<? // // Copyright (c) 2014 Mr. Gecko's Media (James Coleman). http://mrgeckosmedia.com/ // // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal // in the Software without restriction, including without limitation the rights // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell // copies of the Software, and to permit persons to whom the Software is // furnished to do so, subject to the following conditions: // // The above copyright notice and this permission notice shall be included in // all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // THE SOFTWARE. // require_once("header.php"); connectToDatabase(); $counts = databaseQuery("SELECT value FROM settings WHERE name='email'"); $count = databaseFetchAssoc($counts); ?> Total count of email and passwords in database is <?=number_format($count['value'])?>.<br /> <? $counts = databaseQuery("SELECT value FROM settings WHERE name='hashed'"); $count = databaseFetchAssoc($counts); ?> Total count of hashed passwords in database is <?=number_format($count['value'])?>.<br /><br /> <div class="jumbotron"> <div class="centered"> <h2>Check your email</h2> <p> This checks your email address against passwords and email addresses which have been stolen by hackers. If a match is found, you can have my server email you the password through gmail via ssl with settings to automatically permanently delete sent emails. </p> <p> <div class="row"> <div class="col-lg-8"> <div class="input-group"> <input class="form-control email" type="text" placeholder="Email Address" id="email_field" name="email" value="<?=htmlspecialchars($_REQUEST['email'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" /> <span class="input-group-btn"> <button class="btn btn-default" id="email_check">Check</button> </span> </div> </div> </div> </p> <span id="email_loader"></span> <script type="text/javascript"> function loadEmail() { $("#email_loader").html("Loading..."); $("#email_loader").load("<?=$_MGM['installPath']?>api/email", {email: $("#email_field").val()}, function(response, status, xhr) {}); } $("#email_field").keydown(function(event) { var code = (event.keyCode==undefined ? event.which : event.keyCode); if (code==13) { loadEmail(); } }); $("#email_check").click(function() { loadEmail(); }); </script> </div> </div> <div class="jumbotron"> <div class="centered"> <h2>Check your password</h2> <p> <span style="color: #ff0000">Only enter your password on a website you trust!</span><br />If you trust me and what I say below, go ahead and enter your password.<br /><br /> This field uses <a href="https://en.wikipedia.org/wiki/JavaScript" target="_blank">JavaScript</a> to check the strength of your password. Clicking the check button will send the <a href="https://en.wikipedia.org/wiki/Hash_function" target="_blank">hash</a> of your password to my server to check against my hash database for stolen passwords. </p> <p> <style> #sha1_field { font-family:monospace; } #password_score { height: 5px; } .score_0 { width: 1%; background-color: #ff0000; } .score_1 { width: 25%; background-color: #ff7f00; } .score_2 { width: 50%; background-color: #ffff00; } .score_3 { width: 75%; background-color: #7f007f; } .score_4 { width: 100%; background-color: #00ff00; } </style> <div class="row"> <div class="col-lg-8"> <div class="input-group"> <input class="form-control password" type="password" placeholder="Password" id="password_field" /> <span class="input-group-btn"> <input class="btn btn-default" type="button" id="password_show" value="Show"> </span> </div> <div id="password_score" class="score_0"> </div> <div id="password_stats"></div> </div> </div> <div class="row"> <div class="col-lg-8"> <div class="input-group"> <input class="form-control sha1" type="text" placeholder="SHA1" id="sha1_field" name="sha1" value="<?=htmlspecialchars($_REQUEST['sha1'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" /> <span class="input-group-btn"> <button class="btn btn-default" id="hash_check">Check</button> </span> </div> </div> </div> <script type="text/javascript"> $("#password_show").click(function() { if ($("#password_field").attr("type")=="password") { $("#password_field").attr("type", "text"); $("#password_show").val("Hide"); } else { $("#password_field").attr("type", "password"); $("#password_show").val("Show"); } }); $("#password_field").bind("input paste", function(event){ var result = zxcvbn($(this).val()); $("#password_score").attr("class", "score_"+result.score); $("#password_stats").html("Entropy: "+result.entropy+"<br />Estimated time for hackers to crack: "+result.crack_time_display+"<br />Estimated time for hackers to crack in seconds: "+result.crack_time); $("#sha1_field").val(CryptoJS.SHA1($(this).val()).toString()); }); </script> </p> <span id="hash_loader"></span> <script type="text/javascript"> function loadHash() { $("#hash_loader").html("Loading..."); $("#hash_loader").load("<?=$_MGM['installPath']?>api/hash", {sha1: $("#sha1_field").val()}, function(response, status, xhr) {}); } $("#sha1_field").keydown(function(event) { var code = (event.keyCode==undefined ? event.which : event.keyCode); if (code==13) { loadHash(); } }); $("#hash_check").click(function() { loadHash(); }); </script> </div> </div> This server does not log anything and it is <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security" target="_blank">ssl encrypted</a>. Any activity done on this page is safe from anyone including myself. If you don't trust me, download my source code and re-implement this on your own server.<br /><br /> If you would like to see the top 500 passwords in this database, visit <a href="https://gec.im/passwords.csv">https://gec.im/passwords.csv</a>.<br /><br /> If you find more stolen passwords, email me at <a href="mailto:james@coleman.io">james@coleman.io</a> and I will see if I can get data to import.<br /><br /> Recommended password database software to use includes: <a href="https://lastpass.com/" target="_blank">https://lastpass.com/</a> <a href="https://agilebits.com/onepassword" target="_blank">https://agilebits.com/onepassword</a> <a href="http://keepass.info/" target="_blank">http://keepass.info/</a><br /><br /> Source code for this site is at <a href="https://github.com/GRMrGecko/PasswordCheck" target="_blank">https://github.com/GRMrGecko/PasswordCheck</a><br /><br /> External code used is <a href="https://code.google.com/p/crypto-js/" target="_blank">CryptoJS</a>, <a href="https://developers.google.com/recaptcha/docs/php" target="_blank">recaptchalib</a>, <a href="https://github.com/dropbox/zxcvbn" target="_blank">zxcvbn</a>, <a href="https://jquery.com/" target="_blnak">jQuery</a>, and <a href="http://getbootstrap.com/" target="_blank">Bootstrap</a>. <? require_once("footer.php"); closeDatabase(); ?>