Laravel password history is a package by Iman Ghafoori that can keep a password history of your users to prevent them from reusing the same password, for security reasons like what google does.

Installation

You can install this package via composer by running this command.

composer require imanghafoori/laravel-password-history

To publish the config file and migrate the database:

php artisan vendor:publish
php artisan migrate

Visit the config/password_history.php file to see all the possibilities.

Usage

This package will observe the saved event of the models (which are mentioned in the config file) and record the password hashes automatically.

<?php
// When inserting, it will also log the password hash in the "password_histories" table
 User::create($data);

// Sample for changing the password
$user = User::find($id);
$passHash = Hash::make(request('new_password'));

$user->password = $passHash;
$user->save(); // after saving the model, the password change  will be recorded, automatically

We suggest using saveOrFail to do all the queries in a transaction

$user->saveOrFail();

Be careful that changing the model like below does not fire any model event hence to password change would be recorded behind the scenes.

<?php
// Here we do NOT get the model from db and only send  an update query
// So laravel does NOT fire model events
User::where('id', $id)->update($data);

Validation Rules

And there is a validation rule for you to check the entire password history against the new password in laravel validation rules.

<?php
use Imanghafoori\PasswordHistory\Rules\NotBeInPasswordHistory;
//...

$rules = [
    // ... 
    'password' => [
       'required',
       'confirmed',
       NotBeInPasswordHistory::ofUser($this->user),
    ]
    // ... 
];

$this->validate(...);

Again you may want to take a quick look at the source code on Github to see what is going on there.