0

I am trying to read JSON values using the "Have I Been PWNED" API v2.

I have tried two different ways to display the data using the URL (https://haveibeenpwned.com/api/v2/breach/Adobe) and using a local .json file, but both methods display nothing.

Method 1 (URL):

index.php

<?php
    // Breach Title
    $breach_title = 'Adobe';
    // JSON URL
    $url = 'https://haveibeenpwned.com/api/v2/breach/'.$breach_title;
    // Put the contents of the url into a variable
    $json = file_get_contents($url);
    // Decode the JSON feed
    $object = json_decode($json);

    // Echo Results
    echo $object[0]->Title;
    echo $object[0]->Name;
    echo $object[0]->Domain;
    echo $object[0]->Description;
    echo $object[0]->BreachDate;
?>

Method 2 (Local .json file):

index.php

<?php
    // Put the contents of the file into a variable
    $json = file_get_contents("Adobe.json");
    // Decode the JSON feed
    $object = json_decode($json);

    // Echo Results
    echo $object[0]->Title;
    echo $object[0]->Name;
    echo $object[0]->Domain;
    echo $object[0]->Description;
    echo $object[0]->BreachDate;
?>

Adobe.json

{
    "Title": "Adobe",
    "Name": "Adobe",
    "Domain": "adobe.com",
    "BreachDate": "2013-10-04",
    "AddedDate": "2013-12-04T00:00:00Z",
    "ModifiedDate": "2013-12-04T00:00:00Z",
    "PwnCount": 152445165,
    "Description": "In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, <em>encrypted</em> password and a password hint in plain text. The password cryptography was poorly done and <a href=\"http://stricture-group.com/files/adobe-top100.txt\" target=\"_blank\" rel=\"noopener\">many were quickly resolved back to plain text</a>. The unencrypted hints also <a href=\"http://www.troyhunt.com/2013/11/adobe-credentials-and-serious.html\" target=\"_blank\" rel=\"noopener\">disclosed much about the passwords</a> adding further to the risk that hundreds of millions of Adobe customers already faced.",
    "DataClasses": [
        "Email addresses",
        "Password hints",
        "Passwords",
        "Usernames"
    ],
    "IsVerified": true,
    "IsFabricated": false,
    "IsSensitive": false,
    "IsActive": true,
    "IsRetired": false,
    "IsSpamList": false,
    "LogoType": "svg"
}

I have been using the following as resources:

Also no output using this in both methods:

print_r($object);
Anthony Vadala
  • 33
  • 8
  • After opening ` – vuryss Jun 21 '18 at 17:09
  • I am getting `Warning: file_get_contents(https://haveibeenpwned.com/api/v2/breach/Adobe): failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in /Applications/MAMP/htdocs/HIBP/index.php on line 9` – Anthony Vadala Jun 21 '18 at 17:14
  • `var_dump()` and `print_r()` are immensely useful. `$object` is an object and not an array of objects in your example. – MonkeyZeus Jun 21 '18 at 17:14
  • Thanks for linking their [**API docs**](https://haveibeenpwned.com/API/v2), no go ahead and follow them. Have you read step #2 of the Overview section? – MonkeyZeus Jun 21 '18 at 17:18
  • Thank you! Knew it would be something simple. I removed the [0] and added a user agent. – Anthony Vadala Jun 21 '18 at 17:49

2 Answers2

2

With the version of Adobe.json in your question, you don't need the [0] to access the data...

$object = json_decode($json);

// Echo Results
echo $object->Title;
echo $object->Name;
echo $object->Domain;
echo $object->Description;
echo $object->BreachDate;

To get the file URL with https, it may be easier to use CURL...

// Breach Title
$breach_title = 'Adobe';
// JSON URL
$url = 'https://haveibeenpwned.com/api/v2/breach/'.$breach_title;
// Put the contents of the url into a variable
//$json = file_get_contents($url);
$options = array(
    CURLOPT_RETURNTRANSFER => true,     // return web page
    CURLOPT_HEADER         => false,    // don't return headers
    CURLOPT_FOLLOWLOCATION => true,     // follow redirects
    CURLOPT_ENCODING       => "",       // handle all encodings
    CURLOPT_USERAGENT      => "spider", // who am i
    CURLOPT_AUTOREFERER    => true,     // set referer on redirect
    CURLOPT_CONNECTTIMEOUT => 120,      // timeout on connect
    CURLOPT_TIMEOUT        => 120,      // timeout on response
    CURLOPT_MAXREDIRS      => 10,       // stop after 10 redirects
    CURLOPT_SSL_VERIFYPEER => false     // Disabled SSL Cert checks
);

$ch = curl_init( $url );
curl_setopt_array( $ch, $options );
$json = curl_exec( $ch );

// Decode the JSON feed
$object = json_decode($json);

$object = json_decode($json);

// Echo Results
echo $object->Title;
echo $object->Name;
echo $object->Domain;
echo $object->Description;
echo $object->BreachDate;
Nigel Ren
  • 56,122
  • 11
  • 43
  • 55
1

Here is my corrected code after reading the HIBP APIv2 closer thanks to @MonkeyZeus

Just needed to add a user agent and removed [0].

<?php
    ini_set('user_agent', 'Test App');

    // Breach Title
    $breach_title = 'Adobe';
    // JSON URL
    $url = 'https://haveibeenpwned.com/api/v2/breach/'.$breach_title;
    // Put the contents of the url into a variable
    $json = file_get_contents($url);
    // Decode the JSON feed
    $object = json_decode($json);

    // Echo Results
    echo $object->Title;
    echo $object->Name;
    echo $object->Domain;
    echo $object->Description;
    echo $object->BreachDate;
?>
Anthony Vadala
  • 33
  • 8
  • You need to bear in mind that file_get_contents with a URL doesn't always work (https://stackoverflow.com/questions/3488425/php-ini-file-get-contents-external-url shows how to configure it) – Nigel Ren Jun 22 '18 at 08:15