php - A data breach on a site exposed your password message sent by chrome on my login form
55
I made a login form, an authenticated user is redirected to their home page. But, along with redirection chrome sent me this 
I know nothing about the warning. My code is:
/**
* Go Login, login button is clicked
*
* @return void
*/
public function goLoginAction()
{
$user = new User($_POST);
if ($user->verifyPassword()) {
$user = User::findByUsername($user->username);
Auth::login($user);
$this->redirect("/$user->username/home/");
}
$this->redirect('/');
}
go-login is the action of the form. So, $_POST is sent to go-login. verifyPassword is the function to verify password:
/**
* Verify password
*
* @return true if password is correct, false otherwise
*/
public function verifyPassword()
{
$users = static::findByUsername($this->username);
if (password_verify($this->password, $users->password)) {
return true;
}
return false;
}
findByUsername is the function to return the object user by username. And, Auth class in the go-login function creates the session:
/**
* Login controller
* Set session after login
*
* @param object $user
* @return void
*/
public static function login($user)
{
session_regenerate_id();
$_SESSION['id'] = $user->id;
}
Every answer would be appreciated. And please let me know the other security tips as well. Thank you!!
Answer
Solution:
I see the comments have cleared your doubts well, but just in case here is a small conclusion for newcomers.
TL:DR
This is a recently introduced feature to Google Chrome. If, in the past the submitted combination of the provided username/email-password pair was breached, Chrome will try to warn the user that maybe he/she would be better off using something more strong. It has nothing to do with code, which means that you are the one responsible for your users' security.
External links to read about this topic.