PHPackages ivan-novakov/php-haveibeenpwned-client - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [CLI & Console](/categories/cli) 4. / 5. ivan-novakov/php-haveibeenpwned-client AbandonedLibrary[CLI & Console](/categories/cli) ivan-novakov/php-haveibeenpwned-client ====================================== A PHP client library and CLI for haveibeenpwned.com 1.0.1(12y ago)225BSD-3-ClausePHPPHP >=5.3.4 Since Dec 10Pushed 12y ago1 watchersCompare [ Source](https://github.com/ivan-novakov/php-haveibeenpwned-client)[ Packagist](https://packagist.org/packages/ivan-novakov/php-haveibeenpwned-client)[ Docs](https://github.com/ivan-novakov/php-haveibeenpwned-client)[ RSS](/packages/ivan-novakov-php-haveibeenpwned-client/feed)WikiDiscussions master Synced today READMEChangelog (2)Dependencies (4)Versions (3)Used By (0) PHP Client for haveibeenpwned.com ================================= [](#php-client-for-haveibeenpwnedcom) Introduction ------------ [](#introduction) The [haveibeenpwned.com site](http://haveibeenpwned.com/) is a project by [Troy Hunt](http://www.troyhunt.com/) which allows you to check, if your account has been compromised in a recent password disclosure by submitting an email address. You can find more info about the site in the [corresponding blogpost](http://www.troyhunt.com/2013/12/introducing-have-i-been-pwned.html). The site also provides [a RESTful remote API](http://haveibeenpwned.com/Api). This library is a simple PHP client implementation, which can interact with that API. It is both a client library and a client CLI - you can use it in your project or you can use the provided CLI. Features -------- [](#features) - lightweight and easily extendable - SSL support with peer verification - ready to use CLI Dependencies ------------ [](#dependencies) - **PHP** >= 5.3.4 - **zendframework/zend-http** - the ZF2 HTTP client implementation - **zendframework/zend-json** - the ZF2 JSON encoder/decoder implementation - **symfony/console** - the Console component from the Symfony object, used to implement the CLI - **cURL** - for SSL support Installation ------------ [](#installation) The easiest way to install the library is through composer. To use it as a standalone CLI: ``` $ php composer.phar create-project ivan-novakov/php-haveibeenpwned-client php-haveibeenpwned-client ~1 ``` To add it to your project: ``` $ php composer.phar require ivan-novakov/php-haveibeenpwned-client:~1 ``` CLI --- [](#cli) The library comes with ready to use command line interface based on the [Symfony Console](http://symfony.com/doc/current/components/console/introduction.html) component. Usage: ``` bin/hibp.php check [--ssl] [--ca-file="..."] [--plain] [--show-exceptions] email ``` Options: - `--ssl` - Use SSL when connecting to the remote service - `--ca-file` - Use an alternative CA file - `--plain` - Use simple output, suitable for parsing - `--show-exceptions` - Show the exception (if any) instead of the error message, suitable for debugging Library ------- [](#library) ### Basic usage [](#basic-usage) ``` use InoHibp\Service; $service = new Service(); try { $result = $service->checkEmail($email); } catch (\Exception $e) { // handle exception } if (null === $result) { printf("Not pwned\n"); } else { printf("Pwned on these websites: %s\n", implode(', ', $result)); } ``` The `checkEmail()` method returns either `null` if the email has not been pwned, or an array of site names, where the corresponding account has been compromised. In case of an error an exception is thrown. ### SSL connections [](#ssl-connections) By default a HTTP connection is used. To enforce a SSL connection you need to initialize the service with the `use_ssl` option: ``` $service = new Service(array( 'use_ssl' => true )); ``` The library uses the cURL PHP extension to handle SSL connections. It is configured to perform peer and host verification (`CURLOPT_SSL_VERIFYPEER = true`, `CURLOPT_SSL_VERIFYHOST = 2`). For more information on how to handle SSL connections in PHP (ZF2), see my blogpost [HTTPS connections with Zend Framework 2](http://blog.debug.cz/2012/11/https-connections-with-zend-framework-2.html). The peer is verified against the CA root certificate of the [haveibeenpwned.com site](https://haveibeenpwned.com/). The CA root certificate is stored in `ssl/ca-bundle.pem`. If for some reason you need to change that, you can specify alternative path to the bundle: ``` $service = new Service(array( 'use_ssl' => true, 'ca_file' => /alternative/path/ca-bundle.pem )); ``` ### Exceptions [](#exceptions) - `InoHibp\Exception\InvalidEmailException` - the site has returned status code 400, which means, that the email has wrong format - `InoHibp\Exception\UnexpectedResponseException` - unexpected status code, anything different from the supported codes (see the [docs](http://haveibeenpwned.com/Api)) - `InoHibp\Exception\InvalidResponseFormatException` - thrown when the status code is 200 and a JSON encoded list of sites is expected, but the parsing fails - `InoHibp\Exception\TransportException` - HTTP connection error - `InoHibp\Exception\InvalidCaFileException` - indicates a problem with the file containing the root CA certificate of the server (unreadable, invalid format, etc.) Links ----- [](#links) - [';--have i been pwned?](http://haveibeenpwned.com/) License ------- [](#license) - [BSD 3 Clause](http://debug.cz/license/bsd-3-clause) Author ------ [](#author) - [Ivan Novakov](http://novakov.cz/) ### Health Score 26 — LowBetter than 43% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community7 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 4535d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/15ec3a1d0ce806935978882e2d9c8bb2850705f4eaf02e7be0112b158b28af42?d=identicon)[ivan-novakov](/maintainers/ivan-novakov) --- Top Contributors [![ivan-novakov](https://avatars.githubusercontent.com/u/1208505?v=4)](https://github.com/ivan-novakov "ivan-novakov (11 commits)") --- Tags phpclientclihaveibeenpwned ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/ivan-novakov-php-haveibeenpwned-client/health.svg) ``` [![Health](https://phpackages.com/badges/ivan-novakov-php-haveibeenpwned-client/health.svg)](https://phpackages.com/packages/ivan-novakov-php-haveibeenpwned-client) ``` ### Alternatives [nunomaduro/termwind It's like Tailwind CSS, but for the console. 2.5k239.8M286](/packages/nunomaduro-termwind)[seregazhuk/php-watcher Automatically restart PHP application once the source code changes 394137.8k4](/packages/seregazhuk-php-watcher)[alecrabbit/php-console-spinner Extremely flexible spinner for \[async\] php cli applications 24032.0k2](/packages/alecrabbit-php-console-spinner)[mahocommerce/maho Free and open source ecommerce platform, created in 2024 on the M1 platform, PHP 8.3+ 1322.1k12](/packages/mahocommerce-maho) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)