Level 10
This looks very useful! I applaud you on how detailed and organized your documentation is. In the "Security" section, though, it looks like the placeholder email address ([email protected]) has been left.
1 like
Aug 14, 2025
3
Level 7
Email Change Confirmation
Another small package from me. The purpose is to improve security against user profile hijacking. By default, when a user changes their email, it goes without issue, which may lead to the profile being stolen by a malicious party.
This package, instead, doesn't make the email change directly, but sends an email to the original email address with a request to either confirm or deny the email change.
If the change is denied, nothing happens, but it will alert the user that something is wrong. If the change is confirmed, only then is the new email address set in the users table, and if MustVerifyEmail is implemented, a verification request is sent to the new email address.
Link: https://github.com/milenmk/laravel-email-change-confirmation
Any feedback is welcome.
Level 7
@jj15 Thanks. I've replaced it with a direct link to the SECURITY.md file
Level 122
my users mostly change their email because they lost their last one ( a lot of consumers use their broadband provider for email, change provider, change email).
Sending them a message to confirm the change will never work for them.
1 like
Please or to participate in this conversation.