monstajamss's avatar

How to hash password using request all (update)

I am trying to update my laravel password and profile image but when i use $user->update($request->all()); the password is not hashed.

I am this in my controller

public function update(Request $request, $id)
    {
        $auth = Auth::id();
        $user = User::find($auth);
        
        $request->validate([
            'name' => 'required|string|max:255',
            'username' => 'required|string|max:255|'.Rule::unique('users')->ignore($user->id),
            'email' => 'required|string|email|max:255|'. Rule::unique('users')->ignore($user->id),
            'password' => 'required|string|min:8|confirmed',
        ]);


        $currentPhoto = $user->profile_image;
    
        if($request->profile_image != $currentPhoto)
        {   
 
            $name = time().'.' . explode('/', explode(':', substr($request->profile_image, 0, strpos($request->profile_image, ';')))[1])[1];
            $img = Image::make($request->profile_image)->resize(360, 358)->encode('jpg');
            Storage::disk('profile')->put($name,(string) $img);
            $request->merge(['profile_image' => $name]);

            $userPhoto = public_path('storage/img/profile/').$currentPhoto;

            if(file_exists($userPhoto)){

                @unlink($userPhoto);
                
            }
        }
        
        

        $user->update($request->all());

        return response()->json([
            'user' => $user, 
        ]);
    }

If i do the above the password is saved as plain text, the profile image is updated and uploaded, but i ended up doing this below.

$user->update([
            'name' => $request->name,
            'username' => $request->username,
            'email' => $request->email,
            'password' => Hash::make($request->password),
            'profile_image' => $currentPhoto,
            'description' => $request->description,
        ]);

The password is hashed but the image is uploaded inside the storage folder but no changes is made in the database regarding updating the profile_image.

What am doing wrong?

0 likes
4 replies
undeportedmexican's avatar

What's the content of $currentPhoto when you're making the update? The last assignment I can see to it is when you're assigning $user->profile_image, so you're essentially passing the same value.

tykus's avatar
tykus
4 years ago
Best Answer
Level 104

You can use this mass-assignment approach if you define an accessor on the User model:

public function password(): Attribute
{
    return new Attribute(set: fn ($value) => bcrypt($value));
}

If you use the logoutOtherDevices feature, then this approach is not supported. In such cases, you would need to do something like this:

$user->update(
    array_merge($request->all(), ['password' => bcrypt($request->input('password')])
);

Aside, this shit cracks me up:

$auth = Auth::id();
$user = User::find($auth);

If you have Auth::id(), then you have Auth::user() which is the User!

1 like
tykus's avatar

@monstajamss

what do you recommend is the best way?

If you must assign it to a variable:

$user = Auth::user();

Please or to participate in this conversation.