Client for the "Have I Been Pwned" API

1.2.0 2018-02-27 21:20 UTC

This package is auto-updated.

Last update: 2023-11-18 17:32:15 UTC


Build Status


    "require": {
        "xsist10/haveibeenpwned": "~1.0"


Create manager instance

use xsist10\HaveIBeenPwned\HaveIBeenPwned;
use xsist10\HaveIBeenPwned\Adapter\Curl;
use xsist10\HaveIBeenPwned\Adapter\FileGetContents;

// By default the $manager will use a Curl adapter
$manager = new HaveIBeenPwned();

// You can create a new manager with a specified adapter
$manager = new HaveIBeenPwned(new Curl());

// You can also set the adapter after creation
$manager->setAdapter(new FileGetContents());

Check if you've been pwned


Check if your account has been leaked in a paste


Check if your password has been leaked before

// Your password is not sent to the remote API. Only a partial of the SHA1
// value is sent and all matching full SHA1 results are returned and compared.
$numberOfTimesCompromised = $manager->isPasswordCompromised("your_password");

List all breaches that have are on record



List the types of data that are covered when describing a leak


Logger Support

The adapters support PSR-3 Logger. I recommend using monolog.

Install Monolog

$ composer require monolog/monolog

Use Monolog with HaveIBeenPwned

use xsist10\HaveIBeenPwned\HaveIBeenPwned;
use xsist10\HaveIBeenPwned\Adapter\Curl;

use Monolog\Logger;
use Monolog\Handler\StreamHandler;

$log = new Logger('name');
// Push all logging up to the level of DEBUG to our log file
$log->pushHandler(new StreamHandler('[full log filename]', Logger::DEBUG));

$adapter = new Curl();
$manager = new HaveIBeenPwned($adapter);

// Calls made to HaveIBeenPwned will be logged to your log file now



The MIT License (MIT). Please see License File for more information.