staabm / password_exposed
This PHP package provides a `password_exposed` helper function, that uses the haveibeenpwned.com API to check if a password has been exposed in a data breach.
Fund package maintenance!
staabm
Requires
- php: ^7.4||^8.0
- paragonie/certainty: ^2.9
- php-http/discovery: ^1.0
- psr/cache: ^1 || ^2 || ^3
- psr/http-client: ^1.0
- psr/http-factory: ^1.1
- psr/http-message: ^2.0
- symfony/cache: ^5.4 || ^6 || ^7.0
- symfony/http-client: ^5.4 || ^6 || ^7.0
Requires (Dev)
- fzaninotto/faker: ^1.7
- kriswallsmith/buzz: ^1.0
- php-coveralls/php-coveralls: ^2.1
- phpunit/phpunit: ^8.0
- vimeo/psalm: ^4
README
This PHP package provides a password_exposed helper function, that uses the haveibeenpwned.com API to check if a password has been exposed in a data breach.
Credits
This package is based on the work of Jordan Hall aka. DivineOmega.
Installation
The password_exposed package can be easily installed using Composer. Just run the following command from the root of your project.
composer require "divineomega/password_exposed"
If you have never used the Composer dependency manager before, head to the Composer website for more information on how to get started.
Usage
To check if a password has been exposed in a data breach, just pass it to the password_exposed method.
Here is a basic usage example:
switch(password_exposed('hunter2')) { case PasswordStatus::EXPOSED: // Password has been exposed in a data breach. break; case PasswordStatus::NOT_EXPOSED: // Password has not been exposed in a known data breach. break; case PasswordStatus::UNKNOWN: // Unable to check password due to an API error. break; }
If you prefer to avoid using helper functions, the following syntax is also available.
$passwordStatus = (new PasswordExposedChecker())->passwordExposed($password);
SHA1 Hash
You can also supply the SHA1 hash instead of the plain text password, by using the following method.
$passwordStatus = (new PasswordExposedChecker())->passwordExposedByHash($hash);
or...
$passwordStatus = password_exposed_by_hash($hash);