For checking user passwords against "Have I Been Pwned" local password list.
Create a domain like pwned.yourpersonaldomain.de on your webserver and secure it with HTTPS.
Download the password list via torrent or direct link from https://haveibeenpwned.com/Passwords $ wget https://downloads.pwnedpasswords.com/passwords/pwned-passwords-ordered-by-count.7z
Extraction will take some time: $ nohup 7z e pwned-passwords-ordered-by-count.7z &
After extracting you can delete the pwned-passwords-ordered-by-count.7z with: $ rm pwned-passwords-ordered-by-count.7z
Now create the SQlite3 database files: $ nohup php pwnedCreateDBs new pwned-passwords-ordered-by-count.txt secretDatabasePassword.db secretDatabaseCustomPassword.db & secretDatabaseCustomPassword.db is needed to be specified. You can delete it afterwards if you set $pwnedTrackPasswords to False within the pwnedConf.php.
This also takes a long time, have some more coffee and go to lunch. When finished you could delete the pwned-passwords-ordered-by-count.txt file, create a dummy index.html and edit the pwnedconf.php: $ rm pwned-passwords-ordered-by-count.txt $ touch index.html $ joe pwnedConf.php
Now you can adapt pwnedUserAuth.php for custom user access.
With $pwnedAllowGet = True in pwnedConf.php you can test it easly by calling the following URLs. First URL is pwned. Second URL is not pwned. Please use $pwnedAllowGet = True only for testing!
Distributed under BSD license. (c) by 0bj UG (haftungsbeschränkt) https://0bj.de
 Have I Been Pwned: https://haveibeenpwned.com/  Project german homepage: https://0bj.de/de/projekte/eigene-projekte/pwned/  Project english homepage: https://0bj.de/en/projects/own-projects/pwned/