Halnex Halnex - 1 year ago 487
PHP Question

How to validate current, new, and new password confirmation in Laravel 5?

I have created the password route, view and method in


At the moment, if I fill out the
field, it gets hashed and submitted to the database correctly, then I can login with the new password.

But I need to be able to validate the
to make sure they're the same and validate the user's current password as well.

How can I do that?

EDIT: I added
to the method, but now I keep getting the error
The password confirmation confirmation does not match.
even though they do match as I am using a simple password. Also I think I need to check against the current password manually as
won't do it for me.

public function getProfilePassword() {
return view('profile/password', ['user' => Auth::user()]);

public function postProfilePassword(Request $request) {
$user = Auth::user();

$this->validate($request, [
'old_password' => 'required',
'password' => 'required|min:4',
'password_confirmation' => 'required|confirmed'

$user->password = Hash::make(Input::get('new_password'));

And this is the view

<form action="{{ route('profile/updatepassword') }}" method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="name">Current Password</label>
<input type="password" name="old_password" class="form-control" id="old_password">
<div class="form-group">
<label for="name">Password</label>
<input type="password" name="password" class="form-control" id="password">
<div class="form-group">
<label for="name">New Password</label>
<input type="password" name="password_confirmation" class="form-control" id="password_confirmation">
<button type="submit" class="btn btn-primary">Change Password</button>
<input type="hidden" value="{{ Session::token() }}" name="_token">

Sid Sid
Answer Source

There's a Hash::check() function which allows you to check whether the old password entered by user is correct or not.


if (Hash::check("param1", "param2")) {
 //add logic here

param1 - user password that has been entered on the form
param2 - old password hash stored in database

it will return true if old password has been entered correctly and you can add your logic accordingly

for new_password and new_confirm_password to be same, you can add your validation in form request like

'new_password' => 'required',
'new_confirm_password' => 'required|same:new_password'
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download