001221 001221 - 2 years ago 157
PHP Question

Laravel update password passes validation but doesn't update record

Hi I am using Laravel and I am using a couple of packages for user auth and roles which are Zizaco Confide and I want to update the users password firstly they should input there current password a new password and confirm the password and they should match. Now the validation works but the users password isn't updated in the database. My code is below:

public function updatePassword($id) {

$rules = array(
'now_password' => 'required',
'password' => 'min:5|confirmed|different:now_password',
'password_confirmation' => 'required_with:password|min:5'
//password update.
$now_password = Input::get('now_password');
$password = Input::get('password');
$passwordconf = Input::get('password_confirmation');

$validator = Validator::make(Input::only('now_password', 'password', 'password_confirmation'), $rules);

if ($validator->fails()) {
return Redirect::back()->withErrors($validator);
elseif (Hash::check($now_password, Auth::user()->password)) {

$user = User::find($id);
$user->password = Hash::make($password);
return Redirect::back()->with('success', true)->with('message','User updated.');

} else {
return Redirect::back()->withErrors('Password incorrect');


Any ideas why the users password is not isn't updated using this block of code

$user = User::find($id);
$user->password = Hash::make($password);

User Model


use Zizaco\Confide\ConfideUser;
use Zizaco\Confide\ConfideUserInterface;
use Zizaco\Entrust\HasRole;

class User extends Eloquent implements ConfideUserInterface
use SoftDeletingTrait;
use ConfideUser;
use HasRole;

protected $softDelete = true;

public function favourites()
return $this->hasMany('Favourite');


Answer Source

To check inputted password:


 $now_password  = Input::get('now_password');
 $user = DB::table('users')->where('name', Auth::user()->name)->first();
        if(Hash::check($now_password, $user->password)){
    //Your update here


$now_password   = Input::get('now_password');
if(Hash::check($now_password, Auth::user()->password)){
    //Your update here

To check if they match and if the new password is different than old.

$rules = array(
        'now_password'          => 'required|min:8',
        'password'              => 'required|min:8|confirmed|different:now_password',
        'password_confirmation' => 'required|min:8',

And edit your form to (or enter your names):

{{ Form::label('now_password', 'Old Password') }}
{{ Form::password('now_password')}}
{{ Form::label('password', 'New Password') }}
{{ Form::password('password')}}
{{ Form::label('password_confirmation', 'Confrim New Password') }}
{{ Form::password('password_confirmation')}}


Ok, so you don't want to edit only passwords.

Edit your rules:

$rules = array(
'now_password'          => 'required|min:5',
'password'              => 'min:5|confirmed|different:now_password',
'password_confirmation' => 'required_with:password|min:5'

I think that current password should be required in every type of change. Other inputs imo shouldn't be required, because you don't know which data user want to edit.

You should also add to your rules something like:

'username'  => alpha_num|unique:users,username

etc.. (for more see http://laravel.com/docs/4.2/validation#available-validation-rules)

If Validator pass, you should check which data user want to change (which inputs are not empty). Something like:

    $user->firstname    = Input::get('firstname');

etc...with every input.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download