PHP app for keeping passwords online
PHP JavaScript CSS
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
assets
classes
templates
.gitignore
.htaccess
LICENSE.txt
PasswordHash.php
Readme.md
config.default.php
functions.php
include.php
index.php
install.php
robots.txt

Readme.md

WebPasswd

WebPasswd is a PHP web-app for storing personal login detail for websites.

No database is required, all data is stored in a single AES-256 encrypted file.

Requirements

  • PHP 5.3+, Webserver agnostic
  • SSL is recommended and can be enforced through the config

Setup and Use

  1. Upload all files to your webserver
  2. Create your config.php (copy config.default.php)
    1. Set your path correctly if installing to a subdirectory.
    2. Change your username to what you prefer.
    3. Defined where your password file should go.
      This should be outside your public_html/htdocs directory so it cannot be accessed via the browser.
  3. Open in a browser, you should be directed to install.php
  4. Choose your password and click install (your password can be changed later)
    Remember your password, it cannot be recovered if lost
  5. Delete install.php as it is no longer required
  6. Done, You are good to go.

Currently no backup mechanism is provided, so you should make sure you have the password file backed up elsewhere.

Make use of the bookmarklet, it will allow you to quickly access/create the password entry for the current site.

Encryption

The encryption is done via mcrypt using the Rijndael 256 algorithm (otherwise known as AES) using the CBC mode (cipher-block chaining).

The encryption key is derived from your password and a once use IV using the PBKDF2 algorithm.
A MAC via HMAC/SHA-256 is also used to verify the content on decryption.