dhensby/pwned.php

## pwned.php
#!/usr/bin/env php
<?php

/**
 * Usage: pwned.php '<password>'
 */

// get the first argument as the password
$password = $argv[1];

// no password, give them some usage instructions
if (!$password) {
    echo "Usage: {$argv[0]} '<password>'\n";
    exit;
}

// turn the password into sha1 hash (uppercased)
$sha = strtoupper(sha1($password));

// split at 5th char
$shaStart = substr($sha, 0, 5);
$shaEnd = substr($sha, 5);

// make curl request to password api
$ch = curl_init();
curl_setopt_array($ch, array(
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_URL => 'https://api.pwnedpasswords.com/range/' . $shaStart,
    CURLOPT_USERAGENT => 'ss/cli-password 1.0',
    CURLOPT_HTTPHEADER => array(
        'Accept: text/plain',
    ),
));

$response = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);

// put response into memory so we can loop over each line
$fp = fopen('php://memory', 'r+');
fputs($fp, $response);
rewind($fp);

// search for the hash
$hit = false;
while ($line = fgets($fp)) {
    list($candidateEnd, $count) = explode(':', trim($line), 2);
    if ($candidateEnd === $shaEnd) {
       $hit = true;
       break;
    }
}

// if we hit, let them know
if ($hit) {
    echo "HIT: $count hit";
    if ($count !== 1) {
        echo "s";
    }
} else {
    echo "MISS";
}

echo "\n";

// error exit if we hit
exit ($hit ? 1 : 0);
	#!/usr/bin/env php
	<?php

	/**
	* Usage: pwned.php '<password>'
	*/

	// get the first argument as the password
	$password = $argv[1];

	// no password, give them some usage instructions
	if (!$password) {
	echo "Usage: {$argv[0]} '<password>'\n";
	exit;
	}

	// turn the password into sha1 hash (uppercased)
	$sha = strtoupper(sha1($password));

	// split at 5th char
	$shaStart = substr($sha, 0, 5);
	$shaEnd = substr($sha, 5);

	// make curl request to password api
	$ch = curl_init();
	curl_setopt_array($ch, array(
	CURLOPT_FOLLOWLOCATION => true,
	CURLOPT_RETURNTRANSFER => true,
	CURLOPT_URL => 'https://api.pwnedpasswords.com/range/' . $shaStart,
	CURLOPT_USERAGENT => 'ss/cli-password 1.0',
	CURLOPT_HTTPHEADER => array(
	'Accept: text/plain',
	),
	));

	$response = curl_exec($ch);
	$info = curl_getinfo($ch);
	curl_close($ch);

	// put response into memory so we can loop over each line
	$fp = fopen('php://memory', 'r+');
	fputs($fp, $response);
	rewind($fp);

	// search for the hash
	$hit = false;
	while ($line = fgets($fp)) {
	list($candidateEnd, $count) = explode(':', trim($line), 2);
	if ($candidateEnd === $shaEnd) {
	$hit = true;
	break;
	}
	}

	// if we hit, let them know
	if ($hit) {
	echo "HIT: $count hit";
	if ($count !== 1) {
	echo "s";
	}
	} else {
	echo "MISS";
	}

	echo "\n";

	// error exit if we hit
	exit ($hit ? 1 : 0);