Nikush Patel has created a nice little site with PhpStorm tips presented as gifs. Really nice and helpful!

Go learn some tips

Instant Logo Search – find logos and flags of the world

Now this could be a useful link to bookmark for the future!

Laravel password reset caused double password hashing

I recently updated a little weekend project of mine to Laravel 5.2 and started using the re-implemented authentication stuff.
What I hadn’t implemented, or activated, on the site was password resets. Password resets are a feature I myself sometimes use a lot, for different reasons and in this particular case I discovered a problem.

When you have a register/login system on your website the passwords should be encrypted, hashed, and so on. How and when this is done is specific to you and your system, one smooth place to add it is on the setPassword method of your User model. This ensures that whenever the password is written to the database it hashed, right.

But here is where the “problem” that arose when I activated the password-reset of Laravel (how have I not stumbled on this before?). So when you reset a password out-of-the-box you:

  • -> get an email with a link
  • -> go to reset page
  • -> post new password
  • -> password gets saved
  • -> you are logged in.

Nothing out of the ordinary.

The password gets hashed in the ResetPasswords trait before it is saved, which is all good except if you hash it in the setPassword method. Because now it gets hashed twice and when you try to login you’ll get an error because the passwords will not match. Well luckily there is a simple fix.
In your PasswordController, inside App\Http\Controllers\Auth, add your custom resetPassword method which will override the traits one.

For example:

protected function resetPassword($user, $password)
    $user->password = $password;



If you don’t do your hashing on the User models setPassword method your probably fine. Maybe doing it there is a weird place?
Let me know what you think.