Level 39
Don't change the email in db before it's validated.
The process is well explained in the doc
https://laravel.com/docs/9.x/verification
https://laravel.com/docs/9.x/verification#the-email-verification-handler
1 like
May 15, 2022
5
Level 1
How to change logged in user email in session using Laravl?
I am working on a project in Laravel 9 and I want to let users change their email address at any time. Technically I let them change their email when they are logged in!
When they change their email address, it changes just in database, but since user has logged in, I want to change user's email address in logged in session token.
In fact, I want to regenerate login token (remember me token) with new user's new email.
I'm not using any kind of specific API for this process.
In this project, for some pages, verified email address is not 100 percent required so if someone updates their email address, I want to regenerate login token with their new/updated email. In this case, I don't need to get user's data from database every time! Instead, I use auth()->user().
Up to this point, I used below piece of code to update user's email address:
$request->validate(['email' => 'required|email|min:12|max:64']);
$user->forceFill([
'email' => $request->email_confirmation,
'email_verified_at' => null
])->setRememberToken(Str::random(60));
When I print authenticated user's email like what you see down below, it shows old email not the new one! If anyone knows a way to do this thing please comments below. Thank you
return response()->json([
'code' => 200,
'message' => 'An email verification link has been sent to <strong>'.auth()->user()->email.'</strong>.
<br/>Please follow the link and verify your email.
]);
Level 1
@sr57 thank you for your answer. I actually done validation using:
$request->validate(['email' => 'required|email|min:12|max:64']);
but I just showed that one piece of code that I'm trying to regenerate login token right after updating email info in database. I also looked at that documentation but I want to let users use some part of website even without verifying email and I don't want to take updated data from database every time they submit a request, instead I want to use auth()->user().
Maybe I need to update post to include these two new information.
Level 122
Technically I let them change their email when they are logged in!
How else could you do it?
change your json response message to use the email from the request not the one from the user model
on the next request cycle, the new email will be loaded
don't forget to validate the new email and make sure it does not belong to someone else. Probably also a good idea to get them to provide their password for checking
1 like
Level 1
@Snapey Thank you for your help. How about if verification is not fully required for some pages and I want to use auth()->user() instead of selecting database? Is it good practice if I let users to use some pages without email verification?
I also used password check before form submission.
Level 122
@Nevda not sure what your question is
Please or to participate in this conversation.