Geek Answers Handbook

How to check current, new and new password confirmation in Laravel 5?

I created a route, view and password method in UserController@getProfilePassword and UserController@postProfilePassword

At the moment, if I fill in the new_password field, it receives a hash and is sent to the database correctly, then I can log in with a new password.

But I need to be able to check new_password and new_password_confirm to make sure they are the same and also check the current user password.

How can i do this?

EDIT: I added the $this->validate method, but now I keep getting the error The password confirmation confirmation does not match. even if they match as I use a simple password. I also think that I need to check the current password manually, since validator will not do this for me.

 public function getProfilePassword(Request $request) { return view('profile/password', ['user' => Auth::user()]); } public function postProfilePassword(Request $request) { $user = Auth::user(); $this->validate($request, [ 'old_password' => 'required', 'password' => 'required|min:4', 'password_confirmation' => 'required|confirmed' ]); $user->password = Hash::make(Input::get('new_password')); $user->save(); }

And this is a view

 <form action="{{ route('profile/updatepassword') }}" method="post" enctype="multipart/form-data"> <div class="form-group"> <label for="name">Current Password</label> <input type="password" name="old_password" class="form-control" id="old_password"> </div> <div class="form-group"> <label for="name">Password</label> <input type="password" name="password" class="form-control" id="password"> </div> <div class="form-group"> <label for="name">New Password</label> <input type="password" name="password_confirmation" class="form-control" id="password_confirmation"> </div> <button type="submit" class="btn btn-primary">Change Password</button> <input type="hidden" value="{{ Session::token() }}" name="_token"> </form>
+13
php laravel laravel-5
source share
7 answers

There is a function Hash::check() , which allows you to check whether the old password is entered correctly by the user.

usage

 if (Hash::check("param1", "param2")) { //add logic here } param1 - user password that has been entered on the form param2 - old password hash stored in database

it will return true if the old password is entered correctly and you can add your own logic accordingly.

for new_password and new_confirm_password , to be the same, you can add your validation to the form request, for example

 'new_password' => 'required', 'new_confirm_password' => 'required|same:new_password'
+44
source share

If you need the functionality of a custom rule only once in an application, you can use Closure instead of a rule object. The closure gets the attribute name, attribute value, and the $ fail callback that should be called if validation fails

 $request->validate([ 'new_password' => 'required|confirmed|min:4', 'current_password' => ['required', function ($attribute, $value, $fail) use ($user) { if (!\Hash::check($value, $user->password)) { return $fail(__('The current password is incorrect.')); } }], ]);

https://laravel.com/docs/5.6/validation#using-closures

+9
source share

You can do this by creating your own validation rule (for this example, I use current_password and new_password as input names).

Put this in AppServiceProvider::boot() :

 Validator::extend('current_password', function ($attribute, $value, $parameters, $validator) { $user = User::find($parameters[0]); return $user && Hash::check($value, $user->password); });

Now you can use the following in your controller:

 $user = auth()->user(); // or pass an actual user here $this->validate($request, [ 'current_password' => 'required_with:new_password|current_password,'.$user->id, ]);
+4
source share

You can add confirmed to confirm the old password. And with 'required|confirmed' you go to 'required|same:password' to compare password and password confirmation

'old_password' => 'required|confirmed', 'password' => 'required|min:4', 'password_confirmation' => 'required|same:password'

Good luck

0
source share

A complete function that will check everything. You just need to send old_password , new_password and confirm_password .

 public function changePassword(Request $request) { try { $valid = validator($request->only('old_password', 'new_password', 'confirm_password'), [ 'old_password' => 'required|string|min:6', 'new_password' => 'required|string|min:6|different:old_password', 'confirm_password' => 'required_with:new_password|same:new_password|string|min:6', ], [ 'confirm_password.required_with' => 'Confirm password is required.' ]); if ($valid->fails()) { return response()->json([ 'errors' => $valid->errors(), 'message' => 'Faild to update password.', 'status' => false ], 200); } // Hash::check("param1", "param2") // param1 - user password that has been entered on the form // param2 - old password hash stored in database if (Hash::check($request->get('old_password'), Auth::user()->password)) { $user = User::find(Auth::user()->id); $user->password = (new BcryptHasher)->make($request->get('new_password')); if ($user->save()) { return response()->json([ 'data' => [], 'message' => 'Your password has been updated', 'status' => true ], 200); } } else { return response()->json([ 'errors' => [], 'message' => 'Wrong password entered.', 'status' => false ], 200); } } catch (Exception $e) { return response()->json([ 'errors' => $e->getMessage(), 'message' => 'Please try again', 'status' => false ], 200); } }
0
source share

Using laravel 5.8 / 6.0 , here is what I do (without a lot of extra code)

Step 1. Confirm

  $data = request()->validate([ 'firstname' => ['required', 'string', 'max:255'], 'lastname' => ['required', 'string', 'max:255'], 'username' => ['bail', 'nullable', 'string', 'max:255', 'unique:users'], 'email' => ['bail', 'nullable', 'string', 'email:rfc,strict,dns,spoof,filter', 'max:255', 'unique:users'], 'new_password' => ['nullable', 'string', 'min:8'], 'confirm_new_password' => ['nullable', 'required_with:new_password', 'same:new_password'], 'current_password' => ['required', function ($attribute, $value, $fail) { if (!\Hash::check($value, Auth::user()->password)) { return $fail(__('The current password is incorrect.')); } }] ]);

Step 2: If Verification Passed

  1. Create an array by checking each input value (but not the value with the required tag when checking) for presence or zero OR do what you need.

For example:

 if(request(input)){ $data += ['input' => request(input)]; }
  1. Updating the database using the created array

For example:

 Auth::user()->account->update($data);
0
source share

Laravel Verify old password and update new password | More

 public function updatePassword(Request $request) { $this->validate($request, [ 'old_password' => 'required', 'new_password' => 'required|min:6', 'confirm_password' => 'required|same:new_password', ]); $data = $request->all(); if(!\Hash::check($data['old_password'], auth()->user()->password)){ return back()->with('error','You have entered wrong password'); }else{ here you will write password update code } }
0
source share

More articles:


All Articles