This project is a simple web-based password checker that allows users to check if their password has been exposed in known data breaches using the Have I Been Pwned API.
- Web form for users to enter a password and check its breach status
- Backend integration with a Python script (
check_password.py) that queries the Have I Been Pwned API - PHP frontend (
index.php) that interacts with the Python script and displays results - Stylesheet in
css/styles.css(linked fromindex.php) - Works on both XAMPP (Windows) and typical Linux web hosting environments
- Minimal, modern UI with responsive design
- User enters a password in the web form.
- The PHP backend receives the password and calls the Python script.
- The Python script uses the k-Anonymity model to securely check the password against the Have I Been Pwned database.
- The result (number of times the password was found in breaches) is returned to the user.
- Python 3.x (with
requestslibrary installed) - PHP 7.x or newer
- Web server (XAMPP for Windows, or Apache/Nginx on Linux)
- Clone this repository.
- Ensure Python and PHP are installed on your server.
- Install the
requestslibrary for Python:python -m pip install requests - Configure the Python path in
index.phpif needed (see comments in the file for XAMPP vs. Linux hosting). - Place the project files in your web server's root directory.
- Access
index.phpin your browser and use the form to check passwords.
- Passwords are never stored or logged by this application.
- The k-Anonymity model ensures that full passwords are never sent to the Have I Been Pwned API.
This project is licensed under the MIT License.