🔒 Password Exposed Helper Function - Check if a password has been exposed in a data breach.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jordan Hall 327f93ee5c
Merge pull request #30 from jameswilddev/fix/php-8
5 months ago
assets/images Remove dropshadow 3 years ago
bundles Add new bundle retrieval code to handle scenerios where vendor dir is not writeable and/or bundle verification would be very slow 3 years ago
src Fix use of deprecated function. 5 months ago
tests/Unit Test enhancement 1 year ago
.coveralls.yml Initial commit 3 years ago
.editorconfig editorconfig 2 years ago
.gitignore more improvements 2 years ago
.travis.yml Try keeping modern Composer. 5 months ago
LICENSE Initial commit 3 years ago
README.md add "by_hash" function 2 years ago
composer.json Try newer Psalm. 5 months ago
phpunit.xml styleci psr2 2 years ago
psalm.xml styleci psr2 2 years ago


🔒 Password Exposed Helper Function

This PHP package provides a password_exposed helper function, that uses the haveibeenpwned.com API to check if a password has been exposed in a data breach.

Build Status StyleCI


The password_exposed package can be easily installed using Composer. Just run the following command from the root of your project.

composer require "divineomega/password_exposed"

If you have never used the Composer dependency manager before, head to the Composer website for more information on how to get started.


To check if a password has been exposed in a data breach, just pass it to the password_exposed method.

Here is a basic usage example:

switch(password_exposed('hunter2')) {

    case PasswordStatus::EXPOSED:
        // Password has been exposed in a data breach.

    case PasswordStatus::NOT_EXPOSED:
        // Password has not been exposed in a known data breach.

    case PasswordStatus::UNKNOWN:
        // Unable to check password due to an API error.

If you prefer to avoid using helper functions, the following syntax is also available.

$passwordStatus = (new PasswordExposedChecker())->passwordExposed($password);

SHA1 Hash

You can also supply the SHA1 hash instead of the plain text password, by using the following method.

$passwordStatus = (new PasswordExposedChecker())->passwordExposedByHash($hash);


$passwordStatus = password_exposed_by_hash($hash);