PHP Classes

PHP Have I Been Pwned API Search: Check if email addresses are in the HIBP database

Recommend this page to a friend!
  Info   View files Documentation   View files View files (18)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog (1)    
Ratings Unique User Downloads Download Rankings
Not yet rated by the usersTotal: 51 This week: 1All time: 10,634 This week: 560Up
Version License PHP version Categories
hibp-search 1.0GNU General Publi...5Email, PHP 5, Searching, Security, Gl...
Description 

Author

This package provides an application to check if email addresses are in the HIBP database.

It provides a Web page to let users enter a list of email addresses.

The application sends AJAX requests to the Have I Been Pwned service API to check if the email addresses are associated with passwords used in a compromised site.

Innovation Award
PHP Programming Innovation award nominee
February 2023
Number 5
Have I Been Pwned is a service that keeps track of sites with security issues, and it was possible to access the user accounts database containing the user passwords.

This service provides a Web page and API so other people and external applications can check if a given email address was found in any of the sites that had the security compromised.

This package provides a simple PHP application to check if a list of email addresses was found in the Have I Been Pwned database using AJAX to send requests to the service API.

Manuel Lemos
Picture of Ákos Nikházy
Name: Ákos Nikházy <contact>
Classes: 9 packages by
Country: Hungary Hungary
Age: 36
All time rank: 4773 in Hungary Hungary
Week rank: 109 Up2 in Hungary Hungary Up
Innovation award
Innovation award
Nominee: 1x

Documentation

hibp-search

Using Have I Been Pwned API, this PHP software checks a list of emails against HIBP database and reports on emails found in the database. This is an easy way to check if a list of email has items in leaked user databases.

Usage

You need a local or online webserver to use this. Copy the files in a folder in www or htdocs, and it is ready to use. The base password is admin. Change this as soon as possible, especially if you use it on an online webserver.

Setup

In the req folder you find a settings.php file. Edit this to customize the program. You can turn off password protection, change language and this is where you set up your own email list too.

Put your email address list in the lists folder, then in the settings.php edit the $fileName variable to match the list file's name. Any txt file works, you do not have to format it any way, the only condition is that email addresses should be seperated somehow.

Design

I made this whole thing on the fly without planning to use it at my company. We didn't use it as the management couldn't trust an outside server (the API) to check the emails this way. Because I built this fast it uses mixed PHP and HTML, no templating. For the API calls it uses javascript / ajax, that also mixed with PHP for settings. I do not really like this kind of programming (most of the time I keep php, javascript and HTML seperate), but this was faster this way.

The password protection and language support is me overdoing it after it failed to be used at work and started planning to upload it here.


  Files folder image Files  
File Role Description
Files folder imageajax (2 files)
Files folder imagelang (2 files)
Files folder imagelists (1 file)
Files folder imagereports (1 file)
Files folder imagereq (2 files)
Files folder imageresources (2 directories)
Accessible without login Plain text file .htaccess Data Auxiliary data
Accessible without login Plain text file changePW.php Appl. Application script
Accessible without login Plain text file index.php Appl. Application script
Accessible without login Plain text file LICENSE Lic. License text
Accessible without login Plain text file logout.php Appl. Application script
Accessible without login Plain text file pw.txt Data Auxiliary data
Accessible without login Plain text file README.md Doc. Documentation
Accessible without login Plain text file reports.php Appl. Application script

  Files folder image Files  /  ajax  
File Role Description
  Accessible without login Plain text file report.php Aux. Auxiliary script
  Accessible without login Plain text file save.php Aux. Auxiliary script

  Files folder image Files  /  lang  
File Role Description
  Accessible without login Plain text file en.php Aux. Auxiliary script
  Accessible without login Plain text file hu.php Aux. Auxiliary script

  Files folder image Files  /  lists  
File Role Description
  Accessible without login Plain text file email-list-test.txt Doc. Documentation

  Files folder image Files  /  reports  
File Role Description
  Accessible without login Plain text file 2018-05-25_8-11-33.json Data Auxiliary data

  Files folder image Files  /  req  
File Role Description
  Accessible without login Plain text file functions.php Aux. Auxiliary script
  Accessible without login Plain text file settings.php Aux. Auxiliary script

  Files folder image Files  /  resources  
File Role Description
Files folder imagecss (1 file)
Files folder imagejs (1 file)

  Files folder image Files  /  resources  /  css  
File Role Description
  Accessible without login Plain text file main.css Data Auxiliary data

  Files folder image Files  /  resources  /  js  
File Role Description
  Accessible without login Plain text file jq.js Data Auxiliary data

 Version Control Unique User Downloads Download Rankings  
 100%
Total:51
This week:1
All time:10,634
This week:560Up