PHP Classes

PHP Have I Been Pwned API Search: Check if email addresses are in the HIBP database

Recommend this page to a friend!
  Info   View files Documentation   View files View files (18)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2023-02-06 (18 days ago) RSS 2.0 feedNot yet rated by the usersTotal: 22 This week: 1All time: 10,818 This week: 115Up
Version License PHP version Categories
hibp-search 1.0GNU General Publi...5Email, PHP 5, Searching, Security, Gl...
Description Author

This package provides an application to check if email addresses are in the HIBP database.

It provides a Web page to let users enter a list of email addresses.

The application sends AJAX requests to the Have I Been Pwned service API to check if the email addresses are associated with passwords used in a compromised site.

Picture of Ákos Nikházy
Name: Ákos Nikházy <contact>
Classes: 8 packages by
Country: Hungary Hungary
Innovation award
Innovation award
Nominee: 1x

Details

hibp-search

Using Have I Been Pwned API, this PHP software checks a list of emails against HIBP database and reports on emails found in the database. This is an easy way to check if a list of email has items in leaked user databases.

Usage

You need a local or online webserver to use this. Copy the files in a folder in www or htdocs, and it is ready to use. The base password is admin. Change this as soon as possible, especially if you use it on an online webserver.

Setup

In the req folder you find a settings.php file. Edit this to customize the program. You can turn off password protection, change language and this is where you set up your own email list too.

Put your email address list in the lists folder, then in the settings.php edit the $fileName variable to match the list file's name. Any txt file works, you do not have to format it any way, the only condition is that email addresses should be seperated somehow.

Design

I made this whole thing on the fly without planning to use it at my company. We didn't use it as the management couldn't trust an outside server (the API) to check the emails this way. Because I built this fast it uses mixed PHP and HTML, no templating. For the API calls it uses javascript / ajax, that also mixed with PHP for settings. I do not really like this kind of programming (most of the time I keep php, javascript and HTML seperate), but this was faster this way.

The password protection and language support is me overdoing it after it failed to be used at work and started planning to upload it here.

  Files folder image Files  
File Role Description
Files folder imageajax (2 files)
Files folder imagelang (2 files)
Files folder imagelists (1 file)
Files folder imagereports (1 file)
Files folder imagereq (2 files)
Files folder imageresources (2 directories)
Accessible without login Plain text file .htaccess Data Auxiliary data
Accessible without login Plain text file changePW.php Appl. Application script
Accessible without login Plain text file index.php Appl. Application script
Accessible without login Plain text file LICENSE Lic. License text
Accessible without login Plain text file logout.php Appl. Application script
Accessible without login Plain text file pw.txt Data Auxiliary data
Accessible without login Plain text file README.md Doc. Documentation
Accessible without login Plain text file reports.php Appl. Application script

  Files folder image Files  /  ajax  
File Role Description
  Accessible without login Plain text file report.php Aux. Auxiliary script
  Accessible without login Plain text file save.php Aux. Auxiliary script

  Files folder image Files  /  lang  
File Role Description
  Accessible without login Plain text file en.php Aux. Auxiliary script
  Accessible without login Plain text file hu.php Aux. Auxiliary script

  Files folder image Files  /  lists  
File Role Description
  Accessible without login Plain text file email-list-test.txt Doc. Documentation

  Files folder image Files  /  reports  
File Role Description
  Accessible without login Plain text file 2018-05-25_8-11-33.json Data Auxiliary data

  Files folder image Files  /  req  
File Role Description
  Accessible without login Plain text file functions.php Aux. Auxiliary script
  Accessible without login Plain text file settings.php Aux. Auxiliary script

  Files folder image Files  /  resources  
File Role Description
Files folder imagecss (1 file)
Files folder imagejs (1 file)

  Files folder image Files  /  resources  /  css  
File Role Description
  Accessible without login Plain text file main.css Data Auxiliary data

  Files folder image Files  /  resources  /  js  
File Role Description
  Accessible without login Plain text file jq.js Data Auxiliary data

 Version Control Unique User Downloads Download Rankings  
 100%
Total:22
This week:1
All time:10,818
This week:115Up