Browse Source

Changed terminalogy to stolen as that is what it really is. Added return key detection for SHA1 field and Email Address field. Will not add for password field as I do not want any activity with the password field to make internet calls. The user should be forced to click the check button to send the hash.

master
GRMrGecko 10 years ago
parent
commit
208d69e360
  1. 2
      code/api.php
  2. 32
      code/index.php
  3. 2
      readme.md

2
code/api.php

@ -189,7 +189,7 @@ if ($_MGM['path'][1]=="email") {
$entries = databaseQuery("SELECT * FROM `sha1` WHERE `hash`=%s", $_REQUEST['sha1']);
$entry = databaseFetchAssoc($entries);
if ($entry!=null) {
?><h3 style="color: #ff0000">Password seems to have been leaked to hackers via <?=$entry['leak']?>.</h3><?
?><h3 style="color: #ff0000">Password was stolen by hackers via <?=$entry['leak']?>.</h3><?
} else {
?><h3>No leaks known in this database.</h3><?
}

32
code/index.php

@ -37,7 +37,7 @@ Total count of hashed passwords in database is <?=number_format($count['value'])
<div class="centered">
<h2>Check your email</h2>
<p>
This checks your email address against leaks of passwords and email addresses. If a match is found, you can have my server email you the password through gmail via ssl with settings to automatically permanently delete sent emails.
This checks your email address against passwords and email addresses which have been stolen by hackers. If a match is found, you can have my server email you the password through gmail via ssl with settings to automatically permanently delete sent emails.
</p>
<p>
<div class="row">
@ -53,10 +53,17 @@ Total count of hashed passwords in database is <?=number_format($count['value'])
</p>
<span id="email_loader"></span>
<script type="text/javascript">
function loadEmail() {
$("#email_loader").load("<?=$_MGM['installPath']?>api/email", {email: $("#email_field").val()}, function(response, status, xhr) {});
}
$("#email_field").keydown(function(event) {
var code = (event.keyCode==undefined ? event.which : event.keyCode);
if (code==13) {
loadEmail();
}
});
$("#email_check").click(function() {
$("#email_loader").load("<?=$_MGM['installPath']?>api/email", {email: $("#email_field").val()}, function(response, status, xhr) {
});
loadEmail();
});
</script>
</div>
@ -66,7 +73,7 @@ Total count of hashed passwords in database is <?=number_format($count['value'])
<h2>Check your password</h2>
<p>
<span style="color: #ff0000">Only enter your password on a website you trust!</span><br />If you trust me and what I say below, go ahead and enter your password.<br /><br />
This field uses <a href="https://en.wikipedia.org/wiki/JavaScript" target="_blank">JavaScript</a> to check the strength of your password. Clicking the check button will <a href="https://en.wikipedia.org/wiki/Hash_function" target="_blank">hash</a> your password using JavaScript and send the hash to my server to check against my hash database for leaked passwords.
This field uses <a href="https://en.wikipedia.org/wiki/JavaScript" target="_blank">JavaScript</a> to check the strength of your password. Clicking the check button will <a href="https://en.wikipedia.org/wiki/Hash_function" target="_blank">hash</a> your password using JavaScript and send the hash to my server to check against my hash database for stolen passwords.
</p>
<p>
<style>
@ -139,17 +146,24 @@ Total count of hashed passwords in database is <?=number_format($count['value'])
</p>
<span id="hash_loader"></span>
<script type="text/javascript">
function loadHash() {
$("#hash_loader").load("<?=$_MGM['installPath']?>api/hash", {sha1: $("#sha1_field").val()}, function(response, status, xhr) {});
}
$("#sha1_field").keydown(function(event) {
var code = (event.keyCode==undefined ? event.which : event.keyCode);
if (code==13) {
loadHash();
}
});
$("#hash_check").click(function() {
$("#hash_loader").load("<?=$_MGM['installPath']?>api/hash", {sha1: $("#sha1_field").val()}, function(response, status, xhr) {
});
loadHash();
});
</script>
</div>
</div>
This server does not log anything and it is <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security" target="_blank">ssl encrypted</a>. Any activity done on this page is safe from anyone including myself. If you don't trust me, download my source code and re-implement this on your own server.<br /><br />
If you would like to see the top 500 passwords in this database, visit <a href="https://gec.im/passwords.csv">https://gec.im/passwords.csv</a>.<br /><br />
If you find another leak of passwords, email me at <a href="mailto:james@coleman.io">james@coleman.io</a> and I will see if I can get data to import.<br /><br />
If you find more stolen passwords, email me at <a href="mailto:james@coleman.io">james@coleman.io</a> and I will see if I can get data to import.<br /><br />
Recommended password database software to use includes: <a href="https://lastpass.com/" target="_blank">https://lastpass.com/</a> <a href="https://agilebits.com/onepassword" target="_blank">https://agilebits.com/onepassword</a> <a href="http://keepass.info/" target="_blank">http://keepass.info/</a><br /><br />
Source code for this site is at <a href="https://github.com/GRMrGecko/PasswordCheck" target="_blank">https://github.com/GRMrGecko/PasswordCheck</a><br /><br />
External code used is <a href="https://code.google.com/p/crypto-js/" target="_blank">CryptoJS</a>, <a href="https://developers.google.com/recaptcha/docs/php" target="_blank">recaptchalib</a>, <a href="https://github.com/dropbox/zxcvbn" target="_blank">zxcvbn</a>, <a href="https://jquery.com/" target="_blnak">jQuery</a>, and <a href="http://getbootstrap.com/" target="_blank">Bootstrap</a>.

2
readme.md

@ -1,4 +1,4 @@
#Password Check
Source code used for https://gec.im/passwords/.
Source code used for https://passwd.gec.im/.
Source code for email server used is at https://github.com/GRMrGecko/EmailScheduler.
Loading…
Cancel
Save