Skip to content

Commit

Permalink
Inited with codes
Browse files Browse the repository at this point in the history
  • Loading branch information
@seadog007
seadog007 committed Aug 1, 2019
0 parents commit ab81542
Show file tree
Hide file tree
Showing 34 changed files with 1,852 additions and 0 deletions.
1 change: 1 addition & 0 deletions .gitignore
@@ -0,0 +1 @@
src/config.php
32 changes: 32 additions & 0 deletions about.php
@@ -0,0 +1,32 @@
<?php $title = '關於本服務';
require 'src/header.php';
require 'src/common.php';
?>

<header class="ts borderless extra padded massive center aligned fluid jumbotron">
<h1 class="ts header"><?=$title?></h1>
</header>

<section class="ts narrow container">
<h3 class="ts left aligned header">服務內容</h3>
<div class="ts very padded segment">
<p>本產品提供台灣(中華民國)之個資外洩事件查詢以及個資外洩追蹤服務。</p>
</div>
</section>

<section class="ts narrow container">
<h3 class="ts left aligned header">開發動機</h3>
<div class="ts very padded segment">
<p>本作品為教育部資訊安全人才培育計畫 108年度新型態資安暑期課程 AIS3 2019 資安實務專題競賽之產物。</p>
<p>主要想法構思來自 Have I Been Pwned 以及 Experian IdentityWorks 兩個網站。</p>
</div>
</section>

<section class="ts narrow container" style="padding-bottom: 60px;">
<h3 class="ts left aligned header">技術細節</h3>
<div class="ts very padded segment">
<p>根據<a href="https://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021">台灣個資法</a>規定之個資搜集方法過於複雜,故使用 SHA-1 雜湊函數將姓名以及身分證字號去識別化後回傳主機,同時也可避免開發者偷偷搜集使用者個資,增加使用者信任度。</p>
</div>
</section>

<?php require 'src/footer.php'; ?>
11 changes: 11 additions & 0 deletions api/search.php
@@ -0,0 +1,11 @@
<?php
require_once '../src/common.php';
$res = [];
if(is_sha1($_GET['hash'])){
$res = search($_GET['hash']);
}else{
$res['status'] = '1';
$res['error'] = 'Field Error';
}

echo json_encode($res);
20 changes: 20 additions & 0 deletions api/subscribe.php
@@ -0,0 +1,20 @@
<?php
require_once '../src/common.php';
$res = [];

$res['status'] = 0;
if(!is_sha1($_GET['hash'])){
$res['status'] = '1';
$res['error'] = '雜湊值格式錯誤';
}

if(!filter_var($_GET['email'], FILTER_VALIDATE_EMAIL)){
$res['status'] = '1';
$res['error'] = 'E-mail 格式錯誤';
}

if($res['status'] != '1'){
$res = subscribe($_GET['name'], $_GET['email'], $_GET['hash']);
}

echo json_encode($res);
Binary file added favicon.ico
Binary file not shown.
Binary file added images/jumbotron.jpg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/logo.png
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/main.jpg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
77 changes: 77 additions & 0 deletions index.php
@@ -0,0 +1,77 @@
<?php include 'src/config.php'; ?>
<!DOCTYPE HTML>
<html>
<head>
<title>台灣抓漏小天使</title>
<meta charset="utf-8">
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css">
<link href="//fonts.googleapis.com/earlyaccess/notosanstc.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" type="text/css" href="styles/tocas.css">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<?php include 'src/og.php'; ?>
<style>
html, body
{
height: 100%;
width: 100%;
}
p
{
/*font-family: Hacked;*/
font-size: 2em !important;
padding-top: 7px;
}
.mobile p
{
font-size: 1em !important;
}
h1
{
/*font-family: Hacked;*/
font-size: 5em !important;
letter-spacing: 1px;
}
.mobile h1
{
font-size: 2em !important;
}
/*
@font-face {
font-family: Hacked;
src: url(https://hackedfont.com/HACKED.ttf);
}
*/
</style>
</head>
<body style="background-image: url('images/main.jpg'); background-size: cover; background-repeat: no-repeat; background-position: center center">
<div style="position: absolute; width: 100%; height: 100%; background: radial-gradient(ellipse at center, rgba(0,0,0,0.50) 0%,rgba(0,0,0,0.65) 100%); display: flex; align-items: center;
justify-content: center;flex-direction: column;text-align: center;">

<div class="large device only">
<h1 class="ts center aligned inverted header">
台灣抓漏小天使
<div class="sub header">
<p>個資外洩追蹤系統</p>
</div>
</h1>

<br>
<a href="search.php" class="ts inverted medium basic button">開始使用</a>
<a href="about.php" class="ts inverted medium basic button">關於本服務</a>
</div>

<div class="mobile only">
<h1 class="ts center aligned inverted header mobile">
台灣抓漏小天使
<div class="sub header">
<p class="mobile">個資外洩追蹤系統</p>
</div>
</h3>

<a href="search.php" class="ts inverted small basic button">開始使用</a>
</div>

</div>

</body>
</html>
14 changes: 14 additions & 0 deletions js/simplemde.min.js

Large diffs are not rendered by default.

4 changes: 4 additions & 0 deletions robots.txt
@@ -0,0 +1,4 @@
User-agent: *
Disallow: /verify.php
Disallow: /src
Disallow: /api
82 changes: 82 additions & 0 deletions search.php
@@ -0,0 +1,82 @@
<?php $title = '搜尋洩漏紀錄';
require 'src/header.php';
require 'src/common.php';
?>


<header class="ts borderless extra padded massive center aligned fluid jumbotron">
<h1 class="ts header"><?=$title?></h1>
</header>

<section class="ts narrow container">
<h3 class="ts left aligned header">搜尋表單</h3>
<p>輸入姓名及身分證字號,網頁會將去識別化的運算結果回傳,不會將資料本身傳送給我們。<br>還是不放心嗎?<a href="search_step.php">這裡有分次操作的版本</a></p>
<div class="ts negative message" id="missingkeyword1" style="display: none;">
<div class="header">缺少姓名</div>
<p>請輸入姓名</p>
</div>
<div class="ts negative message" id="missingkeyword2" style="display: none;">
<div class="header">缺少身分證字號</div>
<p>請輸入身分證字號</p>
</div>
<div class="ts negative message" id="breach" style="display: none;">
<div class="header">真是太糟糕了</div>
<p>發現個資洩漏情形<br>
已發現項目:<ul id="breach_list"></ul></p>
</div>
<div class="ts positive message" id="nobreach" style="display: none;">
<div class="header">搜索完畢</div>
<p>您的個資目前未在大規模洩漏中找到,不過可能只是未被本網站發現<br>再接再厲,繼續保持。</p>
</div>
<div class="ts very padded segment">
<form class="ts form" action="javascript:one_step(this)">
<div class="two fields">
<div class="field">
<label>姓名<span style="color:red;">*</span></label>
<input id="fullname"></input>
</div>
<div class="field">
<label>身分證字號<span style="color:red;">*</span></label>
<input id="nid"></input>
</div>
</div>
<button class="ts primary button" type="submit" id="search">搜尋</button>
</form>
</div>
<script>
let pre_defined_items = {'fb_id': 'Facebook ID', 'birth': '生日', 'address': '地址', 'phone': '電話', 'email': 'E-mail', 'name': '姓名', 'social_id': '身分證字號'};
function one_step(form){
$('#missingkeyword1').hide();
$('#missingkeyword2').hide();
if (form.fullname.value == ''){
$('#missingkeyword1').show();
}else if (form.nid.value == ''){
$('#missingkeyword2').show();
}else{
search(sha1(form.fullname.value+form.nid.value));
}
return 0;
}
function search(hash){
$('#nobreach').hide();
$('#breach').hide();
$('#search').attr('disabled', true);
$.getJSON('/api/search.php?hash=' + hash, function(res){
$('#search').attr('disabled', false);
if (res.status == 0){
if (res.result.fields.length > 0){
$('#breach_list').innerHTML = '';
for (item of res.result.fields){
$('#breach_list').append('<li>' + pre_defined_items[item] + '</li>');
}
$('#breach').show();
}else{
$('#nobreach').show();
}
}
});
}
</script>
</section>

<?php require 'src/footer.php'; ?>
113 changes: 113 additions & 0 deletions search_step.php
@@ -0,0 +1,113 @@
<?php $title = '搜尋洩漏紀錄';
require 'src/header.php';
require 'src/common.php';
?>


<header class="ts borderless extra padded massive center aligned fluid jumbotron">
<h1 class="ts header"><?=$title?></h1>
</header>

<section class="ts narrow container">
<h3 class="ts left aligned header">雜湊產生器</h3>
<p>此方法可避免將個人資料直接回傳給我們<br>產生後請貼上到下方表單進行追蹤或搜尋<br>雜湊值產生方法為:<code>sha1(姓名+身分證)</code></p>
<div class="ts negative message" id="missingkeyword1" style="display: none;">
<div class="header">缺少姓名</div>
<p>請輸入姓名</p>
</div>
<div class="ts negative message" id="missingkeyword2" style="display: none;">
<div class="header">缺少身分證字號</div>
<p>請輸入身分證字號</p>
</div>
<div class="ts positive message" id="hash_res" style="display: none;">
<div class="header">雜湊代碼</div>
<p id="real_res"></p>
</div>
<div class="ts very padded segment">
<form class="ts form" action="javascript:gen_sha1(this)">
<div class="two fields">
<div class="field">
<label>姓名<span style="color:red;">*</span></label>
<input id="fullname"></input>
</div>
<div class="field">
<label>身分證字號<span style="color:red;">*</span></label>
<input id="nid"></input>
</div>
</div>
<button class="ts primary button" type="submit">產生</button>
</form>
</div>
<script>
function gen_sha1(form){
$('#hash_res').hide();
if (form.fullname.value == ''){
$('#missingkeyword1').show();
}else if (form.nid.value == ''){
$('#missingkeyword2').show();
}else{
$('#real_res').text(sha1(form.fullname.value+form.nid.value));
$('#hash_res').show();
}
return 0;
}
</script>
</section>
<section class="ts narrow container">
<h3 class="ts left aligned header">搜尋表單</h3>
<p>產生後請貼上到下方表單進行追蹤或搜尋</p>
<div class="ts negative message" id="missingkeyword3" style="display: none;">
<div class="header">缺少雜湊值</div>
<p>請輸入雜湊代碼</p>
</div>
<div class="ts negative message" id="missingkeyword4" style="display: none;">
<div class="header">輸入錯誤</div>
<p>雜湊代碼格式錯誤</p>
</div>
<div class="ts negative message" id="breach" style="display: none;">
<div class="header">真是太糟糕了</div>
<p>發現個資洩漏情形<br>
已發現項目:<ul id="breach_list"></ul></p>
</div>
<div class="ts positive message" id="nobreach" style="display: none;">
<div class="header">搜索完畢</div>
<p>您的個資目前未在大規模洩漏中找到,不過可能只是未被本網站發現<br>再接再厲,繼續保持。</p>
</div>
<div class="ts very padded segment">
<form class="ts form" action="javascript:search(this)">
<div class="one fields">
<div class="field">
<label>雜湊代碼<span style="color:red;">*</span></label>
<input id="hash" maxlength="40"></input>
</div>
</div>
<button class="ts primary button" type="submit" id="search">搜尋</button>
</form>
</div>
<script>
let pre_defined_items = {'fb_id': 'Facebook ID', 'birth': '生日', 'address': '地址', 'phone': '電話', 'email': 'E-mail', 'name': '姓名', 'social_id': '身分證字號'};
function search(form){
$('#nobreach').hide();
$('#breach').hide();
$('#missingkeyword3').hide();
$('#missingkeyword4').hide();
$('#search').attr('disabled', true);
$.getJSON('/api/search.php?hash=' + form.hash.value, function(res){
$('#search').attr('disabled', false);
if (res.status == 0){
if (res.result.fields.length > 0){
$('#breach_list').innerHTML = '';
for (item of res.result.fields){
$('#breach_list').append('<li>' + pre_defined_items[item] + '</li>');
}
$('#breach').show();
}else{
$('#nobreach').show();
}
}
});
}
</script>
</section>

<?php require 'src/footer.php'; ?>
43 changes: 43 additions & 0 deletions sitemap.xml
@@ -0,0 +1,43 @@

<?xml version="1.0" encoding="UTF-8"?>
<urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9
http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd">
<!-- created with Free Online Sitemap Generator www.xml-sitemaps.com -->


<url>
<loc>https://breach.tw/</loc>
<lastmod>2019-08-01T17:54:08+00:00</lastmod>
<priority>1.00</priority>
</url>
<url>
<loc>https://breach.tw/search.php</loc>
<lastmod>2019-08-01T17:54:08+00:00</lastmod>
<priority>0.80</priority>
</url>
<url>
<loc>https://breach.tw/about.php</loc>
<lastmod>2019-08-01T17:54:08+00:00</lastmod>
<priority>0.80</priority>
</url>
<url>
<loc>https://breach.tw/index.php</loc>
<lastmod>2019-08-01T17:54:08+00:00</lastmod>
<priority>0.64</priority>
</url>
<url>
<loc>https://breach.tw/subscribe.php</loc>
<lastmod>2019-08-01T17:54:08+00:00</lastmod>
<priority>0.64</priority>
</url>
<url>
<loc>https://breach.tw/search_step.php</loc>
<lastmod>2019-08-01T17:54:08+00:00</lastmod>
<priority>0.64</priority>
</url>


</urlset>

0 comments on commit ab81542

Please sign in to comment.