我在PassowrdController中重写了postReset方法:
public function postReset(Request $request)
{
$data = Input::all();
$rules = array(
'token' => 'required',
'current_password' => 'required|currentpasscheck',
'password' => 'required|confirmed',
);
$messages = array(
'currentpasscheck' => 'Your old password was incorrect',
);
Validator::extend('currentpasscheck', function ($attribute, $value, $parameters)
{
return Hash::check($value, Auth::user()->getAuthPassword());
});
$validation = Validator::make($data, $rules, $messages);
if ($validation->fails())
{
// Validation has failed.
return Redirect::to('password-reset')
->withErrors($validation)
->withInput();
}
$user = Auth::user();
$user->password = bcrypt($data['password']);
$user->save();
$this->auth->logout();
return Redirect::to('/');
}
路线:
Route::post('/password/reset', 'Auth\PasswordController@postReset');//this can be accessed by auth user
reset.blade.php
@extends('app')
@section('content')
<div class="container-fluid">
<div class="row">
<div class="col-md-8 col-md-offset-2">
<div class="panel panel-default">
<div class="panel-heading">Reset Password</div>
<div class="panel-body">
@if (count($errors) > 0)
<div class="alert alert-danger">
<strong>Whoops!</strong> There were some problems with your input.<br><br>
<ul>
@foreach ($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
<form class="form-horizontal" role="form" method="POST" action="{{ url('/password/reset') }}">
<input type="hidden" name="_token" value="{{ csrf_token() }}">
<input type="hidden" name="token" value="{{ $token }}">
<div class="form-group">
<!-- <label class="col-md-4 control-label">E-Mail Address</label>-->
<label class="col-md-4 control-label">Current Password</label>
<div class="col-md-6">
<input type="password" class="form-control" name="current_password" value="{{ old('current_password') }}">
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label">Password</label>
<div class="col-md-6">
<input type="password" class="form-control" name="password">
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label">Confirm Password</label>
<div class="col-md-6">
<input type="password" class="form-control" name="password_confirmation">
</div>
</div>
<div class="form-group">
<div class="col-md-6 col-md-offset-4">
<button type="submit" class="btn btn-primary">
Reset Password
</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
@endsection
但在提交更改密码表单后,我收到了未经授权的页面。