![[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.](https://www.headshotdomain.net/files/coRpSE/cnopseal_X74-MEW1.png "[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.")
Update:
I have officially released the script. It's very simple to add to your site, only 3 files to edit and 2 files to upload. I did make the banner responsive just in case of those themes that may be responsive.
Can be downloaded from here:
** NOTE **
If you want to use this script, you will need to have the following installed:
If you have the Evo Shout already installed on your site, then you already have them installed.
Over the past decade, we've seen a massive rise in data breaches, exposing millions of passwords dumped online from services people trusted. It's easy to forget that once a password is exposed, it's no longer safe to use, even if the original site patched things up. Hackers compile these leaks into huge databases and use automated tools to break into accounts elsewhere, banking on the fact that a lot of people reuse passwords.
I decided to create a little breach warning bar that is a proactive way to alert your users that their current password has already been spotted in known data breaches. It's not based on guesswork. It uses real-world leak data. It’s subtle, non-intrusive, and doesn’t get in the way. But it also sends a strong message: we take your security seriously, and we’re not waiting for something bad to happen before we act. It encourages users to update their credentials and stay safe, which helps protect your site too by reducing the risk of account takeovers.
How it works:
The way it works is when you log into the site, your password gets quickly and securely checked against a huge database of passwords, (have i been pwned database), that have been leaked or stolen in past data breaches. But don’t worry, your actual password isn’t sent anywhere. Instead, a scrambled, unreadable version of it (called a “hash”) is used where the check is done securely on the server. Your full password never leaves the server, and only a piece of the hashed version is used to check against known breaches. That way, your real password stays private and safe the whole time.
The system then looks through the known list of compromised passwords using part of that hash, kind of like checking the first few letters of a word in a dictionary. If there’s a match, that means your password has shown up in a past breach somewhere. If it has, the site shows you a small warning at the top of the screen suggesting that you change it. That’s all—it doesn’t block you or lock you out, it just lets you know there could be a risk.
And to make sure it’s not annoying, you can close that warning bar yourself, and it won’t keep popping up every time. It’s just a little nudge to stay safe, especially with how common password leaks have become. You don’t need to do anything special, it’s all automatic and built in to help protect your account.
Here is a short animation of it working on my test site:
Is this something you guys would like me to release, or maybe have put in by default?
I have officially released the script. It's very simple to add to your site, only 3 files to edit and 2 files to upload. I did make the banner responsive just in case of those themes that may be responsive.
Can be downloaded from here:
| Please login to see this link Get registered or Log in |
** NOTE **
If you want to use this script, you will need to have the following installed:
| Please login to see this link Get registered or Log in |
| Please login to see this link Get registered or Log in |
If you have the Evo Shout already installed on your site, then you already have them installed.
Over the past decade, we've seen a massive rise in data breaches, exposing millions of passwords dumped online from services people trusted. It's easy to forget that once a password is exposed, it's no longer safe to use, even if the original site patched things up. Hackers compile these leaks into huge databases and use automated tools to break into accounts elsewhere, banking on the fact that a lot of people reuse passwords.
I decided to create a little breach warning bar that is a proactive way to alert your users that their current password has already been spotted in known data breaches. It's not based on guesswork. It uses real-world leak data. It’s subtle, non-intrusive, and doesn’t get in the way. But it also sends a strong message: we take your security seriously, and we’re not waiting for something bad to happen before we act. It encourages users to update their credentials and stay safe, which helps protect your site too by reducing the risk of account takeovers.
How it works:
The way it works is when you log into the site, your password gets quickly and securely checked against a huge database of passwords, (have i been pwned database), that have been leaked or stolen in past data breaches. But don’t worry, your actual password isn’t sent anywhere. Instead, a scrambled, unreadable version of it (called a “hash”) is used where the check is done securely on the server. Your full password never leaves the server, and only a piece of the hashed version is used to check against known breaches. That way, your real password stays private and safe the whole time.
The system then looks through the known list of compromised passwords using part of that hash, kind of like checking the first few letters of a word in a dictionary. If there’s a match, that means your password has shown up in a past breach somewhere. If it has, the site shows you a small warning at the top of the screen suggesting that you change it. That’s all—it doesn’t block you or lock you out, it just lets you know there could be a risk.
And to make sure it’s not annoying, you can close that warning bar yourself, and it won’t keep popping up every time. It’s just a little nudge to stay safe, especially with how common password leaks have become. You don’t need to do anything special, it’s all automatic and built in to help protect your account.
Here is a short animation of it working on my test site:
Is this something you guys would like me to release, or maybe have put in by default?
Last edited by coRpSE on Sat May 10, 2025 8:39 pm; edited 3 times in total
Okay, Update. I put the script on this site to test. If your password has been found in a DB breach, you will see a message at the top. If you like to have this script on your site, It's very easy to install and no DB tables. It requires 2 files to be edited and 3 files to be edited with 1 edit each file, and it includes 1 file.
I've updated my first post. I have released this script for anyone that like to add it to their site for added security for their users.
Okay, there has been some confusion on how this script works, so, I am going to make a video explaining it in a way that will make it easier to follow. There have been some concerns, and I am okay with that, this video will eliminate your concerns I hope.