Documentation

User Management

Email verification, password reset, and admin approval workflow

The user management system includes email verification, password reset, and extended user profiles.

Registration Flow

New User Registration
  1. User fills registration form at /register
  2. System creates user account with is_verified = 0
  3. Verification email sent to user's email address
  4. User clicks verification link in email
  5. System sets is_verified = 1
  6. User waits for admin approval (is_approved = 1)
  7. User can now login

Email Verification

Verification Process
  • Unique token generated per user
  • Token stored in database
  • Email sent via SMTP (PHPMailer)
  • Link format: /verify-email?token=...
  • Token validated on click
  • Account marked as verified
Email Templates
  • Verification Email: Sent on registration
  • Welcome Email: Sent after admin approval
  • Password Reset: Sent on reset request

Password Reset

Reset Flow
  1. User goes to /forgot-password
  2. Enters email address
  3. System generates time-limited reset token (24 hours)
  4. Reset email sent with link
  5. User clicks link: /reset-password?token=...
  6. User enters new password
  7. System validates token and updates password
  8. Token is invalidated
  9. User can login with new password

User Profile Fields

Field Type Required Description
username VARCHAR(50) Unique username
email VARCHAR(100) Email address
password VARCHAR(255) Hashed password
phone VARCHAR(20) Phone number
address VARCHAR(255) Street address
city VARCHAR(100) City
country VARCHAR(100) Country
is_verified BOOLEAN - Email verified
is_approved BOOLEAN - Admin approved
is_admin BOOLEAN - Admin privileges

SMTP Configuration

Email Service Setup
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=your-email@gmail.com
SMTP_PASSWORD=your-app-password
SMTP_ENCRYPTION=tls
MAIL_FROM_ADDRESS=noreply@yourdomain.com
MAIL_FROM_NAME="Proxmox Dashboard"
Supported SMTP Providers:
  • Gmail (use App Password)
  • SendGrid
  • Mailgun
  • Amazon SES
  • Any SMTP server

Security Features

Password Hashing

Bcrypt with cost factor 10

Token Expiry

Reset tokens expire after 24 hours

Email Verification

Prevents spam registrations

API Routes

Authentication
GET  /login                - Login form
POST /login                - Authenticate user
GET  /logout               - Logout user
Registration
GET  /register             - Registration form
POST /register             - Create new user
GET  /verify-email?token=  - Verify email address
Password Reset
GET  /forgot-password      - Request reset form
POST /forgot-password      - Send reset email
GET  /reset-password?token= - Reset form
POST /reset-password       - Update password