问题
On the password reset form the user supplies current_password, password and password-confirmation. Is there a way to specify in the validation rules that current_password (it's hash value) must match the database value?
Currently I have this:
$rules = array(
'current_password' => 'required',
'password' => 'required|confirmed|min:22'
);
Thank you.
UPDATE
Thanks to @ChrisForrence and @Ben, I came up with the following which works great! Much appreciated. Hope this will help someone else:
Validator::extend('hashmatch', function($attribute, $value, $parameters)
{
return Hash::check($value, Auth::user()->$parameters[0]);
});
$messages = array(
'hashmatch' => 'Your current password must match your account password.'
);
$rules = array(
'current_password' => 'required|hashmatch:password',
'password' => 'required|confirmed|min:4|different:current_password'
);
$validation = Validator::make( Input::all(), $rules, $messages );
回答1:
You can't, bcrypt hashes are unique (they have their own random salt incorporated) so even if you knew the user's plain text password you would't be able do a hash-to-hash comparison.
What you can do is actually check the plain text password against a bcrypt hash by doing Hash::check('plain text password', 'bcrypt hash') on your controller.
来源:https://stackoverflow.com/questions/24830119/laravel-4-2-validation-rules-current-password-must-match-db-value