Scroll to top

SECURE LOGIN SYSTEM – PHP(LARAVEL) – 4

So we are back now. As promised in Secure Login System – PHP(Laravel) -3 we will start with forgot password. Before we start make sure your mail settings are correct, go to app/config/mail.php and change following fields if not yet changed.

'host'=> 'your host here',
'username'=> 'username/email',
'password'=> 'password',

Do you remember we are done with forgotpassword view and routes so now we will start with storeForgotpassword() method. Our storeForgotPassword() is below

public function storeForgotpassword() {
        if (Input::has('email')) {
  
            $email = Input::get('email');
  
            try {
                // Find the user using the user email address
                $user = Sentry::findUserByLogin($email);
  
                // Get the password reset code
                $resetCode = $user -> getResetPasswordCode();
  
                Mail::send("emails.resetpassword", array("email" => $email, "resetCode" => $resetCode), function($message) use ($email, $resetCode) {
                    $message -> to($email) -> subject('Follow the link to reset your password');
                });
  
                Session::flash('success_msg', 'We have sent a link to your email account please follow that to reset your password');
                return Redirect::to('/forgotpassword');
  
                // Now you can send this code to your user via email for example.
            } catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
                Session::flash('error_msg', 'User not found');
                return Redirect::to('/forgotpassword');
            }
        } else {
            Session::flash('error_msg', 'User not found');
            return Redirect::to('/forgotpassword');
        }
  
    }

That was an easy job but we forgot to write our email template for forgotpassword our email template is below

/views/emails/resetpassword.blade.php

<!DOCTYPE html>
<html lang="en-US">
    <head>
        <meta charset="utf-8">
    </head>
    <body>
        <h2>Password reset</h2>
  
        <div>
            You have requested to reset your password . Follow the link below to change your password
            <br/>
            <a href="{{ URL::to('newpassword') }}?email={{$email}}&resetcode={{$resetCode}}">
                {{ URL::to('newpassword') }}?email={{$email}}&resetcode={{$resetCode}}
            </a>
        </div>
    </body>
</html>

In the above code, we are created a URL to route newpassword with email and reset code. Now when the user clicks on this URL we have to take him to newpassword view but before showing newpassword view validate the reset code and check if email and reset code is present or not. our showNewPassword() method is below

public function showNewPassword() {
        if (Input::has('email') && Input::has('resetcode')) {
  
            try {
                // Find the user using the user id
                $user = Sentry::findUserByLogin(Input::get('email'));
  
                // Check if the reset password code is valid
                if ($user -> checkResetPasswordCode(Input::get('resetcode'))) {
                    return View::make('newpassword');
  
                } else {
                    Session::flash('error_msg', 'Invalid request . Please enter email to reset your password');
                    return Redirect::to('/forgotpassword');
                }
            } catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
                Session::flash('error_msg', 'User not found');
                return Redirect::to('/forgotpassword');
            }
        } else {
            Session::flash('error_msg', 'Invalid request . Please enter email to reset your password');
            return Redirect::to('/forgotpassword');
        }
    }

When the user submits a new password and confirms the password, validate them and change user’s password. We will implement this in storeNewPassword().

public function storeNewPassword() {
        //Validator to check password ,password confirmation
        $input = array('password' => Input::get('password'), 'password_confirmation' => Input::get('password_confirmation'));
  
        $rules = array('password' => 'required|min:4|max:32|confirmed', 'password_confirmation' => 'required|min:4|max:32');
  
        $v = Validator::make($input, $rules);
  
        if ($v -> passes()) {
            if (Input::has('email') && Input::has('resetcode')) {
  
                try {
                    // Find the user using the user id
                    $user = Sentry::findUserByLogin(Input::get('email'));
  
                    // Check if the reset password code is valid
                    if ($user -> checkResetPasswordCode(Input::get('resetcode'))) {
                        // Attempt to reset the user password
                        if ($user -> attemptResetPassword(Input::get('resetcode'), Input::get('password'))) {
                            Session::flash('success_msg', 'Password changed successfully . Please login below');
                            return Redirect::to('/login');
                        } else {
                            Session::flash('error_msg', 'Unable to reset password . Please try again');
                            return Redirect::to('/forgotpassword');
                        }
                    } else {
                        Session::flash('error_msg', 'Unable to reset password . Please try again');
                        return Redirect::to('/forgotpassword');
                    }
                } catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
                    Session::flash('error_msg', 'User not found');
                    return Redirect::to('/forgotpassword');
                }
            } else {
                Session::flash('error_msg', 'Invalid request . Please enter email to reset your password');
                return Redirect::to('/forgotpassword');
            }
        } else {
            return Redirect::to('/newpassword?email=' . Input::get('email') . '&resetcode=' . Input::get('resetcode')) -> withErrors($v) -> withInput();
        }
    }

We are done with forgotpassword and newpassword . In this series, we have developed a secure authentication system for our user’s providing them Login Module, Registration, Reset Password through email, New Password.

Thanks
KodeInfo

Author avatar

admin

http://www.kodeinfo.com
Imran is a web developer and consultant from India. He is the founder of KodeInfo, the PHP and Laravel Community . In the meantime he follows other projects, works as a freelance backend consultant for PHP applications and studies IT Engineering . He loves to learn new things, not only about PHP or development but everything.

Post a Comment

Your email address will not be published. Required fields are marked *