This article provides a summary on implementing email verification (VerifyEmail) in Laravel 6.

What is Email Verification?

Email verification sends a message from the system to the user’s registered email address. The user completes verification by clicking on the URL provided in the email.

With this setup, you can offer certain features or pages that only verified users can access.

Differences by Version

Generally, it’s as simple as adding implements MustVerifyEmail to the User model, but keep in mind the version and starter you’re using.

For Laravel 11 with Jetstream, see How to Implement Email Verification Using Jetstream (Fortify) in Laravel.

This article covers Laravel 6 with Laravel UI.

Laravel 6.x Email Verification

Implementation

① Modifying the Model

App/User.php

namespace App;

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;

// Add `implements MustVerifyEmail` as shown below
class User extends Authenticatable implements MustVerifyEmail

② Modifying Routes

routes/web.php

Auth::routes(['verify' => true]);
// Before: Auth::routes();

With these changes, the coding required for email verification is complete.

Configuring Routes for Verified Users Only

Writing in routes/web.php

// Add 'verified'
Route::group(['middleware' => ['auth','verified']], function () {
    // Place routes for features accessible only by verified users here
    Route::get('/', 'HomeController@index');
    Route::get('/posts', 'PostController@index');
}

If you’re unsure about setting up routes, here’s a detailed guide:

⇨ Setting Up Routes for Authenticated Users Only

Writing in the Controller’s __construct Method

app/Http/Controllers/HomeController.php

public function __construct()
{
    // Add 'verified'
    $this->middleware(['auth','verified']);
}

Using this approach, all methods in HomeController will be accessible only to verified users.

You can choose to write this in either web.php or in each Controller. Personally, I find web.php clearer.

What Not to Do

If you apply this middleware to the login or email verification pages, it will prevent users from logging in. Always keep routes for the login page and other authentication pages outside of this middleware.

routes/web.php

// Incorrect Example
Route::group(['middleware' => ['auth','verified']], function () {
    Auth::routes(['verify' => true]); // This setup will prevent login, so avoid doing this
}

Configuring Email Sending

During development, Mailtrap is a simple and convenient way to test email sending.

Mailtrap allows you to test email delivery without sending actual emails to real addresses; instead, you can check if emails were successfully sent through Mailtrap’s dashboard.

In production, email services like AWS SES or Sendgrid are commonly used, and you can switch to them by updating .env.

How to Test Email Sending with Mailtrap in Laravel

Updating .env

The following items are pre-configured in .env. To use Mailtrap, simply copy MAIL_USERNAME and MAIL_PASSWORD from the Mailtrap dashboard.

MAIL_DRIVER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=???
MAIL_PASSWORD=??
MAIL_FROM_ADDRESS=from@example.com
MAIL_FROM_NAME=Example

Reflecting Changes with a Command

php artisan config:clear

With this, everything is set up!

Upon logging in, you’ll be prompted to confirm your email. You can then view the received email in Mailtrap’s dashboard, and clicking the button in the email completes verification.

How Verified Users Are Identified

In the users table, if the email_verified_at column contains a timestamp, the user is considered verified.

• Timestamp present ⇨ Email Verified
• No timestamp ⇨ Not Verified

The middleware checks this column to determine if access should be granted.

Conclusion

This guide covers the implementation of email verification.

If you need help setting up Mailtrap, check out this article with detailed steps and images:

How to Test Email Sending with Mailtrap in Laravel