Installation

February 22, 2026 ยท View on GitHub

Full setup guide for the cakephp-verification plugin.

Requirements

  • PHP 8.2+
  • CakePHP 5.3+
  • cakephp/authentication ^4.0

1) Install the package

composer require salines/cakephp-verification

2) Load the plugin

Add it manually in src/Application.php:

use CakeVerification\CakeVerificationPlugin;

// in bootstrap():
$this->addPlugin(CakeVerificationPlugin::class);

3) Publish config

bin/cake verification:install

This copies config/verification.php into your app. Open it and adjust to your requirements.

4) Load the component in AppController

// src/Controller/AppController.php
public function initialize(): void
{
    parent::initialize();
    $this->loadComponent('Flash');
    $this->loadComponent('Authentication.Authentication');
    $this->loadComponent('CakeVerification.Verification');
}

5) Database columns

The plugin does not ship migrations. Add the columns you need to your users table.

Email verification (emailVerify)

ColumnTypeNotes
emailVARCHARRequired
email_verification_tokenVARCHAR(191), nullableToken sent in link
email_verification_token_expiresDATETIME, nullableToken expiry
email_verified_atDATETIME, nullableSet when verified

Email OTP (emailOtp)

ColumnNotes
emailRequired (same column as above)

SMS OTP (smsOtp)

ColumnTypeNotes
phoneVARCHAR(32), nullablePhone number
phone_verified_atDATETIME, nullableSet after OTP success
phone_verifiedTINYINT(1), default 0Optional flag

TOTP

ColumnTypeNotes
totp_secretVARCHAR(255), nullableStore encrypted
totp_verified_atDATETIME, nullableSet after first successful verify

OTP driver preference

ColumnTypeNotes
verification_preferencesJSON, nullableStores the user's chosen OTP driver

Example migration

use Migrations\AbstractMigration;

class AddVerificationFieldsToUsers extends AbstractMigration
{
    public function change(): void
    {
        $table = $this->table('users');

        foreach ([
            ['email_verification_token',         'string',   ['limit' => 191, 'null' => true]],
            ['email_verification_token_expires',  'datetime', ['null' => true]],
            ['email_verified_at',                 'datetime', ['null' => true]],
            ['phone',                             'string',   ['limit' => 32,  'null' => true]],
            ['phone_verified_at',                 'datetime', ['null' => true]],
            ['phone_verified',                    'boolean',  ['default' => false]],
            ['totp_secret',                       'string',   ['limit' => 255, 'null' => true]],
            ['totp_verified_at',                  'datetime', ['null' => true]],
            ['verification_preferences',          'json',     ['null' => true]],
        ] as [$col, $type, $opts]) {
            if (!$table->hasColumn($col)) {
                $table->addColumn($col, $type, $opts);
            }
        }

        $table->update();
    }
}

Register the JSON type in your UsersTable::initialize():

public function initialize(array $config): void
{
    parent::initialize($config);
    // ...
    $this->getSchema()->setColumnType('verification_preferences', 'json');
}

6) Configure

Open config/verification.php and set requiredSetupSteps to the steps your app needs. See configuration.md for the full reference.

7) UsersController actions

See users_controller.md for the complete list of actions you must implement and what each one does.

Next steps


Documentation

TopicFile
README../README.md
Verification flows (setup, login, OTP choice)verification_flow.md
Installationinstallation.md
Configuration referenceconfiguration.md
Environment variablesenv.md
UsersController actionsusers_controller.md
VerificationComponentverification_component.md
VerificationHelperverification_helper.md
Email verification & Email OTPemail_verification.md
SMS OTPsms_verification.md
TOTPtotp_verification.md
Enable / disable individual stepsverificator_enable_disable.md
API referenceapi/index.md