Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Laravel 4.2 Validation Rules - Current Password Must Match DB Value

Tags:

validation

php

bcrypt

laravel-4

On the password reset form the user supplies current_password, password and password-confirmation. Is there a way to specify in the validation rules that current_password (it's hash value) must match the database value?

Currently I have this:

$rules = array(
    'current_password' => 'required',
    'password'         => 'required|confirmed|min:22'
);

Thank you.

UPDATE

Thanks to @ChrisForrence and @Ben, I came up with the following which works great! Much appreciated. Hope this will help someone else:

Validator::extend('hashmatch', function($attribute, $value, $parameters)
{
    return Hash::check($value, Auth::user()->$parameters[0]);
});
$messages = array(
    'hashmatch' => 'Your current password must match your account password.'
);
$rules = array(
    'current_password' => 'required|hashmatch:password',
    'password'         => 'required|confirmed|min:4|different:current_password'
);

$validation = Validator::make( Input::all(), $rules, $messages );
like image 342
PeterKA Avatar asked Jul 18 '14 16:07

PeterKA

People also ask

How does laravel validate current password?

The $this->current_password gives us the current_password form field value whereas Laravel allows us to access the currently authenticated user using $this->user() so $this->user()->password gives us the user's hashed password saved in the database. The two passwords are compared using the Hash facade's check method.

How do you validate exact words in laravel?

To get the exact words to validate you can make use of Rule::in method available with laravel. Using Rule::in method whatever the values provided by this rule has to be matched otherwise it will fail.

What is the method used to configure validation rules in form request?

Laravel Form Request class comes with two default methods auth() and rules() . You can perform any authorization logic in auth() method whether the current user is allowed to request or not. And in rules() method you can write all your validation rule.

1 Answers

You can't, bcrypt hashes are unique (they have their own random salt incorporated) so even if you knew the user's plain text password you would't be able do a hash-to-hash comparison.

What you can do is actually check the plain text password against a bcrypt hash by doing Hash::check('plain text password', 'bcrypt hash') on your controller.

like image 197
Ben Avatar answered Sep 25 '22 23:09

Ben
Sign in to Comment

Related questions

I am stuck on one query in mysql
Zend / Apache2: Getting 302 Found when requesting url several times
Respect validation multiple custom error messages
MongoDB object mapping (PHP)
How to use pipe (" | ") in PHP exec?
PDO incorporation within class
Malicious PHP file found on my webserver, need help cleaning and preventing this from happening again [closed]
Phpmyadmin doesn't work if session.save_handler set to memcache
Protect ajax posts? [closed]
Could someone give a perfect example of a basic "user" object system, using PDO?
Scheduling a task in PHP MVC Codeigniter
php undefined index notice not raised when indexing null variable
Symfony sonata admin bundle without entity
Html 5 drag and drop to input file
XAMPP PhpMyAdmin Error 1045, "Access denied for user 'root'@'localhost'
Push notifications Drupal module - Remove device (Web services)
Programmatically logout OAuth Connector in Drupal 7
RPG - storing player data
Any PHP framework implements ODATA protocol? [closed]
Example of wrapped document/literal array

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!