finlaydag33k/hibp

A simple class that allows one to easily check against the pwndpassword list

Maintainers

Details

gitlab.com/FinlayDaG33k/php-hibp

Source

Issues

Installs: 645

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Forks: 0

1.0.0 2021-02-23 13:47 UTC

Requires

  • php: >=7.0

GPL-2.0 4a20b79af29cec664ba60a5ec2be03537ac894b1

This package is auto-updated.

Last update: 2024-04-29 01:14:10 UTC

README

PHP package for checking passwords against the HIBP API

Usage

Install using composer and use the class as-is... nothing major really

composer require finlaydag33k\hibp


use FinlayDaG33k\HIBP\HIBP;

// Prepare the password
$password = "lamepassword";
$hash = Security::hash($password, 'sha1', false);
$sub5 = substr($hash, 0, 5);

// Get a list of hashes
$hashes = (new HIBP())->checkPassword($sub5);

// Check if the "remainder" of the hash exists in our dataset
$results = array_filter($hashes, function ($row) use ($hashes, $hash) {
  return strpos($row, strtoupper(substr($hash, 5))) !== false;
});
$compromised = (count($results) > 0);
var_dump($compromised); // bool(true)