To handle the eth address of every user, you have to generate this address along with the registration process that will store their account's data, table should have such field unique id, username/email, balance, eth address, altcoin/token_name to database managed by you, in which you managed to store the private keys of this wallet of course. I don't know if what are the best practice as for crypto dev, as where to store the private keys if it's on your database record on another table or on a text file, of course—an encrypted one.
For the balance checking, you can use the etherscan api as they offer such feature, and make sure the balance recorded on your database will update as well.
https://api.etherscan.io/api?module=account&action=balance&address=UsersEthAddressFromYourDatabase&tag=latest&apikey=YourApiKeyToken
For withdrawal process, just create another function that will notify the admin's email address/phone number or in-app notification when a user clicks a button or a message-to-admin type function so admin will be notified.
And since you do it manually, I can only suggest is to make a window where you just put the requested amount of the user and it will be deducted from the user's record, then you just send him/her the requested amount together with the address s/he included using your own wallet, I mean using mew or any wallet supports eth and erc20 managed by you.
Of course, this is just an alternative way, you might end some human error like mistakenly send different withdraw amount and etc.
It's much better if you hire some dev which has better knowledge and/or just use the mentioned payment gateway above.