I’m currently learning Laravel and I’m creating a register form. When the form has errors I want to repopulate the input fields with their old values.
My form looks like this:
<form method="post" action="/users/store"> @csrf <input type="text" name="username" value="{{ old('username') }}"> <input type="email" name="email" value="{{ old('email') }}"> <input type="password" name="password" value="{{ old('password') }}"> <input type="password" name="password_confirmation" value="{{ old('password_confirmation') }}"> <button class="btn btn-outline-warning" id="registerConfirm">Confirm</button> </form>
For readibility I removed all labels, classes and ids from the input files.
It looks like Laravel doesn’t ‘want’ to repopulate input fields with the old password filled in. The reason I feel this is true is because the username and email do work but both password fields don’t. Whenever I change the password fields to text fields and change the name from password to something like ‘asdasd’ it does work.
My question is: Is my theory correct and if so, why does Laravel do this? Is it security related? Thanks in advance!
I looked at the docs for the old
method but it doesn’t say anything about passwords.
Advertisement
Answer
Laravel intentionally blocks password
and password_confirmation
. Generally it is good practice not to return the password back to the user. It does this in it’s exception handler.
If you really want to include it, update your app/Exceptions/Handler.php
file to remove password
and password_confirmation
from the dontFlash
array.