Menu
I made a login form, an authenticated user is redirected to their home page. But, along with redirection chrome sent me this 
I know nothing about the warning. My code is:
/**
* Go Login, login button is clicked
*
* @return void
*/
public function goLoginAction()
{
$user = new User($_POST);
if ($user->verifyPassword()) {
$user = User::findByUsername($user->username);
Auth::login($user);
$this->redirect("/$user->username/home/");
}
$this->redirect('/');
}
go-login is the action of the form. So, $_POST is sent to go-login. verifyPassword is the function to verify password:
/**
* Verify password
*
* @return true if password is correct, false otherwise
*/
public function verifyPassword()
{
$users = static::findByUsername($this->username);
if (password_verify($this->password, $users->password)) {
return true;
}
return false;
}
findByUsername is the function to return the object user by username. And, Auth class in the go-login function creates the session:
/**
* Login controller
* Set session after login
*
* @param object $user
* @return void
*/
public static function login($user)
{
session_regenerate_id();
$_SESSION['id'] = $user->id;
}
Every answer would be appreciated. And please let me know the other security tips as well. Thank you!!
922
When you type your credentials into a website, Chrome will now warn you if your username and password have been compromised in a data breach on some site or app. It will suggest that you change them everywhere they were used.
Google confirmed the attack, the third successful zero-day hack of its browser in 2022, in a new Chrome blog post. Google warned "that an exploit for CVE-2022-1364 exists in the wild" which means hackers were able to breach Chrome's security and begin attacking users before the company could issue a fix.
To help you secure your accounts, Google can help notify you if we find any of your saved passwords have been compromised.
A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system's owner. A small company or large organization may suffer a data breach.
I see the comments have cleared your doubts well, but just in case here is a small conclusion for newcomers.
This is a recently introduced feature to Google Chrome. If, in the past the submitted combination of the provided username/email-password pair was breached, Chrome will try to warn the user that maybe he/she would be better off using something more strong. It has nothing to do with code, which means that you are the one responsible for your users' security.
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
