I’m working on the laravel 12, on forgot-password functionality. In the forgot-password page, there is only an email field. When a user submits their email, an SMTP email is sent with a reset link. That link redirects the user to the reset-password page, which contains only a new password field and a submit button.
Everything seems to work fine up until this point, but after submitting the new password, the value is not being updated in the users table. The page just refreshes without redirecting or showing any success/error message. When I test the login page with the new password, it doesn't work and only accepts the old password because the update is not happening in the users table.
Finally, I'm not get any error message or redirect into the login page. It just refreshes.
After entering the password and clicking the submit button in the reset password page, the URL look like this:
127.0.0.1:8000/reset-password?token=iIThgho95IZSHgkDAHTcsSWVAnPkUf7WgbERFFHKzHPz5Wvuib3zV4qNU5Rtrnc2&email=qwerty07%40gmail.com&password=qwerty123
Route
// Reset password
Route::get('/reset-password', [ResetPasswordController::class, 'showResetForm'])->name('password.reset');
Route::post('/reset-password', [ResetPasswordController::class, 'reset'])->name('password.update');
blade file
<h2 style="font-family: Arial; text-align: center;">Reset Password</h2>
<form method="POST" action="{{ route('password.update') }}" style="max-width: 400px; margin: auto; padding: 20px; border: 1px solid #ccc; border-radius: 8px;">
@csrf
<input type="hidden" name="token" value="{{ $token }}">
<input type="hidden" name="email" value="{{ $email }}">
<label style="display: block; margin-bottom: 5px;">New Password:</label>
<input type="password" name="password" required style="width: 100%; padding: 10px; margin-bottom: 15px; border: 1px solid #ccc; border-radius: 4px;">
<button type="submit" style="width: 100%; padding: 10px; background-color: #4CAF50; color: white; border: none; border-radius: 4px;">
Reset Password
</button>
</form>
Controller
public function reset(Request $request)
{
// Validate input
$request->validate([
'email' => 'required|email|exists:users,email',
'password' => 'required|min:3',
'token' => 'required'
]);
// Find reset token
$tokenData = DB::table('password_resets')
->where('email', $request->email)
->where('token', $request->token)
->first();
if (!$tokenData) {
return back()->withErrors(['email' => 'Invalid token or email.']);
}
// Check if token is expired
if (Carbon::parse($tokenData->created_at)->addMinutes(60)->isPast()) {
return back()->withErrors(['email' => 'Token has expired.']);
}
// Find user and update password
$user = User::where('email', $request->email)->first();
if (!$user) {
return back()->withErrors(['email' => 'User not found.']);
}
$user->password = Hash::make($request->password);
$user->save();
\Log::info('Password reset for: ' . $request->email);
// Delete token
DB::table('password_resets')->where('email', $request->email)->delete();
// Redirect to login with success message
return redirect('/login')->with('status', 'Password has been reset!');
}
back()function. (Hint: Use->withInput($request->except("password"))on your back function) You don't have anything to show the errors on the reset page, so the user (and you) don't know what's wrong when it doesn't work.