【问题标题】：Laravel 5.8 change password functionalityLaravel 5.8 修改密码功能
【发布时间】：2019-10-11 19:08:27
【问题描述】：

我目前正在尝试为我的用户配置文件更改密码功能，我的所有输入都提交给控制器，但我认为我的功能逻辑可能有问题？

已尝试对函数进行转储请求，转储已成功返回。但是当围绕验证过程包装验证变量时，不会返回转储。请求重定向回带有表单数据的配置文件页面。

控制器

public function updatePassword(Request $request)
{
    $this->validate($request, [
        'old_password' => 'required',
        'new_password' => 'required|confirmed',
        'password_confirm' => 'required'
    ]);

    $user = User::find(Auth::id());

    if (!Hash::check($request->current, $user->password)) {
        return response()->json(['errors' => 
            ['current' => ['Current password does not match']]], 422);
    }

    $user->password = Hash::make($request->password);
    $user->save();

    return $user;
}

查看

<form method="POST" action="{{ route('update-password') }}">
    @csrf
    @method('PUT')
    <div class="form-group row">
        <label for="old_password" class="col-md-2 col-form-label">{{ __('Current password') }}</label>
        <div class="col-md-6">
            <input id="old_password" name="old_password" type="password" class="form-control" required autofocus>
        </div>
    </div>
    <div class="form-group row">
        <label for="new_password" class="col-md-2 col-form-label">{{ __('New password') }}</label>
        <div class="col-md-6">
            <input id="new_password" name="new_password" type="password" class="form-control" required autofocus>
        </div>
    </div>
    <div class="form-group row">
        <label for="password_confirm" class="col-md-2 col-form-label">{{ __('Confirm password') }}</label>

        <div class="col-md-6">
            <input id="password_confirm" name="password_confirm" type="password" class="form-control" required
                   autofocus>
        </div>
    </div>
    <div class="form-group login-row row mb-0">
        <div class="col-md-8 offset-md-2">
            <button type="submit" class="btn btn-primary">
                {{ __('Submit') }}
            </button>
        </div>
    </div>
</form>

当“当前密码”错误时，结果应该至少在控制台中返回 422/错误消息，而不仅仅是重定向回视图，当密码正确时，然后返回 200/成功消息（尚未实现）到控制台。或查看。

【问题讨论】：

标签： php laravel laravel-5.8

【解决方案1】：

试试这个

public function updatePassword(Request $request){
        if (!(Hash::check($request->get('old_password'), Auth::user()->password))) {
            // The passwords not matches
            //return redirect()->back()->with("error","Your current password does not matches with the password you provided. Please try again.");
            return response()->json(['errors' => ['current'=> ['Current password does not match']]], 422);
        }
        //uncomment this if you need to validate that the new password is same as old one

        if(strcmp($request->get('old_password'), $request->get('new_password')) == 0){
            //Current password and new password are same
            //return redirect()->back()->with("error","New Password cannot be same as your current password. Please choose a different password.");
            return response()->json(['errors' => ['current'=> ['New Password cannot be same as your current password']]], 422);
        }
        $validatedData = $request->validate([
            'old_password' => 'required',
            'new_password' => 'required|string|min:6|confirmed',
        ]);
        //Change Password
        $user = Auth::user();
        $user->password = Hash::make($request->get('new_password'));
        $user->save();
        return $user;
    }

【讨论】：

试过了，条件很好，但是当在 old_password 输入中输入正确的密码并且新密码与新密码匹配时，我再次得到 302 重定向并且密码仍然相同。
我的错，现在一切正常。需要正确处理错误。谢谢你的sn-p！

【解决方案2】：

Laravel 5.8

在控制器中包含这个函数：

public function updatePassword(Request $request)
{
    $request->validate([
        'password' => 'required',
        'new_password' => 'required|string|confirmed|min:6|different:password'          
    ]);

    if (Hash::check($request->password, Auth::user()->password) == false)
    {
        return response(['message' => 'Unauthorized'], 401);  
    } 

    $user = Auth::user();
    $user->password = Hash::make($request->new_password);
    $user->save();

    return response([
        'message' => 'Your password has been updated successfully.'
    ]);
}

不要忘记也将new_password_confirmation 作为参数发送，因为例如，当我们使用new_password 的验证规则confirmed 时，Laravel 会自动查找名为new_password_confirmation 的参数以比较两个字段.

【讨论】：

这个答案对我帮助很大......但我将return response(['message' => 'Unauthorized'], 401); 更改为throw ValidationException::withMessages(['password' => 'Unauthorized']); 因为我需要向用户显示当前密码错误，以及其他返回响应以重定向成功消息.

【解决方案3】：

您在此处验证请求字段 old_password、new_password 和 password_confirm：

$this->validate($request, [
    'old_password' => 'required',
    'new_password' => 'required|confirmed',
    'password_confirm' => 'required'
]);

但是您使用请求字段 current 和 password 来验证当前密码并设置新密码：

if (!Hash::check($request->current, $user->password)) {
// ...
$user->password = Hash::make($request->password);

验证字段和使用字段应该相同。

【讨论】：