Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mxrxdxn/pwned-passwords

A PHP library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach.
https://github.com/mxrxdxn/pwned-passwords

breach password password-strength passwords php php7 pwnedpasswords security

Last synced: 3 months ago
JSON representation

A PHP library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach.

Host: GitHub
URL: https://github.com/mxrxdxn/pwned-passwords
Owner: mxrxdxn
License: mit
Created: 2018-02-22T22:03:54.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2024-02-09T14:36:19.000Z (about 1 year ago)
Last Synced: 2024-11-14T01:09:49.567Z (3 months ago)
Topics: breach, password, password-strength, passwords, php, php7, pwnedpasswords, security
Language: PHP
Size: 104 KB
Stars: 30
Watchers: 3
Forks: 4
Open Issues: 2
Metadata Files:
- Readme: readme.md
- License: LICENSE

Awesome Lists containing this project

README

        # PwnedPasswords

A library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach.

# Requirements

 - PHP >= 7.2

# Installation

Installing PwnedPasswords is made easy via Composer. Just require the package using the command below, and you are ready to go.

    composer require mxrxdxn/pwned-passwords

    

# Usage

To use the library, you can do something along the lines of the following.

```php

require_once('vendor/autoload.php');

$pp = new PwnedPasswords\PwnedPasswords;

$password = '123456789';

$insecure = $pp->isPwned($password); //returns true or false

```

The `isInsecure` method will return true if the password has been found in the PwnedPasswords API, and false if not.

If you want to build your own thresholds (Ex. display a warning if the password has been found more than once and an error if more than 5x) you can call the `isPwned` method like below.

```php

$pp = new PwnedPasswords\PwnedPasswords;

$password = '123456789';

$insecure = $pp->isPwned($password, true);

if ($insecure) {

    echo 'Oh no — pwned!' . "\n";

    echo sprintf('This password has been seen %d time%s before.', $insecure, ($insecure > 1 ? 's' : ''));

} else {

    echo 'All good!';

}

```

# Issues

Please feel free to use the Github issue tracker to post any issues you have with this library.