Laravel Password Reset infographics

Laravel Password Reset for Beginners

by

Hey, Laravel wizard, all good!

Now you are able to build an amazing Laravel app in which the users can log in. Cool! But if someone forgets their password, what will happen then?

Don’t be upset because Laravel has a magical built-in password reset feature. Which  displays

“Oops! Have you forgotten your password? Click here and fix it!”

So without confusion and without stress, let’s learn how it works, step by step —

 

laravel password reset Steps

 

Step 1: Create a Laravel App (If You Haven’t Already)

Let’s start fresh:

bash

composer create-project laravel/laravel password-reset-demo

cd password-reset-demo

php artisan serve

 

Step 2: Add Login & Register Pages

We will use Laravel UI to make auth super easy:

bash

composer require laravel/ui

php artisan ui bootstrap --auth

npm install && npm run dev

php artisan migrate

 

Now visit http://localhost:8000/register — and you’ll see a fully working auth system.

Step 3: How Laravel Handles Password Resets

When one clicks “Forgot your password?” on the login page, Laravel does all this:

  1. Shows a form to enter the email
  2. Sends an email with a reset link
  3. Opens a new form to set a new password
  4. Changes the password in the database

Everything is there; you just need to connect an email.

 

Read More

Step-by-Step Guide to Mastering Laravel Authorization

Laravel 12 Import and Export CSV and Excel File

Laravel Pagination for Beginners

 

Step 4: Set Up Mail (To Send Reset Links)

Laravel uses the settings in your .env file. Let’s set it up using Mailtrap.io (a safe place to test emails):

In your .env, add this:

env

MAIL_MAILER=smtp

MAIL_HOST=smtp.mailtrap.io

MAIL_PORT=2525

MAIL_USERNAME=your_mailtrap_username

MAIL_PASSWORD=your_mailtrap_password

MAIL_ENCRYPTION=null

MAIL_FROM_ADDRESS=hello@example.com

MAIL_FROM_NAME="Your App"

 

Always remember to replace your_mailtrap_username and password with your real Mailtrap credentials.

 

Step 5: Try It Out!

Now go to the login page and click “Forgot Your Password?”
Then type the email and check Mailtrap.

You’ll see an email with a link. Click it.

It opens a form to set a new password. Then submit it, and Laravel will update the password.

Let’s Peek Behind the Scenes

Laravel uses a table called password_resets.
Let’s ensure its existence:

Check your migration file in database/migrations:

php

Schema::create('password_reset_tokens', function (Blueprint $table) {

    $table->string('email')->index();

    $table->string('token');

    $table->timestamp('created_at')->nullable();

});

This table stores the reset tokens temporarily.

 

Customizing the Email (Optional)

Do you want to change the subject or style of the reset email? Then you can customize it like this: Publish the reset email notification firstly:

bash

php artisan vendor:publish --tag=laravel-notifications

Next go to:

resources/views/vendor/notifications/email.blade.php

You can poke the design and place the logo or say something funny like

“Lost your password? Don’t panic. We’ve got you.”

What About the Controller?

Laravel uses built-in controllers for resetting passwords:

  • ForgotPasswordController
  • ResetPasswordController

No need to write any logic unless you want to customize things.

But if you do want to customize, you can override this method:

php

use Illuminate\Auth\Events\PasswordReset;

use Illuminate\Support\Facades\Hash;

use Illuminate\Support\Str;




public function reset(Request $request)

{

    $request->validate([

        'token' => 'required',

        'email' => 'required|email',

        'password' => 'required|min:8|confirmed',

    ]);




    $status = Password::reset(

        $request->only('email', 'password', 'password_confirmation', 'token'),

        function ($user, $password) {

            $user->forceFill([

                'password' => Hash::make($password),

                'remember_token' => Str::random(60),

            ])->save();




            event(new PasswordReset($user));

        }

    );




    return $status === Password::PASSWORD_RESET

        ? redirect()->route('login')->with('status', __($status))

        : back()->withErrors(['email' => [__($status)]]);

}

But again — you don’t have to! Laravel controls it out of the box.

Recap—What Did You Learn?

Laravel has built-in password reset tools
It sends reset links via email
It stores tokens in a special table
It handles everything automatically
You can customize it if you want

You’re a Password Reset Pro!

Now your app is safer, more familiar, and more professional.

Next steps you can try:

  • Customize the reset page style
  • Add extra security (like 2FA)
  • Log password reset events for admins