I use the Laravel auth system to send out a welcome email to all new users. Mostly it works fine but I have had a few isolated incidents where I get the "password reset token is invalid" error.
In order to diagnose this I would like to be able to manually compare the strings that are provided in the user's URL (i.e. the token that I emailed them) against the value stored in the
password_resets.token field. How can I do that?
The token in the URL seems to be 64 hex characters. The token in the database starts with
$2y$10$, so I presume it is the output of the
password_hash function. How can I translate from one to another?
First of all I want to say the token in the URL is not the output of the
To compare the token in the URL and what is generate or stored, you can check from your database. Check the
password_resets table, check the email of the user, search for the token that corresponds to that email address.
The token in the URL, should be the same as what is in the database for the email address.