I am working on a job application site and the client is requesting that the user does not need a login to apply for jobs. Each user needs to upload two files per job application - a cv and completed pdf application form, which is downloaded from the site.
The user can apply to multiple jobs with the same cv, but each application form will be slightly different.
At the moment there is a db table that holds the two filenames, the date applied and the vacancy it refers to.
I am wondering what is the best way of limiting the user to apply to each job only once? Sessions obviously spring to mind but what if these expire before the closing date of the job, or the user has cookies disabled? Also how to manage the user's uploads on the server? ie parse the application form looking for a unique id, and store each application form in a subdirectory of a vacancy perhaps?
One thing that comes to mind for me would be... If the user is uploading the application in PDF format, what would be the chances they would edit that PDF and try to resubmit it? If the PDF is not modified when they go to submit the application a second time, run a checksum.
$checksum = sha1_file($UPLOAD);
If the checksum of the PDF file being uploaded is found in the database, then you will have determined if the user has uploaded the exact same PDF once before.
That's good advice, thanks for your comments. I have already implemented a kind of validator system to the application object, which will perform (at best) preventative measures, such as checking the user has not submitted an application to the same job within the same session, and that the filename of the cv is it not currently associated with the vacancy. Checking the hash of the file is a good addition.