Technical Documentation

Recent Updates

Latest improvements and new features added to the BulaWork platform. Last updated: February 2026

Version 1.5 - February 2026

Mock Interview System

Candidate Mock Interviews: Practice interviews with AI interviewer for real job postings before the actual interview
Resume Session Support: Pause and resume incomplete mock interviews with time tracking
AI-Powered Feedback: Receive detailed performance analysis, strengths, areas for improvement, and recommendations
Credit System: 1 credit per mock interview session with configurable pricing

Mobile Responsiveness

Mock Interview Room: Full mobile responsive design with touch-friendly controls (44px+ touch targets)
Portrait/Landscape Support: Optimized layouts for both mobile orientations
iOS Smooth Scrolling: Added -webkit-overflow-scrolling: touch for native scroll feel
Extra Small Devices: Additional breakpoints at 400px for smaller screens
Take Exam Page: Scrollable and responsive exam interface
Interview Report: Mobile-optimized feedback and transcript display

Bulawork AI Assistant Improvements

Real-time Database Integration: AI assistant now uses live data from 19 data sections including:
- Active Jobs & Application Metrics
- AI Interview Data & Pipeline Analytics
- Skills Analytics & Recent Hires
- Job Performance Metrics & Bottleneck Analysis
Markdown Rendering: Clean response formatting with proper HTML rendering (no raw ##, **, - symbols)
Data Integrity: Strict rules preventing fake/placeholder data - only real database values
Branding: Renamed from "AI HR Assistant" to "Bulawork AI"

Performance & Database

API Timeout Fix: Increased cURL timeout from 60 to 180 seconds for long interview analysis
Token Limits: Added max_tokens: 4000 for AI responses to prevent overflows
Transcript Truncation: Long interview transcripts (15,000+ chars) now truncated for processing
Deterministic AI Analysis: Set temperature: 0 for consistent re-analysis results
30-Day Chat Cleanup: Automatic deletion of old AI chat history via cron job

Exam Creator Improvements

Job Skills Integration: Skills now fetched from job_skills table with proper fallbacks
Enhanced Data Retrieval: Falls back to required_skills, requirements, and description fields
Responsibilities Extraction: Automatically extracts responsibilities from job descriptions when not explicitly set

AI Interview Analysis

Removed Candidate Ranking: Eliminated unrealistic percentile rankings when no comparison data exists
Incomplete Interview Detection: Low scores (15%) for interviews under 1 minute with minimal responses
Fair Scoring: Context-sensitive ratings based on actual interview content

Files Modified

File	Changes
`candidate/mock-interview-room.php`	Mobile responsive CSS, landscape support
`candidate/mock-interviews.php`	Mobile responsive, extra small device breakpoints
`candidate/mock-interview-report.php`	Scrollable transcript, mobile optimizations
`take-exam.php`	Mobile scrollability, responsive layout
`hr/ai-assistant.php`	Markdown formatter, title branding
`api/hr/ai-assistant.php`	Real-time data sections, formatting rules
`hr/exam-creator.php`	Job skills integration from job_skills table
`config/api.php`	Increased API timeout to 180 seconds
`api/ai-interview/analyze-interview.php`	Token limits, transcript truncation, deterministic analysis
`cron/chat-cleanup.php`	New cron job for 30-day chat retention

System Overview

BulaWork is a comprehensive AI-powered job recruitment platform designed for the Fiji job market. The platform connects job seekers (candidates) with employers (HR/companies) through an intelligent matching system enhanced by artificial intelligence capabilities.

Key Features

AI-Powered Matching

Intelligent candidate-job matching using OpenAI GPT integration for resume analysis and job description generation.

Enterprise Security

AES-256-GCM document encryption, OTP authentication, rate limiting, and comprehensive security headers.

Multi-Role System

Three distinct user roles: Candidates, HR Managers, and Administrators with role-based access control.

Exam System

AI-generated assessment exams with proctoring, monitoring, and automated scoring capabilities.

Mobile Ready

RESTful mobile API for native Android application with token-based authentication.

Smart Notifications

Job alerts, application status updates, interview scheduling, and email notifications.

System Architecture

Presentation Layer (Frontend)

PHP Views + HTML5 + CSS3 + Vanilla JavaScript | Responsive Design | Font Awesome Icons | Chart.js

Application Layer (Backend)

PHP 8.x | Session Management | CSRF Protection | Rate Limiting | Input Validation

API Layer

RESTful JSON APIs | Authentication Middleware | Mobile API Support | OpenAI Integration

Data Layer

MySQL/MariaDB | PDO with Prepared Statements | 86 Database Tables | Foreign Key Constraints

Security Layer

AES-256-GCM Encryption | Argon2ID Password Hashing | OTP 2FA | Security Headers | CORS

Technology Stack

Component	Technology	Purpose
Backend	PHP 8.x	Server-side processing and API
Database	MySQL/MariaDB	Data persistence with 86 tables
Frontend	HTML5, CSS3, JavaScript	User interface and interactions
AI Integration	OpenAI GPT API	Resume analysis, job matching, exam generation
Email	SMTP (Gmail/Custom)	Transactional emails and notifications
Encryption	OpenSSL (AES-256-GCM)	Document and file encryption
Password Hashing	Argon2ID / BCRYPT	Secure password storage
Icons	Font Awesome 6	UI icons and visual elements
Charts	Chart.js	Analytics and data visualization

Database Schema

The BulaWork database consists of 86 tables organized into logical groups for users, companies, jobs, applications, AI features, exams, and security.

Core Database Tables

User Management (7 tables)

Table	Description	Key Fields
`users`	Main user accounts	user_id, email, password_hash, role, status, otp_enabled
`user_profiles`	Extended user info	first_name, last_name, phone, avatar_url, city, country, bio
`candidates`	Job seeker profiles	resume_url, experience_years, current_position, availability
`candidate_skills`	Candidate skills	skill_name, proficiency, years_experience
`candidate_education`	Education history	institution, degree, field_of_study, start_date, end_date
`candidate_experience`	Work experience	company, position, description, start_date, end_date
`candidate_qualifications`	Certifications	title, issuing_organization, document_url, encryption_id

Company Management (8 tables)

Table	Description	Key Fields
`companies`	Company profiles	company_name, company_email, logo_url, industry, status
`company_branches`	Branch locations	branch_name, address, city, latitude, longitude
`company_credits`	AI credit balance	total_credits, used_credits, remaining_credits
`company_subscriptions`	Subscription plans	plan_id, status, billing_cycle, start_date, end_date
`company_tool_access`	AI tool permissions	tool_id, is_enabled, custom_credit_cost

Jobs & Applications (10 tables)

Table	Description	Key Fields
`jobs`	Job listings	title, description, requirements, salary_min, salary_max, deadline
`applications`	Job applications	job_id, candidate_id, status, cover_letter, ai_fit_score
`application_documents`	Submitted documents	document_url, encryption_id, document_type
`application_answers`	Screening Q&A	question_id, question_text, answer_text
`interviews`	Interview scheduling	scheduled_date, interview_type, meeting_link, status
`saved_jobs`	Bookmarked jobs	candidate_id, job_id, saved_at
`job_required_documents`	Required uploads	document_name, is_mandatory, allowed_types

AI Features (8 tables)

Table	Description	Key Fields
`ai_tools`	Available AI tools	tool_name, tool_slug, credit_cost, category
`ai_subscription_plans`	Pricing plans	plan_name, monthly_credits, price_monthly, features
`ai_candidate_analysis`	Candidate scoring	overall_score, skills_score, strengths, recommendation
`ai_chat_sessions`	AI chat history	session_title, context_type, is_active
`ai_interview_questions`	Generated questions	question_text, question_type, difficulty

Exam System (7 tables)

Table	Description	Key Fields
`exams`	Exam definitions	exam_title, total_questions, time_per_question, passing_score
`exam_questions`	MCQ questions	question_text, option_a-d, correct_answer, points
`exam_sessions`	Candidate sessions	session_token, started_at, status, tab_switches
`exam_responses`	Answer submissions	selected_answer, is_correct, time_taken
`exam_results`	Final scores	score_percentage, passed, ai_analysis
`exam_monitoring`	Proctoring events	event_type, screenshot_url, event_data

Security Tables (6 tables)

Table	Description	Key Fields
`email_verifications`	OTP codes	verification_code, purpose, expires_at, attempts
`trusted_devices`	Remembered devices	device_fingerprint, device_name, trusted_until
`otp_audit_log`	OTP activity log	action_type, success, ip_address
`password_reset_tokens`	Reset tokens	token, expires_at, used
`api_rate_limits`	Rate limiting	identifier, request_count, window_start
`activity_logs`	User activity	action, entity_type, details, ip_address

API Reference

Authentication APIs

Location: /api/auth/

POST /api/auth/login.php

Authenticate user with email/password. Supports OTP verification flow.

// Request
{
    "email": "user@example.com",
    "password": "securepassword",
    "remember": true,
    "trust_device": false
}

// Response (Success)
{
    "success": true,
    "requires_otp": false,
    "redirect_url": "/hr/dashboard.php",
    "message": "Welcome back, John!"
}

// Response (OTP Required)
{
    "success": true,
    "requires_otp": true,
    "email": "user@example.com"
}

POST /api/auth/register.php

Register new candidate or employer account with email verification.

POST /api/auth/send-otp.php

Send OTP verification code to user's email.

POST /api/auth/verify-otp.php

Verify OTP code and complete login. Optionally trust device.

POST /api/auth/forgot-password.php

Request password reset link via email.

Candidate APIs

Location: /api/candidate/ - Requires authenticated candidate session

Endpoint	Method	Description
`update-profile.php`	POST	Update candidate profile information
`upload-resume.php`	POST	Upload resume with AES-256 encryption
`upload-avatar.php`	POST	Upload profile photo
`add-skill.php`	POST	Add skill to profile
`add-education.php`	POST	Add education record
`add-experience.php`	POST	Add work experience
`apply.php`	POST	Submit job application
`save-job.php`	POST	Bookmark/unbookmark job
`job-alerts.php`	POST	Manage job alert preferences
`ai-analysis.php`	POST	Get AI-powered profile analysis
`get-qualifications.php`	GET	Retrieve uploaded qualifications

HR APIs

Location: /api/hr/ - Requires authenticated HR session

Endpoint	Method	Description
`dashboard-data.php`	GET	Fetch dashboard statistics and metrics
`job-action.php`	POST	Create, update, or delete job postings
`get-job-applicants.php`	GET	Get applicants for a specific job
`update-application-status.php`	POST	Change application status
`candidate-analysis.php`	POST	AI-powered candidate analysis and ranking
`schedule-interview.php`	POST	Schedule interview with candidate
`generate-job-description.php`	POST	AI-generate job description
`generate-interview-questions.php`	POST	AI-generate interview questions
`exam-questions.php`	POST	Create/manage exam questions
`parse-resume.php`	POST	Extract data from uploaded resume
`ai-assistant.php`	POST	AI recruiting assistant chat
`request-credits.php`	POST	Request additional AI credits

Admin APIs

Location: /api/admin/ - Requires admin authentication

Endpoint	Method	Description
`get-stats.php`	GET	Platform-wide statistics
`create-user.php`	POST	Create new user account
`update-user.php`	POST	Update user details
`delete-user.php`	DELETE	Soft-delete user account
`approve-company.php`	POST	Approve/reject company registration
`subscription-management.php`	POST	Manage company subscriptions
`update-smtp-settings.php`	POST	Configure email settings
`file-manager.php`	POST	Manage uploaded files

Mobile APIs

Location: /api/mobile/ - Token-based authentication for native apps

Endpoint	Method	Description
`auth.php`	POST	Mobile login/register with access tokens
`jobs.php`	GET	Browse and search jobs
`applications.php`	POST/GET	Submit and view applications
`profile.php`	POST/GET	Manage candidate profile
`companies.php`	GET	View company profiles

Security Measures

Implemented Security Features

Password Security

Argon2ID hashing (or BCRYPT fallback) with secure cost parameters. Password requirements enforced (minimum 8 characters).

Two-Factor Authentication (OTP)

Email-based OTP verification with 6-digit codes. Trusted device support to skip OTP on known devices. Rate limiting prevents brute force attacks.

Document Encryption

AES-256-GCM encryption for all uploaded documents (resumes, qualifications, attachments). Per-document key derivation using HKDF. Secure token-based document access.

CSRF Protection

Token-based CSRF protection on all forms. Timing-safe token comparison. Automatic token regeneration.

SQL Injection Prevention

All database queries use PDO prepared statements with parameterized queries. Input validation and sanitization layer.

XSS Prevention

Output encoding with htmlspecialchars(). Content Security Policy headers. Script tag removal from user input.

Rate Limiting

API rate limiting with configurable thresholds. IP-based tracking with sliding window. 429 Too Many Requests responses with Retry-After headers.

Security Headers

X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Content-Security-Policy, Strict-Transport-Security (HSTS), Referrer-Policy.

Authentication Flow

1

User Submits Credentials

Email and password sent via POST to /api/auth/login.php with CSRF token validation.

2

Credential Verification

Email lookup in database, password_verify() against Argon2ID hash. Account status checked (active, pending, suspended).

3

OTP Check (if enabled)

If user has OTP enabled and device is not trusted, 6-digit OTP is sent to email. User redirected to OTP verification form.

4

Session Creation

Session regenerated to prevent fixation. User ID, role, and name stored in session. User agent fingerprint recorded for hijacking detection.

5

Role-Based Redirect

Candidates → /candidate/dashboard.php, HR → /hr/dashboard.php, Admins → /admin/dashboard.php

Document Encryption System

All sensitive documents (resumes, qualifications, application attachments) are encrypted using AES-256-GCM before storage.

// Encryption Process (config/encryption.php)
1. Generate unique document ID for key derivation
2. Derive document-specific key using HKDF from master key
3. Generate random 12-byte IV (nonce)
4. Encrypt with AES-256-GCM (authenticated encryption)
5. Store: [IV (12 bytes)] + [Tag (16 bytes)] + [Ciphertext]
6. Add .enc extension to filename

// Decryption Process
1. Extract IV, Tag, and Ciphertext from file
2. Derive document key using stored document ID
3. Decrypt and verify authentication tag
4. Return plaintext only if authentication passes

Candidate Features

Dashboard

Overview of applications, saved jobs, profile completion score, AI match score, and upcoming interviews.

Job Search

Browse jobs with filters (location, department, salary, job type). Real-time search and sort options.

Profile Builder

Complete profile with skills, education, experience, qualifications, and documents. Progress gamification.

Resume Upload

Encrypted resume storage. Support for PDF, DOC, DOCX formats. AI-powered resume parsing.

Applications

Apply to jobs with cover letter, answer screening questions, upload required documents.

Saved Jobs

Bookmark interesting jobs for later. Expiry notifications. Quick apply from saved list.

Job Alerts

Set up alerts for specific job titles. Email notifications when matching jobs are posted.

Mock Interviews

Practice AI interviews for real job postings. Get feedback, pause/resume sessions, improve your interview skills.

Take Exams

Complete AI-generated assessments sent by employers. Timed questions with proctoring.

HR Features

Dashboard

KPIs overview: active jobs, applications, candidates reviewed, shortlisted. Real-time pipeline view.

Job Posting

Create job listings with AI-enhanced descriptions. Set requirements, salary range, deadline.

Applicant Management

View all applicants per job. Filter by status. Bulk actions. Download resumes.

AI Candidate Analysis

AI-powered scoring and ranking. Skills matching. Experience analysis. Hire recommendations.

Interview Scheduling

Schedule interviews with candidates. Video/phone/in-person types. Email invitations.

AI Video Interviews

Conduct AI-powered video interviews. Real-time transcription, automated analysis, hiring recommendations.

Exam Creator

AI-generate assessment exams from job requirements. MCQ questions. Timed tests. Automatic grading.

Bulawork AI Assistant

Chat-based AI recruiting assistant with real-time database integration. Get advice, analyze candidates, view live metrics.

Credits System

AI features consume credits. View balance, request more credits, track usage history.

Branch Management

Manage company locations. Add branches with addresses and contact details.

Admin Features

Analytics Dashboard

Platform-wide statistics. User counts, job metrics, application trends, growth charts.

User Management

View all users. Create, edit, activate, suspend accounts. Role management.

Company Approvals

Review and approve company registrations. Reject with reason. Send notifications.

Subscription Management

Manage company subscriptions. Assign plans. Add credits. View billing history.

AI Tools Config

Enable/disable AI tools. Set credit costs. Manage tool categories.

SMTP Settings

Configure email server. Test connection. Set from address and name.

File Manager

Browse uploaded files. View storage usage. Manage document encryption.

SEO Settings

Configure meta tags, site title, description for public pages.

HR Notifications

Send system-wide notifications to HR users. Manage notification templates.

Maintenance Mode

Enable maintenance mode. Only admins can login. Custom maintenance message.

Frontend Architecture

CSS Design System

BulaWork uses a custom CSS design system with CSS variables for consistent theming.

Core Color Palette

:root {
    /* Primary Colors */
    --primary-dark: #2F2E2E;
    --charcoal: #36454F;
    --charcoal-dark: #2D3748;
    --accent-yellow: #F3D15F;
    --accent-yellow-hover: #E5C34D;
    
    /* Background Colors */
    --bg-cream: #F9FAFB;
    --bg-dashboard: linear-gradient(135deg, #F9FAFB 0%, #FFFBEB 40%, #FDE047 100%);
    --card-white: #FFFFFF;
    
    /* Status Colors */
    --success: #10B981;
    --info: #3B82F6;
    --warning: #F59E0B;
    --danger: #EF4444;
    --purple: #8B5CF6;
    
    /* Border Radius */
    --border-radius-xl: 32px;
    --border-radius-lg: 24px;
    --border-radius-md: 16px;
    --border-radius-sm: 12px;
    
    /* Shadows */
    --shadow-soft: 0 10px 40px -10px rgba(47, 46, 46, 0.10);
    --shadow-hover: 0 20px 50px -10px rgba(156, 141, 112, 0.25);
    --shadow-charcoal: 0 8px 25px rgba(54, 69, 79, 0.25);
}

CSS Files Structure

File	Purpose
`css/design-system.css`	Global variables, typography, utility classes
`css/components.css`	Reusable component styles (buttons, cards, forms)
`css/responsive.css`	Media queries and responsive breakpoints
`assets/css/admin-common.css`	Admin panel shared styles
`assets/css/hr-animations.css`	HR dashboard animations
`assets/css/loading.css`	Loading spinners and skeleton screens

JavaScript Modules

Frontend JavaScript is organized into modular files for different functionalities.

File	Purpose	Key Functions
`js/app.js`	Main application logic	navigateToScreen(), initializeScreen(), modal handling
`assets/js/hr-page-transitions.js`	HR page animations	Page load transitions, skeleton screens
`assets/js/hr-dialogs.js`	HR modal dialogs	Confirmation dialogs, toast notifications
`assets/js/loading.js`	Loading states	showLoading(), hideLoading(), progress bars

Key JavaScript Patterns

// AJAX Form Submission Pattern
async function submitForm(formData, endpoint) {
    try {
        const response = await fetch(endpoint, {
            method: 'POST',
            headers: { 'X-Requested-With': 'XMLHttpRequest' },
            body: formData
        });
        const data = await response.json();
        if (data.success) {
            showToast('Success!', 'success');
        } else {
            showToast(data.error || 'Error occurred', 'error');
        }
    } catch (error) {
        showToast('Network error', 'error');
    }
}

// Modal Pattern
function openModal(modalId) {
    document.getElementById(modalId).classList.add('active');
    document.body.style.overflow = 'hidden';
}

function closeModal(modalId) {
    document.getElementById(modalId).classList.remove('active');
    document.body.style.overflow = '';
}

Directory Structure

bulaw/
├── admin/                    # Admin panel pages
│   ├── dashboard.php         # Admin dashboard
│   ├── users.php            # User management
│   ├── company-approvals.php # Company approval
│   ├── settings.php         # System settings
│   └── ...
├── api/                      # RESTful API endpoints
│   ├── auth/                 # Authentication APIs
│   ├── admin/               # Admin APIs
│   ├── candidate/           # Candidate APIs
│   ├── hr/                  # HR APIs
│   ├── mobile/              # Mobile app APIs
│   └── serve-document.php   # Encrypted document server
├── assets/                   # Static assets
│   ├── css/                 # Stylesheets
│   └── js/                  # JavaScript files
├── candidate/               # Candidate panel pages
│   ├── dashboard.php        # Candidate dashboard
│   ├── onboarding.php       # Profile setup
│   └── job-alerts.php       # Job alert settings
├── config/                  # Configuration files
│   ├── database.php         # DB connection + helpers
│   ├── security.php         # Security functions
│   ├── encryption.php       # Document encryption
│   ├── email.php            # Email service
│   ├── api.php              # OpenAI integration
│   └── otp-helper.php       # OTP management
├── cron/                    # Scheduled tasks
│   ├── job-alerts.php       # Send job alerts
│   ├── friday-summary.php   # Weekly HR summaries
│   └── archive-cleanup.php  # Delete old archives
├── css/                     # Global stylesheets
├── database/                # Database migrations
│   └── migrations/          # SQL migration files
├── hr/                      # HR panel pages
│   ├── dashboard.php        # HR dashboard
│   ├── jobs.php             # Job management
│   ├── applicants.php       # Applicant list
│   ├── ai-tools.php         # AI tools hub
│   └── ...
├── includes/                # Reusable PHP includes
│   ├── admin-header.php     # Admin layout header
│   ├── public-header.php    # Public page header
│   └── hr-approval-check.php # HR access guard
├── js/                      # Main JavaScript
├── uploads/                 # File uploads (encrypted)
├── index.php               # Landing page redirect
├── login.php               # Login page
├── signup.php              # Registration page
├── find-jobs.php           # Public job search
├── job-details.php         # Job detail page
└── apply.php               # Job application page

Deployment Notes

Server Requirements

PHP 8.0 or higher with extensions: PDO, OpenSSL, JSON, mbstring, fileinfo
MySQL 8.0 or MariaDB 10.5+
Apache or Nginx web server with mod_rewrite
HTTPS certificate (required for production)
Minimum 512MB RAM, 5GB storage

Installation Steps

Clone repository to web server document root
Create MySQL database and import database/bulawork_deployment_v4.sql
Configure config/database.php with database credentials
Set file permissions: chmod 755 for directories, 644 for files
Create writable uploads directory: chmod 775 uploads/
Configure SMTP settings via Admin > Settings > Email
Set OpenAI API key in config/api.php for AI features
Create first admin user manually in database or via CLI

Cron Jobs

# Job alert emails - every 6 hours
0 */6 * * * php /path/to/bulaw/cron/job-alerts.php

# Friday HR summary - Fridays at 5 PM
0 17 * * 5 php /path/to/bulaw/cron/friday-summary.php

# Archive cleanup - daily at 2 AM
0 2 * * * php /path/to/bulaw/cron/archive-cleanup.php

# Saved jobs expiry check - daily at 6 AM
0 6 * * * php /path/to/bulaw/cron/saved-jobs-expiry.php

# AI Chat history cleanup (30-day retention) - daily at 3 AM
0 3 * * * php /path/to/bulaw/cron/chat-cleanup.php