A sophisticated, production-ready user management system built with Laravel 9 that demonstrates modern web application development practices. Includes secure authentication, role-based access control, and an intuitive admin dashboard for user management.
- π Secure Authentication - Email verification, password hashing with bcrypt, token-based API access
- π₯ Role-Based Access Control (RBAC) - Admin and user roles with middleware-protected routes
- π Admin Dashboard - Manage users, view details, delete accounts with confirmation
- π€ User Profiles - Edit personal information and securely change passwords
- π¨ Responsive UI - Modern, accessible interface with Tailwind CSS and Alpine.js
- π‘οΈ Security-First - CSRF protection, SQL injection prevention, secure session management
- β Comprehensive Tests - Feature and unit tests using Pest PHP
- π Migration-Based Setup - Database agnostic, easy deployment
| Layer | Technology |
|---|---|
| Backend | Laravel 9.19, PHP 8.0+ |
| Database | MySQL 5.7+ |
| Frontend | Blade Templates, Tailwind CSS 3, Alpine.js |
| Authentication | Laravel Breeze, Laravel Sanctum |
| Build Tool | Vite.js with Laravel plugin |
| Testing | Pest PHP with Feature & Unit tests |
| Code Quality | Laravel Pint (PSR-12 compliance) |
| Asset Bundling | PostCSS, Autoprefixer |
- PHP 8.0.2 or higher
- Composer
- Node.js 14+ and npm
- MySQL 5.7 or higher (or compatible database)
- Git (for cloning the repository)
# Clone the repository
git clone https://github.com/mixelas/user-management.git
cd user-management
# Install PHP dependencies
composer install
# Install Node dependencies
npm install
# Create environment configuration
cp .env.example .env
# Generate application key
php artisan key:generate
# Configure database in .env file
# DB_DATABASE=user_management
# DB_USERNAME=root
# DB_PASSWORD=your_password
# Run migrations
php artisan migrate
# Seed admin user into database
php artisan db:seed
# Build frontend assets
npm run build
# Start the application
php artisan serveThe application will be available at http://localhost:8000
| Field | Value |
|---|---|
| admin@example.com | |
| Password | password |
β οΈ Change the default password immediately in production.
user-management/
βββ app/
β βββ Http/
β β βββ Controllers/
β β β βββ UserController.php # User CRUD operations
β β β βββ ProfileController.php # Profile management
β β β βββ PasswordController.php # Password changes
β β βββ Middleware/
β β βββ IsAdmin.php # Admin authorization
β βββ Models/
β β βββ User.php # User model with role support
β βββ Providers/ # Service providers
β
βββ routes/
β βββ web.php # Web routes (admin & user)
β βββ api.php # API routes with Sanctum
β βββ auth.php # Authentication routes
β
βββ database/
β βββ migrations/ # Database schema
β βββ seeders/
β βββ AdminSeeder.php # Default admin creation
β
βββ resources/views/
β βββ admin/users/ # Admin user management
β βββ auth/ # Authentication forms
β βββ profile/ # User profile pages
β βββ layouts/ # Layout templates
β
βββ tests/
β βββ Feature/
β β βββ Auth/ # Authentication tests
β β βββ ProfileTest.php # Profile feature tests
β βββ Unit/
β
βββ config/ # Configuration files
- Secure Registration - Email verification, password confirmation
- Login System - Session-based authentication with "Remember Me" option
- Role-Based Access Control - Middleware-enforced authorization (
IsAdminmiddleware) - API Tokens - Sanctum-based token authentication for API access
- Profile Security - Password confirmation required for account deletion
- View All Users - Admin-only dashboard listing all non-admin users
- User Details - Display comprehensive user information
- Delete Users - Remove users with confirmation prompt
- User Filtering - Separate admin and user accounts by role
- Edit Profile - Update name and email information
- Email Verification - Re-verify email if changed
- Password Changes - Securely update passwords with current password verification
- Account Deletion - Self-service account removal with password confirmation
- Responsive Design - Mobile-friendly interface with Tailwind CSS
- Interactive Components - Alpine.js for dynamic interactions
- Consistent Styling - Professional, modern UI across all pages
- Accessibility - Semantic HTML and ARIA labels
The project includes comprehensive tests covering:
# Run all tests
php artisan test
# Run tests with coverage
php artisan test --coverage
# Run specific test file
php artisan test tests/Feature/ProfileTest.phpTest Coverage:
- β Authentication (login, registration, password reset)
- β Profile updates and email verification
- β Password changes with validation
- β User deletion with authorization
- β Email verification workflow
- β Admin access control
| Feature | Implementation |
|---|---|
| CSRF Protection | Token verification on all forms |
| Password Hashing | Bcrypt with work factor of 10 |
| Email Verification | Signed URL links with expiration |
| SQL Injection Prevention | Eloquent ORM with parameterized queries |
| Admin Authorization | Middleware-based role checking |
| Secure Sessions | HTTP-only, SameSite cookies |
| XSS Protection | Blade template escaping by default |
| Rate Limiting | Throttle middleware on auth routes |
# Format code with Pint (PSR-12)
./vendor/bin/pint
# Check code formatting
./vendor/bin/pint --test# Fresh migration with seeds
php artisan migrate:refresh --seed
# Interactive tinker shell
php artisan tinker
# See database migrations status
php artisan migrate:status# Development with hot module reload
npm run dev
# Build for production
npm run build# Clear all caches
php artisan cache:clear
php artisan config:clear
php artisan view:clear
# Rebuild cache
php artisan config:cache
php artisan route:cachePOST /register # User registration
POST /login # User login
POST /logout # User logout
POST /forgot-password # Request password reset
POST /reset-password # Reset password with token
POST /email/verification-notification # Resend verification email
POST /verify-email # Verify email address
GET /dashboard # User dashboard
GET /profile # Edit profile page
PATCH /profile # Update profile information
DELETE /profile # Delete user account
GET /admin/users # List all users
GET /admin/users/{id} # View user details
DELETE /admin/users/{id} # Delete user
GET /api/user # Get authenticated user info (Sanctum)
Key environment variables in .env:
APP_NAME=Laravel
APP_ENV=production
APP_DEBUG=false
APP_KEY=base64:xxxxx
DB_DATABASE=user_management
DB_USERNAME=root
DB_PASSWORD=secret
MAIL_MAILER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=your-username
MAIL_PASSWORD=your-passwordThis project demonstrates proficiency in:
- β Laravel Framework - Routing, controllers, models, migrations
- β Authentication - User registration, email verification, session management
- β Authorization - Role-based access control with middleware
- β Database Design - Schema migrations, eloquent ORM, relationships
- β Frontend Development - Blade templates, Tailwind CSS, responsive design
- β Testing - Feature tests, unit tests, test-driven development
- β Security - CSRF protection, password hashing, input validation
- β RESTful API Design - Token authentication with Sanctum
- β Modern Build Tools - Vite.js, npm, asset compilation
- β Code Quality - PSR-12 compliance, testing, documentation
This project is open-source software licensed under the MIT License. See the LICENSE file for details.
Ready to see how this project can help your team manage users efficiently? Clone it, test it, and experience the power of Laravel!