- User Management System with PHP & MySQL
- Step1: Create MySQL Database Table
- Step2: Implement User Registration
- Step3: Implement User Login
- Step4: Implement User Password Reset
- Step5: Manage User Profile
- Step6: Implement Admin Login
- Step7: Admin Dishboard
- Step8: Manage User in Admin Panel
- Edit User
- 156 thoughts on “ User Management System with PHP & MySQL ”
User Management System with PHP & MySQL
In our previous tutorial, we have explained how to develop School Management System with PHP & MySQL. In this tutorial, we will explain how to develop User Management System with PHP & MySQL.
User management is an important part of any web application where users can create their account and manage. The users are allowed to register their account and login to access their account. The users are also managed by administrator to allow certain roles or update users info.
So if you’re looking for solution to build secure user management system then you’re here the right place. In this tutorial, you will learn how to create secure user management system with PHP and MySQL. You would also like to checkout Login and Registration System with PHP & MySQL to implement user login and registration.
We will implement functionality to manage user operations like user registration, user email verification, login, password reset and edit profile. We will also create Admin panel to manage users at admin end to create new user, edit existing users details and delete user.
We will cover this tutorial in easy steps with live example to manage users from front-end and administrator end.
So let’s start implementing user management system with PHP and MySQL. Before we begin, take a look on files structure for this example.
User Login and Registration features:
- User registration with email verification.
- User Login with remember password.
- Forget password & reset password.
- User profile.
- User profile edit & save.
Admin Panel features:
- Admin login.
- Admin password reset.
- Admin profile.
- Dashboard with users stats.
- Users list.
- Add new user with role.
- Edit & save user.
- Delete user.
So let’s start implementing user management system with PHP and MySQL. Before we begin, take a look on files structure for this example.
- index.php: User dashboard
- register.php: Handle User registration.
- verify.php: Complete user registration after email verification.
- login.php: Handle user login.
- forget_password.php: Handle user forget password reset.
- reset_password.php: Reset new password.
- account.php: User profile.
- edit_account.php: edit user profile.
- User.php: Class which hold user methods.
There will be following files for Admin section to manage users.
- index.php: Handle user login
- dashboard.php: Display users stats
- change_password.php: Change admin password.
- profile.php: Display admin profile.
- user_list.php: Display user list, add new user, edit and delete user.
Step1: Create MySQL Database Table
First we will create MySQL database table user to store user details to manage users.
CREATE TABLE `user` ( `id` int(11) NOT NULL, `first_name` varchar(50) NOT NULL, `last_name` varchar(50) NOT NULL, `email` varchar(50) NOT NULL, `password` varchar(50) NOT NULL, `gender` enum('male','female') CHARACTER SET utf8 NOT NULL, `mobile` varchar(50) NOT NULL, `designation` varchar(50) NOT NULL, `image` varchar(250) NOT NULL, `type` varchar(250) NOT NULL DEFAULT 'general', `status` enum('active','pending','deleted','') NOT NULL DEFAULT 'pending', `authtoken` varchar(250) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Step2: Implement User Registration
We will design user registration form in register.php file and handle user registration on form submit.
In class User.php, we will create method register() to implement user registration. We will send an email verification email to user’s email address with link to verify and complete registration.
public function register()< $message = ''; if(!empty($_POST["register"]) && $_POST["email"] !='') < $sqlQuery = "SELECT * FROM ".$this->userTable." WHERE email='".$_POST["email"]."'"; $result = mysqli_query($this->dbConnect, $sqlQuery); $isUserExist = mysqli_num_rows($result); if($isUserExist) < $message = "User already exist with this email address."; >else < $authtoken = $this->getAuthtoken($_POST["email"]); $insertQuery = "INSERT INTO ".$this->userTable."(first_name, last_name, email, password, authtoken) VALUES ('".$_POST["firstname"]."', '".$_POST["lastname"]."', '".$_POST["email"]."', '".md5($_POST["passwd"])."', '".$authtoken."')"; $userSaved = mysqli_query($this->dbConnect, $insertQuery); if($userSaved) < $link = "Verify Email"; $toEmail = $_POST["email"]; $subject = "Verify email to complete registration"; $msg = "Hi there, click on this ".$link." to verify email to complete registration."; $msg = wordwrap($msg,70); $headers = "From: info@webdamn.com"; if(mail($toEmail, $subject, $msg, $headers)) < $message = "Verification email send to your email address. Please check email and verify to complete registration."; >> else < $message = "User register request failed."; >> > return $message; >
We will create a method verifyRegister() in class User.php to verify user email to complete registration.
public function verifyRegister()< $verifyStatus = 0; if(!empty($_GET["authtoken"]) && $_GET["authtoken"] != '') < $sqlQuery = "SELECT * FROM ".$this->userTable." WHERE authtoken='".$_GET["authtoken"]."'"; $resultSet = mysqli_query($this->dbConnect, $sqlQuery); $isValid = mysqli_num_rows($resultSet); if($isValid)< $userDetails = mysqli_fetch_assoc($resultSet); $authtoken = $this->getAuthtoken($userDetails['email']); if($authtoken == $_GET["authtoken"]) < $updateQuery = "UPDATE ".$this->userTable." SET status = 'active' WHERE id']."'"; $isUpdated = mysqli_query($this->dbConnect, $updateQuery); if($isUpdated) < $verifyStatus = 1; >> > > return $verifyStatus; >
Step3: Implement User Login
We will design user login form in login.php file and handle login functionality on form submit.
Log In?>We will create a method login() in class User.php to handle user login functionality.
public function login() < $errorMessage = ''; if(!empty($_POST["login"]) && $_POST["loginId"]!=''&& $_POST["loginPass"]!='') < $loginId = $_POST['loginId']; $password = $_POST['loginPass']; if(isset($_COOKIE["loginPass"]) && $_COOKIE["loginPass"] == $password) < $password = $_COOKIE["loginPass"]; >else < $password = md5($password); >$sqlQuery = "SELECT * FROM ".$this->userTable." WHERE email='".$loginId."' AND password='".$password."' AND status = 'active'"; $resultSet = mysqli_query($this->dbConnect, $sqlQuery); $isValidLogin = mysqli_num_rows($resultSet); if($isValidLogin) < if(!empty($_POST["remember"]) && $_POST["remember"] != '') < setcookie ("loginId", $loginId, time()+ (10 * 365 * 24 * 60 * 60)); setcookie ("loginPass", $password, time()+ (10 * 365 * 24 * 60 * 60)); >else < $_COOKIE['loginId' ]=''; $_COOKIE['loginPass'] = ''; >$userDetails = mysqli_fetch_assoc($resultSet); $_SESSION["userid"] = $userDetails['id']; $_SESSION["name"] = $userDetails['first_name']." ".$userDetails['last_name']; header("location: index.php"); > else < $errorMessage = "Invalid login!"; >> else if(!empty($_POST["loginId"])) < $errorMessage = "Enter Both user and password!"; >return $errorMessage; >We will create object of user class and call user method login() to complete user login.
include('class/User.php'); $user = new User(); $message = $user->login();Step4: Implement User Password Reset
We will design user password reset form in reset_password.php file to user password. The user email is entered and submitted in forget_password.php and a password reset email will be send to user email address. When user click on password reset link, it will redirect user to reset password form and ask the user to enter new password to save.
Reset Password?>We will create a method resetPassword() in class User.php to send password reset email to user.
public function resetPassword() < $message = ''; if($_POST['email'] == '') < $message = "Please enter username or email to proceed with password reset"; >else < $sqlQuery = " SELECT email FROM ".$this->userTable." WHERE email='".$_POST['email']."'"; $result = mysqli_query($this->dbConnect, $sqlQuery); $numRows = mysqli_num_rows($result); if($numRows) < $user = mysqli_fetch_assoc($result); $authtoken = $this->getAuthtoken($user['email']); $link="Reset Password"; $toEmail = $user['email']; $subject = "Reset your password on examplesite.com"; $msg = "Hi there, click on this ".$link." to reset your password."; $msg = wordwrap($msg,70); $headers = "From: info@webdamn.com"; if(mail($toEmail, $subject, $msg, $headers)) < $message = "Password reset link send. Please check your mailbox to reset password."; >> else < $message = "No account exist with entered email address."; >> return $message; >We will create a method savePassword() in class User.php to save new password.
public function savePassword() < $message = ''; if($_POST['password'] != $_POST['cpassword']) < $message = "Password does not match the confirm password."; >else if($_POST['authtoken']) < $sqlQuery = " SELECT email, authtoken FROM ".$this->userTable." WHERE authtoken='".$_POST['authtoken']."'"; $result = mysqli_query($this->dbConnect, $sqlQuery); $numRows = mysqli_num_rows($result); if($numRows) < $userDetails = mysqli_fetch_assoc($result); $authtoken = $this->getAuthtoken($userDetails['email']); if($authtoken == $_POST['authtoken']) < $sqlUpdate = " UPDATE ".$this->userTable." SET password='".md5($_POST['password'])."' WHERE email='".$userDetails['email']."' AND authtoken='".$authtoken."'"; $isUpdated = mysqli_query($this->dbConnect, $sqlUpdate); if($isUpdated) < $message = "Password saved successfully. Please Login to access account."; > > else < $message = "Invalid password change request."; >> else < $message = "Invalid password change request."; >> return $message; >Step5: Manage User Profile
We will design user profile edit forum in edit_account.php to edit user details and save.
Edit Account Details