jobberBase dev blog

jobberBase is the open-source job board software
that helps you set up a jobsite in minutes!

Go ahead and Download jobberBase »

Get jobberBase from Windows Web App Gallery

Although most of jobberBase users use an Apache web server, there seems to be an increasing demand for IIS installations.

Previously, if you ran IIS and wanted to try out jobberBase, you had to install it manually and make a lot of config changes, following our IIS install guide. It’s doable, but not trivial.

Today, we happily announce that you can now install jobberBase easily, from Windows Web App Gallery, via an automated installer!

Has anyone tried it yet?
Is anyone here using jobberBase on IIS?

Security issue explained + FIX

Affected versions: 1.7, 1.8, 1.9
Not affected: latest (1.9.1) and older than 1.7 (I hope nobody’s still running them!).

The issue

In a nutshell: a typical API request, with data returned as “js”, the job publisher’s email address is revealed, as well as the secret “auth” hash used for editing/deleting jobs (without an account). A typical API request:
/api/api.php?action=getJobs&type=0&category=0&count=5&random=1&days_behind=100&response=js
e.g. http://www.jobberbase.com/api/api.php?action=getJobs&type=0&category=0&count=5&random=1&days_behind=100&response=js

Inside the jobs array/JSON, you’ll see that each job has 2 fields that shouldn’t be there: auth and poster_email.
*auth* is the auth string used in URLs for editing and deactivating job ads.
*poster_email* is the actual email address of the advertiser.

Bad.

The fix

In your _includes/class.Job.php:

a) Search for method ApiGetJobs. On line 501, there should be a while-loop after the big SELECT for jobs. Replace the contents in that while-loop with:
$current_job = new Job($row['id']);
$job = $current_job->GetInfo();
unset($job['poster_email']);
unset($job['auth']);
$jobs[] = $job;

b) Do the same for method ApiGetJobsByCompany (while-loop should be on line 541 after you made the change on 2a).

====

We’re sorry for not picking this up earlier and we hope your site wasn’t affected in any way by this breach.

If you have any further questions about this issue or other security concerns, please don’t hesitate to write back!

Security alert

Later update: skip this and get the fix »

Hi guys,

We discovered a potential security breach in the jobberBase codebase, which would allow an attacker to mess with the database.

This affects versions 1.9, 1.8 and possibly 1.7.

Therefore, if you run a jobberBase site, we ask that you send us an email to hello@jobberbase.com, tell us your site’s URL and prove that you own it. Then, we’ll tell you what the problem is and offer you several ways to fix it.

We’ve chosen to tackle this problem like this because it’s quite sensitive — a public announcement of the issue could have negative effects on jobberBase-powered sites.

Thank you for your understanding!

1.9 is here and it rocks!

We’ve got a new version fresh out of the oven and it’s truly the best jobberBase version, yet!
If you’re anxious to get it, go ahead and download it.

Here are some of the new features in 1.9:

  • Proper support for Windows/IIS hosting. Read the install guide if you’re interested.
  • Better multiple themes support, and a new theme in the default codebase — Hireme, from hireme.sg.
  • Admin panel redesign, using the Cadify theme.
  • Support for more language files — an important step towards full multi-language support.
  • All email templates are defined in a single XML file, under the translations folder.
  • Config system rewritten and improved.
  • Performance updates and general cleanup.

See the full changelog on the wiki.

We’re very happy how jobberBase is evolving and can’t wait to start working on version 2.0, which will be another big step forward. Can’t wait!

Kudos to the team and a big thanks to our community for the support and involvement!

jobberBase + CeeVee = ♥

CeeVee is a CV/resume builder launched a few months ago.
We wanted to do something like that for over a year now, and integrate it with jobber.ro, job-job.co.uk and with all jobberBase-powered sites!
A universal CV/resume service, that is.

Well, great news!
Our business, LATERAL, the company behind jobberBase, has acquired CeeVee!

This means that in the following months, we’ll develop support in jobberBase for using CeeVee as “jobseeker” platform. Lots of goodies for site owners and recruiters, as well.

2010 starts off as a great year for jobberBase, and we’re very excited about things to come.

What are your thoughts regarding how jobberBase and CeeVee might work together?

1.8 – a huge leap forward

It’s always my great joy to announce a new version of jobberBase but this one has to be the best moment of them all! And for 2 reasons:

  • Our development team grew in the past 4 months and I’d like to thank Chronos, evertsemeijn, navjotjsingh, redjumpsuit for all their hard work!
  • This version has the most new features and core updates since we launched, including themes support. We’re well on our way for version 2.0 which will support plugins.

Here are some of the new features:

  • Ability to change all settings from Admin Panel instead of config.php
  • Improved and Paginated Search
  • Editable Job-Url Structure
  • Editable locations
  • Recaptcha Support
  • Database Prefix Support
  • Dynamic Menus in Header and Footer
  • Multiple Theme Support
  • City Cloud Page
  • SMTP Mail Support

Go on and download it directly from Google Code.

You might want to read the Installation Guide or, if you’re upgrading from 1.7, read the Upgrade Guide.

Back 100% to open-source

About a month ago, we launched jobberBase Pro, a compiled version of jobberBase + some extra features requested by a lot of customers.

It was a challening month for our team, one in which we saw our focus dilluted between fixing bugs, working on new features and offering support for Pro customers.

Why did we launch Pro in the first place?

For 2 reasons:

  1. We saw that customers tend to request the same extra features that aren’t curently implemented in jobberBase open-source and we wanted to give them easy access to them.
  2. We wanted to experiment a dual-licensing revenue model, as we don’t have a revenue model and need to support further development.

What did we learn?

An open-source project and the community that forms around it is a living organism that reacts to change.
Our great community is alive & kicking and its feedback was mixed: some liked the Pro version and some didn’t. And it was perfectly understandable why they didn’t, which made us rethink our strategy.

Open-source is our way

We never forgot this, but we let it become second priority.

Well, this is ending *now* and we’re back 100% on the open-source version and have stopped distributing Pro.

We still offer support for Pro customers and want to make them achieve their goals with the purchase!

The next big thing

In the following months we’ll keep releasing small updates and bug fixes, but the main development focus will be on a new version, one that’s plugin-friendly.
Once this version is live, you (developers) will be able to build plugins and themes for jobberBase. We can’t wait to get there, guys!

So, in the meanwhile, keep an eye on this blog, follow us on Twitter and get involved in our growing community.

Kudos.

jobberBase Pro 1.0 has arrived

We’re extremely happy to announce version 1.0 of jobberBase Pro, aimed at customers who need a jobsite with employer accounts and payment integration, features not available in the open-source version of jobberBase.

It costs $199/license/domain and you get the complete source-code and free upgrades for 1 year.

Follow this blog and @jobberbase on twitter for further updates.

1.7 + site refresh + jobberBase Pro

Indeed, a new version is out, thanks to all of those who made it happen!
In the name of the jobberBase dev team, I’d like to thank every person who got involved in our community and helped others get things done. We truly appreciate your effort.

You probably noticed the refreshed UI on jobberbase.com. We’ve began to list some jobberBase-powered sites and hope to see that list grow. If you have a jobberBase site that isn’t listed there, give us an email at hello [at] jobberbase [dot] com.

One more thing… we’re preparing a Pro/Premium version of jobberBase, with employer admin, resume management and paypal payment integration and plan to sell it at an affordable price.

We’ll continue to develop both the open-source and pro versions, while trying to figure out how to bring the most value to the world.

It’s been a great ride until now, and it’s only getting better! :)

Version 1.6 in the house

We’re really happy to announce this version, with lots of bug fixes and a few handy new features:

  • fixed: ‘Invalid use of group function’ exception in class.Stats.php
  • fixed: a database query exception was thrown if the search string contained a city that existed in the DB and ended in a space character (ie: “london “). This happened only for live-searches (via AJAX)
  • fixed: made the select query compatible with mysql 4 in class.SpamReport.php
  • fixed: a database query exception was thrown if the words in the search query were separated by many whitespace characters (ie: “one two three”) delete the jobs but don’t remove the job applications) category were displayed which could lead to huge results because if you’re on the index page you will get *ALL* active jobs from the DB
  • fixed: allow to install jobberbase in a folder called “jobs” – thanks to links
  • fixed: the total number of applications/searches was not computed correctly; return meaningful data even if there are no applications/searches in class.Stats.php
  • fixed: the number of jobs per company was wrong – it also included jobs that are not active
  • fixed: CheckPosterEmail was called needlessly when displaying jobs thus degrading performance (see http://www.jobberbase.com/forum/post2994.html)
  • fixed: although set, the job type (ie: full time, part time) was not remembered in the pagination process and thus the pagination was incorrect
  • fixed: a database query exception was thrown if more than one city was found from the search keywords
  • fixed: the URLs in the mail that is sent after a job is actived by the administrator are wrong
  • fixed: multiple emails were sent to the job poster if the jobberbase based site had google ads – thanks to links
  • fixed: moved stats in admin (/admin/stats/)
  • fix/enh: tweaked the query that gets the job applications so that only applications which still point to a job are returned (in case you manually
  • enh: GetJobsCountForAllCategs makes a single query now instead of a query for *each* category
  • enh: now, only one query is used to get the number of jobs per companies, instead of one query for *each* company
  • enh: if the search query is empty, do nothing – until now (which was pretty confusing from end user point of view), all the jobs for the current
  • added: i18n for labels inside javascript files
  • new: possibility to show cities in sidebar instead of categories (configurable from config.php)
  • new: SEO for Job Categories – thanks to CtCoder
  • new: spotlight jobs (sponsored jobs) – thanks to chronos
  • new: ‘Edit post’ functionality in admin

This release would not be possible without the hours put in by putypuruty and links. Thank you, my friends!

Go ahead and download jobberBase.

Always happy to hear from you!

Follow us on twitter @jobberbase
or email us at hello [at] jobberbase.com