Skip to main content
Resume
View Resume

Employee Management System

A backend-focused admin system built with core PHP and MySQL. Covers session-based authentication, secure CRUD operations, and raw server-side programming without frameworks.

What this is

A straightforward employee management system built with PHP and MySQL. An admin logs in, sees a list of employees, and can add, edit, view, or delete records. The UI is minimal on purpose -- the point of this project was the backend, not the interface.

I built this to understand what happens at the server level before frameworks and ORMs abstract it away. It's the kind of project where you learn the most by doing things the manual way first.

Why work at this level

Most tutorials jump straight into Laravel or Django. That's fine for shipping things quickly, but it can leave gaps in understanding what the framework is actually doing. When something goes wrong in production, that understanding matters.

Working directly with PHP, raw SQL, and manual session handling forces you to think through things you'd otherwise take for granted: how a session token gets set and validated, why a prepared statement prevents SQL injection at the query level, what actually happens between a form submission and a database row being written.

Authentication flow

The login system follows a straightforward server-side session pattern:

  1. User submits credentials via POST
  2. PHP fetches the stored password hash from the admins table
  3. password_verify() compares the submitted password against the hash
  4. On success, a session variable is set and the user is redirected to the dashboard
  5. Every protected page starts by checking that session variable -- no session means redirect to login
  6. Logout calls session_destroy() and clears the session

Passwords are stored using password_hash() with PASSWORD_BCRYPT. Plain-text storage is never acceptable even in a learning project -- getting that habit right from the start matters.

CRUD operations

Create: Admin fills a form, PHP validates inputs server-side, inserts the record using a prepared statement.

Read: Employees are fetched from the database on every page load and rendered into an HTML table. No caching, no async -- straightforward synchronous rendering.

Update: The edit form pre-fills with existing data from the database. The update query is a prepared statement to prevent injection.

Delete: This one has the most defensive logic -- validating that the ID is a number, scoping the query to LIMIT 1, and verifying the record exists before issuing the delete. A delete query without these checks can have consequences you can't undo.

Database

Two tables:

admins -- stores the login credentials (id, email, bcrypt-hashed password)

employees -- stores the main records (id, name, email, phone, department, designation, status, created_at)

Both are straightforward. No foreign keys, no joins in this version. The focus was on getting the request-response cycle and session management right, not on relational modeling.

What I got from this

Understanding the full server lifecycle: request comes in, PHP runs, database query executes, HTML response goes out. That cycle is what every web framework is built on top of, and having done it manually made frameworks like Flask make much more sense when I started using them.

Also: sessions are just server-side key-value storage tied to a cookie in the browser. Understanding that concretely changes how you think about authentication everywhere else.

Tech

PHP (procedural), MySQL via MySQLi, Apache (XAMPP), phpMyAdmin