PHP download

Download the PHP package dragonbe/hibp without Composer

On this page you can find all versions of the php package dragonbe/hibp. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download dragonbe/hibp
More information about dragonbe/hibp
Files in dragonbe/hibp

Vendor dragonbe
Package hibp
Short Description A package integrating Troy Hunt's HaveIBeenPawnd API for password checking.
License MIT

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of dragonbe/hibp

Informations about the package hibp

Have I been pwned Composer package

To increase security of users on your system, I started building a client for @TroyHunt's Have I Been Pwned? API v2 that will check if a given password was already used in a breach. Many thanks to Mr. Troy Hunt for providing us this service.

Project scope

The goal of this project is to have a composer package that will allow you to quickly verify if a given password (from a registration or password reset form) was found in a data breach so you can inform your users to change their password and thus improving overal security.

This project was also the subject of my talk Mutation Testing with Infection where the code base was not only covered by unit tests, but also was subjected to Mutation Testing using Infection to ensure no coding mistakes could slip into the codebase.

Getting started

First of all you need to add this library to your project. The easiest way is to use Composer.

If you want to quickly test the functionality, copy/paste the following code in a file named hibp.php.

Now run this file to make sure all is working fine.

If all works well, you should see the following result:

Getting number of hits found in HIBP

Sometimes you want to display a number of hits found for a given password. Just call count() on your $hibp instance or call $hibp->count() directly.

This will give you a more detailed view on how many times a password has been used that was found in breaches collected in Have I Been Pwned?.

For more details please check out the unit test directory tests/ to understand what exceptions can occur and what other options there are to use this library.

Roadmap

Even though this is the beginning of the project, I want to make full use of HIBP API by searching on usernames and email addresses to see if they were discovered in breaches. This might be convenient to alert users that they might want to use a more secure password or change all their passwords for the provided credential.

In short, these are the goals I want to accomplish in the near future:

check for existence of credential (username/email address) in HIBP Sites
check for existence of credential (username/email address) in HIBP Pastes

And who knows, maybe when people are using this library more ideas will be provided

Acknowledgement

This library wasn't possible if Mr. Troy Hunt didn't spend his valuable time in feeding breached data in his database and providing his site haveibeenpwned.com. So thank you good sir for putting such great efforts in HIBP.

License

I've provided this project "as-is" and I licensed it with an MIT license so you can use it freely in your projects.

Questions, suggestions, feedback of issues

Please use this project's issue feature to reach out to me with your suggestions. I love your feedback and also interested in the use cases where you have used this library in.

All versions of hibp with dependencies

PHP Build Version

Package Version

Version v0.1.1 Release 30. Sep 2019
create-project require 1 people choosed require and
0 people choosed create-project.

Download

Download latest version of hibp from vendor dragonbe

Requires php Version >= 7.2
guzzlehttp/guzzle Version ^6.3
psr/http-message Version ^1.0
psr/http-client Version ^1.0
ricardofiorani/guzzle-psr18-adapter Version ^1.0
psr/http-factory Version ^1.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package dragonbe/hibp contains the following files

Loading the files please wait ....