How to develop a Laravel custom authentication with email verification

Step1 - Create a Laravel project

Let us create a project using Laravel create project command. Make sure you have composer and PHP installed in your system. I have given the project name as lara_custom_login.

This will create a folder named "lara_custom_login" under the folder where you run the above command.

Step 2 - MySQL Database and Migration

Update .env file for database details. I am using MySQL database named 'lara_user', so I updated the file as below:

We will use Laravel supplied "users" table for login and registration. Also we will create a custom table called 'user_tokens' for email verification. Let us create a Laravel migration for this table. Go to your project folder and run below command for migration from VS code terminal.

Above command will create the migration file name <yyyy_mm_dd_xxxxxx>_create_user_tokens_table.php under database/migrations folder and a Model named "UserToken" under app/Models folder.

Migration scripts for user_tokens

Let us now run the Laravel migration to create new table as well as the default tables for Laravel. Run below command from project folder to create the tables using php artisam migrate.

After running migration, below tables are created.

Step 3 - Create Laravel Models

User model is already created by Laravel and there is no change in it. UserToken model we already have created during migration. We will create PasswordReset model also.

Below are the models:

Step 4 - Write Controller code

We will create a controller named "AuthController" for login, registration forget password etc. and another controller for home page and dashboard, we will name it as "HomeController".

Let us run Laravel make controller command from the terminal:

HomeController has two methods for home page and for dashboard. Note that for dashboard user must login to access it. Accordingly, in our route we will place it under auth middleware. Below is our HomeControlller:

AuthController

Let us just take a look at AuthController. In this controller, we will have methods for below functionalities:

1. Register
2. Login
3. Verify Email
4. Change Password
5. Forget Password
6. Logout

Register

We will take name, email and password for registration, validate them and create a row in users table. Also we will create a token and send an email to the user's mailbox with a verification email link with that token. When user clicks the link from his/her mailbox, email will be verified and user registraion will be completed.

Below is the controller method for registering the user:

You can see after creating a row in users table a random token is generated and sent in the email. Email template "verify_email.blade.php" is created as below:

Below is a sample email I received in my mailtrap account:

When user clicks on the Verify Email link, we have another method verifyEmail() to update the user as verified in users table.

It takes the token as input parameter and checks if it exists in user_tokens table. If it finds, it updates the "email_verified_at" column in users table and deletes the token. Then it logs in with the user and redirects the user to dashboard.

Login

In login method, we must check if email is verified or not. If email is verified then only we will try to check if email/password are correct and allow login accordingly. But if email is not verified, we create a token again and send email with the link asking the user to click on the link from his/her mailbox. This check is required as user may register, but did not get the email verified and try to login without email verification.

Controller code for Login:

Change Password

For change password, we will validate current password and make sure that new password is different from current password.

Forgot Password

User enters the registered email id in forgot password form. After submitting, forgot password email is sent to user's email to reset password. User gives new password in reset password form to reset his/her password. Below are the controller methods for forgot and reset password.

In forgetPasswordPost() method, we create a token for the email id and send an email to user with a link to reset password. When user clicks on the link, resetPasswordForm() method is called. I have given the routes in next section. When user submits with new password, we verify the token and update password accordingly. Finally, we delete the token for the email.

Routes

Step 5 - Laravel blade Views

I have below files in the resources/views folder

Note that there is a loader added after form submit.

I am using some styles and the stylesheet is given below:

Step 6 - Test the application

From the project root, run the php development server:

From browser start localhost:8000. Verify if application is working correctly. Test below cases:

• Register User
• Email verification
• Login
• Change Password
• Forgot Password

For emails you can create Mailtrap account and add the settings in your .env file.