You don't, instead you may try something like this:
$cred = array(
'username' => Input::get('username'),
'password' => Input::get('password1')
);
// At first normally check the credentials using validate method
// but doesn't login, if check succeeded then check the second
// password manually, using your encrypted password2 field
if(Auth::validate($cred)) {
// Now check the password2, assumed you're using md5
// hashing for this field (according to your question)
$password2 = md5(Input::get('password2'));
$user = User::where('username', $cred['username'])->first();
if( $user->password2 == $password2) {
// Now manually login the user
Auth::login($user);
return Redirect::to('url'); // successful login url
}
else{
// Password2 missmatched
$validator = Validator::make(array(), array())->getMessagebag();
$validator->add('errorLogin', 'Invalid Credentials!');
return Redirect::back()->withInput()->withError($validator);
}
}
else {
// Didn't pass even the first validation (username, password1)
$validator = Validator::make(array(), array())->getMessagebag();
$validator->add('errorLogin', 'Invalid Credentials!');
return Redirect::back()->withInput()->withError($validator);
}
In the view
you can use this to show error message on failed login:
{{ $errors->first('errorLogin') }} // Invalid Credentials!
For the first validate
methos don't use any encryption, let Laravel do it as it does and for the second password you may use your own encryption.