Reset password functionality is essential for modern web applications to enhance user experience and security. Laravel simplifies the implementation of this feature with its built-in tools. In this article, we’ll walk through creating a reset password system using Laravel’s built-in functionality, focusing on the methods for admins and students.

Step 1: Set Up Authentication

First, ensure that your application has authentication set up. Laravel provides built-in scaffolding for authentication:

php artisan make:auth

For newer Laravel versions, use the Laravel Breeze or Jetstream packages:

composer require laravel/breeze --dev
php artisan breeze:install

After installation, migrate your database:

php artisan migrate

Step 2: Configure Guards and Password Brokers

In config/auth.php, configure guards and password brokers for different user types (e.g., admins and students).

Example Password Broker Configuration:

'passwords' => [
    'users' => [
        'provider' => 'users',
        'table' => 'password_reset_tokens',
        'expire' => 60,
        'throttle' => 60,
    ],
    'admins' => [
        'provider' => 'admins',
        'table' => 'password_reset_tokens',
        'expire' => 60,
        'throttle' => 60,
    ],
],

Step 3: Create Notification Classes

Laravel’s password reset notifications can be customized by creating your own notification class. Here, we’ll create a custom notification for students.

Run the following command to generate the notification:

php artisan make:notification UserResetPasswordNotification

Custom Notification Implementation:

In App\Notifications\UserResetPasswordNotification, update the class as follows:

namespace App\Notifications;

use Illuminate\Bus\Queueable;
use Illuminate\Notifications\Messages\MailMessage;
use Illuminate\Notifications\Notification;

class UserResetPasswordNotification extends Notification
{
    use Queueable;

    private string $token;

    public function __construct(string $token)
    {
        $this->token = $token;
    }

    public function via(object $notifiable): array
    {
        return ['mail'];
    }

    public function toMail(object $notifiable): MailMessage
    {
        $url = url(route('student.password.reset', [
            'token' => $this->token,
            'email' => $notifiable->getEmailForPasswordReset(),
        ], false));

        return (new MailMessage)
            ->subject('Reset Your Password')
            ->line('You are receiving this email because we received a password reset request for your account.')
            ->action('Reset Password', $url)
            ->line('If you did not request a password reset, no further action is required.');
    }
}

Step 4: Update Models

In the User model, specify the custom notification class for sending password reset emails:

public function sendPasswordResetNotification($token)
{
    $this->notify(new \App\Notifications\StudentResetPasswordNotification($token));
}

Similarly, add custom notifications for the Admin model if needed.

Step 5: Define Routes

Define routes for password reset in routes/web.php. Here’s how you can set them up for students:

Route::get('/student/forgot-password', [UserAuthController::class, 'showLinkRequestForm'])->name('student.userpassword.request');
Route::post('/student/forgot-password', [UserAuthController::class, 'sendResetLinkEmail'])->name('student.password.email');
Route::get('/student/reset-password/{token}', [UserAuthController::class, 'showResetForm'])->name('student.password.reset');
Route::post('/student/reset-password', [UserAuthController::class, 'reset'])->name('student.password.update');

Step 6: Implement Controller Methods

Show the Link Request Form

public function showLinkRequestForm()
{
    return view('Student.Auth.passwords.email');
}

Handle Sending Reset Link Email

public function sendResetLinkEmail(Request $request)
{
    $request->validate([
        'email' => 'required|email|exists:users,email',
    ]);

    $response = Password::broker('users')->sendResetLink(
        $request->only('email')
    );

    return $response == Password::RESET_LINK_SENT
        ? back()->with('success', trans($response))
        : back()->withErrors(['email' => trans($response)]);
}

Show the Reset Password Form

public function showResetForm(Request $request, $token = null)
{
    return view('Student.Auth.passwords.reset')->with([
        'token' => $token,
        'email' => $request->email
    ]);
}

Handle Password Reset

public function reset(Request $request)
{
    $request->validate([
        'email' => 'required|email|exists:users,email',
        'password' => 'required|confirmed|min:8',
        'token' => 'required',
    ]);

    $response = Password::broker('users')->reset(
        $request->only('email', 'password', 'password_confirmation', 'token'),
        function ($user, $password) {
            $user->forceFill([
                'password' => bcrypt($password),
            ])->save();
        }
    );

    return $response == Password::PASSWORD_RESET
        ? redirect()->route('userlogin')->with('success', 'Password has been reset!')
        : back()->withErrors(['error' => trans($response)]);
}

Step 7: Testing the Feature

  • Verify the reset password flow works end-to-end.
  • Trigger the forgot password flow for a student or admin.
  • Ensure the reset email is sent to the correct user with the correct URL.

Categorized in:

Laravel,