{"id":25181799,"url":"https://github.com/glocktober/phpchain","last_synced_at":"2026-05-15T01:34:04.916Z","repository":{"id":270138734,"uuid":"458572790","full_name":"Glocktober/PHPChain","owner":"Glocktober","description":"A more or less complete re-write and update of the original PHPchain Password management system - supports mysql and sqlite","archived":false,"fork":false,"pushed_at":"2022-02-12T16:14:54.000Z","size":265,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-18T18:36:38.460Z","etag":null,"topics":["password","password-manager","php","security"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Glocktober.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-12T16:14:10.000Z","updated_at":"2023-07-19T19:33:49.000Z","dependencies_parsed_at":"2024-12-28T23:02:58.858Z","dependency_job_id":null,"html_url":"https://github.com/Glocktober/PHPChain","commit_stats":null,"previous_names":["glocktober/phpchain"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Glocktober/PHPChain","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Glocktober%2FPHPChain","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Glocktober%2FPHPChain/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Glocktober%2FPHPChain/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Glocktober%2FPHPChain/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Glocktober","download_url":"https://codeload.github.com/Glocktober/PHPChain/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Glocktober%2FPHPChain/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33050289,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"online","status_checked_at":"2026-05-14T02:00:06.663Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["password","password-manager","php","security"],"created_at":"2025-02-09T17:28:10.934Z","updated_at":"2026-05-15T01:34:04.894Z","avatar_url":"https://github.com/Glocktober.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"PHPChain\n----\n\n-- Summary\n\nThis system will securely store passwords in a database, using (by \ndefault) blowfish encryption. The objective is to provide a site which \nusers can log into from anywhere and retrieve their passwords, should they \nforget them. There are Windows applications which will perform the same \nfunction (for example, http://www.pc-shareware.com/guardian.htm or  \nhttp://www.moonsoftware.com/pwagent.asp ). The  advantage to this system is \nthat it is accessable from anywhere that you have a net connection and a \nweb browser.\n\n\n-- Requirements\n\nThe system requires PHP4 with MySQL support, and libmcrypt support. See \nthis page for information on mcrypt: \n\nhttp://www.php.net/manual/en/ref.mcrypt.php\n\nIt's STRONGLY recommended that you run this system on a web server with SSL \nsupport. If the site is not secured using SSL, the whole point of having a \nsecure database is lost. Configuring SSL is beyond the scope of this \ndocument. See the following site for information:\n\nhttp://www.modssl.org/\n\n===============================================================================\nIF YOU DO NOT USE SSL. YOUR PASSWORDS WILL BE SENT PLAINTEXT OVER THE INTERNET!\n===============================================================================\n\nThe system was built on and tested with apache 1.3.27, PHP 4.2.2, mod_ssl \n2.8.14 with OpenSSL 0.9.7b, all running on Linux. Other platforms may also \nwork, but have not been tested.\n\n\n-- Licensing\n\nPHPChain is available under the terms of the GNU Generl Public License (GPL).\nA copy of the GPL is included in the archive.\n\n\n-- Security\n\nThis system will store a site name, URL (if applicable), login and \npassword. All this data is encrypted using the Blowfish algorithm in CBC \nmode. If you wish to change this, see the functions in the file \ninc/crypt.php and the PHP mcrypt page referenced above for further \ninformation.\n\nEach user's password to actually log into the system is not stored in the \ndatabase. Instead, when their login is created, a random 12 character \nstring is generated and then added to itself, producing a 24 character \nstring. This value is then encrypted using the key provided by the user \nand stored in the database.\n At login time, this value is retrieved from the database and decrypted. \nIf the first 12 characters match the last 12 characters, the login is \nconsidered to be valid. Since the decryption key is never stored in the \ndatabase, this adds an additional level of security should the database \never be compromised. The chances of a random key decoding the stored value \nsuch that the first 12 characters matched the last 12 are absolutely \nminiscule. In the incredibly unlikely event that this happened, the data \nwould still be secure, since the key is invalid for the actual decoding.\n\nThe key itself is stored as an md5 hash as a cookie in the client's \nbrowser for the duration of the session. This may present a security risk \nin browsers that  do not remove invalid cookies when the browser is \nclosed. To be safe, users should click the logout button when they're \ndone, which not only explicitely removes the cookies, but overwrites the \nkey cookie with garbage data before removing it.\n\nOnly 3 failed login attempts are allowed per 10 minutes. Failed login \nattempts are also logged and reported to the user on their subsequent \nlogin.\n\n\n-- Contact Information\n\nThe website for this tool is at http://www.globalmegacorp.org/PHPChain\nThe author's email is james@globalmegacorp.org\n\nIf you think you've discovered a security problem with this system, please \ncontact me immediately.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglocktober%2Fphpchain","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fglocktober%2Fphpchain","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglocktober%2Fphpchain/lists"}