3

I've add code to change password in my webapp. But Hash::check() doesn't work. Always return false. Also Hash::Make() returns different string every time. I've tried bcrypt() instead but, it also doesn't work. Please help me. Here's my code.

public function changePassword(Request $request) { $user = Auth::user(); $curPassword = $request->input['curPassword']; $newPassword = $request->input['newPassword']; if (Hash::check($curPassword, $user->password)) { $user_id = $user->id; $obj_user = User::find($user_id)->first(); $obj_user->password = Hash::make($newPassword); $obj_user->save(); return response()->json(["result"=>true]); } else { return response()->json(["result"=>false]); } }

Thank you.

Improve this question
2
  • it should be $request->input('curPassword'); not $request->input['curPassword']; Commented Mar 4, 2017 at 4:34
  • Check 5balloons.info/… Commented Mar 15, 2018 at 13:01

4 Answers 4

Reset to default
5

Heres how I did it:

In my controller, I use the following method:

public function changePassword() { $this->validate(request(), [ 'current_password' => 'required|current_password', 'new_password' => 'required|string|min:6|confirmed', ]); request()->user()->fill([ 'password' => Hash::make(request()->input('new_password')) ])->save(); request()->session()->flash('success', 'Password changed!'); return redirect()->route('password.change'); }

This will validate the input, then properly save the new password for the current user. It also flashes a message and then returns them to the password change form. You can remove that part and do your own thing there.

This utilizes a custom validation rule I created called current_password. You must add this to your AppServiceProvider::boot() method like so:

public function boot() { // current password validation rule Validator::extend('current_password', function ($attribute, $value, $parameters, $validator) { return Hash::check($value, Auth::user()->password); }); }

Just make sure you're using the Auth, Hash, and Validator facades in the AppServiceProvider.

Lastly, we simply need to declare our error message in our lang/en/validation.php file:

'current_password' => "The :attribute is invalid.",

Hope this helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

I think your $curPassword variable is empty, that's why it's always returning false. Try this way

$curPassword = $request->curPassword; $newPassword = $request->newPassword;

Unless you send data in an input array. But somewhoe, Hash::check() is failing, meaning there is no match.

As for the same string, yes, Hash::make() always returns a different string. I guess for security purposes.

Improve this answer

2 Comments

Thank you for your reply. I've tried as you said. But also it doesn't work.
Finally, I've fixed. It was my mistake.
1

It should be 

 $curPassword =$request->input('curPassword'); $newPassword = $request->input('newPassword');

not

 $curPassword = $request->input['curPassword']; $newPassword = $request->input['newPassword'];

In Laravel Documentation they are saying if you want to change the password what you could do after the checking is

 $request->user()->fill([ 'password' => Hash::make($request->newPassword) ])->save();
Improve this answer

3 Comments

Thank you for your reply. I've tried as you said. But also it doesn't work.
try dd($request) your data and see what you'll get.
Thanks for your effort. It was my mistake. I was sending wrong value when post request.
0

There is also error in this line

$obj_user = User::find($user_id)->first();

it should be

$obj_user = User::find($user_id);

As official documentation say

// Retrieve a model by its primary key... $flight = App\Flight::find(1); // Retrieve the first model matching the query constraints... $flight = App\Flight::where('active', 1)->first();
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.