$max) $value = $max; $cookieOptions = [ 'expires' => time() + 86400 * 365, 'path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'Strict', ]; setcookie($cookieName, $value, $cookieOptions); return $value; } if (isset($_COOKIE[$cookieName])) { return intval($_COOKIE[$cookieName]); } $cookieOptions = [ 'expires' => time() + 86400 * 365, 'path' => '/', 'secure' => true, 'httponly' => true, 'samesite' => 'Strict', ]; setcookie($cookieName, $default, $cookieOptions); return $default; } // ---- PASS TYPE COOKIE ---- $defaultPassType = 0; if (isset($_GET['pt'])) { $passType = intval($_GET['pt']); setcookie('passtype', $passType, time() + 86400 * 365, '/'); } elseif (isset($_COOKIE['passtype'])) { $passType = intval($_COOKIE['passtype']); } else { setcookie('passtype', $defaultPassType, time() + 86400 * 365, '/'); $passType = $defaultPassType; } // ---- CUSTOM PASSWORD SETTINGS ---- $wMin = getSetting('wMin', 'wMinIn', 6, 3, 10); $wMax = getSetting('wMax', 'wMaxIn', 12, 3, 10); $wCount = getSetting('wCount', 'wCountIn', 2, 1, 5); $sChar = getSetting('sChar', 'sCharIn', 2, 0, 4); $numLen = getSetting('numLen', 'numLenIn', 3, 0, 8); function curlHelper($url, $APIKey){ // Initialise cURL $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // return the response as a string curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // follow redirects if any curl_setopt($ch, CURLOPT_TIMEOUT, 10); // timeout after 10 seconds // Execute the request $response = curl_exec($ch); // Handle cURL errors if ($response === false) { $error = curl_error($ch); // Deprecated: Function curl_close() is deprecated since 8.5, as it has no effect since PHP 8.0 in /var/www/html/index.php on line 79 //curl_close($ch); throw new Exception("cURL error while calling API: {$error}"); } // Check HTTP status code $httpStatus = curl_getinfo($ch, CURLINFO_HTTP_CODE); // Deprecated: Function curl_close() is deprecated since 8.5, as it has no effect since PHP 8.0 in /var/www/html/index.php on line 79 //curl_close($ch); if ($httpStatus !== 200) { throw new Exception("API returned HTTP status {$httpStatus} (expected 200)."); } $decoded = json_decode($response, true); if (json_last_error() === JSON_ERROR_NONE) { if (isset($decoded[$APIKey])) { return $decoded[$APIKey]; } } return trim($response); } // Password Generator API Function function getStandardPasswordFromAPI($passType){ $apiUrl = "http://0.0.0.0:5000/get_password"; // Build the query string and full URL $query = http_build_query(['pwd_index' => $passType]); $url = rtrim($apiUrl, '?') . '?' . $query; return curlHelper($url, "password"); } // Password Generator API Function for Custom Password function getCustomPasswordFromAPI($passType, $payload){ $url = 'http://0.0.0.0:5000/custom_password'; // Initialise a cURL handle $ch = curl_init($url); // Tell cURL we want to send a POST request with a JSON body curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); // Tell cURL what headers to send curl_setopt($ch, CURLOPT_HTTPHEADER, [ 'Content-Type: application/json', 'Content-Length: ' . strlen($payload), ]); // We want the response body back, not the HTTP headers curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Optional: if you need to trust self-signed certs (rare for production) // curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); // curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // Execute the request $response = curl_exec($ch); // Basic error handling if ($response === false) { // Something went wrong with the cURL call error_log('cURL error: ' . curl_error($ch)); curl_close($ch); return false; } // Get HTTP status code to confirm the request succeeded $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($httpCode !== 200) { // Non-200 responses are treated as errors error_log("Password API returned HTTP {$httpCode}"); return false; } // Decode the JSON response $data = json_decode($response, true); if ($data === null || !isset($data['password'])) { error_log('Password API returned malformed JSON'); return false; } // Return the password string return $data['password']; } // Password Count API Function function getPasswordCountFromAPI(){ $apiUrl = "http://0.0.0.0:5000/get_count"; // Build the query string and full URL $url = rtrim($apiUrl, '?') ; return curlHelper($url, "total_passwords"); } function passwordTest_strength($passwordTest) { $strength = 0; $possible_points = 12; $length = strlen($passwordTest); if (detect_any_uppercase($passwordTest)) $strength += 1; if (detect_any_lowercase($passwordTest)) $strength += 1; $strength += min(count_numbers($passwordTest), 2); $strength += min(count_symbols($passwordTest), 2); if ($length >= 8) { $strength += 2; $strength += min(($length - 8) * 0.5, 4); } $strength_percent = $strength / (float)$possible_points; return floor($strength_percent * 10); } function detect_any_uppercase($string) { return strtolower($string) != $string; } function detect_any_lowercase($string) { return strtoupper($string) != $string; } function count_numbers($string) { return preg_match_all('/[0-9]/', $string); } function count_symbols($string) { $regex = '/[' . preg_quote('!@£$%^&*-_+=?') . ']/'; return preg_match_all($regex, $string); } function returnActualPassword($passType){ if ($passType == 3){ $payload = json_encode([ 'w_min' => getSetting('wMin', 'wMinIn', 6, 3, 10), 'w_max' => getSetting('wMax', 'wMinIn', 6, 3, 10), 'w_count' => getSetting('wCount', 'wCountIn', 2, 1, 5), 's_char' => getSetting('sChar', 'sCharIn', 2, 0, 4), 'num_len' => getSetting('numLen', 'numLenIn', 3, 0, 8), ]); return getCustomPasswordFromAPI($passType, $payload); } else{ return getStandardPasswordFromAPI($passType); } } $final = returnActualPassword($passType); #$final = getStandardPasswordFromAPI($passType); $total = getPasswordCountFromAPI(); $rating = passwordTest_strength($final); // ---- OUTPUT ---- ?> Matt-Cloud Password Generator

Matt-Cloud Password Generator

Hello folks.
This here is a nice little human-readable password generator.
You've got a few different modes and sometimes it is accidentally funny.

Matt-Cloud Password API

To get passwords, you may:

curl -s /get_password?pwd_index=N
{
"password": "-`(UncoloredSwiftly2099"
}

Where N is an integer 0,1, or 2 for now.

To get verbose passwords, you may:

curl -s /verbose_password?pwd_index=N
{
"descriptor": {
"description": "This simple password is in the following format: !Password123 - this pulls from a list of 1291 simple words.",
"name": "Simple Password",
"type": "2"
},
"password": "&Keenness887",
"password count": 9
}

To get custom passwords, you may:

curl -X POST /custom_password \
H "Content-Type: application/json" \
d '{
"w_min":5,
"w_max":8,
"w_count":3,
"s_char":2,
"num_len":3,
}'
{
"password": "Copier+ViolinBoned632*"
}

To get the API password count (but why tho?), you may:

curl -s /get_count
{
"total_passwords": 10
}

To view the password descriptor, you may
curl -s /get_info
 This will return the entire JSON descriptor variable

'; // Password output echo '

'; echo 'Your password strength is: ' . $rating . '

'; echo ''; echo ''; // Pass type selector echo ''; ////////////////////////////////////////// // Meter Code echo '

'; for($i=0; $i < 10; $i++) { echo " $i) { echo " class=\"rating-{$rating}\""; } echo ">
"; } echo '
'; //////////////////////////////////////////// // Total count echo '

There have been ' . $total . ' total passwords generated thus far.

'; if($passType === 0 || $passType === 1 || $passType === 2) { echo ''; } // Custom slider UI (only for type 3) if ($passType == 3) { echo '
'; echo 'Hey folks, this thing finally works.

'; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '
Minimum Word Length:
Maximum Word Length:
Number of Words:
Special Characters:
Number Length:

'; echo ''; //echo ''; echo '

'; } if ($passType == 0) { echo '
'; echo '

I have a list of about 20k english words. When you go to this page, I select 60 of these words that are less than 13 characters, '; echo 'and use the one whose index matches the current second. Then, depending on the length of this word, '; echo 'this may or may not grab a couple more words from the list, and then it will generate a random number.'; echo 'Then, it shuffles a list of special characters and sprinkles a few of those in with the words and numbers. '; echo 'Then, once all that is generated, it will shuffle all these things it generated and spit them back. '; echo 'It takes a hash of the generated password and compares it to a list of all hashes generated in the past. '; echo 'If the newly generated password is unique, it will print it out under here, otherwise it will try again. '; echo 'If it generates a bad password, just refresh until you get one you like. This site can never generate the same password twice. '; echo 'Also, this hash is a one way encryption, so the passwords cannot be re-created from the hashes.

'; echo '
'; } if ($passType == 1) { echo '

'; echo 'This password is always in the following format:
'; echo '$Word1Word2Number$
'; echo 'Where each word is less than 7 characters, the number is
'; echo '3 digits, and the $ represents a Special Charater.

'; } if ($passType == 2) { echo '


'; echo 'This simple password is in the following format:
'; echo '!Password123

'; echo 'Also, this draws from a simpler list of about 3k words.

'; } echo ''; } else { // duplicate hash case echo '

OH FUCK DUPLICATE PASSWORD!!!!1!!
'; } ?>