How I can get email from password_resets tabled based on token? Because I need remove email field from reset password view.
I tried DB::table() but its still returns empty items array.
What I'm doing wrong?
you can not select email using token. Because token is stored with Hashing, and every hash string generated from same token is different.
Laravel decrypt token by select it using email and then compare it with the plain token like this
if (Hash::check('plain_token', $hashed_token))
{
}
you can not do vice-versa.
hope, now you have clear the concept of reset password.
you can delete entries manually from database.
Related
I have a field email in my users table that is encrypted (with Crypt::encryptString method).
I need to retrieve user by email, so I can use this for example: $user = User::where('email', $email)->first(). But I need to find an encrypted mail. I'd like to decrypt the value while doing the where condition. I don't know if it's possible.
I am developing a Laravel application. Now, I am trying to customise the password reset feature. I am trying to get the user by password reset token. I looked at the underlying database schema. There is a table called, password_resets. It has email, token and created_at columns. I can get the email of the user by token from that table. The thing is since there is no model created for that table, I will have to write the SQL query manually like this.
DB::select('SELECT * FROM password_resets WHERE token=?', [ $token ])
or the query builder
DB::table('password_resets')->where('token',$token)->first();
But I am trying to avoid using manual query. Is there a way to get the user by password reset token without writing manual SQL query?
DB::table('password_resets')->where('token',$token)->first();
I would like to ask about logging in to Laravel but in a different way:
User information including the password but not the email will be stored in users table, while email_address will be stored in a email_addresses table with a boolean field called is_default.
So the user can have several emails, but he can log in with only one email that has the is_default is true. and he could change his default email through his profile.
So, how can I make the login process through the Auth::login() facade.
I was able to register the user by storing the information in a users table and store his email_address and is_default = true in the email_addresses table.
It can be a little tricky. Auth::login() just needs to fetch email and password, so if you can trick the model into thinking it has an email field accessible via $user->email, things will work out:
public function getEmailAttribute()
{
return DB::table('email_addresses')->whhere('default', 1)->where('user_id', $this->id)->first()->toArray()['email'];
}
I am working on a user registration form in laravel 5. I wish to know is it possible to use laravel's form request validation to check if the two passwords submitted by the user are thesame. Is it possible to do that with using requests?
Yes, it's possible.
There is an validator called confirmed.
confirmed
The field under validation must have a matching field of
foo_confirmation. For example, if the field under validation is
password, a matching password_confirmation field must be present in
the input.
https://laravel.com/docs/5.2/validation#rule-confirmed
I would like to make an auth page to my website with only a Key field.
Example : I give an Key like 'A5DP7123OAC' to my customer for the login.
And if the code is correct he can access to his panel. Actually I just create a Cookie :
withCookie(cookie()->forever('access', 'true'));
But it's not a good way I think.
Do you have solution to Auth an user only with a Key ?
Thank's
You could pass your key to the session and then check to see if the key the user provides matches the key in the session. If so you can log the user in manually using one of the methods found here: https://laravel.com/docs/5.2/authentication#other-authentication-methods
If you don't want to use the session, you could also create a DB table and store your keys there optionally giving them expirations so that the keys are only valid for a period of time. You could also make it so that keys are only valid for one IP address. Plenty of options.