql_host'] = 'localhost';
$GLOBALS['mysql_db'] = 'studentjobs';
$GLOBALS['mysql_user'] = 'root';
$GLOBALS['mysql_passwd'] = 'ertyu9';
$GLOBALS['mysql_prefix'] = '';
$site_url = 'http://ucommxsrv1.unl.edu/studentjobs/';
$contact_person = 'Eric Rasmussen';
$contact_email = 'erasmussen2@unl.edu';
$contact_phone = '472-2667';
?>
\ No newline at end of file
<?php
$GLOBALS['mysql_host'] = 'localhost';
$GLOBALS['mysql_db'] = 'studentjobs';
$GLOBALS['mysql_user'] = 'USERNAME';
$GLOBALS['mysql_passwd'] = 'PASSWORD';
$GLOBALS['mysql_prefix'] = '';
$site_url = 'http://example.com/studentjobs/';
$contact_person = 'TECHCONTACT NAME';
$contact_email = 'TECHCONTACT@example.com';
$contact_phone = '555-0199';
?>
\ No newline at end of file
<?php
#include our functions and vars
require_once('functions.inc.php');
#SimpleCAS http://code.google.com/p/simplecas/
require_once 'UNL/Auth.php';
$cas_client = UNL_Auth::factory('SimpleCAS');
if (isset($_GET['login'])) {
$cas_client->login();
}
if (isset($_GET['logout'])) {
header("Location: main.php?logout");
exit();
}
if($cas_client->isLoggedIn()){
$current_user = $cas_client->getUser();
}
?>
<?php
if(isset($_GET['id']) && $cas_client->isLoggedIn()) {
$id = $_GET['id'];
if(!is_numeric($id)){
header("Location: main.php");
exit();
}
$allowed = false;
//First check to see if logged in user owns the file
$query = "SELECT username FROM uploads WHERE id = $id";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
if($row['username'] == $current_user)
$allowed=true;
//Second check to see if logged in user is an authorized viewer for a department that this document was submitted to as part of the app
else{
$query = "SELECT department_id FROM contacts WHERE username = '$current_user'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result)){
$dept_id = $row['department_id'];
$query = "SELECT resume_id,cover_id FROM submissions WHERE department_id = $dept_id";
$result1 = mysql_query($query);
while($row1 = mysql_fetch_array($result1)){
if($row1['cover_id'] == $id || $row1['resume_id'] == $id)
$allowed = true;
}
}
}
//We've finished checking cases where a user can download a file, now proceed if the logged in user is allowed
if($allowed){
$query = "SELECT name, type, size, content FROM uploads WHERE id = $id";
$result = mysql_query($query);
list($name, $type, $size, $content) = mysql_fetch_array($result);
$name = str_replace(" ", "_", $name);
header("Content-length: $size");
header("Content-type: $type");
header("Content-Disposition: attachment; filename=$name");
echo $content;
exit();
}
}
//this will only occur if the user is not logged in or is unauthorized to view this file
header("Location: main.php");
exit();
?>
\ No newline at end of file
This diff is collapsed.
images/+.png

765 Bytes

Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment