From 791d8ae80e4c844699cd64b5b4cd8cc060b7685a Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Wed, 10 Jan 2018 19:13:23 +0100
Subject: Added 300million password list

---
 index.php | 41 ++++++++++++++++++++++++++++++++++-------
 1 file changed, 34 insertions(+), 7 deletions(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index 24de549..b520da2 100644
--- a/index.php
+++ b/index.php
@@ -9,6 +9,7 @@
 		<link rel="stylesheet" type="text/css" href="//maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" />
 		<link rel="stylesheet" type="text/css" href="css/main.css" />
 		<link rel="stylesheet" type="text/css" href="css/form.css" />
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css">
 
     <script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
 </head>
@@ -16,7 +17,7 @@
 <body>
   <div class="container">
 
-    <div class="codrops-header" id="headerdiv">
+    <div class="codrops-header animated fadeInDown" id="headerdiv">
       <div class="aligncenter">
         <h1>Is my password on a list? <span>Check if your password has been leaked on a password list.</span></h1>
         <nav class="codrops-demos">
@@ -26,9 +27,10 @@
       </div>
     </div>
 
-    <div class="content bgcolor" id="contentdiv">
+    <div class="content bgcolor animated fadeInUp" id="contentdiv">
       <div class="aligncenter">
         <h2 id="task">Check your password</h2>
+        <p id="txtHint"></p>
       <form method="post" action="" class="input input--kozakura">
         <input class="input__field input__field--kozakura" type="password" id="input-8" name="password" autocomplete="off"/>
         <label class="input__label input__label--kozakura" for="input-8">
@@ -45,32 +47,57 @@
 <?php
     $password = $_POST['password'];
     $passlist1 = file("10million.txt");
-	  
+
     if(empty($_POST['password'])) {
       $found = "emptypass";
     }
 
     if(!empty($_POST['password'])) {
       if(in_array($password."\n", $passlist1)){
+          $hashedpassword = sha1($password);
           $found = "yep";
       } else {
           $found = "nope";
+          $hashedpassword = sha1($password);
       }
     }
 ?>
 <!-- php end -->
 
 <script>
-//php variable value
+//checking passwords
+var hashedpassword ="<?php echo $hashedpassword; ?>";
 var found = "<?php echo $found; ?>";
+var request = new XMLHttpRequest();
+
+request.open('GET', 'https://haveibeenpwned.com/api/v2/pwnedpassword/' + hashedpassword + '?originalPasswordIsAHash=false');
+request.send();
+request.addEventListener('load', function(event) {
+   if (request.status == 200 || found == "yep") {
+     $("#contentdiv").addClass("passfoundbg");
+     $('#task').html('Your password is on a password list! <br />Change it immediately!');
+   } else if (request.status == 404) {
+     $("#contentdiv").addClass("passnotfoundbg");
+     $('#task').html('Your password isn\'t on a password list :)');
+   }
+
+   //console logging
+   if (request.status == 200) {
+     console.log("found on remote password list")
+   }
+   if (request.status == 200 && found == "yep") {
+     console.log("--> found on both password lists!")
+   }
+})
+
+//just for faster local results
 if (found == "yep") {
+  console.log("found on local password list")
   $("#contentdiv").addClass("passfoundbg");
   $('#task').html('Your password is on a password list! <br />Change it immediately!');
-} else if (found == "nope") {
-  $("#contentdiv").addClass("passnotfoundbg");
-  $('#task').html('Your password isn\'t on a password list :)');
 }
 </script>
+
 </div>
 </body>
 </html>
-- 
cgit v1.2.3