Web Application
// Internal Web Tool Development

Expatriate Permit Reminder
System

An internal web-based tool that automates permit expiry monitoring for expatriate employees — sending scheduled email reminders to HR/Legal teams and expatriates before their work permits expire.

Category Web Application (Internal Tool)
Timeline 2 Weeks
Role Full-Stack Developer
Result 100% Automated Reminder Workflow

Project Overview

Many companies employing expatriate workers rely on manual tracking — spreadsheets or calendar reminders — to monitor work permit expiry dates. This approach is error-prone and risks permit lapses, which carry serious legal and operational consequences for both the company and the employee.

I designed and built a complete internal system from scratch: a secure admin panel for managing expatriate data and documents, a cron-based automated email engine that fires reminders at H-60, H-45, and H-30 days before expiry, and a full permit renewal workflow with document versioning and audit history.

The Challenge

Missed Permit Deadlines

Manual tracking via spreadsheets meant reminders were often missed or sent too late, exposing the company to compliance and legal risk.

Sensitive Document Security

Permit documents contain personal identity data (passport, KITAS numbers) that must be stored and accessed securely, not left exposed in shared folders.

Renewal Tracking & History

Every time a permit was renewed, the old data and document needed to be preserved for audit purposes while the active record was updated seamlessly.

Solution & Approach

I built the system on PHP with PDO and a MySQL database, with PHPMailer handling SMTP delivery via a scheduled cron job. The reminder engine reads configurable day-threshold rules (H-60, H-45, H-30) from environment variables and queries only the expatriates whose permits match those thresholds on the day the cron runs — preventing duplicate sends via a daily log check.

Document uploads are stored outside the public web root with all direct access blocked via .htaccess. Files are served exclusively through a PHP gateway (view_document.php) that validates session role, checks path traversal attempts, verifies MIME type, and only then streams the PDF — making it impossible to access documents via a direct URL.

Security was a primary focus throughout: all forms are protected with CSRF tokens, every database query uses PDO prepared statements, outputs are escaped with htmlspecialchars(), error details are logged server-side only, and HTTP security headers (CSP, HSTS, X-Frame-Options) are applied globally.

Key Features

  • Automated email reminders at H-60, H-45, and H-30 days before permit expiry via daily cron job
  • Secure document storage — PDF uploads served only through authenticated PHP gateway, never via direct URL
  • Full permit renewal workflow with complete version history and audit trail (who renewed, when, old vs new dates)
  • Soft-delete and reactivate system — deactivated expatriates are preserved with full history, not permanently erased
  • Manual email trigger — admin can send an on-demand reminder to any expatriate at any time
  • Role-based access control — admin vs. viewer roles with all sensitive actions enforced server-side
  • CSRF protection on every form and AJAX endpoint
  • Configurable reminder recipients stored in environment variables, not hardcoded in source code
  • Error logging to server-side log file — no internal error details exposed to the browser

Interested in a similar internal tool?

Let's talk about your workflow automation needs and build something efficient and secure together.

Get In Touch Back to Projects