laravel- Scan QR code for customer to verify

There are several ways to do that.

One is to hash let's say the users email and order number

$hash = Hash::make($user->email + $this->orderno);

Or you can use uuid to generate a unique key

$id = Str::uuid();

Then you can use some endpoint like

Route:.get('orders/confirm/{order}/{hash}', 'OrderConfirmationController@show');

Let's say I go with option 1: hash,

In my QR code, where do I link the customer to when he scans?

https://yoursite.com/orders/confirm/<the order number>/<the hash> or something similar.

You should display a button to send a post request to confirm.

I updated the route suggested in the previous reply.

Can I just use hash a random number and not user email or order number?

Yes you can do that or just use the str::uuid() helper which generates a random unique identifier.

I did it this way. Take a look:

web.php

//Show order confirmation when customer scan QR (invoice)
Route::get('/orders/confirm/{order}/{hash}', 'OrderController@show');

order controller:

public function show($id)
    {
        $hash = Hash::make($user->email + $this->orderno);
        return view('qr.confirm-order');
    }

Though not sure how do I retrieve user and order no.

You need to create the hash when the order is inserted into your orders table.

The hash is to prevent customer from accessing orders that do not belong to them?

Yes.

An order number might look something like 5155255 and then the hash is to prevent anyone from just changing the order number manually in the url.

You need to make sure that the hash is suitable for encoding in a URL (only uses url safe characters)

Or, use a long random token, or signed URLs