Laravel 5.5 form confirmed by password

Question

Im making form via LaravelCollective forms in my app. I have email changing form with fields: New e-mail Confirm Email Password

I need to validate user password on this form with user password in database. Can i do it via Validate?

My form:

{{ Form::model($user, ['route' => ['profile.email.update']]) }}
<div class="form-group row">
    <div class="col-md-12">
        <h2>Edytuj email</h2>
        <div class="form-group">
            <label for="edit-page-email">Nowy adres email</label>

            {{Form::text('email',null,['class' => 'form-control', 'id'=>'edit-page-email'])}}
        </div>
        <div class="form-group">
            <label for="edit-page-repemail">Nowy adres email (powtórz)</label>
            {{Form::text('email_confirmation',null,['class' => 'form-control', 'id'=>'edit-page-email'])}}
        </div>
        <div class="form-group">
            <label for="edit-page-pass">Twoje hasło</label>
                {{Form::password('password',['class' => 'form-control', 'id'=>'edit-page-npass'])}}
        </div>
        <div class="col-md-12 text-center">
                {{Form::submit('Zapisz zmiany',['class' => 'btn btn-primary btm-sm']) }}
            <a href="#" class="btn btn-link btn-sm font-red" title="Anuluj">Anuluj</a>
        </div>
    </div>
</div>
{{Form::close()}}

And validation is:

 $request->validate([
            'email' => 'required|confirmed',
            'email_confirmation' => 'required',
            'password' => 'required|confirmed',
        ]);

Any ideas how can i do this?

Answer 1

Not sure when you say I need to validate user password on this form with user password in database

However the password and password confirm validation should look like the following

{{ Form::password('password',['class'=> 'form-control','placeholder'=>'Enter your Password']) }}
{{ Form::password('password_confirmation', ['class' => 'form-control','placeholder'=>'Re-enter your Password']) }}

Now your validation rules should be

'password'   => 'required|confirmed',

Answer 2

No you cannot do this with built in validation rules of Laravel. Beside, you might already know that Laravel store password using bycrypt method. This is not just a plain string comparison operation too.

So, you need to write your own custom validation to check password, or you can just check password and return error if not matched instead of validation.

Note: The confirmed validation rule is to check one password is matched with another password filed or not. This is basically used to match two password form in single form. Not to check associated hashed password with the email in db.

Answer 3

You can compare a string with the user's stored password using this

$pwd = "secret";
$user = User::find(1);
Hash::check($pwd, $user->password); //returns a boolean