Laravel 5, update user password

Question

Laravel 5, update user password

I use laravel 5 to develop an application that allows each user to update their profile.
To update the password, the user must first enter his old password, and if the old password matches, his new password will be hashed and saved in the database. how can i check this using laravel form request validation ?

+6

php validation laravel laravel-5

Salar Jun 08 '15 at 12:15

source share

3 answers

If you want to check the hash value generated by

 Hash::make()

you need to use

 Hash::check('unhashed', $hashed)

Each time you run Hash::make('string') , a different hash is executed and does not match the previous one. For instance:

 // Generate a hash $password = Hash::make('password'); // $password == $2y$08$T9r9qUxrr6ejs9Ne.nLzMet8l0A8BM5QvLjhaaJasgsbMBdX4JjRu // Generate a new hash $new_password = Hash::make('password'); // $new_password == $2y$08$3KBlYKIMpIvk.TWwim9oPuwGA.Pzv1iF7BsDyYkz7kQlhkA/ueULe // Compare hashes the WRONG way $password === $new_password; // false // Compare hash the RIGHT way Hash::check('password', $password); // true Hash::check('password', $new_password); // true

So use the Hash :: make () method of the Hash class.

+3

Rajesh kumawat Jun 08 '15 at 12:23

source share

I'm not sure, but I think there is no native way to do this in Laravel. If so, you can implement a custom "hash validator":

 class CustomValidator extends \Illuminate\Validation\Validator { public function validateHash($attribute, $value, $parameters) { $expected = $parameters[0]; return Hash::check($value, $expected); } }

Register it with the supplier:

 class AppServiceProvider extends ServiceProvider { /** * Bootstrap any application services. * * @return void */ public function boot() { require_once __DIR__ . '/../Http/helpers.php'; Validator::resolver(function($translator, $data, $rules, $messages) { return new CustomValidator($translator, $data, $rules, $messages); }); } // ... }

And use it in the form request:

 class MyFormRequest extends FormRequest { public function rules() { $password = Auth::user()->password; return [ 'old_password' => "required|hash:" . $password ] } // ... }

Documentation link: http://laravel.com/docs/5.0/validation#custom-validation-rules

+3

Anatoliy Arkhipov Jun 09 '15 at 5:34

source share

Salar · Accepted Answer · 2016-02-23T09:31:02+0000

I created a custom validator and added it to the AppServiceProvider as follows:

<?php namespace App\Providers; use Validator; use Illuminate\Support\ServiceProvider; use Illuminate\Support\Facades\Hash ; class AppServiceProvider extends ServiceProvider { /** * Bootstrap any application services. * * @return void */ public function boot() { Validator::extend('password_hash_check', function($attribute, $value, $parameters, $validator) { return Hash::check($value , $parameters[0]) ; }); }

then I used it in my form validation template as follows:

 <?php namespace App\Http\Requests; use App\Http\Requests\Request; class UpdateUserProfileRequest extends Request { /** * Get the validation rules that apply to the request. * * @return array */ public function rules() { $hashed_password = $this->user()->password ; return [ 'oldPassword'=> "password_hash_check:$hashed_password|string|min:6", 'newPassword' => 'required_with:oldPassword|confirmed|min:6', ]; }

Laravel 5, update user password

More articles: