Laravel 4.2 Validation Rules - Current Password Must Match DB Value

Question

On the password reset form the user supplies current_password, password and password-confirmation. Is there a way to specify in the valida

Answer 1

You can't, bcrypt hashes are unique (they have their own random salt incorporated) so even if you knew the user's plain text password you would't be able do a hash-to-hash comparison.

What you can do is actually check the plain text password against a bcrypt hash by doing Hash::check('plain text password', 'bcrypt hash') on your controller.