Back to Read More
LaravelPHP

Laravel Email Verification

Nov 28, 2025

Email verification ensures that users provide a valid email address when they register. Laravel makes this easy β€” it sends a verification email with a signed link, and you can restrict certain routes to only verified users.

1. Prepare the User Model

Your User model must implement the MustVerifyEmail interface:

app/Models/User.php
namespace App\Models;

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;

class User extends Authenticatable implements MustVerifyEmail
{
    use Notifiable;

    protected $fillable = [
        'name', 'email', 'password',
    ];
}
Important: The users table must have an email_verified_at column. Laravel's default migration already includes this.

2. Verification Routes

You need 3 routes: show the verification notice, handle the verification link, and resend the email.

routes/web.php
use Illuminate\Foundation\Auth\EmailVerificationRequest;
use Illuminate\Http\Request;

// 1. Show "Please verify your email" page
Route::get('/email/verify', function () {
    return view('auth.verify-email');
})->middleware('auth')->name('verification.notice');

// 2. Handle the verification link click
Route::get('/email/verify/{id}/{hash}', function (EmailVerificationRequest $request) {
    $request->fulfill(); // Marks email as verified

    return redirect('/dashboard');
})->middleware(['auth', 'signed'])->name('verification.verify');

// 3. Resend verification email
Route::post('/email/verification-notification', function (Request $request) {
    $request->user()->sendEmailVerificationNotification();

    return back()->with('message', 'Verification link sent!');
})->middleware(['auth', 'throttle:6,1'])->name('verification.send');

3. Protect Routes (Verified Users Only)

Use the verified middleware to restrict routes to verified users:

routes/web.php
// Only verified users can access these routes
Route::middleware(['auth', 'verified'])->group(function () {
    Route::get('/dashboard', function () {
        return view('dashboard');
    });

    Route::get('/profile', [ProfileController::class, 'show']);
    Route::get('/settings', [SettingsController::class, 'index']);
});

// These routes don't need verification
Route::middleware('auth')->group(function () {
    Route::get('/email/verify', function () {
        return view('auth.verify-email');
    })->name('verification.notice');
});
How it works: If an unverified user tries to access a verified route, they get automatically redirected to the verification.notice route.

4. Verification Notice View

resources/views/auth/verify-email.blade.php
<h1>Verify Your Email</h1>

<p>Please check your inbox and click the verification link.</p>

@if (session('message'))
    <div class="alert alert-success">
        ${'{{'} session('message') ${'}}'}
    </div>
@endif

<form method="POST" action="${'{{'} route('verification.send') ${'}}'}">
    @csrf
    <button type="submit">
        Resend Verification Email
    </button>
</form>

5. Send Verification After Registration

Laravel automatically sends the verification email when a user registers, thanks to the MustVerifyEmail interface. But if you handle registration manually:

RegisterController.php
use Illuminate\Auth\Events\Registered;

public function register(Request $request)
{
    $validated = $request->validate([
        'name'     => 'required|string|max:255',
        'email'    => 'required|email|unique:users',
        'password' => 'required|min:8|confirmed',
    ]);

    $user = User::create([
        'name'     => $validated['name'],
        'email'    => $validated['email'],
        'password' => Hash::make($validated['password']),
    ]);

    // This triggers the verification email
    event(new Registered($user));

    Auth::login($user);

    return redirect('/email/verify');
}

6. Customize the Verification Email

app/Models/User.php
use Illuminate\Notifications\Messages\MailMessage;
use Illuminate\Auth\Notifications\VerifyEmail;

// In AppServiceProvider boot()
VerifyEmail::toMailUsing(function (object $notifiable, string $url) {
    return (new MailMessage)
        ->subject('Verify Your Email Address')
        ->greeting('Welcome!')
        ->line('Click the button below to verify your email address.')
        ->action('Verify Email', $url)
        ->line('If you did not create an account, no action is needed.');
});

7. Check Verification Status

Checking verification in code
// In PHP
if ($user->hasVerifiedEmail()) {
    // Email is verified
}

if (! $user->hasVerifiedEmail()) {
    // Email is NOT verified
}

// Manually verify a user
$user->markEmailAsVerified();

// In Blade
@if(auth()->user()->hasVerifiedEmail())
    <p>Your email is verified.</p>
@else
    <p>Please verify your email.</p>
@endif

Summary

  • βœ“MustVerifyEmail β€” add interface to User model
  • βœ“3 routes β€” notice page, verify link handler, resend
  • βœ“verified middleware β€” restrict routes to verified users
  • βœ“Registered event β€” auto-sends verification email
  • βœ“Customizable β€” modify the email template and content

Β© 2026 Koeuk KOS. All rights reserved.

Built with Nuxt.js, Vue.js & Tailwind CSS