How to change Password column Field for Laravel 5.2 password reset - laravel

I have a project being developed in laravel 5.2, I currently am having troubles with the password reset to work. At the moment I have it looking for the correct email field and to let the user request a password reset email with link to reset it, then after the user clicks the link in the email the user will be presented with the form to change their password. When they submit their new password they are presented with this error:
QueryException in Connection.php line 729:
SQLSTATE[42S22]: Column not found: 1054 Unknown column 'password_confirmation' in 'where clause' (SQL: select * from all_user where user_email = and password_confirmation = 123456 limit 1)
I dont know why its checking in the sql statement for a field called password_confirmation. This error is getting caused by trying to get the user so it can perform the password reset. This is in the PasswordBroker.php file and the getUser function. More specifically the line $user = $this->users->retrieveByCredentials($credentials);
My current code I modified so far:
namespace Illuminate\Foundation\Auth;
use Illuminate\Support\Str;
use Illuminate\Http\Request;
use Illuminate\Mail\Message;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Password;
trait ResetsPasswords
use RedirectsUsers;
* Get the name of the guest middleware.
* #return string
protected function guestMiddleware()
$guard = $this->getGuard();
return $guard ? 'guest:'.$guard : 'guest';
* Display the form to request a password reset link.
* #return \Illuminate\Http\Response
public function getEmail()
return $this->showLinkRequestForm();
* Display the form to request a password reset link.
* #return \Illuminate\Http\Response
public function showLinkRequestForm()
if (property_exists($this, 'linkRequestView')) {
return view($this->linkRequestView);
if (view()->exists('')) {
return view('');
return view('auth.password');
* Send a reset link to the given user.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\Response
public function postEmail(Request $request)
return $this->sendResetLinkEmail($request);
* Send a reset link to the given user.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\Response
public function sendResetLinkEmail(Request $request)
$request['user_email'] = $request['email'];
$broker = $this->getBroker();
$response = Password::broker($broker)->sendResetLink(
return dd($request);
switch ($response) {
case Password::RESET_LINK_SENT:
return $this->getSendResetLinkEmailSuccessResponse($response);
case Password::INVALID_USER:
return $this->getSendResetLinkEmailFailureResponse($response);
* Validate the request of sending reset link.
* #param \Illuminate\Http\Request $request
* #return void
protected function validateSendResetLinkEmail(Request $request)
$this->validate($request, ['email' => 'required|email']);
* Get the needed credentials for sending the reset link.
* #param \Illuminate\Http\Request $request
* #return array
protected function getSendResetLinkEmailCredentials(Request $request)
return $request->only('user_email');
* Get the Closure which is used to build the password reset email message.
* #return \Closure
protected function resetEmailBuilder()
return function (Message $message) {
* Get the e-mail subject line to be used for the reset link email.
* #return string
protected function getEmailSubject()
return property_exists($this, 'subject') ? $this->subject : 'Your Password Reset Link';
* Get the response for after the reset link has been successfully sent.
* #param string $response
* #return \Symfony\Component\HttpFoundation\Response
protected function getSendResetLinkEmailSuccessResponse($response)
return redirect()->back()->with('status', trans($response));
* Get the response for after the reset link could not be sent.
* #param string $response
* #return \Symfony\Component\HttpFoundation\Response
protected function getSendResetLinkEmailFailureResponse($response)
return redirect()->back()->withErrors(['email' => trans($response)]);
* Display the password reset view for the given token.
* If no token is present, display the link request form.
* #param \Illuminate\Http\Request $request
* #param string|null $token
* #return \Illuminate\Http\Response
public function getReset(Request $request, $token = null)
return $this->showResetForm($request, $token);
* Display the password reset view for the given token.
* If no token is present, display the link request form.
* #param \Illuminate\Http\Request $request
* #param string|null $token
* #return \Illuminate\Http\Response
public function showResetForm(Request $request, $token = null)
if (is_null($token)) {
return $this->getEmail();
$email = $request->input('email');
if (property_exists($this, 'resetView')) {
return view($this->resetView)->with(compact('token', 'email'));
if (view()->exists('auth.passwords.reset')) {
return view('auth.passwords.reset')->with(compact('token', 'email'));
return view('auth.reset')->with(compact('token', 'email'));
* Reset the given user's password.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\Response
public function postReset(Request $request)
return $this->reset($request);
* Reset the given user's password.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\Response
public function reset(Request $request)
$request['user_email'] = $request['email'];
$request['user_password'] = $request['password'];
$credentials = $this->getResetCredentials($request);
$broker = $this->getBroker();
//return dd($credentials);
$response = Password::broker($broker)->reset($credentials, function ($user, $password) {
return dd($password);
$this->resetPassword($user, $password);
//return dd($request);
switch ($response) {
case Password::PASSWORD_RESET:
return $this->getResetSuccessResponse($response);
return $this->getResetFailureResponse($request, $response);
* Get the password reset validation rules.
* #return array
protected function getResetValidationRules()
return [
'token' => 'required',
'email' => 'required|email',
'password' => 'required|confirmed|min:6',
* Get the password reset validation messages.
* #return array
protected function getResetValidationMessages()
return [];
* Get the password reset validation custom attributes.
* #return array
protected function getResetValidationCustomAttributes()
return [];
* Get the password reset credentials from the request.
* #param \Illuminate\Http\Request $request
* #return array
protected function getResetCredentials(Request $request)
return $request->only(
'user_email', 'user_password', 'password_confirmation', 'token'
* Reset the given user's password.
* #param \Illuminate\Contracts\Auth\CanResetPassword $user
* #param string $password
* #return void
protected function resetPassword($user, $password)
'user_password' => bcrypt($password),
'remember_token' => Str::random(60),
* Get the response for after a successful password reset.
* #param string $response
* #return \Symfony\Component\HttpFoundation\Response
protected function getResetSuccessResponse($response)
return redirect($this->redirectPath())->with('status', trans($response));
* Get the response for after a failing password reset.
* #param Request $request
* #param string $response
* #return \Symfony\Component\HttpFoundation\Response
protected function getResetFailureResponse(Request $request, $response)
return redirect()->back()
->withErrors(['email' => trans($response)]);
* Get the broker to be used during password reset.
* #return string|null
public function getBroker()
return property_exists($this, 'broker') ? $this->broker : null;
* Get the guard to be used during password reset.
* #return string|null
protected function getGuard()
return property_exists($this, 'guard') ? $this->guard : null;
namespace Illuminate\Auth\Passwords;
trait CanResetPassword
* Get the e-mail address where password reset links are sent.
* #return string
public function getEmailForPasswordReset()
return $this->user_email;
namespace Illuminate\Auth\Passwords;
use Closure;
use Illuminate\Support\Arr;
use UnexpectedValueException;
use Illuminate\Contracts\Auth\UserProvider;
use Illuminate\Contracts\Mail\Mailer as MailerContract;
use Illuminate\Contracts\Auth\PasswordBroker as PasswordBrokerContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
class PasswordBroker implements PasswordBrokerContract
* The password token repository.
* #var \Illuminate\Auth\Passwords\TokenRepositoryInterface
protected $tokens;
* The user provider implementation.
* #var \Illuminate\Contracts\Auth\UserProvider
protected $users;
* The mailer instance.
* #var \Illuminate\Contracts\Mail\Mailer
protected $mailer;
* The view of the password reset link e-mail.
* #var string
protected $emailView;
* The custom password validator callback.
* #var \Closure
protected $passwordValidator;
* Create a new password broker instance.
* #param \Illuminate\Auth\Passwords\TokenRepositoryInterface $tokens
* #param \Illuminate\Contracts\Auth\UserProvider $users
* #param \Illuminate\Contracts\Mail\Mailer $mailer
* #param string $emailView
* #return void
public function __construct(TokenRepositoryInterface $tokens,
UserProvider $users,
MailerContract $mailer,
$this->users = $users;
$this->mailer = $mailer;
$this->tokens = $tokens;
$this->emailView = $emailView;
* Send a password reset link to a user.
* #param array $credentials
* #param \Closure|null $callback
* #return string
public function sendResetLink(array $credentials, Closure $callback = null)
// First we will check to see if we found a user at the given credentials and
// if we did not we will redirect back to this current URI with a piece of
// "flash" data in the session to indicate to the developers the errors.
$user = $this->getUser($credentials);
if (is_null($user)) {
return static::INVALID_USER;
// Once we have the reset token, we are ready to send the message out to this
// user with a link to reset their password. We will then redirect back to
// the current URI having nothing set in the session to indicate errors.
//return dd($credentials);
$token = $this->tokens->create($user);
$this->emailResetLink($user, $token, $callback);
return static::RESET_LINK_SENT;
* Send the password reset link via e-mail.
* #param \Illuminate\Contracts\Auth\CanResetPassword $user
* #param string $token
* #param \Closure|null $callback
* #return int
public function emailResetLink(CanResetPasswordContract $user, $token, Closure $callback = null)
// We will use the reminder view that was given to the broker to display the
// password reminder e-mail. We'll pass a "token" variable into the views
// so that it may be displayed for an user to click for password reset.
$view = $this->emailView;
return $this->mailer->send($view, compact('token', 'user'), function ($m) use ($user, $token, $callback) {
if (! is_null($callback)) {
call_user_func($callback, $m, $user, $token);
* Reset the password for the given token.
* #param array $credentials
* #param \Closure $callback
* #return mixed
public function reset(array $credentials, Closure $callback)
// If the responses from the validate method is not a user instance, we will
// assume that it is a redirect and simply return it from this method and
// the user is properly redirected having an error message on the post.
//return dd($credentials);
$user = $this->validateReset($credentials);
if (! $user instanceof CanResetPasswordContract) {
return $user;
$pass = $credentials['user_password'];
// Once we have called this callback, we will remove this token row from the
// table and return the response from this callback so the user gets sent
// to the destination given by the developers from the callback return.
call_user_func($callback, $user, $pass);
return static::PASSWORD_RESET;
* Validate a password reset for the given credentials.
* #param array $credentials
* #return \Illuminate\Contracts\Auth\CanResetPassword
protected function validateReset(array $credentials)
if (is_null($user = $this->getUser($credentials))) {
return static::INVALID_USER;
if (! $this->validateNewPassword($credentials)) {
return static::INVALID_PASSWORD;
if (! $this->tokens->exists($user, $credentials['token'])) {
return static::INVALID_TOKEN;
return $user;
* Set a custom password validator.
* #param \Closure $callback
* #return void
public function validator(Closure $callback)
$this->passwordValidator = $callback;
* Determine if the passwords match for the request.
* #param array $credentials
* #return bool
public function validateNewPassword(array $credentials)
list($password, $confirm) = [
if (isset($this->passwordValidator)) {
return call_user_func(
$this->passwordValidator, $credentials) && $password === $confirm;
return $this->validatePasswordWithDefaults($credentials);
* Determine if the passwords are valid for the request.
* #param array $credentials
* #return bool
protected function validatePasswordWithDefaults(array $credentials)
list($password, $confirm) = [
return $password === $confirm && mb_strlen($password) >= 6;
* Get the user for the given credentials.
* #param array $credentials
* #return \Illuminate\Contracts\Auth\CanResetPassword
* #throws \UnexpectedValueException
public function getUser(array $credentials)
$credentials = Arr::except($credentials, ['token']);
//$credentials = Arr::except($credentials, ['password_confirmation']);
//return dd($credentials);
$user = $this->users->retrieveByCredentials($credentials);
//return dd($credentials);
//$credentials = $credentials['password_confirmation'];
if ($user && ! $user instanceof CanResetPasswordContract) {
throw new UnexpectedValueException('User must implement CanResetPassword interface.');
return $user;
* Create a new password reset token for the given user.
* #param CanResetPasswordContract $user
* #return string
public function createToken(CanResetPasswordContract $user)
return $this->tokens->create($user);
* Delete the given password reset token.
* #param string $token
* #return void
public function deleteToken($token)
* Validate the given password reset token.
* #param CanResetPasswordContract $user
* #param string $token
* #return bool
public function tokenExists(CanResetPasswordContract $user, $token)
return $this->tokens->exists($user, $token);
* Get the password reset token repository implementation.
* #return \Illuminate\Auth\Passwords\TokenRepositoryInterface
public function getRepository()
return $this->tokens;


Extending and customizing Laravel Reset Password Logic

Does anybody know how to customize ResetPassword logic in Laravel. I want to use custom field 'phone' vs 'email'. Small workaround with create_passwords_resets migration and done
public function up()
Schema::create('password_resets', function (Blueprint $table) {
But i've started to get exceptions on absent field 'email' users tables simply doesn't have it all.
I'm just trying to use Password::Facade like
$status = Password::sendResetLink($request->only('phone'));
Why in such customizable platform hard-coded things like DatabaseTokenRepository even exist?
public function exists(CanResetPasswordContract $user, $token)
$record = (array) $this->getTable()->where(
'email', $user->getEmailForPasswordReset()
return $record &&
! $this->tokenExpired($record['created_at']) &&
$this->hasher->check($token, $record['token']);
How can i override it?
If i try to implement one of the answers on Stack doing this:
namespace App\Auth;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
use Illuminate\Auth\Passwords\DatabaseTokenRepository as DatabaseTokenRepositoryBase;
use Illuminate\Support\Carbon;
class DatabaseTokenRepository extends DatabaseTokenRepositoryBase
public function create(CanResetPasswordContract $user)
$email = $user->getEmailForPasswordReset();
$mobile = $user->getMobileForPasswordReset();
$token = $this->createNewToken();
$this->getTable()->insert($this->getPayload($email, $mobile, $token));
return $token;
protected function deleteExisting(CanResetPasswordContract $user)
return $this->getTable()
->where("email", $user->getEmailForPasswordReset())
->orWhere("mobile", $user->getMobileForPasswordReset())
protected function getPayload($email, $mobile, $token): array
return [
"email" => $email,
"mobile" => $mobile,
"token" => $this->hasher->make($token),
"created_at" => new Carbon(),
public function exists(CanResetPasswordContract $user, $token)
$record = (array)$this->getTable()
->where("email", $user->getEmailForPasswordReset())
->orWhere("mobile", $user->getMobileForPasswordReset())
return $record &&
! $this->tokenExpired($record["created_at"]) &&
$this->hasher->check($token, $record["token"]);
It throws exception like:
"Declaration of App\Auth\DatabaseTokenRepository::getPayload($email, $mobile, $token) must be compatible with Illuminate\Auth\Passwords\DatabaseTokenRepository::getPayload($email, $token)"
Valid workaround is original #miken32 answer on Password reset in Laravel 5.5 by email or mobile
But with complete re-implementation of DatabaseTokenRepository class, like:
namespace App\Auth;
use Carbon\Traits\Creator;
use Illuminate\Auth\Passwords\TokenRepositoryInterface;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
use Illuminate\Contracts\Hashing\Hasher as HasherContract;
use Illuminate\Database\ConnectionInterface;
use Illuminate\Support\Carbon;
use Illuminate\Support\Str;
class DatabaseTokenRepository implements TokenRepositoryInterface
* The database connection instance.
* #var \Illuminate\Database\ConnectionInterface
protected $connection;
* The Hasher implementation.
* #var \Illuminate\Contracts\Hashing\Hasher
protected $hasher;
* The token database table.
* #var string
protected $table;
* The hashing key.
* #var string
protected $hashKey;
* The number of seconds a token should last.
* #var int
protected $expires;
* Minimum number of seconds before re-redefining the token.
* #var int
protected $throttle;
* Create a new token repository instance.
* #param \Illuminate\Database\ConnectionInterface $connection
* #param \Illuminate\Contracts\Hashing\Hasher $hasher
* #param string $table
* #param string $hashKey
* #param int $expires
* #param int $throttle
* #return void
public function __construct(ConnectionInterface $connection, HasherContract $hasher,
$table, $hashKey, $expires = 60,
$throttle = 60)
$this->table = $table;
$this->hasher = $hasher;
$this->hashKey = $hashKey;
$this->expires = $expires * 60;
$this->connection = $connection;
$this->throttle = $throttle;
* Determine if the token has expired.
* #param string $createdAt
* #return bool
protected function tokenExpired($createdAt)
return Carbon::parse($createdAt)->addSeconds($this->expires)->isPast();
* Determine if the given user recently created a password reset token.
* #param \Illuminate\Contracts\Auth\CanResetPassword $user
* #return bool
public function recentlyCreatedToken(CanResetPasswordContract $user)
$record = (array) $this->getTable()->where(
'phone', $user->getPhoneForPasswordReset()
return $record && $this->tokenRecentlyCreated($record['created_at']);
* Determine if the token was recently created.
* #param string $createdAt
* #return bool
protected function tokenRecentlyCreated($createdAt)
if ($this->throttle <= 0) {
return false;
return Carbon::parse($createdAt)->addSeconds(
* Delete a token record by user.
* #param \Illuminate\Contracts\Auth\CanResetPassword $user
* #return void
public function delete(CanResetPasswordContract $user)
* Delete expired tokens.
* #return void
public function deleteExpired()
$expiredAt = Carbon::now()->subSeconds($this->expires);
$this->getTable()->where('created_at', '<', $expiredAt)->delete();
* Create a new token for the user.implements TokenRepositoryInterface
* #return string
public function createNewToken()
return hash_hmac('sha256', Str::random(40), $this->hashKey);
* Get the database connection instance.
* #return \Illuminate\Database\ConnectionInterface
public function getConnection()
return $this->connection;
* Begin a new database query against the table.
* #return \Illuminate\Database\Query\Builder
protected function getTable()
return $this->connection->table($this->table);
* Get the hasher instance.
* #return \Illuminate\Contracts\Hashing\Hasher
public function getHasher()
return $this->hasher;
public function create(CanResetPasswordContract $user)
$mobile = $user->getPhoneForPasswordReset();
$token = $this->createNewToken();
$this->getTable()->insert($this->getPayload($mobile, $token));
return $token;
protected function deleteExisting(CanResetPasswordContract $user)
return $this->getTable()
->where('phone', $user->getPhoneForPasswordReset())
protected function getPayload($mobile, $token)
return ['phone' => $mobile, 'token' => $this->hasher->make($token), 'created_at' => new Carbon];
public function exists(CanResetPasswordContract $user, $token)
$record = (array) $this->getTable()
->where('phone', $user->getPhoneForPasswordReset())
return $record &&
! $this->tokenExpired($record['created_at']) &&
$this->hasher->check($token, $record['token']);

Laravel - How to Add Custom field in FORGOT PASSWORD

I am trying to add one more field to forgot password which is STAFF ID & EMAIL. If STAFF ID and EMAIL is correct then the system should send reset password link.
It seems laravel default only allow email for forgot password. Is there anyways to add STAFF ID and verify both field before send email?
namespace Illuminate\Foundation\Auth;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;
trait SendsPasswordResetEmails
* Display the form to request a password reset link.
* #return \Illuminate\Http\Response
public function showLinkRequestForm()
return view('');
* Send a reset link to the given user.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
public function sendResetLinkEmail(Request $request)
// We will send the password reset link to this user. Once we have attempted
// to send the link, we will examine the response then see the message we
// need to show to the user. Finally, we'll send out a proper response.
$response = $this->broker()->sendResetLink(
return $response == Password::RESET_LINK_SENT
? $this->sendResetLinkResponse($request, $response)
: $this->sendResetLinkFailedResponse($request, $response);
* Validate the email for the given request.
* #param \Illuminate\Http\Request $request
* #return void
protected function validateEmail(Request $request)
$request->validate(['email' => 'required|email']);
* Get the needed authentication credentials from the request.
* #param \Illuminate\Http\Request $request
* #return array
protected function credentials(Request $request)
return $request->only('email');
* Get the response for a successful password reset link.
* #param \Illuminate\Http\Request $request
* #param string $response
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
protected function sendResetLinkResponse(Request $request, $response)
return back()->with('status', trans($response));
* Get the response for a failed password reset link.
* #param \Illuminate\Http\Request $request
* #param string $response
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
protected function sendResetLinkFailedResponse(Request $request, $response)
return back()
->withErrors(['email' => trans($response)]);
* Get the broker to be used during password reset.
* #return \Illuminate\Contracts\Auth\PasswordBroker
public function broker()
return Password::broker();
The proper way to do this is to override the PasswordBroker and DatabaseTokenRepository which is actually a lot of work for something that could have been achieved with a little modification to the canResetPasswordContract. The current implementation assumes resetting a password is all about the user and undermines the importance of getting the request information such as the ip address; and there's also the issue of efficient table indexing.
Nevertheless, I came up with a possible replacement of the shipped ForgotPasswordController that should be sufficient for most use cases to change the payload associated with reset password if you would like to use a different table structure without overriding everything.
Keep in mind that
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
use Illuminate\Support\Facades\Password;
use Illuminate\Support\Str;
use Illuminate\Contracts\Auth\PasswordBroker;
use Illuminate\Http\Request;
use Carbon\Carbon;
use App\Models\PasswordReset;
use App\Models\User;
class ForgotPasswordController extends Controller
| Password Reset Controller
| This controller is responsible for handling password reset emails and
| includes a trait which assists in sending these notifications from
| your application to your users. Feel free to explore this trait.
use SendsPasswordResetEmails;
//in minutes
protected $throttle = 60;
* Send a reset link to the given user.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
public function sendResetLinkEmail(Request $request)
// We will send the password reset link to this user. Once we have attempted
// to send the link, we will examine the response then see the message we
// need to show to the user. Finally, we'll send out a proper response.
$user = User::where($this->credentials($request))->first();
if (is_null($user)) {
return $this->sendResetLinkFailedResponse($request, PasswordBroker::INVALID_USER);
$reset = PasswordReset::where(
'email', $user->getEmailForPasswordReset()
if ($reset && $this->tokenRecentlyCreated($reset)) {
return $this->sendResetLinkFailedResponse($request, PasswordBroker::RESET_THROTTLED);
$token = $this->createToken($request, $user, $reset);
//keep in mind that saved token is hashed version of this
return $this->sendResetLinkResponse($request, Password::RESET_LINK_SENT);
* Create a ne password reset token
* #param \Illuminate\Http\Request $request
* #param Model $user
* #param Model $reset
public function createToken($request, $user, $reset)
$email = $user->getEmailForPasswordReset();
if ($reset) {
// We will create a new, random token for the user so that we can e-mail them
// a safe link to the password reset form. Then we will insert a record in
// the database so that we can verify the token within the actual reset.
$token = $this->createNewToken();
'user_id' => $user->id,
'email' => $email,
'token' => bcrypt($token),
'created_at' => now(),
'ip_address' => $request->ip()
return $token;
* Create a new token for the user.
* #return string
public function createNewToken()
return hash_hmac('sha256', Str::random(40), $this->getHashKey());
* Replicate hash key used by DatabaseTokenRepository
public function getHashKey()
$key = config('app.key');
if (Str::startsWith($key, 'base64:')) {
$key = base64_decode(substr($key, 7));
return $key;
* Determine if the token was recently created.
* #param Model $token
* #return bool
protected function tokenRecentlyCreated($token)
if ($this->throttle <= 0) {
return false;
return Carbon::parse($token->created_at)->addSeconds(
Finally manage to add staff ID in credentials :)
namespace Illuminate\Foundation\Auth;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;
trait SendsPasswordResetEmails
* Display the form to request a password reset link.
* #return \Illuminate\Http\Response
public function showLinkRequestForm()
return view('');
* Send a reset link to the given user.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
public function sendResetLinkEmail(Request $request)
// We will send the password reset link to this user. Once we have attempted
// to send the link, we will examine the response then see the message we
// need to show to the user. Finally, we'll send out a proper response.
$response = $this->broker()->sendResetLink(
return $response == Password::RESET_LINK_SENT
? $this->sendResetLinkResponse($request, $response)
: $this->sendResetLinkFailedResponse($request, $response);
* Validate the email for the given request.
* #param \Illuminate\Http\Request $request
* #return void
protected function validateEmail(Request $request)
$request->validate(['email' => 'required|email'],['StaffID' => 'required']);
* Get the needed authentication credentials from the request.
* #param \Illuminate\Http\Request $request
* #return array
protected function credentials(Request $request)
return $request->only('email', 'StaffID');
* Get the response for a successful password reset link.
* #param \Illuminate\Http\Request $request
* #param string $response
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
protected function sendResetLinkResponse(Request $request, $response)
return back()->with('status', trans($response));
* Get the response for a failed password reset link.
* #param \Illuminate\Http\Request $request
* #param string $response
* #return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
protected function sendResetLinkFailedResponse(Request $request, $response)
return back()
->withErrors(['email' => 'We cant find a user with that Staff ID and Email']);
* Get the broker to be used during password reset.
* #return \Illuminate\Contracts\Auth\PasswordBroker
public function broker()
return Password::broker();
Thanks :)

How can i add TrimString Middleware in laravel 5.3?

Just came to know that Laravel 5.4 has an awesome feature TrimString, which removes the white spaces from any input. I want this middleware in my 5.3 project, any idea how to do that?
I just copied the middleware from GitHub repo of Laravel but it is not working.
If you want to use this feature in Laravel 5.3.
Add these two classes into your App\Http\Middleware
Updating it's namespace to App\Http\middleware.
namespace App\Http\Middleware;
use Closure;
use Symfony\Component\HttpFoundation\ParameterBag;
class TransformsRequest
* The additional attributes passed to the middleware.
* #var array
protected $attributes = [];
* Handle an incoming request.
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
public function handle($request, Closure $next, ...$attributes)
$this->attributes = $attributes;
return $next($request);
* Clean the request's data.
* #param \Illuminate\Http\Request $request
* #return void
protected function clean($request)
if ($request->isJson()) {
* Clean the data in the parameter bag.
* #param \Symfony\Component\HttpFoundation\ParameterBag $bag
* #return void
protected function cleanParameterBag(ParameterBag $bag)
* Clean the data in the given array.
* #param array $data
* #return array
protected function cleanArray(array $data)
return collect($data)->map(function ($value, $key) {
return $this->cleanValue($key, $value);
* Clean the given value.
* #param string $key
* #param mixed $value
* #return mixed
protected function cleanValue($key, $value)
if (is_array($value)) {
return $this->cleanArray($value);
return $this->transform($key, $value);
* Transform the given value.
* #param string $key
* #param mixed $value
* #return mixed
protected function transform($key, $value)
return $value;
namespace App\Http\Middleware;
class TrimStrings extends TransformsRequest
* The attributes that should not be trimmed.
* #var array
protected $except = [
* Transform the given value.
* #param string $key
* #param mixed $value
* #return mixed
protected function transform($key, $value)
if (in_array($key, $this->except)) {
return $value;
return is_string($value) ? trim($value) : $value;
And add into your App\Http\Kernel.php
protected $middleware = [
To use it just use:
More on it:

Laravel 5 authentication weird behaviour

Before explaining the problem. Let me explain, things i have tried out.I ran the command
php artisan make:auth
it created files like HomeController, a directory auth which had register & login pages. in my application i have a directory Pages. i opened up AuthenticatesUsers trait and changed
return view('auth.login'); to my view return view('Pages.login');
After that: i changed view of showRegistrationForm methods view return view('auth.register'); to return view('Pages.register'); from RegistersUsers.php
Here is UserController
lass UserController extends Controller {
public function __construct() {
//Admin: return view
public function showCommunity() {
$Community = Community::latest()->get();
$Ideas = Idea::latest()->get();
return view('privatePages.communities', compact(array('Community', 'Ideas')));
Routes that were generated by php artisan make:auth
//Auth Controller
'auth' => 'Auth\AuthController',
'password' => 'Auth\PasswordController',
Now coming back to the problem. yesterday morning. When i opened up localhost/auth/register. Registration process was working fine and data was storing in DB. But there was an issue with login view. Neither it was throwing an error on wrong credentials nor logged the user in on correct credentials. Later in the evening. Login view was working and throwing an error even upon entering correct credentials it said Credentials does not match record. But registration process was not working and data was not storing in DB. It really confusing.
Here is AutheticatesUsers File
namespace Illuminate\Foundation\Auth;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Lang;
//use App\Http\Requests\UserRequest;
trait AuthenticatesUsers
use RedirectsUsers;
* Show the application login form.
* #return \Illuminate\Http\Response
public function getLogin()
return $this->showLoginForm();
* Show the application login form.
* #return \Illuminate\Http\Response
public function showLoginForm()
$view = property_exists($this, 'loginView')
? $this->loginView : 'auth.authenticate';
if (view()->exists($view)) {
return view($view);
return view('Pages.login');
* Handle a login request to the application.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\Response
public function postLogin(Request $request)
return $this->login($request);
* Handle a login request to the application.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\Response
public function login(Request $request)
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
$throttles = $this->isUsingThrottlesLoginsTrait();
if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
return $this->sendLockoutResponse($request);
$credentials = $this->getCredentials($request);
if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
return $this->handleUserWasAuthenticated($request, $throttles);
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
if ($throttles && ! $lockedOut) {
return $this->sendFailedLoginResponse($request);
* Validate the user login request.
* #param \Illuminate\Http\Request $request
* #return void
protected function validateLogin(Request $request)
$this->validate($request, [
$this->loginUsername() => 'required', 'password' => 'required',
* Send the response after the user was authenticated.
* #param \Illuminate\Http\Request $request
* #param bool $throttles
* #return \Illuminate\Http\Response
protected function handleUserWasAuthenticated(Request $request, $throttles)
if ($throttles) {
if (method_exists($this, 'authenticated')) {
return $this->authenticated($request, Auth::guard($this->getGuard())->user());
return redirect()->intended($this->redirectPath());
* Get the failed login response instance.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\Response
protected function sendFailedLoginResponse(Request $request)
return redirect()->back()
->withInput($request->only($this->loginUsername(), 'remember'))
$this->loginUsername() => $this->getFailedLoginMessage(),
* Get the failed login message.
* #return string
protected function getFailedLoginMessage()
return Lang::has('auth.failed')
? Lang::get('auth.failed')
: 'These credentials do not match our records.';
* Get the needed authorization credentials from the request.
* #param \Illuminate\Http\Request $request
* #return array
protected function getCredentials(Request $request)
return $request->only($this->loginUsername(), 'password');
* Log the user out of the application.
* #return \Illuminate\Http\Response
public function getLogout()
return $this->logout();
* Log the user out of the application.
* #return \Illuminate\Http\Response
public function logout()
return redirect(property_exists($this, 'redirectAfterLogout') ? $this->redirectAfterLogout : '/');
* Get the guest middleware for the application.
public function guestMiddleware()
$guard = $this->getGuard();
return $guard ? 'guest:'.$guard : 'guest';
* Get the login username to be used by the controller.
* #return string
public function loginUsername()
return property_exists($this, 'username') ? $this->username : 'email';
* Determine if the class is using the ThrottlesLogins trait.
* #return bool
protected function isUsingThrottlesLoginsTrait()
return in_array(
ThrottlesLogins::class, class_uses_recursive(static::class)
* Get the guard to be used during authentication.
* #return string|null
protected function getGuard()
return property_exists($this, 'guard') ? $this->guard : null;
One more thing for registration process. I am not using laravel's Request rather my own created 'UserRequest`. If any other information is needed. i would provide that. Any help would be appreciated.

ErrorException in SessionGuard.php | Getting error when trying to register user while creating new order

I want user to register and also buy a package. To do that I took input for registration details and package details. Now when I'm processing order to save package details in session and register, I get this error : Argument 1 passed to Illuminate\Auth\SessionGuard::login() must be an instance of Illuminate\Contracts\Auth\Authenticatable, instance of Illuminate\View\View given, called in C:\xampp\htdocs\rename\app\Traits\OrderRegister.php on line 63 and defined. I'm using an trait to register user and return back to function when registration is complete.
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use App\Package;
use App\ListingType;
use Illuminate\Support\Facades\Auth;
use App\Order;
use Carbon\Carbon;
use App\Traits\OrderRegister;
class OrderController extends Controller
use OrderRegister;
* Display a listing of the resource.
* #return \Illuminate\Http\Response
public function index($type)
$listingtype = ListingType::where('type', '=', $type)->first();
if ($listingtype) {
$packages = $listingtype->packages()->get();
return view('packages.index', compact('packages'));
* Show the form for creating a new resource.
* #return \Illuminate\Http\Response
public function create($id)
$package = Package::where('id', '=', $id)->first();
if (Auth::check()) {
return view('order.create_loggedin', compact('package'));
else {
return view('order.create_register', compact('package'));
* Process a new order request. Store order values in session.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\Response
public function process(Request $request)
$order = ['package_id' => $request->package_id, 'order_qty' => $request->no_of_listing];
session(['order' => $order]);
if (Auth::guest()) {
return $this->register($request); // need to check session for orders available in OrderRegister trait.
return $this->store($request);
* Store a newly created resource in storage.
* #param \Illuminate\Http\Request $request
* #return \Illuminate\Http\Response
public function store(Request $request)
if($request->session()->has('order')) {
$package = Package::where('id', '=', $request->package_id )->first();
if($request->user() == Auth::user()) {
for( $n=1;$n<=$request->no_of_listing;$n++) {
$order = new Order;
$order->package_id = $request->package_id;
$order->user_id = Auth::user()->id;
$order->expire_at = Carbon::now()->modify('+'.$package->duration_in_months.' months');
return redirect('/');
* Display the specified resource.
* #param int $id
* #return \Illuminate\Http\Response
public function show($id)
* Show the form for editing the specified resource.
* #param int $id
* #return \Illuminate\Http\Response
public function edit($id)
* Update the specified resource in storage.
* #param \Illuminate\Http\Request $request
* #param int $id
* #return \Illuminate\Http\Response
public function update(Request $request, $id)
* Remove the specified resource from storage.
* #param int $id
* #return \Illuminate\Http\Response
public function destroy($id)
trait : OrderRegister.php
namespace App\Traits;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Validator;
trait OrderRegister
use RedirectsUsers;
* Get a validator for an incoming registration request.
* #param array $data
* #return \Illuminate\Contracts\Validation\Validator
protected function validator(array $data)
return Validator::make($data, [
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users',
'username' => 'required|max:255|unique:users',
'password' => 'required|min:6|confirmed',
* Create a new user instance after a valid registration.
* #param array $data
* #return User
protected function create(array $data)
$user = User::create([
'name' => $data['name'],
'email' => $data['email'],
'username' => $data['username'],
'password' => bcrypt($data['password']),
$user->profile()->save(new UserProfile);
return $user;
* Execute the job.
* #return void
public function register(Request $request)
$validator = $this->validator($request->all());
if ($validator->fails()) {
$request, $validator
return $this->store($request);
* Get the guard to be used during registration.
* #return string|null
protected function getGuard()
return property_exists($this, 'guard') ? $this->guard : null;
I could not find any solution for this error so created my own thread for the first time please someone help.
It throws an error because you are trying to login a vue.
in your OrderController.php you are using create method which return a view.
this method will override the create method on your trait.
So you have something like this :
Auth::guard($this->getGuard())->login(/* A view */);
you can at least rename the method on the trait from create to createUser for example.
then you call it from the guard like this :
