I have three fields
1- password
2- new password
3- password_confirmation this is change password functionality.
I have allow the condition on password that must be 8 characters one upper one lower and one special character
but i cannot change my password its going on my validator fails:
My Controller code:
public function changepassword(Request $request){
$user = Auth::guard()->user();
$request_data = $request->All();
$validator = $this->admin_credential_rules($request_data);
if($validator->fails()) {
return \Illuminate\Support\Facades\Redirect::to('mujucet')
->with("modal_message_danger", "password must be at least 8 characters, one upper and lower case, and a number");
} else {
$current_password = $user->password;
if(md5($request_data['password']) == $current_password) {
$user_id = $user->id;
$obj_user = User::find($user_id);
$obj_user->password = md5($request_data['new_password']);
$obj_user->save();
return \Illuminate\Support\Facades\Redirect::to('mujucet')
->with("modal_message_success", "Password has been changed successfully");
} else {
return \Illuminate\Support\Facades\Redirect::to('mujucet')
->with("modal_message_danger", "wong old password");
}
}
}
public function admin_credential_rules(array $data){
$messages = [
'new_password.required' => "Zdejte nové heslo.",
'password.required' => "Zadejte souÄasné heslo.",
];
$validator = Validator::make($data, [
'password' => 'required|min:8|regex:/^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\X])(?=.*[!$#%]).*$/|confirmed',
'new_password' => 'required|min:8|regex:/^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\X])(?=.*[!$#%]).*$/|confirmed',
], $messages);
return $validator;
}
i am stuck into this problem i need your help.
Any help will be highly appreciated!
What errors does the validator give you? You can retrieve them with $validator->errors().
Looking at the code I think you'll need to remove the confirmed rule from the password field validator (since you don't need to confirm the old password). Then you'll need to change the new password confirmation field to have the name new_password_confirmation.
Your three fields should be: password, new_password and new_password_confirmation.
The validator should be:
$validator = Validator::make($data, [
'password' => 'required|min:8|regex:/^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\X])(?=.*[!$#%]).*$/',
'new_password' => 'required|min:8|regex:/^.*(?=.{3,})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[\d\X])(?=.*[!$#%]).*$/|confirmed',
], $messages);
Have you overridden the default hasher to use MD5 for passwords? By default Laravel uses bcrypt which is a lot more secure for hashing sensitive data.
Related
I have a proplem with this function.
My attribute 'sv_trangThai'=2 , of course. i can log in. and if sv_trangThai=1, this account won't log in because of being locked.
Ok. 2:can log in and 1: being locked and can't log in.
Absolutely my code is running well but when i typed the wrong password or username, i got "username or password is not true!".That's first case. Fine.
In case 2th, when i typed true password and username, i got the same "username or password is not true".
I wanna ask to how i should write to Show MessageBag:"This account is being locked" when i use case 2. instead of "username or password is not true".enter code here
public function login(Request $request)
{
$rules = [
'sv_ma' =>'required',
'password' => 'required|min:6',
];
$messages = [
'sv_ma.required' => 'Please type code',
'password.required' => 'please type password here',
'password.min' => 'password is the least at**strong text** 6!!!!',
];
$validator = Validator::make($request->all(), $rules, $messages);
if ($validator->fails()) {
return redirect()->back()->withErrors($validator)->withInput();
}
else
{
if (Auth::guard('sinhvien')->attempt(['sv_ma'=>$request->sv_ma,'password'=>$request->password,'sv_trangThai'=>2],$request->remember))
{
return redirect()->intended('/trangchu');
}
else
{
$errors = new MessageBag(['errorlogin' => 'username or password is not true!']);
return redirect()->back()->withInput($request->only('sv_ma','remember'))->withErrors($errors);
}
}
}
$credentials = $request->only('sv_ma','password');
if(Auth::guard('sinhvien')->attempt($credentials, $request->remember)){
$user = Auth:user();
if($user->sv_trangThai == 1 ){
//account locked
Auth::logout();
$errors = new MessageBag(['errorlogin' => 'Account Locked']);
return redirect()->back()->withInput($request->only('sv_ma','remember'))->withErrors($errors);
}
}else{
$errors = new MessageBag(['errorlogin' => 'username or password is not true!']);
return redirect()->back()->withInput($request->only('sv_ma','remember'))->withErrors($errors);
}
First you must check the sv_ma and password what's return with this
dd($request->sv_ma .' '.$request->password );
Second go to your database and check your password if is hashed or not if is not hashed you must add a new account but the password should be hashed using bcrypt.
The following code is the implementation of the authentication based on whether or not a user enters a password in the edit page of user data.
How could I simplify this code using only a few methods?
...
$user = User::findOrFail($id); //Get role specified by id
if($request->password === null){
$this->validate($request, [
'name'=>'required|max:120',
'email'=>'required|email|unique:users,email,'.$id
]);
$request->password = $user->password;
}
else{
//Validate name, email and password fields
$this->validate($request, [
'name'=>'required|max:120',
'email'=>'required|email|unique:users,email,'.$id,
'password'=>'required|min:6|confirmed'
]);
}
$input = $request->only(['name', 'email', 'password']); //Retreive the name, email and password fields
$roles = $request['roles']; //Retreive all roles
$user->fill($input)->save();
...
Specs
Laravel ver.5.6
$this->validate($request, [
'name'=>'required|max:120',
'email'=>'required|email|unique:users,email,'.$id,
'password'=>'nullable|required|min:6|confirmed'
]);
Use nullable rule in password validation. White saving the password use code like this:
if($request->password){
$user->password = bcrypt($request->password);
}
I am working in laravel 5.1 and my update profile was working but will not encrypted and not working now.
When I try to update the user table will also password_confirmation field and causes a conflict in the database. I do not understand.
In the form says successfully but the database does not update any
Code
public function updatePassword() {
$passwordData = Input::except('_token');
$validation = Validator::make($passwordData, User::$passwordData);
if ($validation->passes()) {
array_forget($passwordData,'password_confirmation');
User::where(array(
'password' => Hash::make(Input::get('password'))
));
Session::flash('password', 'Perfil editado com sucesso');
return Redirect::to('backend/perfil/password');
} else {
return Redirect::to('backend/perfil/password')->withInput()->withErrors($validation);
}
}
user
public static $passwordData = array(
'password' => 'required|confirmed',
'password_confirmation' => 'required'
);
Follow this simple steps to get rid of anything
Step 1 : Get the password from the form
$PasswordData = Input::all();
Step 2 : Validate your password
Validator::extend('pwdvalidation', function($field, $value, $parameters) {
return Hash::check($value, Auth::user()->password);
});
Step 3 : Define the validation rule in your User Model
public static $rulespwd = array('OldPassword' => 'required|pwdvalidation',
'NewPassword' => 'required|confirmed|alphaNum|min:5|max:10',
'NewPassword_confirmation' => 'required',
);
Note : You shall define your own rule according to your need
Step 4 : If the rule is passed, then update else throw error messages to your view
$validator = Validator::make($PasswordData, User::$rulespwd, $messages);
if ($validator->passes()) {
$user = User::find(Auth::user()->id);
$user->password = Input::get('NewPassword');
$user->save();
return Redirect::to(Session::get('urlpath') . '/changepassword')->withInput()->with('Messages', 'The Password Information was Updated');
} else {
return Redirect::to(Session::get('urlpath') . '/changepassword')->withInput()->withErrors($validator);
}
I am checking for Old Password and New Password with Confirmation Password.
Here i want to check with whether OldPassword and New Password should not be same.
How can i do this ?
Here is my Rule :
public static $rulespwd = array('OldPassword' => 'required|pwdvalidation',
'NewPassword' => 'required|confirmed|min:1|max:10',
'NewPassword_confirmation' => 'required',
);
Here is my controller code for the validation :
$PasswordData = Input::all();
Validator::extend('pwdvalidation', function($field, $value, $parameters)
{
return Hash::check($value, Auth::user()->password);
});
$messages = array('pwdvalidation' => 'The Old Password is Incorrect');
$validator = Validator::make($PasswordData, User::$rulespwd, $messages);
if ($validator->passes())
{
$user = User::find(Auth::user()->id);
$user->password = Input::get('NewPassword');
$user->save();
return Redirect::to('changepassword')->with('Messages', 'The Password Information was Updated');
}
Note : I am using model for validation rule.. How can i do this in model ??
Just use the different validation rule - as described in the Laravel docs
public static $rulespwd = array('OldPassword' => 'required|pwdvalidation',
'NewPassword' => 'required|confirmed|min:6|max:50|different:OldPassword',
'NewPassword_confirmation' => 'required',
);
Also - why are you limiting a password to 10 chars? That is silly - there is no reason to limit it at all. All your are doing is reducing your application security.
I managed to save a new password or change a password for a logged in user.
public function saveNewPassword() {
$rules = array(
'old_password' => 'required',
'password' => 'required|confirmed|different:old_password',
'password_confirmation' => 'required|different:old_password|same:password_confirmation'
);
$user = User::findOrFail(Auth::user()->id);
// Validate the inputs
$validator = Validator::make(Input::all(), $rules);
if ($validator->fails()) {
return Redirect::back()
->withErrors($validator)
->withInput();
} else {
$password = Input::get( 'password' );
$passwordConfirmation = Input::get( 'password_confirmation' );
if(!empty($password)) {
if($password === $passwordConfirmation) {
$user->password = $password;
$user->password_confirmation = $passwordConfirmation;
}
} else {
unset($user->password);
unset($user->password_confirmation);
}
// Save if valid. Password field will be hashed before save
$user->save();
}
// Get validation errors (see Ardent package)
$error = $user->errors()->all();
if(empty($error)) {
Session::flash('message', 'Successfully saved!');
return Redirect::back();
} else {
Session::flash('error', $error);
return Redirect::back();
}
}
The problem I have is, how to check the Old Password, that is equal to the current password? Any Ideas? Does Confide has his own methods for changing passwords?
I use this sollution for changing the password. In your rules you have one error: password_confirmation should be the same as password not password_confirmation.
Here is the complete and tested function:
public function changePassword($id){
$rules = array(
'old_password' => 'required',
'new_password' => 'required|confirmed|different:old_password',
'new_password_confirmation' => 'required|different:old_password|same:new_password'
);
$user = User::find(Auth::user()->id);
$validator = Validator::make(Input::all(), $rules);
//Is the input valid? new_password confirmed and meets requirements
if ($validator->fails()) {
Session::flash('validationErrors', $validator->messages());
return Redirect::back()->withInput();
}
//Is the old password correct?
if(!Hash::check(Input::get('old_password'), $user->password)){
return Redirect::back()->withInput()->withError('Password is not correct.');
}
//Set new password to user
$user->password = Input::get('new_password');
$user->password_confirmation = Input::get('new_password_confirmation');
$user->touch();
$save = $user->save();
return Redirect::to('logout')->withMessage('Password has been changed.');
}
This also works if you dont work with Confide.
From the github of confide:
Integrated with the Laravel Auth and Reminders component/configs.
So I would guess using the Auth::validate() method will do the trick.