Is it possible to let users e-sign a document?

Scenario

1. I upload document for a user on my website to review and sign
2. User logs in, reviews the document and then somehow digitally signs it. ( not a image of their signature )
3. I receive document with some way of verifying they legally signed it.

I would prefer the user does not need to download, sign with some third party tool and then upload the document. I want them to somehow perform this action on the webpage maybe by typing there full name in a box against the document while they are logged in.

One feasible way would be to generate a cryptographic pair of keys for each and every user. Both keys (the private and the public one) would need to be kept on your server, with the private key being password protected. The password would ideally be known to only the user himself (ask for it when generating the keys but do NOT save it) and nobody else. Then, after the user has signed a document by entering his private key password you would be able to verify his "signature" using his public key.

The process itself greatly depends on your server setup (i.e. access to cryptographic tools, database and the like).

PS: I doubt this would be legally binding (at least not where I am located) but your jurisdiction may vary.

"some way of verifying they legally signed it" .. has slightly different implications depending on the country (your profile does not indicate your location). I can only answer for the U.S. concerning the legal part .. but as for the technical part ..

You can use PHP to export each page of the PDF as a PNG, then present each page (as a PNG image) for the user to review. Then use JavaScript to record the user's action of signing at the specified location. The user then posts his/her acceptance of the signature and log it. When each user has "signed", you can make the document available for download. When the first user wants to download the PDF with all signatures, you can simply apply a signing cert verifying that you (your app/company) certify the authenticity of the document and the signatures, much the same way that a "public notary" notarizes a document. You will have to be able to provide a way for the document to be linked to the signing log for the signatures (when you logged the action of the user signing) and the authentication log when you authenticated the user. I use iText wrapped in a Java SOAP service for manipulating the PDF and then just have PHP call the service. I have created an app which does it this way but as of now it's still in alpha else I would link it.

dotloop has a simple approach similar to the above, minus real authentication and apparently their system is used successfully for thousands of real estate transactions (the escrow company will authenticate all parties to the transaction)

Note: app sign-on, or even OAuth is not as authentic as the European smart-cards but even those are not fool-proof. Perhaps a better solution for authentication would be to have the user upload a copy of their ID (AirBnB does this). Another solution might be to integrate a simple flash app to record the signer making a statement that they accept the signature for that transaction and link it to the doc and the signature.

The key things to remember are: (1) You can handle everything in the web-app stack (HTML; JavaScript; PHP; iText) so the user never has to download the actual PDF. (2) In many cases, as long as you can authenticate the user making the signing action for the document, only need to "certify" on the final document that the user did it and provide proof of that (like dotloop does) instead of certifying each signature. By certify, I mean, you sign the final PDF with an AATL cert.