Laravel password history is a package by Iman Ghafoori that can keep a password history of your users to prevent them from reusing the same password, for security reasons like what google does.
You can install this package via composer by running this command.
composer require imanghafoori/laravel-password-history
To publish the config file and migrate the database:
php artisan vendor:publish php artisan migrate
config/password_history.php file to see all the possibilities.
This package will observe the saved event of the models (which are mentioned in the config file) and record the password hashes automatically.
<?php // When inserting, it will also log the password hash in the "password_histories" table User::create($data); // Sample for changing the password $user = User::find($id); $passHash = Hash::make(request('new_password')); $user->password = $passHash; $user->save(); // after saving the model, the password change will be recorded, automatically
We suggest using
saveOrFail to do all the queries in a transaction
Be careful that changing the model like below does not fire any model event hence to password change would be recorded behind the scenes.
<?php // Here we do NOT get the model from db and only send an update query // So laravel does NOT fire model events User::where('id', $id)->update($data);
And there is a validation rule for you to check the entire password history against the new password in laravel validation rules.
<?php use Imanghafoori\PasswordHistory\Rules\NotBeInPasswordHistory; //... $rules = [ // ... 'password' => [ 'required', 'confirmed', NotBeInPasswordHistory::ofUser($this->user), ] // ... ]; $this->validate(...);
Again you may want to take a quick look at the source code on Github to see what is going on there.
Published at : 12-01-2022
I am a highly results-driven professional with 12+ years of collective experience in the grounds of web application development especially in laravel, native android application development in java, and desktop application development in the dot net framework. Now managing a team of expert developers at Codebrisk.