I'm looking for a simple and secure way of making the user re-enter their password in order to modify their profile information.
I'm guessing that the best way is to assign a one-use and time limited token to the account when the user enters the correct password and then invalidate it once they have made the change.
I'm working with Laravel (PHP) but that's not relevant to the question but any code samples written in PHP would be helpful.