Menu
I'm trying to add a password change feature for my logged in/authorized users. It's your plain ole generic set up:
Current Password
New Password
Confirm New Password
Obviously I can just use validate on the new password and password confirmation, but how do I authorize the current password submitted against their actual current password?
In the users model password is a hidden property so I can't just match them up.
I tried looking through Illiminate\Auth and Guard but I didn't see it anywhere. Perhaps I missed it, or maybe I'm going about this the wrong way?
513
The $this->current_password gives us the current_password form field value whereas Laravel allows us to access the currently authenticated user using $this->user() so $this->user()->password gives us the user's hashed password saved in the database. The two passwords are compared using the Hash facade's check method.
Laravel Form Request class comes with two default methods auth() and rules() . You can perform any authorization logic in auth() method whether the current user is allowed to request or not. And in rules() method you can write all your validation rule.
Here's the answer in case anyone else is looking:
$validator = $this->validator($request->all());
$validator->after(function($validator) use ($request) {
$check = auth()->validate([
'email' => $this->user->email,
'password' => $request->current_password
]);
if (!$check):
$validator->errors()->add('current_password',
'Your current password is incorrect, please try again.');
endif;
});
if ($validator->fails()):
return redirect('account/password')
->withErrors($validator)
->withInput();
endif;
$this->user->password = bcrypt($request->password);
$this->user->save();
Get the current password and compare with the new password.
//use Auth, Hash, Input;
if (Hash::check(Input::get('new_password'), Auth::user()->password))
echo "Matched";
else
echo "Not matched";
Did you use the the laravel built in authentication package? If yes, the validation has been done for you. Check app/Http/Controller/Auth/AuthController.php, you can see this validation function. You can add more if you wish!:
protected function validator(array $data)
{
return Validator::make($data, [
'first_name' => 'required|max:255',
'last_name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users',
'password' => 'required|confirmed|min:6',
]);
}
If any error happens during the above validation, it will be sent to the $errors variable where your blade view can catch them. So, in your reset password view (view/auth/reset.blade.php), you can catch the validation errors as follow:
@if (count($errors) > 0)
<div class="alert alert-danger">
<strong>Whoops!</strong> There were some problems with your input.<br><br>
<ul>
@foreach ($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
