U.Ali U.Ali - 2 months ago 14
PHP Question

Laravel 5.2 - Authenticated User to Change Password - Password Matching Issue after Update

So I'm having a rather odd issue. I've created a form that allows the user to change their password.

It does change their password. But it changes their password to something that Laravel can apparently not recognise.

So if I were to use "tinker" to manually update a password to something like "testing"; I'd be able to successfully change my password. However, once I'd changed the password to something (for e.g. 123456), the form wouldn't accept the password.

When I logout of the user and try and login with the new password; it wont let me login.

So clearly Laravel is not recognising the new password.

Code is here:

View:

<div class="panel panel-default">
<div class="panel-heading">Change Your Password</div>
{{ Form::open(array('url' => 'security/change_password')) }}
<div class="form-group">
{!! Form::label('current_password', 'Enter Current Password:') !!}
{!! Form::text('current_password', null, ['class'=>'form-control']) !!}
</div>

<div class="form-group">
{!! Form::label('password', 'Enter New Password:') !!}
{!! Form::text('password', null, ['class'=>'form-control']) !!}
</div>

<div class="form-group">
{!! Form::label('password_confirmation', 'Confirm New Password:') !!}
{!! Form::text('password_confirmation', null, ['class'=>'form-control']) !!}
</div>

<div class="form-group">
{!! Form::submit('Change Password', ['class' => 'btn btn-primary form-control']) !!}
</div>
{!! Form::close() !!}

</div>


Controller:

public function updatePassword(UserSecurityFormRequest $request)
{

$user = Auth::user();
$current_password = $request->input('current_password');
$new_password = $request->input('password');
if (Hash::check($current_password, $user->password)) {
$user->fill([
'password' => Hash::make($request->newPassword)
])->save();
}
else{
return ('Please enter the correct password');
}
}


I also attempted to set an attribute on password in the User..

public function setPasswordAttribute($password)
{
return $this->attributes['password'] = bcrypt($password);
}


that didn't work. (edit: I then removed the above attribute) If anything it prevented the registration form (as part of Laravel's Default Auth system) from creating a password that the login form recognises.

I've checked to make sure that the form is submitting the correct details and it is. I did this by dumping all the data from the form inputs when the form is submitted successfully.

User Model:

<?php


namespace App;
use Carbon\Carbon;

use Illuminate\Foundation\Auth\User as Authenticatable;
//use App\Http\Controllers\traits\HasRoles;

class User extends Authenticatable
{

/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = [
'name', 'email', 'password',
];

/**
* The attributes that should be hidden for arrays.
*
* @var array
*/
protected $hidden = [
'password', 'remember_token',
];

//If register dont work or passwords arent being recognised then remove the following:

/* public function setPasswordAttribute($password)
{
return $this->attributes['password'] = bcrypt($password);
}*/

//turns dates to carbon
protected $dates = ['created_at'];

//Creates Many to Many Relationship between Users table (and model) and Roles Table (and model)
public function roles()
{
return $this->belongsToMany(Roles::class);
}


//Checks for a specific role
public function hasRole($role)
{
if(is_string($role))
{
return $this->roles->contains('name', $role);
}

return !! $role->intersect($this->roles)->count();
}

//gives the user the role
public function assignRole($role)
{
return $this->roles()->save(
Roles::whereName($role)->firstOrFail()
);
}

//Checks whether the user has a role with that permission
public function hasPermission($permission)
{
return $this->hasRole($permission->roles);
}

public function owns($related)
{
return $this->id === $related->user_id;
}


}

As you can see, I've commented out the attribute setter for passwords so that shouldn't affect it. Yet it still does not work.

Any help would be appreciated.

Thank you.

EDIT

It is not working. Massive thanks to everyone who responded and for @Steve Bauman for allowing me to indentify my mistake

Working function:
public function updatePassword(UserSecurityFormRequest $request)
{

$user = Auth::user();
$hashed_password = Auth::user()->password;
$current_password = $request->input('current_password');
$new_password = $request->input('password');
if (Hash::check($current_password, $hashed_password)) {
$user->fill([
'password' => Hash::make($request->password)

])->save();
}
else{
return ('Please enter the correct password');
}
}

Answer

Found your issue:

public function updatePassword(UserSecurityFormRequest $request)
{

    $user = Auth::user();

    $current_password = $request->input('current_password');

    $new_password = $request->input('password');

    if (Hash::check($current_password, $user->password)) {

        $user->fill([

                // This should be $request->password, not `$request->newPassword`

                'password' => Hash::make($request->newPassword)

            ])->save();

    } else {
        return ('Please enter the correct password');
    }
}

The requested variable newPassword would be empty, that's why your passwords don't work. The request field your looking for is password.

This is due to your form field using password as the input name.