User Profile Management System with PHP, OOPS, PDO & MySQL

✅ Introduction

A User Profile Management System is essential for websites requiring user accounts, such as blogs, forums, or e-commerce platforms. This guide covers a secure, object-oriented PHP system using PDO and MySQL, featuring:

✅ User Registration & Login
✅ Profile Editing (CRUD Operations)
✅ Password Security (BCrypt Hashing)
✅ File Uploads (Profile Pictures)
✅ Responsive UI (Bootstrap)

✅ Key Features

1️⃣ Secure User Authentication

• Registration: Users sign up with email, username, and password (stored securely using password_hash()).

• Login: Validates credentials using password_verify() and manages sessions.

• Logout: Ends session securely.

2️⃣ Profile Management (CRUD)

• Create: Users register accounts.

• Read: Fetch and display user data.

• Update: Edit profile details (name, bio, profile picture).

• Delete: (Optional) Account removal functionality.

3️⃣ Database Security (PDO)

• Uses prepared statements to prevent SQL injection.

• MySQL table structure stores user data safely.

4️⃣ File Uploads (Profile Pictures)

• Images are uploaded to an uploads/ folder.

• Security checks: File type, size, and random filename generation.

5️⃣ Responsive UI (Bootstrap)

• Works on mobile & desktop.

• Clean forms for registration, login, and profile editing.

✅ How It Works?

1️⃣ User Registration

• Process:

  1. User fills out a form (register.php).

  2. PHP validates inputs (email format, password strength).

  3. Password is hashed (password_hash()).

  4. Data is stored in MySQL via PDO.

• Code Example:

$hashed_password = password_hash($password, PASSWORD_BCRYPT);
$stmt = $db->prepare("INSERT INTO users (username, email, password) VALUES (?, ?, ?)");
$stmt->execute([$username, $email, $hashed_password]);

2️⃣ User Login

• Process:

  1. User enters email & password (login.php).

  2. System checks credentials against the database.

  3. If valid, a PHP session is created.

• Code Example:

if (password_verify($password, $user['password'])) {
    $_SESSION['user_id'] = $user['id']; // Start session
    header("Location: dashboard.php");
}

3️⃣ Profile Editing

• Process:

  1. Logged-in users access profile.php.

  2. They update details (name, bio, profile picture).

  3. Changes are saved to the database.

• Code Example:

if ($_FILES['profile_pic']['error'] == 0) {
    move_uploaded_file($_FILES['profile_pic']['tmp_name'], "uploads/$filename");
}
$stmt = $db->prepare("UPDATE users SET full_name=?, bio=?, profile_pic=? WHERE id=?");
$stmt->execute([$full_name, $bio, $filename, $user_id]);

4️⃣ Password Security

• BCrypt Hashing:

// Storing hashed password:
$hashed = password_hash($password, PASSWORD_BCRYPT);

// Verifying password:
if (password_verify($input_password, $stored_hash)) {
    // Login success
}

✅Why Use This System?

✔ Secure (PDO prevents SQL injection, BCrypt for passwords).
✔ Scalable (OOP structure makes it easy to extend).
✔ User-Friendly (Clean UI with Bootstrap).
✔ Production-Ready (Includes error handling & validation).

✅Step-by-Step Implementation

1️⃣ Set Up Database

• Run the SQL query to create the users table.

2️⃣ Configure Database.php

• Update MySQL credentials.

3️⃣ Create Pages

• register.php → User signup.

• login.php → User authentication.

• profile.php → Edit profile.

• dashboard.php → User homepage.

✅ Key Features

✅ Secure Authentication (Login/Logout)
✅ Profile CRUD Operations (Create, Read, Update, Delete)
✅ Password Encryption (BCrypt)
✅ PDO MySQL (Prevents SQL Injection)
✅ Responsive Design (Bootstrap CSS)
✅ Form Validation

✅Project Structure

user-profile-system/  
├── assets/  
│   ├── css/ (Bootstrap)  
│   └── js/ (Optional)  
├── classes/ (OOP Classes)  
│   ├── Database.php  
│   ├── User.php  
│   └── Auth.php  
├── includes/  
│   ├── header.php  
│   └── footer.php  
├── uploads/ (Profile Pictures)  
├── index.php (Home)  
├── register.php  
├── login.php  
├── profile.php (Edit Profile)  
├── dashboard.php (User Dashboard)  
└── README.md  

✅Database Setup (MySQL)

CREATE TABLE `users` (
  `id` INT AUTO_INCREMENT PRIMARY KEY,
  `username` VARCHAR(50) NOT NULL,
  `email` VARCHAR(100) NOT NULL UNIQUE,
  `password` VARCHAR(255) NOT NULL,
  `full_name` VARCHAR(100),
  `bio` TEXT,
  `profile_pic` VARCHAR(255) DEFAULT 'default.jpg',
  `created_at` TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

✅Core PHP Classes (OOP + PDO)

1️⃣ classes/Database.php (PDO Connection)

<?php
class Database {
    private $host = "localhost";
    private $db_name = "profile_system";
    private $username = "root";
    private $password = "";
    public $conn;

    public function getConnection() {
        $this->conn = null;
        try {
            $this->conn = new PDO("mysql:host=" . $this->host . ";dbname=" . $this->db_name, $this->username, $this->password);
            $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        } catch(PDOException $e) {
            echo "Connection failed: " . $e->getMessage();
        }
        return $this->conn;
    }
}
?>

2️⃣ classes/User.php (User CRUD Operations)

<?php
class User {
    private $db;
    public function __construct() {
        $this->db = (new Database())->getConnection();
    }

    // Register a new user
    public function register($username, $email, $password) {
        $hashed_password = password_hash($password, PASSWORD_BCRYPT);
        $stmt = $this->db->prepare("INSERT INTO users (username, email, password) VALUES (?, ?, ?)");
        return $stmt->execute([$username, $email, $hashed_password]);
    }

    // Get user by ID
    public function getUser($id) {
        $stmt = $this->db->prepare("SELECT * FROM users WHERE id = ?");
        $stmt->execute([$id]);
        return $stmt->fetch(PDO::FETCH_ASSOC);
    }

    // Update profile
    public function updateProfile($id, $full_name, $bio, $profile_pic = null) {
        $sql = "UPDATE users SET full_name = ?, bio = ?" . ($profile_pic ? ", profile_pic = ?" : "") . " WHERE id = ?";
        $stmt = $this->db->prepare($sql);
        $params = [$full_name, $bio];
        if ($profile_pic) $params[] = $profile_pic;
        $params[] = $id;
        return $stmt->execute($params);
    }
}
?>

3️⃣ classes/Auth.php (Login/Logout Handling)

<?php
class Auth {
    private $db;
    public function __construct() {
        $this->db = (new Database())->getConnection();
        session_start();
    }

    // Login user
    public function login($email, $password) {
        $stmt = $this->db->prepare("SELECT * FROM users WHERE email = ?");
        $stmt->execute([$email]);
        $user = $stmt->fetch(PDO::FETCH_ASSOC);

        if ($user && password_verify($password, $user['password'])) {
            $_SESSION['user_id'] = $user['id'];
            return true;
        }
        return false;
    }

    // Check if user is logged in
    public function isLoggedIn() {
        return isset($_SESSION['user_id']);
    }

    // Logout
    public function logout() {
        session_destroy();
        header("Location: login.php");
    }
}
?>

☑️Sample Pages

1️⃣ register.php (User Registration)

<?php
require_once 'classes/User.php';
$user = new User();

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = $_POST['username'];
    $email = $_POST['email'];
    $password = $_POST['password'];
    
    if ($user->register($username, $email, $password)) {
        header("Location: login.php?success=1");
    } else {
        $error = "Registration failed!";
    }
}
?>
<!-- HTML Form -->
<form method="POST">
    <input type="text" name="username" placeholder="Username" required>
    <input type="email" name="email" placeholder="Email" required>
    <input type="password" name="password" placeholder="Password" required>
    <button type="submit">Register</button>
</form>

2️⃣ profile.php (Edit Profile)

<?php
require_once 'classes/Auth.php';
require_once 'classes/User.php';

$auth = new Auth();
if (!$auth->isLoggedIn()) {
    header("Location: login.php");
    exit;
}

$user = new User();
$userData = $user->getUser($_SESSION['user_id']);

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $full_name = $_POST['full_name'];
    $bio = $_POST['bio'];
    
    // Handle profile picture upload
    if ($_FILES['profile_pic']['error'] == 0) {
        $upload_dir = "uploads/";
        $file_name = uniqid() . "_" . basename($_FILES['profile_pic']['name']);
        move_uploaded_file($_FILES['profile_pic']['tmp_name'], $upload_dir . $file_name);
    }

    $user->updateProfile($_SESSION['user_id'], $full_name, $bio, $file_name ?? null);
    header("Location: profile.php?success=1");
}
?>
<!-- HTML Form -->
<form method="POST" enctype="multipart/form-data">
    <input type="text" name="full_name" value="<?= $userData['full_name'] ?? '' ?>">
    <textarea name="bio"><?= $userData['bio'] ?? '' ?></textarea>
    <input type="file" name="profile_pic">
    <button type="submit">Update Profile</button>
</form>

Why Use This System??

✔ Secure (PDO + BCrypt hashing)
✔ Modular (OOP structure for easy scaling)
✔ User-Friendly (Bootstrap UI)
✔ Ready for Production (Form validation, error handling)

☑️ Conclusion

This User Profile Management System is perfect for adding secure user accounts to any PHP website. It follows best practices (OOP, PDO, password hashing) and is easy to customize.

✔️Try it now and enhance your PHP projects!