Laravel check for old password, when change new password
Stefan Izdrail
Founder & Senior Architect · 2026-06-29
Checking the New Password Against the Current Password
if (!(Hash::check($request->old_password, Auth::user()->password))) {
return response()->json(['errors' => ['Your current password can't be with new password']], 400);
}
As showcased above, you can use the Laravel's built-in Hash::check method to validate the old password against the user's existing password. If they are not equal, you can return a JSON response with an error message and a status code of 400 (Bad Request). This is a straightforward way to enforce your policy for new passwords and current passwords.
Password Storage Considerations
Hash::make($new_password)
In your registration or password change forms, it's advisable to use the Laravel Hash::make method to hash and store any new passwords. This is a best practice for ensuring that the stored passwords are secure and can't be decoded or reversed.
Enforcing Password Complexity Rules
if (!Str::isValid($request->new_password, $rule)) {
return response()->json(['errors' => ['The new password must meet the required complexity criteria']], 400);
}
It is also essential to enforce your application's unique password restrictions. These can include a minimum number of characters, special characters, and so on. You can use Laravel's Str::isValid method to validate the new password against these rules. If the password does not meet the requirements, you can send a response with an appropriate error message and status code.
Using Password Reset Token to Ensure User Verification
if ($request->has('reset_token')) {
$user = \App\Models\User::find($id);
if (!$user) return response()->json(['errors' => ['Invalid or expired reset token']], 403);
} else {
// Handle password change without reset token
}
In many cases, you may want to send a password reset link to the user's email address. When they click on this link, they will be redirected to your password change form with a provided reset_token. This approach ensures that only the intended user can access the form and change their password.
Conclusion: Password Security is Crucial for User Accounts
By implementing these simple yet effective strategies, you are ensuring a higher level of security in your Laravel application. Remember to always prioritize user account safety, and never compromise on the strength of passwords. In case of any issues with the given code or further clarifications needed, feel free to visit our website at Laravel Company for more informative resources.