Blog

How to Check Current Password using Hash Check in Laravel
How to Check Current Password using Hash Check in Laravel

How to Check Current Password using Hash Check in Laravel

In this tutorial, we’ll walk through the process of checking the current password of a user using Laravel’s built-in Hash facade. This is useful when you want to verify a user’s password before allowing them to change it or perform sensitive actions.

Prerequisites

  • Laravel installed on your machine (Laravel 8 or later)
  • Basic knowledge of Laravel
  • A working Laravel project

Step-by-Step Guide

Step 1: Setting Up Your Environment

Ensure you have Laravel installed. If not, you can install it using Composer:

composer create-project --prefer-dist laravel/laravel password-check

Navigate to your project directory:

cd password-check

Step 2: Setting Up Authentication

First, set up authentication in your Laravel project. Run the following command to create the necessary authentication scaffolding:

composer require laravel/ui
php artisan ui vue --auth
npm install && npm run dev
php artisan migrate

This will create the basic authentication routes and views.

Step 3: Creating the Password Check Form

Create a form where users can input their current password for verification. Open the resources/views directory and create a new file called check-password.blade.php:

<!-- resources/views/check-password.blade.php -->

@extends('layouts.app')

@section('content')
<div class="container">
    <div class="row justify-content-center">
        <div class="col-md-8">
            <div class="card">
                <div class="card-header">{{ __('Check Current Password') }}</div>

                <div class="card-body">
                    @if (session('error'))
                        <div class="alert alert-danger" role="alert">
                            {{ session('error') }}
                        </div>
                    @endif

                    <form method="POST" action="{{ route('password.check') }}">
                        @csrf

                        <div class="form-group row">
                            <label for="current_password" class="col-md-4 col-form-label text-md-right">{{ __('Current Password') }}</label>

                            <div class="col-md-6">
                                <input id="current_password" type="password" class="form-control @error('current_password') is-invalid @enderror" name="current_password" required autocomplete="current-password">

                                @error('current_password')
                                    <span class="invalid-feedback" role="alert">
                                        <strong>{{ $message }}</strong>
                                    </span>
                                @enderror
                            </div>
                        </div>

                        <div class="form-group row mb-0">
                            <div class="col-md-6 offset-md-4">
                                <button type="submit" class="btn btn-primary">
                                    {{ __('Check Password') }}
                                </button>
                            </div>
                        </div>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
@endsection

Step 4: Creating the Route

Next, define a route for the password check form in routes/web.php:

// routes/web.php

use App\Http\Controllers\PasswordCheckController;

Route::get('/check-password', function () {
    return view('check-password');
})->middleware('auth');

Route::post('/check-password', [PasswordCheckController::class, 'check'])->name('password.check');

Step 5: Creating the Controller

Create a new controller to handle the password verification logic. Run the following command:

php artisan make:controller PasswordCheckController

Open the newly created controller at app/Http/Controllers/PasswordCheckController.php and add the following code:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;

class PasswordCheckController extends Controller
{
    public function check(Request $request)
    {
        $request->validate([
            'current_password' => 'required',
        ]);

        $currentPassword = $request->input('current_password');
        $user = Auth::user();

        if (Hash::check($currentPassword, $user->password)) {
            return back()->with('success', 'Password is correct');
        } else {
            return back()->with('error', 'Password is incorrect');
        }
    }
}

Step 6: Testing the Functionality

Start your Laravel development server:

php artisan serve

Visit http://localhost:8000/check-password in your browser, log in if prompted, and test the password verification form.

Conclusion

In this tutorial, we covered how to create a simple form to check a user’s current password using Laravel’s Hash facade. This is a common requirement in many applications to ensure users can securely change their passwords or perform sensitive actions.

By following these steps, you now have a basic understanding of how to implement password verification in Laravel. Feel free to customize and expand this example to fit your specific needs.

Tags: ,