0
0
Laravelframework~10 mins

Email verification in Laravel - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Email verification
User registers with email
System sends verification email
User clicks verification link
System checks token validity
Allow access to protected areas
This flow shows how Laravel sends a verification email after registration, then verifies the user when they click the link.
Execution Sample
Laravel
use Illuminate\Auth\Events\Verified;
use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\EmailVerificationRequest;

Route::get('/email/verify/{id}/{hash}', function (EmailVerificationRequest $request) {
    $request->fulfill();
    event(new Verified($request->user()));
    return redirect('/home');
})->middleware(['auth', 'signed'])->name('verification.verify');
This route handles the email verification link, marks the user as verified, triggers an event, and redirects.
Execution Table
StepActionInput/ConditionResultNext Step
1User clicks verification linkURL with id and hashRequest received with user and tokenCheck token validity
2Check token validityToken matches user and signed URLValid tokenCall fulfill()
3Call fulfill()Mark user email_verified_atUser marked as verifiedTrigger Verified event
4Trigger Verified eventUser verifiedEvent dispatchedRedirect to /home
5RedirectUser verifiedUser sent to /home pageEnd
6If token invalidToken mismatch or expiredShow error or resend linkEnd
💡 Execution stops after redirect or error shown due to invalid token.
Variable Tracker
VariableStartAfter Step 2After Step 3Final
user->email_verified_atnullnulltimestamp settimestamp set
request->valid_tokenfalsetruetruetrue
event_dispatchedfalsefalsetruetrue
Key Moments - 3 Insights
Why does the verification link include a hash and id?
The hash and id ensure the link is unique and secure. Step 2 in the execution_table shows the system checks the token validity using these values.
What happens if the user clicks an expired or tampered link?
Step 6 in the execution_table shows that if the token is invalid, the system shows an error or offers to resend the verification email.
How does Laravel mark the email as verified?
Step 3 calls fulfill(), which sets the user's email_verified_at timestamp, marking the email as verified.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the result after Step 3?
AVerification link sent
BUser redirected to /home
CUser marked as verified
DError shown for invalid token
💡 Hint
Check the 'Result' column for Step 3 in the execution_table.
At which step does the system redirect the user to the home page?
AStep 5
BStep 4
CStep 2
DStep 6
💡 Hint
Look at the 'Action' and 'Next Step' columns in the execution_table for the redirect.
If the token is invalid, what does the system do according to the execution_table?
ARedirects to /home
BShows error or resend link
CMarks user as verified
DTriggers Verified event
💡 Hint
See Step 6 in the execution_table under 'Result'.
Concept Snapshot
Email verification in Laravel:
- User registers with email
- System sends signed verification link
- User clicks link with id and hash
- Laravel checks token validity
- If valid, marks email_verified_at timestamp
- Fires Verified event
- Redirects user to home
- If invalid, shows error or resend option
Full Transcript
In Laravel email verification, after a user registers, the system sends a signed verification link containing the user's id and a hash. When the user clicks this link, Laravel receives the request and checks if the token is valid by matching the id and hash. If valid, Laravel calls fulfill() to mark the user's email as verified by setting the email_verified_at timestamp. It then triggers a Verified event and redirects the user to the home page. If the token is invalid or expired, Laravel shows an error or offers to resend the verification email. This process ensures only users with access to the email can verify and access protected parts of the app.