2014-09-13 17:26:03 -05:00
< ?
//
// Copyright (c) 2014 Mr. Gecko's Media (James Coleman). http://mrgeckosmedia.com/
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
//
require_once ( " header.php " );
2014-09-16 17:24:08 -05:00
connectToDatabase ();
$counts = databaseQuery ( " SELECT value FROM settings WHERE name='email' " );
$count = databaseFetchAssoc ( $counts );
?>
Total count of email and passwords in database is < ? = number_format ( $count [ 'value' ]) ?> .<br />
< ?
$counts = databaseQuery ( " SELECT value FROM settings WHERE name='hashed' " );
2014-09-13 17:26:03 -05:00
$count = databaseFetchAssoc ( $counts );
?>
2014-09-16 17:24:08 -05:00
Total count of hashed passwords in database is < ? = number_format ( $count [ 'value' ]) ?> .<br /><br />
2014-09-13 17:26:03 -05:00
< div class = " jumbotron " >
< div class = " centered " >
2014-09-16 17:24:08 -05:00
< h2 > Check your email </ h2 >
< p >
2014-09-17 07:55:42 -05:00
This checks your email address against passwords and email addresses which have been stolen by hackers . If a match is found , you can have my server email you the password through gmail via ssl with settings to automatically permanently delete sent emails .
2014-09-16 17:24:08 -05:00
</ p >
2014-09-13 17:26:03 -05:00
< p >
2014-09-16 17:24:08 -05:00
< div class = " row " >
< div class = " col-lg-8 " >
< div class = " input-group " >
< input class = " form-control email " type = " text " placeholder = " Email Address " id = " email_field " name = " email " value = " <?=htmlspecialchars( $_REQUEST['email'] , ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?> " />
< span class = " input-group-btn " >
< button class = " btn btn-default " id = " email_check " > Check </ button >
</ span >
2014-09-13 17:26:03 -05:00
</ div >
</ div >
2014-09-16 17:24:08 -05:00
</ div >
2014-09-13 17:26:03 -05:00
</ p >
2014-09-16 17:24:08 -05:00
< span id = " email_loader " ></ span >
< script type = " text/javascript " >
2014-09-17 07:55:42 -05:00
function loadEmail () {
2014-09-17 08:19:39 -05:00
$ ( " #email_loader " ) . html ( " Loading... " );
2014-09-17 07:55:42 -05:00
$ ( " #email_loader " ) . load ( " <?= $_MGM['installPath'] ?>api/email " , { email : $ ( " #email_field " ) . val ()}, function ( response , status , xhr ) {});
}
$ ( " #email_field " ) . keydown ( function ( event ) {
var code = ( event . keyCode == undefined ? event . which : event . keyCode );
if ( code == 13 ) {
loadEmail ();
}
});
2014-09-16 17:24:08 -05:00
$ ( " #email_check " ) . click ( function () {
2014-09-17 07:55:42 -05:00
loadEmail ();
2014-09-16 17:24:08 -05:00
});
</ script >
</ div >
</ div >
< div class = " jumbotron " >
< div class = " centered " >
< h2 > Check your password </ h2 >
< p >
< span style = " color: #ff0000 " > Only enter your password on a website you trust !</ span >< br /> If you trust me and what I say below , go ahead and enter your password .< br />< br />
2014-09-17 09:24:14 -05:00
This field uses < a href = " https://en.wikipedia.org/wiki/JavaScript " target = " _blank " > JavaScript </ a > to check the strength of your password . Clicking the check button will send the < a href = " https://en.wikipedia.org/wiki/Hash_function " target = " _blank " > hash </ a > of your password to my server to check against my hash database for stolen passwords .
2014-09-16 17:24:08 -05:00
</ p >
< p >
< style >
2014-09-16 22:10:07 -05:00
#sha1_field {
font - family : monospace ;
2014-09-13 17:26:03 -05:00
}
2014-09-16 17:24:08 -05:00
#password_score {
height : 5 px ;
}
. score_0 {
width : 1 % ;
background - color : #ff0000;
}
. score_1 {
width : 25 % ;
background - color : #ff7f00;
}
. score_2 {
width : 50 % ;
background - color : #ffff00;
}
. score_3 {
width : 75 % ;
background - color : #7f007f;
}
. score_4 {
width : 100 % ;
background - color : #00ff00;
}
</ style >
< div class = " row " >
< div class = " col-lg-8 " >
< div class = " input-group " >
< input class = " form-control password " type = " password " placeholder = " Password " id = " password_field " />
< span class = " input-group-btn " >
< input class = " btn btn-default " type = " button " id = " password_show " value = " Show " >
</ span >
</ div >
< div id = " password_score " class = " score_0 " >& nbsp ; </ div >
< div id = " password_stats " ></ div >
</ div >
</ div >
< div class = " row " >
< div class = " col-lg-8 " >
< div class = " input-group " >
< input class = " form-control sha1 " type = " text " placeholder = " SHA1 " id = " sha1_field " name = " sha1 " value = " <?=htmlspecialchars( $_REQUEST['sha1'] , ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?> " />
< span class = " input-group-btn " >
< button class = " btn btn-default " id = " hash_check " > Check </ button >
</ span >
</ div >
</ div >
</ div >
< script type = " text/javascript " >
$ ( " #password_show " ) . click ( function () {
if ( $ ( " #password_field " ) . attr ( " type " ) == " password " ) {
$ ( " #password_field " ) . attr ( " type " , " text " );
$ ( " #password_show " ) . val ( " Hide " );
2014-09-13 17:26:03 -05:00
} else {
2014-09-16 17:24:08 -05:00
$ ( " #password_field " ) . attr ( " type " , " password " );
$ ( " #password_show " ) . val ( " Show " );
2014-09-13 17:26:03 -05:00
}
2014-09-16 17:24:08 -05:00
});
2014-09-18 14:40:11 -05:00
var loadingCheckTimer = null ;
2014-09-16 17:24:08 -05:00
$ ( " #password_field " ) . bind ( " input paste " , function ( event ){
2014-09-18 14:40:11 -05:00
if ( typeof zxcvbn != " function " ) {
$ ( " #password_stats " ) . html ( " Loading zxcvbn... " );
if ( loadingCheckTimer == null ) {
loadingCheckTimer = setInterval ( function () {
if ( typeof zxcvbn == " function " ) {
var result = zxcvbn ( $ ( " #password_field " ) . val ());
$ ( " #password_score " ) . attr ( " class " , " score_ " + result . score );
$ ( " #password_stats " ) . html ( " Entropy: " + result . entropy + " <br />Estimated time for hackers to crack: " + result . crack_time_display + " <br />Estimated time for hackers to crack in seconds: " + result . crack_time );
clearInterval ( loadingCheckTimer );
loadingCheckTimer = null ;
}
}, 200 );
}
} else {
var result = zxcvbn ( $ ( this ) . val ());
$ ( " #password_score " ) . attr ( " class " , " score_ " + result . score );
$ ( " #password_stats " ) . html ( " Entropy: " + result . entropy + " <br />Estimated time for hackers to crack: " + result . crack_time_display + " <br />Estimated time for hackers to crack in seconds: " + result . crack_time );
}
2014-09-16 17:24:08 -05:00
$ ( " #sha1_field " ) . val ( CryptoJS . SHA1 ( $ ( this ) . val ()) . toString ());
});
</ script >
</ p >
< span id = " hash_loader " ></ span >
< script type = " text/javascript " >
2014-09-17 07:55:42 -05:00
function loadHash () {
2014-09-17 08:19:39 -05:00
$ ( " #hash_loader " ) . html ( " Loading... " );
2014-09-17 07:55:42 -05:00
$ ( " #hash_loader " ) . load ( " <?= $_MGM['installPath'] ?>api/hash " , { sha1 : $ ( " #sha1_field " ) . val ()}, function ( response , status , xhr ) {});
}
$ ( " #sha1_field " ) . keydown ( function ( event ) {
var code = ( event . keyCode == undefined ? event . which : event . keyCode );
if ( code == 13 ) {
loadHash ();
}
});
2014-09-16 17:24:08 -05:00
$ ( " #hash_check " ) . click ( function () {
2014-09-17 07:55:42 -05:00
loadHash ();
2014-09-16 17:24:08 -05:00
});
</ script >
2014-09-13 17:26:03 -05:00
</ div >
</ div >
2014-09-16 17:24:08 -05:00
This server does not log anything and it is < a href = " https://en.wikipedia.org/wiki/Transport_Layer_Security " target = " _blank " > ssl encrypted </ a >. Any activity done on this page is safe from anyone including myself . If you don ' t trust me , download my source code and re - implement this on your own server .< br />< br />
2014-09-13 17:26:03 -05:00
If you would like to see the top 500 passwords in this database , visit < a href = " https://gec.im/passwords.csv " > https :// gec . im / passwords . csv </ a >.< br />< br />
2014-09-17 07:55:42 -05:00
If you find more stolen passwords , email me at < a href = " mailto:james@coleman.io " > james @ coleman . io </ a > and I will see if I can get data to import .< br />< br />
2014-09-13 17:26:03 -05:00
Recommended password database software to use includes : < a href = " https://lastpass.com/ " target = " _blank " > https :// lastpass . com /</ a > < a href = " https://agilebits.com/onepassword " target = " _blank " > https :// agilebits . com / onepassword </ a > < a href = " http://keepass.info/ " target = " _blank " > http :// keepass . info /</ a >< br />< br />
2014-09-16 17:24:08 -05:00
Source code for this site is at < a href = " https://github.com/GRMrGecko/PasswordCheck " target = " _blank " > https :// github . com / GRMrGecko / PasswordCheck </ a >< br />< br />
External code used is < a href = " https://code.google.com/p/crypto-js/ " target = " _blank " > CryptoJS </ a > , < a href = " https://developers.google.com/recaptcha/docs/php " target = " _blank " > recaptchalib </ a > , < a href = " https://github.com/dropbox/zxcvbn " target = " _blank " > zxcvbn </ a > , < a href = " https://jquery.com/ " target = " _blnak " > jQuery </ a > , and < a href = " http://getbootstrap.com/ " target = " _blank " > Bootstrap </ a >.
2014-09-13 17:26:03 -05:00
< ?
require_once ( " footer.php " );
2014-09-16 17:24:08 -05:00
closeDatabase ();
2014-09-13 17:26:03 -05:00
?>