Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I have been tasked with building a web app and im kinda stuck at my register process. Sorry for bringing up the Angular part but its just for a better contextualization of the project at hand.
On my angular side i have a simple register form that sends a request to my laravel api enpoint that handles the register process. But my issue comes from the fact that it was required that all user sensitive data must be encrypted when it gets added to my mysql DB to ensure sensitive data is properlly secured. but later when i try to register a new user, if same email is used it allows user creation even though it should not be allowed.
To handle sensitive data encryption i used code i found online, that uses $casts -> encrypted on my User Model to automatically encrypt sensitive data, i went with this option because later on my angular frontend the process to fetch data is very easy since it fetches data decrypted with no need to decrypt it "manually":
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable;
protected $fillable = [
'name',
'email',
"phone_number",
'password',
"user_type",
"state_type",
];
protected $hidden = [
'password',
];
protected $casts = [
'name' => "encrypted",
'email' => "encrypted",
"phone_number" => "encrypted",
];
}
but later when i try to register a new user i need to verify if the submited email doesnt already exist on my DB, in order to prevent users from accessing other user account.
to handle my register process i have this function on my AuthController file:
public function register(Request $request)
{
$validator = Validator::make($request->all(), [
'email' => 'required|email',
'name' => 'required',
'password' => 'required|min:8',
'passwordConfirmation' => 'required|same:password',
]);
if ($validator->fails()) {
return response(['error' => 'Account already exists.'], 401);
}
$existingUser = User::where('email', $request->input("email"))->first();
if ($existingUser) {
return response(['error' => 'Account already exists.'], 401);
}
$user = User::create([
"name" => $request->input("name"),
"email" => $request->input("email"),
"phone_number" => $request->input("phone_number"),
"password" => Hash::make($request->input("password")),
"user_type" => $request->input("user_type"),
]);
return response($user, 200);
}
the thing is, this code still allows email duplicates to be inserted on my users table and i dont know what else i can do to prevent it.
any help or guidance would be greatly appreciated
You need the unique rule for the validation of email.
$validator = Validator::make($request->all(), [
'email' => 'required|email|unique:users,email',
'name' => 'required',
'password' => 'required|min:8',
'passwordConfirmation' => 'required|same:password',
]);
@bogey thanks for the reply. i've tried your suggestion and for some reason it still doesnt solve my problem unfortunatly. it still allow user to be created if same email is used.
@MrNobody The users is the table and email is the field. Make sure they are correct. Maybe it's supposed to be user rather than users.
@Bogey i've double checked it and my table is indeed "users" and column is "email".
Please or to participate in this conversation.