diff --git a/pkg/api/api.go b/pkg/api/api.go
index 3bdda2d..9049b09 100644
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -83,6 +83,8 @@ func NewAPI(config Config) (*API, error) {
 	apiMux.HandleFunc("/login", api.HandleLogin)
 	apiMux.HandleFunc("/register", api.HandleRegister)
 	apiMux.HandleFunc("/logout", api.LoginAsAnonymous)
+	apiMux.HandleFunc("/get_users", api.HandleGetUsers)
+	apiMux.HandleFunc("/update_user_active", api.HandleUpdateUserActive)
 	// tag
 	apiMux.HandleFunc("/get_tags", api.HandleGetTags)
 	apiMux.HandleFunc("/get_tag_info", api.HandleGetTagInfo)
diff --git a/pkg/api/handle_review.go b/pkg/api/handle_review.go
index e9b0d73..406e043 100644
--- a/pkg/api/handle_review.go
+++ b/pkg/api/handle_review.go
@@ -182,3 +182,28 @@ func (api *API) HandleDeleteReview(w http.ResponseWriter, r *http.Request) {
 
 	api.HandleOK(w, r)
 }
+
+type GetReviewsByUserRequest struct {
+	ID int64 `json:"id"`
+}
+
+func (api *API) HandleGetReviewsByUser(w http.ResponseWriter, r *http.Request) {
+	req := &GetReviewsByUserRequest{}
+	err := json.NewDecoder(r.Body).Decode(req)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+
+	reviews, err := api.Db.GetReviewsByUser(req.ID)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+
+	err = json.NewEncoder(w).Encode(reviews)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+}
diff --git a/pkg/api/handle_user.go b/pkg/api/handle_user.go
index 7868e20..cf06872 100644
--- a/pkg/api/handle_user.go
+++ b/pkg/api/handle_user.go
@@ -133,7 +133,7 @@ func (api *API) HandleRegister(w http.ResponseWriter, r *http.Request) {
 		api.HandleError(w, r, err)
 		return
 	}
-	
+
 	api.HandleOK(w, r)
 }
 
@@ -185,27 +185,57 @@ func (api *API) GetUserID(w http.ResponseWriter, r *http.Request) (int64, error)
 	return userId.(int64), nil
 }
 
-type GetReviewsByUserRequest struct {
-	ID int64 `json:"id"`
+type GetUsersResponse struct {
+	Users []*database.User `json:"users"`
 }
 
-func (api *API) HandleGetReviewsByUser(w http.ResponseWriter, r *http.Request) {
-	req := &GetReviewsByUserRequest{}
-	err := json.NewDecoder(r.Body).Decode(req)
+func (api *API) HandleGetUsers(w http.ResponseWriter, r *http.Request) {
+	err := api.CheckAdmin(w, r)
 	if err != nil {
 		api.HandleError(w, r, err)
 		return
 	}
 
-	reviews, err := api.Db.GetReviewsByUser(req.ID)
+	users, err := api.Db.GetUsers()
 	if err != nil {
 		api.HandleError(w, r, err)
 		return
 	}
 
-	err = json.NewEncoder(w).Encode(reviews)
+	ret := &GetUsersResponse{
+		Users: users,
+	}
+
+	err = json.NewEncoder(w).Encode(ret)
 	if err != nil {
 		api.HandleError(w, r, err)
 		return
 	}
 }
+
+type UpdateUserActiveRequest struct {
+	ID     int64 `json:"id"`
+	Active bool  `json:"active"`
+}
+
+func (api *API) HandleUpdateUserActive(w http.ResponseWriter, r *http.Request) {
+	err := api.CheckAdmin(w, r)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+
+	req := &UpdateUserActiveRequest{}
+	err = json.NewDecoder(r.Body).Decode(req)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+
+	err = api.Db.UpdateUserActive(req.ID, req.Active)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+	api.HandleOK(w, r)
+}
diff --git a/pkg/database/method_user.go b/pkg/database/method_user.go
index 826da88..e5f493c 100644
--- a/pkg/database/method_user.go
+++ b/pkg/database/method_user.go
@@ -22,7 +22,7 @@ func (database *Database) LoginAsAnonymous() (*User, error) {
 	return user, nil
 }
 
-func (database *Database) Register(username string, password string, usertype int64) (error) {
+func (database *Database) Register(username string, password string, usertype int64) error {
 	countAdmin, err := database.CountAdmin()
 	if err != nil {
 		return err
@@ -64,3 +64,31 @@ func (database *Database) CountAdmin() (int64, error) {
 	}
 	return count, nil
 }
+
+func (database *Database) GetUsers() ([]*User, error) {
+	users := make([]*User, 0)
+
+	rows, err := database.stmt.getUsers.Query()
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		user := &User{}
+		err = rows.Scan(&user.ID, &user.Username, &user.Role, &user.Active, &user.AvatarId)
+		if err != nil {
+			return nil, err
+		}
+		users = append(users, user)
+	}
+	return users, nil
+}
+
+func (database *Database) UpdateUserActive(id int64, active bool) error {
+	_, err := database.stmt.updateUserActive.Exec(active, id)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/pkg/database/sql_stmt.go b/pkg/database/sql_stmt.go
index 561e1c1..6dd0156 100644
--- a/pkg/database/sql_stmt.go
+++ b/pkg/database/sql_stmt.go
@@ -180,8 +180,12 @@ var countAdminQuery = `SELECT count(*) FROM users WHERE role= 1;`
 
 var getUserQuery = `SELECT id, username, role, avatar_id FROM users WHERE username = ? AND password = ? LIMIT 1;`
 
+var getUsersQuery = `SELECT id, username, role, active, avatar_id FROM users;`
+
 var getUserByIdQuery = `SELECT id, username, role, avatar_id FROM users WHERE id = ? LIMIT 1;`
 
+var updateUserActiveQuery = `UPDATE users SET active = ? WHERE id = ?;`
+
 var getAnonymousUserQuery = `SELECT id, username, role, avatar_id FROM users WHERE role = 0 LIMIT 1;`
 
 var insertTagQuery = `INSERT INTO tags (name, description, created_by_user_id) VALUES (?, ?, ?);`
@@ -276,7 +280,9 @@ type Stmt struct {
 	countUser             *sql.Stmt
 	countAdmin            *sql.Stmt
 	getUser               *sql.Stmt
+	getUsers              *sql.Stmt
 	getUserById           *sql.Stmt
+	updateUserActive      *sql.Stmt
 	getAnonymousUser      *sql.Stmt
 	insertTag             *sql.Stmt
 	getTag                *sql.Stmt
@@ -529,12 +535,24 @@ func NewPreparedStatement(sqlConn *sql.DB) (*Stmt, error) {
 		return nil, err
 	}
 
+	// init getUsers
+	stmt.getUsers, err = sqlConn.Prepare(getUsersQuery)
+	if err != nil {
+		return nil, err
+	}
+
 	// init getUserById
 	stmt.getUserById, err = sqlConn.Prepare(getUserByIdQuery)
 	if err != nil {
 		return nil, err
 	}
 
+	// init updateUserActive
+	stmt.updateUserActive, err = sqlConn.Prepare(updateUserActiveQuery)
+	if err != nil {
+		return nil, err
+	}
+
 	// init getAnonymousUser
 	stmt.getAnonymousUser, err = sqlConn.Prepare(getAnonymousUserQuery)
 	if err != nil {
@@ -548,7 +566,7 @@ func NewPreparedStatement(sqlConn *sql.DB) (*Stmt, error) {
 		return nil, err
 	}
 	if userCount == 0 {
-		_, err = stmt.insertUser.Exec("Anonymous user", "", 0, 0)
+		_, err = stmt.insertUser.Exec("Anonymous user", "", 0, 1, 0)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/database/struct.go b/pkg/database/struct.go
index 343b597..f02455c 100644
--- a/pkg/database/struct.go
+++ b/pkg/database/struct.go
@@ -25,6 +25,7 @@ type User struct {
 	Username string `json:"username"`
 	Password string `json:"-"`
 	Role     int64  `json:"role"`
+	Active   bool   `json:"active"`
 	AvatarId int64  `json:"avatar_id"`
 }
 
diff --git a/web/src/App.js b/web/src/App.js
index 2b79f9c..6a961ad 100644
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -6,6 +6,7 @@ import SearchFiles from "./component/SearchFiles";
 import SearchFolders from "./component/SearchFolders";
 import FilesInFolder from "./component/FilesInFolder";
 import Manage from "./component/Manage";
+import ManageUser from "./component/ManageUser";
 import FileInfo from "./component/FileInfo";
 import Share from "./component/Share";
 import Login from "./component/Login";
@@ -89,6 +90,10 @@ function App() {
               path="/manage/reviews/:id"
               element={<EditReview user={user} />}
             />
+            <Route
+              path="/manage/users"
+              element={<ManageUser user={user} setUser={setUser} />}
+            />
             <Route
               path="/manage/users/:id"
               element={<UserProfile user={user} setUser={setUser} />}
diff --git a/web/src/component/Manage.js b/web/src/component/Manage.js
index 01c44cf..99f11c9 100644
--- a/web/src/component/Manage.js
+++ b/web/src/component/Manage.js
@@ -36,6 +36,7 @@ function Manage(props) {
       )}
       <hr />
       <button onClick={() => navigate("/manage/tags")}>Tags</button>
+      <button onClick={() => navigate("/manage/users")}>Users</button>
       <Database />
     </div>
   );
diff --git a/web/src/component/ManageUser.js b/web/src/component/ManageUser.js
new file mode 100644
index 0000000..5cc7ff3
--- /dev/null
+++ b/web/src/component/ManageUser.js
@@ -0,0 +1,78 @@
+import { useState, useEffect } from "react";
+import { Link } from "react-router-dom";
+
+function ManageUser() {
+  const [users, setUsers] = useState([]);
+  const roleDict = {
+    0: "Anonymous",
+    1: "Admin",
+    2: "Normal User",
+  };
+
+  function getUsers() {
+    fetch("/api/v1/get_users")
+      .then((res) => res.json())
+      .then((data) => {
+        if (data.error) {
+          alert(data.error);
+        } else {
+          setUsers(data.users);
+        }
+      });
+  }
+
+  useEffect(() => {
+    getUsers();
+  }, []);
+
+  return (
+    <div className="page">
+      <h3>Manage User</h3>
+      <table>
+        <thead>
+          <tr>
+            <th>Name</th>
+            <th>Role</th>
+            <th>Active</th>
+          </tr>
+        </thead>
+        <tbody>
+          {users.map((user) => (
+            <tr key={user.id}>
+              <td>
+                <Link to={`/manage/users/${user.id}`}>@{user.username}</Link>
+              </td>
+              <td>{roleDict[user.role]}</td>
+              <td>
+                <input
+                  type="checkbox"
+                  defaultChecked={user.active}
+                  onClick={(e) => {
+                    fetch("/api/v1/update_user_active", {
+                      method: "POST",
+                      headers: {
+                        "Content-Type": "application/json",
+                      },
+                      body: JSON.stringify({
+                        id: user.id,
+                        active: e.target.checked,
+                      }),
+                    }).then((res) => res.json()).then((data) => {
+                      if (data.error) {
+                        alert(data.error);
+                      } else {
+                        getUsers();
+                      }
+                    });
+                  }}
+                />
+              </td>
+            </tr>
+          ))}
+        </tbody>
+      </table>
+    </div>
+  );
+}
+
+export default ManageUser;
diff --git a/web/src/component/ReviewEntry.js b/web/src/component/ReviewEntry.js
index b5cf648..0a5c432 100644
--- a/web/src/component/ReviewEntry.js
+++ b/web/src/component/ReviewEntry.js
@@ -14,7 +14,7 @@ function ReviewEntry(props) {
       </h4>
       <p>{props.review.content}</p>
       {(props.user.role === 1 || props.review.user.id === props.user.id) &&
-        props.user.role != 0 && (
+        props.user.role !== 0 && (
           <button
             onClick={() => {
               navigate(`/manage/reviews/${props.review.id}`);