I have created the password route, view and method in UserController@getProfilePassword and UserController@postProfilePassword
At the moment, if I fill out the new_password field, it gets hashed and submitted to the database correctly, then I can login with the new password.
But I need to be able to validate the new_password and new_password_confirm to make sure they’re the same and validate the user’s current password as well.
How can I do that?
EDIT: I added $this->validate to the method, but now I keep getting the error The password confirmation confirmation does not match. even though they do match as I am using a simple password. Also I think I need to check against the current password manually as validator won’t do it for me.
public function getProfilePassword(Request $request) { return view('profile/password', ['user' => Auth::user()]);}public function postProfilePassword(Request $request) { $user = Auth::user(); $this->validate($request, [ 'old_password' => 'required', 'password' => 'required|min:4', 'password_confirmation' => 'required|confirmed' ]); $user->password = Hash::make(Input::get('new_password')); $user->save();}And this is the view
<form action="{{ route('profile/updatepassword') }}" method="post" enctype="multipart/form-data"> <div class="form-group"> <label for="name">Current Password</label> <input type="password" name="old_password" class="form-control" id="old_password"> </div> <div class="form-group"> <label for="name">Password</label> <input type="password" name="password" class="form-control" id="password"> </div> <div class="form-group"> <label for="name">New Password</label> <input type="password" name="password_confirmation" class="form-control" id="password_confirmation"> </div> <button type="submit" class="btn btn-primary">Change Password</button> <input type="hidden" value="{{ Session::token() }}" name="_token"> </form>Advertisement
Answer
There’s a Hash::check() function which allows you to check whether the old password entered by user is correct or not.
usage
if (Hash::check("param1", "param2")) { //add logic here}param1 - user password that has been entered on the formparam2 - old password hash stored in databaseit will return true if old password has been entered correctly and you can add your logic accordingly
for new_password and new_confirm_password to be same, you can add your validation in form request like
'new_password' => 'required','new_confirm_password' => 'required|same:new_password'