Breached-password-check/check_password.php

62 lines
2.1 KiB
PHP
Raw Permalink Normal View History

2023-01-12 11:59:58 +01:00
<?php
function password_check($password_check_input) {
2023-04-07 08:50:38 +02:00
// Encrypt your password and uppercase all chars
$sha1_password = strtoupper(sha1($password_check_input));
// Trim to the first 5 characters of the hash
$sha1_password_short = substr($sha1_password, 0, 5);
// Fetch hash list
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.pwnedpasswords.com/range/$sha1_password_short",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"content-type: text/plain"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
// Put reponse into an array
$lines = explode(PHP_EOL, $response);
// Set hitcounter to ZERO
$hitcounter=0;
// Loop through all lines
foreach ($lines as $line => $row) {
// Join the 5 sha1 chars with the result
$row = $sha1_password_short . $row;
// Break output
$row = explode(':', $row);
// Set hash as row (part zero of the explode)
$row = $row[0];
// Check if the hash matches your encrypted password
if ($row == $sha1_password) {
$hitcounter++;
}
2023-01-12 11:59:58 +01:00
}
2023-04-07 08:50:38 +02:00
curl_close($curl);
2023-01-12 11:59:58 +01:00
2023-04-07 08:50:38 +02:00
if ($err) {
echo "cURL Error: $err";
}
2023-01-12 11:59:58 +01:00
2023-04-07 08:50:38 +02:00
if ($hitcounter != 0) {
echo "<p><center>The chosen password is known as a breached password!<br>
Please select a different password</center></p>";
die;
}
2023-01-12 11:59:58 +01:00
}
password_check("MySsecretPassword");
2023-01-12 11:59:58 +01:00
?>