Manual auth in Laravel: password confirmation

With the arrival of Laravel 8, new ways for authentication have been added to the Laravel ecosystem. Fortify, Jetstream and Breeze. Although these tools can save you a lot of time, often when you want something more complex they cost you more time.

Fortunately, Laravel allows you to add manual auth without the use of any package, just Laravel’s core. In this series, we’re going to learn how to add manual auth in Laravel.

These topics will be covered:

Note: For the examples in this series, I’ve chosen to use controllers and blade views. But you can also use other technologies, like Livewire or Inertia.js.

Getting started

// app/Http/Controllers/Auth/PasswordConfirmationController.phpnamespace App\Http\Controllers\Auth;use App\Http\Controllers\Controller;class PasswordConfirmationController extends Controller
{
public function show()
{
return view('auth.confirm-password');
}
public function handle()
{
// Handling the response
}
}

Routing

// routes/web.phpuse App\Http\Controllers\Auth\PasswordConfirmationController;
use Illuminate\Support\Facades\Route;
Route::get('/confirm-password', [PasswordConfirmationController::class, 'show'])
->middleware('auth')
->name('password.confirm');
Route::post('/confirm-password', [PasswordConfirmationController::class, 'handle'])
->middleware('auth')
->name('password.confirm');

Views

<!-- resources/views/auth/confirm-password.blade.php --><h1>Confirm Password</h1><form  action="{{ route('password.confirm') }}" method="post">
@csrf
<!-- Password -->
<label for="password">Password</label>
<input type="password" name="password" id="password" />
<!-- Submit button -->
<button type="submit">Confirm Password</button>
</form>

Controller logic

First, we check if the password is correct:

// app/Http/Controllers/Auth/PasswordConfirmationController.phpuse Illuminate\Support\Facades\Hash;if (!Hash::check(request()->password, auth()->user()->password)) {
return back()->withErrors(['password' => 'The provided password does not match our records.']);
}

If the password was correct, we will tell Laravel that the password was correct.

// app/Http/Controllers/Auth/PasswordConfirmationController.phpsession()->passwordConfirmed();

Finally, we will redirect the user as intented after a success.

// app/Http/Controllers/Auth/PasswordConfirmationController.phpreturn redirect()->intended();

Conclusion

If you at some point couldn’t follow the tutorial anymore, this is the finished Auth\PasswordConfirmationController:

<?php// app/Http/Controller/Auth/PasswordConfirmationController.phpnamespace App\Http\Controllers\Auth;use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Hash;
class PasswordConfirmationController extends Controller
{
public function show()
{
return view('auth.confirm-password');
}
public function handle()
{
if (!Hash::check(request()->password, auth()->user()->password)) {
return back()->withErrors(['password' => 'The provided password does not match our records.']);
}
session()->passwordConfirmed(); return redirect()->intended();
}
}

Hi, I’m Jeroen van Rensen from the Netherlands. I like to design and create websites.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store