KodeInfo | Learning resources for web and mobile development

SECURE LOGIN SYSTEM – PHP(LARAVEL) – 4

September 4th, 2014 22:16:34 by Imran Iqbal Comments(0) - Views(9618)

So we are back now . As promised in Secure Login System – PHP(Laravel) -3 we will start with forgot password .Before we start make sure your mail settings are correct , go to app/config/mail.php and change following fields if not yet changed

 
 

 

 

'host'=> 'your host here',
'username'=> 'username/email',
'password'=> 'password',

Do you remember we are done with forgotpassword view and routes so now we will start with storeForgotpassword() method . Our storeForgotPassword() is below

public function storeForgotpassword() {
        if (Input::has('email')) {
 
            $email = Input::get('email');
 
            try {
                // Find the user using the user email address
                $user = Sentry::findUserByLogin($email);
 
                // Get the password reset code
                $resetCode = $user -> getResetPasswordCode();
 
                Mail::send("emails.resetpassword", array("email" => $email, "resetCode" => $resetCode), function($message) use ($email, $resetCode) {
                    $message -> to($email) -> subject('Follow the link to reset your password');
                });
 
                Session::flash('success_msg', 'We have sent a link to your email account please follow that to reset your password');
                return Redirect::to('/forgotpassword');
 
                // Now you can send this code to your user via email for example.
            } catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
                Session::flash('error_msg', 'User not found');
                return Redirect::to('/forgotpassword');
            }
        } else {
            Session::flash('error_msg', 'User not found');
            return Redirect::to('/forgotpassword');
        }
 
    }

That was a easy job but we forgot to write our email template for forgotpassword our email template is below

/views/emails/resetpassword.blade.php 

<!DOCTYPE html>
<html lang="en-US">
    <head>
        <meta charset="utf-8">
    </head>
    <body>
        <h2>Password reset</h2>
 
        <div>
            You have requested to reset your password . Follow the link below to change your password
            <br/>
            <a href="{{ URL::to('newpassword') }}?email={{$email}}&resetcode={{$resetCode}}">
                {{ URL::to('newpassword') }}?email={{$email}}&resetcode={{$resetCode}}
            </a>
        </div>
    </body>
</html>

In the above code we are created a url to route newpassword with email and resetcode . Now when user clicks on this url we have to take him to newpassword view but before showing newpassword view validate the resetcode and check if email and resetcode is present or not . our showNewPassword() method is below

public function showNewPassword() {
        if (Input::has('email') && Input::has('resetcode')) {
 
            try {
                // Find the user using the user id
                $user = Sentry::findUserByLogin(Input::get('email'));
 
                // Check if the reset password code is valid
                if ($user -> checkResetPasswordCode(Input::get('resetcode'))) {
                    return View::make('newpassword');
 
                } else {
                    Session::flash('error_msg', 'Invalid request . Please enter email to reset your password');
                    return Redirect::to('/forgotpassword');
                }
            } catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
                Session::flash('error_msg', 'User not found');
                return Redirect::to('/forgotpassword');
            }
        } else {
            Session::flash('error_msg', 'Invalid request . Please enter email to reset your password');
            return Redirect::to('/forgotpassword');
        }
    }

When user submit new password and confirm password validate them and change user’s password . We will implement this in storeNewPassword() .

public function storeNewPassword() {
        //Validator to check password ,password confirmation
        $input = array('password' => Input::get('password'), 'password_confirmation' => Input::get('password_confirmation'));
 
        $rules = array('password' => 'required|min:4|max:32|confirmed', 'password_confirmation' => 'required|min:4|max:32');
 
        $v = Validator::make($input, $rules);
 
        if ($v -> passes()) {
            if (Input::has('email') && Input::has('resetcode')) {
 
                try {
                    // Find the user using the user id
                    $user = Sentry::findUserByLogin(Input::get('email'));
 
                    // Check if the reset password code is valid
                    if ($user -> checkResetPasswordCode(Input::get('resetcode'))) {
                        // Attempt to reset the user password
                        if ($user -> attemptResetPassword(Input::get('resetcode'), Input::get('password'))) {
                            Session::flash('success_msg', 'Password changed successfully . Please login below');
                            return Redirect::to('/login');
                        } else {
                            Session::flash('error_msg', 'Unable to reset password . Please try again');
                            return Redirect::to('/forgotpassword');
                        }
                    } else {
                        Session::flash('error_msg', 'Unable to reset password . Please try again');
                        return Redirect::to('/forgotpassword');
                    }
                } catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
                    Session::flash('error_msg', 'User not found');
                    return Redirect::to('/forgotpassword');
                }
            } else {
                Session::flash('error_msg', 'Invalid request . Please enter email to reset your password');
                return Redirect::to('/forgotpassword');
            }
        } else {
            return Redirect::to('/newpassword?email=' . Input::get('email') . '&resetcode=' . Input::get('resetcode')) -> withErrors($v) -> withInput();
        }
    }

We are done with forgotpassword and newpassword . In this series we have developed a secure authentication system for our user’s providing them Login Module , Registration , Reset Password through email , New Password . In the next series we will integrate Login with facebook , twitter , google plus in our existing application

Thanks

KodeInfo

Author

  • Imran Iqbal
    Imran Iqbal

    Imran is a web developer and consultant from India. He is the founder of KodeInfo, the PHP and Laravel Community . In the meantime he follows other projects, works as a freelance backend consultant for PHP applications and studies IT Engineering . He loves to learn new things, not only about PHP or development but everything.

Related

WHY USE A FRAMEWORK OVER PLAIN PHP

WHY USE A FRAMEWORK OVER PLAIN PHP
read more

GETTING STARTED WITH LARAVEL

GETTING STARTED WITH LARAVEL
read more

UNDERSTANDING LARAVEL STRUCTURE

UNDERSTANDING LARAVEL STRUCTURE
read more

UNDERSTANDING LARAVEL ROUTES

UNDERSTANDING LARAVEL ROUTES
read more

comments powered by Disqus