Reset password without token in Laravel 4.2

2019-08-05 19:01发布

站内问答 / PHP
1147 1 6

I'm new to Laravel 4.

Want to know if I can reset the password of users, when logged as administrator. In that case I don't need a token to allow to change password as when the user receives an email to change her password. I'am inspiring myself in ReminderController class postReset method:

/**
 * Handle a POST request to reset a user's password.
 *
 * @return Response
 */
public function postReset()
{
    $credentials = Input::only(
        'email', 'password', 'password_confirmation', 'token'
    );

    $response = Password::reset($credentials, function ($user, $password) {
        $user->password = Hash::make($password);

        $user->save();

        Auth::login($user);
    });

    switch ($response) {
        case Password::INVALID_TOKEN:
            return Redirect::to('/login')->with('error', Lang::get($response));
        case Password::INVALID_PASSWORD:
        case Password::INVALID_USER:
            return Redirect::back()->with('error', Lang::get($response));

        case Password::PASSWORD_RESET:
            return Redirect::to('/')->with('message', Lang::get($response));
    }
}

But this method deal with token string in $credetials variable when calling Password::reset. Bellow is the method that updates the user data.

public function update($colaborador)
{
      $credentials = Input::only(
        'nome_completo', 'email', 'password', 'password_confirmation', 'token'
    );
    $emailGestor = Input::get('email-gestor');
    $enviarEmail = Input::get('enviar-email');
    $user        = $colaborador->user;

    if (User::where('email', $email)->where('id', '!=', $user->id)->count() > 0) {
        $mensagem = 'O endereço de e-mail ' . $email . ' já está sendo utilizado.';
    } else  {
        $response = Password::reset($credentials, function ($credentials, $user, $password, $enviarEmail) {
            $user->nome_completo = $credentials['nome_completo'];
            $user->email = $credentials['email'];
            $user->password = Hash::make($password);

            $user->save();
            $mensagem = 'Colaborador alterado.';

            if ($enviarEmail == 1) {
                PrimeiroAcesso::remind(['email' => $email], function ($msg) {
                    $msg->subject('Assessment – Mapeamento de Competências Funcionais Natura');
                });
                $mensagem .= ' E-mail de primeiro acesso enviado.';
            }
        });

        switch ($response) {
            case Password::INVALID_TOKEN:
                $mensagem = 'Token inválido.'; break;
            case Password::INVALID_PASSWORD:
                $mensagem = 'Senha inválida.'; break;
            case Password::INVALID_USER:
                $mensagem = 'Nome de usuário inválido'; break;
            default: break;
        }
    }

    if ($emailGestor == '' && $colaborador->gestor) {
        $colaborador->gestor()->dissociate();
        $colaborador->save();
        $mensagem .= ' Gestor removido.';
    } else {
        $gestor = User::with('colaborador')->where('email', $emailGestor)->first();

        if ($gestor) {
            $colaborador->gestor()->associate($gestor->colaborador);
            $colaborador->save();
            $mensagem .= ' Gestor alterado para ' . $emailGestor . '.';
        }
    }

    return Redirect::route('admin.colaborador.index')->with('flash_message', $mensagem);
}

In

$credentials = Input::only(
            'nome_completo', 'email', 'password', 'password_confirmation', 'token'
        );

I get token from the form in the view.

1条回答
看我几分像从前
2楼-- · 2019-08-05 19:50

The reset method which is found in Illuminate\Auth\Reminders\PasswordBroker requires the extra token parameter to be part of the credentials array, because it needs to delete the corresponding entry from the password_reminders table if the reset is successful. So without a matching token entry within that table, you would not be able to use that method because you'd be getting a INVALID_TOKEN response.

That being said, there are 2 options here:

  1. You create a new token before you use Password::reset
  2. Update the password for the given user manually

I'd personally just use the second because it's easier and it skips the extra step of saving a token to the database, just to delete it after the password is reset, all within the same request.

Something as simple as this should do (of course you can extend this to fit your indiviual needs):

// Get the request parameters
list($name, $email, $password, $passwordConfirmation) = Input::only('nome_completo', 'email', 'password', 'password_confirmation');

// Search for a user matching the email address
$user = User::where('email', $email)->first();

// Go ahead if a user matching that email was found
if ( ! is_null($user))
{
    // Check if the password and password confirmation match
    // NOTE: you can do additional validations here if needed
    if ($password == $passwordConfirmation)
    {
        $user->nome_completo = $name;
        $user->password = Hash::make($password);
        $user->save();
    }
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)