Skip to content
Advertisement

Laravel old method not returning password values

I’m currently learning Laravel and I’m creating a register form. When the form has errors I want to repopulate the input fields with their old values.

My form looks like this:

<form method="post" action="/users/store">
    @csrf
    <input type="text" name="username" value="{{ old('username') }}">
    <input type="email" name="email" value="{{ old('email') }}">
    <input type="password" name="password" value="{{ old('password') }}">
    <input type="password" name="password_confirmation" value="{{ old('password_confirmation') }}">
    <button class="btn btn-outline-warning" id="registerConfirm">Confirm</button>
</form>

For readibility I removed all labels, classes and ids from the input files.

It looks like Laravel doesn’t ‘want’ to repopulate input fields with the old password filled in. The reason I feel this is true is because the username and email do work but both password fields don’t. Whenever I change the password fields to text fields and change the name from password to something like ‘asdasd’ it does work.

My question is: Is my theory correct and if so, why does Laravel do this? Is it security related? Thanks in advance!

I looked at the docs for the old method but it doesn’t say anything about passwords.

Advertisement

Answer

Laravel intentionally blocks password and password_confirmation. Generally it is good practice not to return the password back to the user. It does this in it’s exception handler.

If you really want to include it, update your app/Exceptions/Handler.php file to remove password and password_confirmation from the dontFlash array.

User contributions licensed under: CC BY-SA
2 People found this is helpful
Advertisement