Ali Erfani Ali Erfani - 3 months ago 21
PHP Question

Laravel 5.1 change password functionality

I need a change password functionality for my laravel app.
I have created this view:

{!! Form::password('old_password', ['class'=>'form-control']) !!}
{!! Form::password('password', ['class'=>'form-control']) !!}
{!! Form::password('password_confirmation', ['class'=>'form-control']) !!}


Then in my controller I'm checking to see if the value entered for the
old_password
is the same as user's current password.

if(bcrypt($request->old_password) !=$user->password) return redirect()->back()


The problem is that the above condition will always be true. This mins even if the user enters a valid password this condition will return true!
Why it is so?
By the way I'm hashing the password in my user model:

public function setPasswordAttribute($password){
$this->attributes['password'] = bcrypt($password);
}

Answer

bcrypt() generates a random salt each time. In order to check passwords, I should use Hash::check().

Link to docs

Example in docs:

if (Hash::check('plain-text-password', $hashedPassword)) {
    // The passwords match...
}
Comments