<?php   /* Check Pwned Password with SHA1 (c) 2024 by Michael Engelke (GNU General Public License)
use in Console: php checkpwned.php <password>
Start PHP-Webserver with: "php -S localhost:8080" / open Browser with: http://localhost:8080/checkpwned.php */

$cfg = array(
'mode' => 0, # Index-Variante erstellen // Modes: (0 -> Auto, 1 -> Text 64 Bit, 2 -> Text 32 Bit, 3 -> 32 Bit Packed)
'file' => false,# "pwned-passwords.txt", // Quellname fuer Manueller Angabe (pwned-passwords-sha1-ordered-by-hash.txt)
'idx' => false, # "pwned-passwords.idx", // Filename fuer die Index-Datei
'txt' => false, # "pwned-passwords-*.pdb", // Filename fuer die Data-Datei(en) [* entspricht der ID fuer den 32 Bit-Modus $mode >= 2]
'auto' => true, // Pfade Automatisch ermitteln
'path' => ".", // Arbeitspfad
'name' => "pwned-passwords", // Quell/Zielname fuer Indexdatei und 32 Bit-Data
'index' => "*.idx{,.gz}", // Glob-Pattern fuer Index-Datei
'source' => "*.txt", // Glob-Pattern fuer 64 Bit Hash-Datei oder der Quell-Datei aus haveibeenpwned.com
'data' => "*-??.{txt,pdb}{,.gz}", // Glob-Pattern fuer 32 Bit Hash-Datei(en)
'preg' => "/\.((txt)|(pdb)|(idx))(\.gz)?($)/", // Preg-Pattern fuer Hash-Datei(en)
'cols' => 0, // Konsolen-Textbreite
'cli' => 0, // Konsolen/HTML-Modus (0 -> Auto, 1 -> CLI, 2 -> HTML)
'gzip' => 0, // Bei der 32 Bit Indexerstellung alles mit GZip packen (0 -> Aus, 1 -> GZip)
'debug' => 0, // Debug-Modus ($cfg ausgeben)
'buffer' => 128, // Maximale groesse des Lesebuffers
'nl' => "\n", // Newline
'eye' => "&#128065;", // Unicode-Zeichen: Open Eye
'rev' => "https://sha1.gromweb.com/?hash=$&", // Dienst um Hashes zu knacken (https://hashtoolkit.com/decrypt-hash/?hash=$&)
);

function
dot($a="",$b=0) { // Konsolenausgabe
global $cfg;
if(
$cfg['cli'] == 1)
if(!
$a or strlen($a) > 4) // Normalen Text ausgeben
echo "$a$cfg[nl]";
elseif(
$a = (hexdec($a) * $cfg['cols'] >> 16) - $b) { // Progressinfo
$b += $a;
echo
str_repeat(".",$a);
}
return
$b;
}
function
auto($mode = 0) { // Modus erkennen und Pfade fuer Index und Hash-Dateien ermitteln
global $cfg;
if(!
$cfg['mode'] or !$cfg['idx'] or !$cfg['txt']) {
$dir = dirname(__FILE__);
$cfg['path'] = is_dir($cfg['path']) ? realpath($cfg['path']) : $dir;
if(!
$cfg['txt'])
foreach(array(
$cfg['file'],
"$cfg[path]/$cfg[name]$cfg[data]",
"$cfg[path]/$cfg[name]$cfg[source]",
"$cfg[name]$cfg[data]",
"$cfg[name]$cfg[source]",
"$dir/$cfg[name]$cfg[data]",
"$dir/$cfg[name]$cfg[source]") as $var)
if(
$var and $list = glob($var,GLOB_BRACE) and preg_match($cfg['preg'],$list[0],$m)) {
$list = array_unique($list);
if(
count($list) == 1 and $m[2]) {
$cfg['txt'] = $list[0];
if(!
$mode)
$mode = (PHP_INT_SIZE > 4) ? 1 : 2;
}
elseif(
count($list) == 256) {
$cfg['txt'] = preg_replace('/-00\b/','*',$list[0]);
$mode = $m[2] ? 2 : ($m[3] ? 3 : 0);
}
break;
}
if(!
$cfg['idx']) {
$glob = array(
dirname($cfg['file'])."/$cfg[index]",
"$cfg[path]/$cfg[name]$cfg[index]",
"$cfg[name]$cfg[index]",
"$dir/$cfg[name]$cfg[index]");
if(
$cfg['txt'])
array_unshift($glob,preg_replace($cfg['preg'],$cfg['index'],$cfg['txt']));
foreach(
$glob as $var)
if(
$var and $list = glob($var,GLOB_BRACE) and preg_match($cfg['preg'],$list[0],$m) and $m[4]) {
$cfg['idx'] = $list[0];
break;
}
}
}
return
$cfg['mode'] = $mode;
}
function
makeIndex($mode) { // Index/Hash-Datei(en) erstellen
global $cfg;
@
set_time_limit(0);
if(
$mode and file_exists($cfg['txt'])) {
$time = microtime(true);
$data = $read = $wp = $pd = $num = 0;
if((
$mode == 1) and PHP_INT_SIZE > 4) { // 64 Bit (Keine GZip Unterstuetzung)
dot("Create Index for Mode 1 (64 Bit)");
$file = preg_replace('/(\.txt)?$/i','.idx',$cfg['txt'],1);
if(
$lp = fopen($cfg['txt'],'r') and $ip = fopen($file,'w')) {
while(
$line = fgets($lp,$cfg['buffer'])) {
if(
$data != substr($line,0,4)) {
$data = substr($line,0,4);
fwrite($ip,"$data:$read$cfg[nl]");
$pd = dot($data,$pd);
}
$read += strlen($line);
$num++;
}
fwrite($ip,"----:$read$cfg[nl]");
fclose($ip);
fclose($lp);
dot();
$cfg['idx'] = $file;
}
else
dot("$cfg[txt] could not be opened or $cfg[idx] could not be created");
}
elseif(
$mode == 2 or $mode == 3) { // 32 Bit (Optional mit GZip Unterstuetzung)
dot("Create Index for Mode $mode (32 Bit)");
$var = array(0,0,"txt","pdb");
$file = "$cfg[path]/$cfg[name].idx";
$files = "$cfg[path]/$cfg[name]*.".$var[$mode];
if(
$cfg['gzip']) {
$func = 'gz';
$om = 'wb9';
$file .= ".gz";
$files .= ".gz";
}
else {
$func = 'f';
$om = 'w';
}
$id = $data = $cache = "";
if(
$lp = fopen($cfg['txt'],'r') and $ip = call_user_func($func."open",$file,$om)) {// Create Index (32 Bit Mode)
while($line = fgets($lp,$cfg['buffer'])) {
if(
$id !== substr($line,0,2)) { // Neue Hash-Datei
$id = substr($line,0,2);
$read = 0;
if(
$wp) {
if(
$cache) {
call_user_func($func."write",$wp,$cache);
$cache = "";
}
fclose($wp);
}
$wp = call_user_func($func."open",str_replace('*',"-$id",$files),$om);
}
if(
$data !== substr($line,0,4)) { // Neuer Index
if($wp and $cache) {
call_user_func($func."write",$wp,$cache);
$cache = "";
}
$data = substr($line,0,4);
call_user_func($func."write",$ip,"$data:$read$cfg[nl]");
$pd = dot($data,$pd);
}
if(
$mode == 3) { // mode: 3 (.pdb)
$int = decbin(intval(substr($line,41)));
$int = base_convert(decbin((strlen($int)+1) >> 3).str_repeat(0,(8-(strlen($int)+2)&7)&7).$int,2,16);
$cache .= $var = hex2bin(substr($line,4,36)).hex2bin(((strlen($int) & 1) ? "0" : "").$int);
}
else
$cache .= $var = rtrim($line).$cfg['nl']; // mode: 2 (.txt)
$read += strlen($var);
$num++;
}
if(
$cache)
call_user_func($func."write",$wp,$cache);
call_user_func($func."write",$ip,"----:$read$cfg[nl]"); // final index
call_user_func($func."close",$wp);
call_user_func($func."close",$ip);
fclose($lp);
dot();
$cfg['txt'] = $files;
$cfg['idx'] = $file;
}
}
else
dot("Indexing not possible");
if(
$num) {
$time = microtime(true) - $time;
dot("Processes ".number_format($num / $time,0,0,'.')." hashes per second out of ".number_format($num,0,0,'.')." total hashes in ".gmdate('H:i:s',floor($time)));
}
}
else
dot("Need pwned-passwords-sha1-ordered-by-hash.txt");
return
$cfg['idx'];
}
function
searchPwned($hash) { // Hash in der Datenbank suchen
global $cfg;
$hash = strtoupper($hash);
$pwn = 0;
if(
$hash and $cfg['mode'] and $cfg['idx'] and $cfg['txt']) {
$file = ($cfg['mode'] == 1) ? $cfg['txt'] : str_replace('*',"-".substr($hash,0,2),$cfg['txt']);
if(
$fp = gzopen($cfg['idx'],'r')) { // Alle Daten sind zum Suchen vorhanden
$var = substr($hash,0,4); // Die ersten 4 Zeichen vom Hash
$top = $end = 0;
while(
$line = gzgets($fp,$cfg['buffer']))
if(
$var === substr($line,0,4)) {
$top = trim(substr($line,5)); // Offset von Start
$end = trim(substr(gzgets($fp,$cfg['buffer']),5)); // Offset vom Ende
break;
}
gzclose($fp);
$line = "";
if(
$top or $end) { // Index gefunden
if(!$end)
$end--;
$read = $end - $top; // Maximalen Bereich festlegen
if($cfg['mode'] == 1 and PHP_INT_SIZE > 4 and $fp = fopen($file,'r')) { // 64 Bit-Mode (Ohne GZip unterstuetzung)
fseek($fp,$top);
while((
$read -= strlen($line)) and $line = fgets($fp,$cfg['buffer']))
if(
$hash === substr($line,0,40)) {
$pwn = trim(substr($line,41));
break;
}
fclose($fp);
}
elseif(
$cfg['mode'] > 1 and $fp = gzopen($file,'r')) { // 32 Bit-Mode
gzseek($fp,$top); // Zur richtigen Stelle springen
if($cfg['mode'] == 2) { // Text-Modus
while(($read -= strlen($line)) and $line = gzgets($fp,$cfg['buffer']))
if(
$hash === substr($line,0,40)) { // Hash vergleichen
$pwn = trim(substr($line,41)); // Vorkommen ermitteln
break; // GEFUNDEN!
}
}
elseif(
$cfg['mode'] == 3) { // Binaer-Modus
$len = -19;
$var = hex2bin(substr($hash,4));
while((
$read -= (19 + $len)) and $line = gzread($fp,19)) {
$int = hexdec(bin2hex(substr($line,-1))); // Letztes High-wert mit Laengenangabe
if($len = ($int >> 6)) // Laengenangabe ermitteln
$low = gzread($fp,$len); // Letzte Daten lesen
if($var === substr($line,0,18)) { // Hash vergleichen
$pwn = ($int & 63) * (1 << ($len * 8)); // Vorkommen ermitteln
if($len) // Rest aufaddieren
$pwn += hexdec(bin2hex($low));
break;
// GEFUNDEN!
}
}
}
gzclose($fp);
}
else
dot("$file could not be opened");
}
else
dot("Hash not found");
}
else
dot("$cfg[idx] could not be opened");
}
return
$pwn;
}
if(
$cfg['cli'] == 1 or !$cfg['cli'] and isset($argc) and $argc and isset($argv) and is_array($argv) and count($argv)) { // Konsole
$cfg['cli'] = 1;
if(
$argc == 1) // Hilfe ausgeben
echo basename($argv[0])." <mode:0-3> <file:pwned-passwords.txt> <path:.> <password>\n
mode: (for hashfile) 0: auto, 1: singel (64 bit), 2: splited, 3: packed
file: source hashfile (pwned-passwords-sha1-ordered-by-hash.txt)
path: workingdir / name: filename for hashfiles\n"
;
else {
// Konsole vorbereiten
$hash = array();
$pwn = null;
for(
$a=1; $a<$argc; $a++) // $cfg-Parmeter aendern
if(preg_match('/^-?(\w+)[:=](["\']?)(.*?)\2$/',$argv[$a],$var) and isset($cfg[$var[1]]))
$cfg[$var[1]] = $var[3];
else
// Kennwort mit leerzeichen setzen
$hash[] = $argv[$a];
$hash = $hash ? strtoupper((count($hash) == 1 and preg_match('/^[\da-f]{40}$/i',$hash[0])) ? $hash[0] : sha1(implode(' ',$hash))) : false;
if(!
$cfg['cols']) { // Konsolen Breite ermitteln
if(isset($_SERVER['HOME']) and isset($_SERVER['TERM']) and isset($_SERVER['SHELL']))
$cfg['cols'] = (file_exists('/usr/bin/tput') and $a = @exec('tput cols') or file_exists('/bin/stty') and $a = preg_replace('!^\d+\D*!','',@exec('stty size'))) ? (int)$a : 0;
elseif(isset(
$_SERVER['SystemDrive']) and isset($_SERVER['SystemRoot']) and isset($_SERVER['APPDATA']) and (@exec('mode con',$var) or true) and is_array($var) and preg_match_all('/(?:(zeilen|lines)|(spalten|columns)|(code\s?page)):\s*(\S+)/',strtolower(implode('',$var)),$val))
foreach(
$val[4] as $key => $var)
if(
$val[2][$key])
$cfg['cols'] = $var;
$cfg['cols'] = max($cfg['cols'],40); // Konsolenbreite festlegen
}
$mode = $cfg['auto'] ? auto($cfg['mode']) : $cfg['mode']; // Pruefen was vorhanden ist ($cfg[mode] - $cfg[idx] - $cfg[txt])
if(!$cfg['idx'])
makeIndex($mode);
if(
$mode and $hash and $cfg['idx'] and $cfg['txt'])
dot("$hash ".(($pwn = searchPwned($hash)) ? "found ".number_format($pwn,0,",",".")." times " : "not found"));
if(
$cfg['debug'])
print_r(compact(explode(',','argc,argv,cfg,mode,hash,pwn')));
}
}
elseif(
$cfg['cli'] == 2 or !$cfg['cli']) { // HTML-Modus
$cfg['cli'] = 2;
$send = isset($_SERVER['PATH_INFO']) ? substr($_SERVER['PATH_INFO'],1) : (isset($_REQUEST['send']) ? $_REQUEST['send'] : (isset($_REQUEST['pass']) ? $_REQUEST['pass'] : false));
$hash = (isset($_REQUEST['pass']) and $hash = $_REQUEST['pass']) ? strtoupper((preg_match('/^\s*([\da-f]{40})\s*$/i',$hash,$var)) ? $var[1] : sha1($hash)) : false;
$mode = $cfg['auto'] ? auto($cfg['mode']) : $cfg['mode']; // Pruefen was vorhanden ist ($cfg[mode] - $cfg[idx] - $cfg[txt])
if(!$cfg['idx'] and $hash) { // Index erstellen?
if(isset($_REQUEST['mode']) and preg_match('/^[0-3]$/',$_REQUEST['mode']))
$mode = intval($_REQUEST['mode']);
makeIndex($mode);
}
if(
$mode and $hash and $cfg['idx'] and $cfg['txt']) { // Kennwort suchen
$pwn = searchPwned($hash);
if(isset(
$_REQUEST['send'])) // HTML-Ausgabe
$pwn = $pwn ? "$hash found ".number_format($pwn,0,0,'.')." times" : "$hash not found";
elseif(isset(
$_REQUEST['pass'])) // AJAX-Ausgabe
die("$hash:$pwn");
}
elseif(
$hash) // Keine Hash-Datei vorhanden
die($cfg['name']);
else
$pwn = "";
$db = $cfg['idx'] ? date('Y/m/d',filemtime($cfg['idx'])) : "not found";
if(
preg_match('/^source(raw)?($)/i',$send,$m)) { // Source-Code ausgeben
$text = $m[1] ? "plain" : "html";
header("Content-Type: text/$text; charset=iso-8859-1");
if(
$m[1]) { // als Plaintext ausgeben
header('Content-Disposition: filename="'.basename(__FILE__).'"');
die(
readfile(__FILE__));
}
elseif(
$html = file(__file__)) { // als HTML ausgeben
foreach($html as $key => $var)
while(
false !== $tab = strpos($html[$key],"\t"))
$html[$key] = substr($html[$key],0,$tab).str_repeat(' ',8-$tab%8).substr($html[$key],$tab+1);
$html = array("","<pre style='white-space:pre-wrap'>".strtr(highlight_string(implode('',$html),true),array('&nbsp;' => ' ', "\r" => '', "\n" => ''))."</pre>");
}
}
else
$html = array("<meta http-equiv='content-type' content='text/html; charset=ut"."f-8' />
<style>
form { display:block; text-align:center; line-height:3em; }
#hl { text-align:center; }
#rs { margin-top:1em; text-align:center; font-size:1.5em; }
#ad { float:right; }
#db { text-align:right; font-size:small; }
#al { display:none; margin-top:1em; margin-left:auto; margin-right:auto; border:none; }
#eye { font-size:2em; display:none; }
.fi { text-align:center; margin:auto; font-size:1.5em; }
</style>
<script type='text/javascript'>
// sha1hmac.js Copyright (C) 2012 Jordi Boggiano (https://gist.github.com/Seldaek/1730205) & 2020-2022 by Michael Engelke
function sha1(m,a,b,c,d,e,f) {
function h(m,r,l,a,b,c) {
if(l && r && r.length)
for(; l--; m[l] += r[l]);
else if(l > 0)
for(a=m, m='', b=0; b < l << 2; b++)
m += String.fromCharCode(a[b >> 2] >>> ((3 - b & 3) << 3) & 255);
if(!r || a === l)
for(a = m, m='', b=0; b < a.length; m += (0 + a.charCodeAt(b++).toString(16)).substr(-2));
return m;
};
function r(n,s) {
return n >>> s | n << 32 - s;
};
for(a = m + '\\x80', b = m.length, d = -1; (a.length & 63) - 56; a += '\\0');
for(c=[]; ++d < a.length; c[d >> 2] |= a.charCodeAt(d) << (((3 - d) & 3) << 3));
c.push(b >>> 29, b << 3);
for(m = [0x67452301,0xEFCDAB89,0x98BADCFE,0x10325476,0xC3D2E1F0], d = [], e=0; e < c.length; h(m,f,5), e += 16)
for(f = m.slice(), a=0; a < 80; f[2] = r(f[2], -30))
f.unshift(r(f[0],-5) + f[4] + (d[a] = a < 16 ? c[a + e] : r(d[a - 3] ^ d[a - 8] ^ d[a - 14] ^ d[a - 16], -1)) + ((b = a++ / 20 | 0) ? --b ? --b ? 0xCA62C1D6 + (f[1] ^ f[2] ^ f[3]) : 0x8F1BBCDC + (f[1] & f[2] | f[1] & f[3] | f[2] & f[3]) : 0x6ED9EBA1 + (f[1] ^ f[2] ^ f[3]) : 0x5A827999 + (f[1] & f[2] |~f[1] & f[3])) | 0);
return h(m,0,5);
};
window.onload = function(a,b) {
a = document.forms[0];
pwned = { form:a, pass:a.pass, send:a.send, reset:a.reset };
a.pass.name = a.send.name = a.reset.name = a.name = a.action = a.method = '';
a.setAttribute('onSubmit','return submitForm(this)');
a.send.setAttribute('onClick','return submitForm(this)');
a.reset.setAttribute('onClick','pwned.pass.value=pwned.rs.innerHTML=\"\";pwned.pass.focus()');
a.send.type = 'button';
a.pass.focus();
for(a in {eye:0,rs:1,al:2})
pwned[a] = document.getElementById(a);
a = pwned.eye;
a.style.display = 'inline';
a.setAttribute('onClick','hidepass()');
pwned.x = new XMLHttpRequest();
};
function hidepass(a) {
a = pwned;
if(a.pass.type == 'text')
a.pass.type = 'password',
a.eye.style.color = 'LightGrey';
else
a.pass.type = 'text',
a.eye.style.color = 'black';
a.pass.focus();
}
function submitForm(a,b,c) {
b = pwned.rs;
b.style.display = 'none';
pwned.al.style.display = 'block';
b.innerHTML = '';
b = [pwned.pass.value];
if(/[\\u0080-\\uffff\\x80\\xff]/.exec(b[0]) && (c = b[0].replace(/[\\u0080-\\uffff]+/g,
function(a) {
return unescape(encodeURI(a));
})) != b[0])
b.push(c);
if(/[\\u0100-\\uffff]/.exec(b[0]))
b.shift();
for(c in b) {
if(!(a = pwned.x))
return true;
a.onreadystatechange = function(a,b) {
a = '
$cfg[rev]';
if(this.readyState == 4 && this.status == 200) {
pwned.rs.innerHTML += ((b = /^([\dA-F]{40}):(\d+)$/i.exec(this.responseText))
? (a ? '<span ondblclick=\"window.open(this.innerText.replace(/.+/,\'' + a + '\'))\">' + b[1] + '<\/span>' : b[1])
+ (+b[2] ? ' found ' + b[2].replace(/(\d)(?=(\d{3})+(\D|$))/g,'$1.') + ' time' + (b[2] == '1' ? '' : 's') : ' not found')
: /^[^\\r\\n]+$/.exec(this.responseText) ? this.responseText : sha1(pwned.pass.value) + ' not found') + '<br \/>';
pwned.rs.style.display = 'block';
pwned.al.style.display = 'none';
pwned.pass.setSelectionRange(0,pwned.pass.value.length)
}
};
a.open('POST','',true);
a.setRequestHeader('Content-type','application/x-www-form-urlencoded');
a.send('pass=' + ((c = /^\s*([\dA-F]{40})\s*$|[\s\S]*/i.exec(b[c])) && c[1] ? c[1] : sha1(c[0])));
}
pwned.pass.focus();
return false;
}
</script>"
,"<h1 id='hl'>Check Pwned Password with SHA1</h1>
<form action='#' method='post' name='pwned' autocomplete='off'>
<input class='fi' name='pass' type='text' size='50' autocomplete='off' />
<span id='eye' title='view/hide password'>
$cfg[eye]</span><br />
<input class='fi' name='send' type='submit' value='Check Password' />
<input class='fi' name='reset' type='reset' />
</form>
<div id='rs'>
$pwn</div><img id='al' src='data:image/gif;base64,".preg_replace('/\s+/','',"
R0lGODlhIAAgAKIHABwcHLOzs+Hh4dbW1rq6uoGBgcTExP///yH/C05FVFNDQVBFMi4wAwEAAAAh+QQFBQAHACwAAAAAIAAgAAADzXi6zAWlyUkXuG2IKkNk
F8AYQcAxwvUp4SKUxAleJospRDnIy3MfrcMAxptBbKJDKbApKgKhTWsYMDCoTaXKsW28XDldL1SoGY4c0tLKJe9kywAhy/CEkifqu+KryfYnAitOhEVxMAIG
BYuMg3CHco2NhJBzipKOhZoUgHlFenliMmFydGBLMTxqJWwLq3Khp6JCqFlMElStQjlZLwGAajtLTyWmMr41w7SwhGFvygfOTlSpSiUu0KPFC9lqTqx111fG
FQKdOdWbEwJzRQkAIfkEBQUABwAsAAAAABgAFwAAA0l4utwXLkpZyrwKaDyLBhcxfVZHfaY0kFzkbcpQia1nLERlDfHTPjqL4MfgBYmNXOGGbECaUIaAEKha
kVTrlTjVVqPgsHhMZLYSACH5BAUFAAcALAEAAAAdAA4AAANReLq80TBKVU5tb6pBNPVLUWQSCYrFAK6EuL5W0TWCQ0sDOl0UABSCAEHFEJkiBZ8vFWgSagdB
waAxKJUKQ7NJXV0BJgFhO/Mkf7gm8bTGwSIJACH5BAUFAAcALAcAAAAZABEAAANHeLpnZSzKeQqlYsTCrwwBtHCWx4CBMHZKeQ0gsbqtR4BaxZqLgLa7S4Bh
wH0OuaEwd6HReFAldGpSUa9YgHYLePK43Cy4mwAAIfkEBQUABwAsDgAAABIAGAAAAz44p9f+L8BG2LynFDyH3hykEaFDaOXzWWGApo5RCA6YsrBK5nzv/8CS
JHgp4EIFAMBWUjqZGIPTCUs+c1ZJAgAh+QQFBQAHACwOAAAAEgAeAAADXCgk1/6QBAINfCHjizUM3JGBDWlxY3OGpcd24Ek2RFEM3DDjdkGxjF7h1RAecESD
7UcsNZ9QR2EWrQ6rTwZ26yQOrsVQASAjjgEAqAANAJvZUbb7FYBD2dqnjZMAACH5BAUFAAcALA8AAQARAB8AAANZeLo3whCaEKIVlNhI6NjMkIEMFTxkQxkh
hTLvIXQeOZksaAZEbImBT0ohHBothaTykEMqn6BnknmsGivWRSFb3aa8FoAYgo2IAcdzemxUa0HuUpg9LADAqQQAIfkEBQUABwAsCAAOABgAEgAAA0h4utwX
MBLh6oqYWIvh3GAIBiJoFIVWOih6DCtDtUVMwu/RqocB1CUCCncAGIExRcEIoFiQDiaUMW0sjUmGNLtgcheu74YUSwAAIfkEBQUABwAsAgASAB0ADQAAA1F4
utx+47FRpBshxFcAqNZCZAEhMIGnhoxBBoaiqrFlFOchjBk1gxtHoABaDEaCzodRdBALwUZuEQgRiKxsg0jQZilYbzUUzjYlhKhkzDycJQkAIfkEBQUABwAs
AAAPABkAEQAAA0dYsAz3MMrX2rxRVYe7/54AjmRpFtk3BB4LudEaGBHcFfgT7GKJowcZwQOE/CCE3eBTPD4EOxszBzHsfFTIoEcqmiKGAm2SAAAh+QQFBQAH
ACwBAAgAEQAYAAADSBgAdf7wlbVavJSaG2fml2eB0DCSaKqubOu+KnG6wzoKxcYWRXAEQJCJ5wD6QDxCMXiRnYwcXqG2PHZ6EOhlYHUQAsqVgCBIAAAh+QQF
BQAHACwAAAIADgAdAAADVHi6V8VwgRnhBKGucrWcj8dNg3dcIZQdBpA2TFFWq2lXwu0Fr773vmBNQ3AYNCWHQ6N85CDF5VEReB4GDgLDEAjMcN1hhND9RgZd
rYdcNXWnHoE5AQA7"
)."'>
<div id='db'>Database: <a href='https://haveibeenpwned.com/Passwords' target='_blank'>
$db</a></div>
<hr />
<address id='ad'>&copy; 2024 by <a href='https://www.mengelke.de/.kc'>Michael Engelke</a></address>
License of the <a href='
$_SERVER[SCRIPT_NAME]/source'>sourcecode</a>: GNU General Public License");
die(
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">
<html><head><title>Check Pwned Password with SHA1</title>
$html[0]</head><body>
$html[1]".($cfg['debug'] ? "<pre>".htmlentities(print_r(compact(explode(',','cfg,mode,hash,send,pwn')),true))."</pre>" : "")."
</body></html>"
);
}
else
die(
"Error$cfg[nl]");

?>