Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

meeshka's avatar

Laravel 5.2: Re-using password reset functionality

Hi There,

I'm trying to make use of Password Reset functionality that Laravel 5.2 comes with. Here is the controller method that does it. I tried 3 methods and all of them worked but email subject is always set to blank.

use Password;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Contracts\Auth\PasswordBroker;
use Illuminate\Foundation\Auth\ResetsPasswords;

Method 1: Using Password facade and closure

class MyController extends Controller
{
    public function notify(Request $request)
    {
        dump( Password::sendResetLink(
                ['email' => 'correct@email.address']),
                function($message){
                    return $message->subject('Your Account Password');
                }
            );
    }
}

Method 2: within the constructor

Ref: https://laracasts.com/discuss/channels/general-discussion/laravel-5-password-reset-link-subject

class MyController extends Controller
{
    use ResetsPasswords;

    public function __construct(Guard $auth, PasswordBroker $passwords)
    {
        $this->auth = $auth;
        $this->passwords = $passwords;
        $this->subject = 'Your Account Password';
        $this->middleware('guest');
    }

    public function notify(Request $request)
    {
        dump( $this->passwords->sendResetLink(
                ['email' => 'correct@email.address']),
                function($message){
                    return $message->subject('Your Account Password');
                }
            );
    }
}

Method 3: Protected property

class MyController extends Controller
{
    use ResetsPasswords;

    protected $subject = "Your Account Password";

    public function __construct(Guard $auth, PasswordBroker $passwords)
    {
        $this->auth = $auth;
        $this->passwords = $passwords;
        // $this->subject = 'Your Account Password';
        $this->middleware('guest');
    }

    public function notify(Request $request)
    {
        dump( $this->passwords->sendResetLink(
                ['email' => 'correct@email.address']),
                function($message){
                    $message->subject('Your Account Password');
                }
            );
    }
}
0 likes
11 replies
developeritsme's avatar

@meeshka you only need to call

$this->sendResetLinkEmail($request); //$request must have email

if you need any more... take a look on trait ResetsPassword and the method

    /**
     * Send a reset link to the given user.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function sendResetLinkEmail(Request $request)
    {
        $this->validate($request, ['email' => 'required|email']);

        $broker = $this->getBroker();

        $response = Password::broker($broker)->sendResetLink($request->only('email'), function (Message $message) {
            $message->subject($this->getEmailSubject());
        });

        switch ($response) {
            case Password::RESET_LINK_SENT:
                return $this->getSendResetLinkEmailSuccessResponse($response);

            case Password::INVALID_USER:
            default:
                return $this->getSendResetLinkEmailFailureResponse($response);
        }
    }
2 likes
meeshka's avatar

@developeritsme Thanks. So, I change it to the following and it works now. There is a subject-line now. Is it fine to merge input values like this?

    public function notify(Request $request)
    {
    // Actually email address will come from current session
    // Not sure if I can instantiate Request afresh and do merge. Can I?
        $request->merge(['email' => 'correct@email.address']);
        dump( $this->sendResetLinkEmail($request) );
    }

Is it possible to access the Message object and override some of the properties like being able to add a Bcc and to include html content?

developeritsme's avatar

@meeshka just check the implementation of sendResetLinkEmail in trait and you can (re)use that code...

1 like
meeshka's avatar

Looks like it's going to get complex as this may not be possible just by using the Trait because sendResetLinkEmail relies on few other classes and contracts which the current controller doesn't implement or extend.

cappic90's avatar

Hey people,

first, I am new to this forum, so hi to everyone!

Second, I think I am trying to implement a similar thing to what is discussed here and I run into a problem I can't get my head around.

The logic: Some admin creates a new user in some kind of admin panel. The user will be created and put into the users database table with some random password.

Now a password reset link shall be emailed to that person so she / he can choose a new password by her-/himself.

The problem: The links in that email are not working. In fact I get redirected to /home, which I think is the path to redirect when the url is not valid as per Illuminate\Foundation\Auth\RedirectUsers

The strange: It all works fine, when the new user goes to the login view, clicks "forgot my password" and does the reset this way.

What am I missing?

Here is the code:

<?php

namespace App\Http\Controllers\Admin;

use Illuminate\Http\Request;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;

use App\Models\User;

use Password;
use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Validator;

class UserController extends AdminBaseController
{
    use SendsPasswordResetEmails;

...

    public function store(Request $request, $id = NULL)
    {
        $redirect_url = 'admin/users/create';
        if($id) {
            $obj = User::find($id);
            $redirect_url = 'admin/users/update/' . $id;
        }
        $rules = [
            'first_name' => 'required',
            'last_name'  => 'required',
            'email'      => 'required',
            'level'      => 'required',
        ];

        $input = Input::only(array_keys($rules));
        $validator = Validator::make($input, $rules);

        if($validator->fails()) {
            return redirect($redirect_url)
                ->withErrors($validator)
                ->withInput();
        }

        $pw = User::generatePassword();

        if($id && $id == $request->get('id'))
        {
            User::where('id', $id)->update($input);
        }
        else
        {

            $this->sendResetLinkEmail($request);

            $user = new User;
            $user->first_name = $request->input('first_name');
            $user->last_name = $request->input('last_name');
            $user->email = $request->input('email');
            $user->level = $request->input('level');
            $user->password = $pw;
            $user->save();
        }
        return redirect('admin/users');
    }

}
cappic90's avatar

Hey @meeshka,

thanks for that fast response

return bcrypt(str_random(35));

is the answer.

meeshka's avatar

I am using the following to generate a password reset token and include it in the welcome email (not using the default reset email link).

$passToken = Password::getRepository()->create($new_user);
cappic90's avatar

Sry for being dumb here, but could you provide a little context to your implementation? I do not yet see how to apply your solution.

Thank you.

meeshka's avatar

@ritualbob

  1. Whenever system needs to send a password reset link or include one in an email, I'm generating a token and sending it via email. This is true for initial sign-up (as we want users to choose a password of their own) and an admin can initiate a password reset as well.

  2. Users can change password from their Dashboard or Members area in which case a bcrypt is done on their plain-text password and updated via User model.

You may not be using the exact use-case but I see it to be similar. Also, I'm using L 5.2 and not sure if any of this has changed in 5.3 or 5.4

junaidqadir's avatar

Is there a way to change or override the RESET_LINK_SENT constant

Please or to participate in this conversation.