我想检查用户是否通过 new_password 输入作为当前密码,我想重定向消息:Your current password can't be with new password。我怎样才能检查这个?我想做系统更改密码用户,但我想拒绝旧密码通过。我该怎么办?
if (!(Hash::check($request->old_password, Auth::user()->password))) {
return response()->json(['errors' => ['Your current password can't be with new password']], 400);
}
代码不工作。 我需要将旧密码写入数据库吗?
【问题讨论】:
use Illuminate\Support\Facades\Hash;
$user = User::findOrFail($id);
/*
* Validate all input fields
*/
$this->validate($request, [
'password' => 'required',
'new_password' => 'confirmed|max:8|different:password',
]);
if (Hash::check($request->password, $user->password)) {
$user->fill([
'password' => Hash::make($request->new_password)
])->save();
$request->session()->flash('success', 'Password changed');
return redirect()->route('your.route');
} else {
$request->session()->flash('error', 'Password does not match');
return redirect()->route('your.route');
}
【讨论】:
'password' => Auth::user()->password, 代码放在validate() 函数中。它会抛出一个错误..
$user->fill(['password']) 肯定不行。
Hash::check 作为附加验证规则,这样我们就可以将所有错误消息放在一起,正如Jonson 的回答所建议的那样。Validator::make。这是一个基于两个答案的解决方案:
$user = auth()->user();
$validated = $request->validate([
'current_password' => [
'required',
function ($attribute, $value, $fail) use ($user) {
if (!Hash::check($value, $user->password)) {
$fail('Your password was not updated, since the provided current password does not match.');
}
}
],
'new_password' => [
'required', 'min:6', 'confirmed', 'different:current_password'
]
]);
$user->fill([
'password' => Hash::make($validated['new_password'])
])->save();
$request->session()->flash('notification', 'Your password has been updated successfully.');
return back();
【讨论】:
$validator = Validator::make($request->all(), [
'old_password' => [
'required', function ($attribute, $value, $fail) {
if (!Hash::check($value, Auth::user()->password)) {
$fail('Old Password didn\'t match');
}
},
],
]);
if($validator->fails()) {
return redirect()->back()->withInput()->withErrors($validator);
}
您可能需要在控制器中包含以下库。
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\Hash;
【讨论】:
根据会话密码检查您的旧密码字段并返回错误,然后进行所需的验证。
if (!Hash::check($request['old_password'], Auth::user()->password)) {
return response()->json(['error' => ['The old password does not match our records.'] ]);
}
您还需要在控制器中包含以下库。
use Auth;
use Illuminate\Support\Facades\Hash;
【讨论】:
error 应该返回 errors 以正确处理表单验证。 AND 响应必须是 422。所以我的解决方案是 if (!Hash::check($request['old_password'], $user->password)) { return response()->json(['errors' => ['old_password' => 'The old password does not match our records.']], 422); },其中 $user 已经通过 aAuth 机制获得
对于 Laravel 8 使用可以使用current_password
$this->validate($request, [
'current_password' => ['required','current_password']
]);
https://laravel.com/docs/8.x/validation#rule-current-password
【讨论】:
你可以这样做
if ( Hash::make($request->new_password) == Auth::user()->password) {
return response()->json(['errors' => ['Your current password can't be with new password']], 400);
}
【讨论】: