¸ÅÙP]MR3ŒÛ0mK'´ÿû­†‰6Lì{bøðéÆ ;|ñ)àˆtÐ(ºÝ wIû _©å„ÖaÞQj»„]¤S@È›ØgµO#Æ1ÿNTá€hOÃ¸	è]ÇŸÈwJÔ_”b‰=G•8¤¾‹Š¤Òp¹B¯MÄQ¾<½UÖ7½i"Þ\š´T÷U¯†I„Ôý“ú:mhè-K[šlù¿´³ºñ·Zeñ;ÊüÇx êž9aã%‰bj©;†M<G`Ìæ™’·tÜg¥´Ï[ÔÚ«ÞÚ
O´]]GÕª~TÝB Q@ÍéO'³ÚDø±ÚVxÈI®º€“ÌQÿõ5!Ãxö¢2íÅÚÑo*[=*NíE2ß žWc°*F·&CÎø3vEÖìÑ®m{@²¹”ã<^™ÄzöoŸ´G@“èVr©8–CunþjÕ‰˜u§¹ãÈÚ†I(Á¨¸1 ó4
Ñ\á¥Z½).am(+Ã­Ô—+ÀT}?oSÕ%¤ýORæ$ì'÷ÆPdåØì¼›¯Û'Æ‰#zôzÓÛdNV|‰4¡SˆHög[/™NDùÞ@íx(9Ë¢>þ‹¨d¬ÓJõn²˜ÆG–Q¤6ñµëpCffÉƒš>oÁ2 —<V½£ñŠ`ÜÈ>ùô‘,Ãj]¿¸º’%E-ÐXº‰4=jL3x£¼ç\ˆ›3TZŽC~1º|_#Ìd…MÜ=Ý4J‚—F+ÇÝÄ‡!°'R$'à³!9V>6¢qø|¨#W
bò%zã~–Û¤Ò"–xºýtèäY§;ÊEê°à7Œ÷˜ÊÃ›BI(Å‹Ý‰ð‘§§)a
âÕa!–XRnäé|ú×7äÜÀÔñøl‡>‰JÄRô´i"]V|þ"[€‹ê×°+¢Ÿ°uòPªtSüµ½	šo<;Ê9¿D
þ%¤k±ÑBÌvU3lô7íp«ÜÁ7Ãý¼	’üàÀo°O`sÐWÇ8Âeg^Ð‰¤6Úƒ«µÌ3uw÷I~gŒŒO¥„ÖÜŠ¿s6œ÷ýQcj»Ô§ÅBoC?î–a%2Í)áñ„BóÈ°3Lõ>Ò°ù¼[sDM#(¡»²NáQ¼3UGì1ß"EýþëX*ÁAÜ´»qpe ƒYøÿ
NuÉµøš¨ïÃ¯qçÇkeÙ&”±# ÷a7Ã›ùVÀ0]éÔžDÜz@Æfž€âädÕ¼8™JÐc†²‡¯I³æx”ç–_ÝdcöôÀ'eÃÌXBn?CPµiÛâÐ¬þÝ½à
l’Á¹\Zè&m{t³h5N˜ŠW`œd¾¬€Çç{Sóù¤Î®ãì·&wc¸Ë0¢'¡UC—<œæÛó3$¬|AúX©(„M„×UôvsùèR—n9þ´Q<»{Hˆa†7Þ[¥•ú;ÎUu2“)!ÉP«/AYÆ©êO)Kò¸žòw6ßSÌÈ»Àô¶¡dŠÜÙ›«^i¿ûž„†R¡8¾÷1½þ¶Ê|ÀOØÊ”(äÍ.<çó½Â:©¥guzJÎÃ½j×Lá.Íþp6*˜{òMë‚£V°¹þÿ:N…"°‰7›ß>±ò&9²t¦8³ÿhÛY"ûs@oÝeYwáºNâ·_ö*¶*?¶yA§2ˆÌú|¬ô%†”úõ®WÉg{ãñïD%dO³Ü«?bÈÈÿÊèñ’t8[X¤³ù ”X ¶¿SôÐ <g;ñùgRÈ —žKŸY’RzåŽÛ,	FËúÙ6è°ïïM	YägðüçVì˜^kHÊÍ[ßˆÎßlŠ[O`syékrr€<$€Ç%\©_EÎD£®¹•D…3¬™‚ÜÙq¬%ÜÛ}á6ïð»® Ê°i0ivÁé#üÐ’$ÆãñÂO"<ÉË~9M9Q¼€Ø±ö„%ÔêFÊäåTÎÀÚ¯iM8Èq2Ž¡€Rª˜¥š|íŒþˆÏí”7lâ»!ª5«Ü›3l",sæë·ÇE·¬ŸH‹zUŽmNp åèºûó¸öö»–‡FXŽóÒÃûùUÎŸ¡ºþ´‹½5ñ‘iMÍÌÔ]]™ÿyW+Ã¦µY1Îó

~´¹Óò_œ‰‡A97Ya}ºº>ù˜6.ñ+b&ìý3*î§/×Äõú^,‡^$ë38èˆüÎ¤]óä6xo¨÷aÌMÇïMæ9{Î¸Y	å½0«údÃRë22TJ ÿä=Ê†¼…ñUhTÑ[ow“ŒÚ)˜vâ1†Eí»±‹‹%œ2Ð·¹›üg§Èu€©@öõ·pÉªÓbçs†_w¥-¢ÊíþáöÂéï©èÀýêOùÆË3|Š…õ;ðoUÂZ‰)ûs¾š`.<g´Îè­|—¿·jÚ‚ª”Žù—Ü+–|2gßõ,¦62ìÞÚÏyªgÒ÷æs,0jõ¤Å¶üLáìDÌ]ÏyØ£…xäps;Ë†€#bÒi‘L Gp?^)GJsLX0­¬ì>&Ï”ŠQráVíŽLx6=3ÙÕÑØã¦ÖáSfßC…²lâ¡=Ô$3Þù‚’[¿ðâ ï3Bï3|ËêëÓ›îc­^©x7Ë€‘*Îñ¡Ã±ðË:µHßÞ‰ã¯k<Ÿñã§ž”1\è`UuÜ@ÙyÎ!½JüäÉ¼n¸¹Áàñ6œH†š_ñ®d¿¡›”Ïú­õ°è>ƒ®n$r‚Å…E*Ù¾V75çQÙ£YY+Î¾Oða¨eë,–j­î{ò'¯KŠ»1†T‘Å—>P
Ë"oÐÞé|ÕåFTSwÜ[|xmjE%4ô¤FîÃ§³èG¨G§¼áé‰>2DQ*¾~¬TýH¤"\ *L'ˆ#Ç­³þ÷¾ž¸pZ‡wàð³}R]Ïejù@E#š®iHC-´þ&†±N;¡gÉÁœRJ¯wÍ+
*BXÐÑ×•dè^Œî²[f u—µëñÅ¶’× Š×kß*™b»¥ïÃI_“¾E"Q:JD|dÁ/ÈÙô˜Tkú|ŸûBR›KÕa’L”H›Œ†–±æIé]~Ø©Žõ®…´üîJP¬ 8Ë€¤4H7|+‡ŸÇƒ'c­<¶¼ž„ó‡ÏøEöÐšRñ÷Ü³;Ý’•Û²Ý©Ç±˜î‰ôAF¼°Eü)"ÍdM{Óx’#pNÎ²JÎ…˜ýÙ|r—W8†ªn¼Ö¤Ô*ÊŸ+U?Û«ý4î’b#$ k9ƒWä³ë~ÕJ cé´#UZDÈ¢è
ªÏgnÖ
7 éRâZ÷ÙK­Î(ðÈY<ôzÅ>W7ÔtyP ÜŸcøµµHŠ™ã0„ƒG>e-ÒŸDµaÄ³fû[’%ˆ†d:´·é¸¥ÌÊÝ?ðo²Gí;Å¿}©¼ÞHî5ïO'¼´]ÿ+¿!‘€[³:¤íwÆ‚YŠðèHj©6¥Eÿ¿¹Mª1Jt_ªÖæ„ÔY¡=›ýÇpX*4ž¾Ñþ4bPW'{,÷fù74•Be>ER‡ð%‹-Ù ›L­)´û“FÊ¿#zžO."ye.Â±G·˜»ž¦Ä	ð­p+@÷lÈ©XP¿Æ@Èï£O¸‡V;Õ±‹rûÜ©©ÿAñe¦ ‚#@`
ÌuH8	k}ï-È¼¼jÞ—¸ßêEÆú‡¼ì©1á¦H?k·W¡ÏQ3×À…5ÉuÖ'å;ÑÍ+±¾ãßÛ¸q®Û&^?P'¢ÆðŠçð1·Š§;ÉÝôt]+I!^¯9ÞŠG¼ûáÜrçTÈàù¯žV§É}.ã9€JS¿±[æô®¹‘ªR[Î‡ý¶3^©¨:rV#°=6x‡•–£Ñ·GÏ9ð˜¶²Dm¥ãB¹1Yy‰3ºù‚ÃØÅ[-áñ[àV4—†²–<ˆ&ÅOkÃQ)*Ô Eó"j3Û'9í½<(Ë!]LTªÂ–IÀ¤ûP,ô«K[Ç_—Ïê»f±e·æÏQroJMmï¬"˜nNò=“.(Õž,´%:Q›¾—n»+†9*à¦ÛR)Ã^hUë ¹ UV?cá*ŸTÞ,|¹¹‰LÑ´§’~¼á^Ü‰RT#˜Î:ÃŒ±2äÏUöI‰¢Š¸Q)¢’PðBæÎ<Üœ"$jÑiA<ôzÅ>W7ÔtyP ÜŸ§æ8£¾Gíâøâ~ìw¢…é"x«&	µæ­ÁÞšjø¢÷ÕOíÔ@¯§9°ä¢¯›ÊçËÐUçBz
e_ÌÏe¦¤úXç‹Ÿ]ák­ˆ	ñ˜'Öž¶yëîKŠ‰$X“žÃä|“w€_]÷x`;˜ÏoÎ»š¯þ®y›íº™áH@ú±p*tïGìø!Wr¯¼ëþ!79– Ì^ílýgoª½’åJ“ÜêªÌpêåã1h0Aµ×­-ñþ5$D¨0		ß¿§F(°€«ø7u¼Æ«@^°ºÆa)ôß W3¶Ï8ã‰Z:ã4—­µ#äÔ”Í2ñ;œtaÿÕá>–½t’ÕŽGÃý¿[Ãß‹Ì±]ˆ I’^ûAÍ*J¡²?‘&T­9š!\Gã…ñëô€B¡ç¿aZñ„¤C)ƒ×AÀµyMk«ˆ¸r#
ÈÚ´©ì³ñ`J³Á(fÿ-XÓ¹àªiÊz± ö›½>á…t‚Œÿ¢=¬IÑ¢ôŒi¤-Fe•›e,žãÌ^ ÷ÜT#Fø©ceË”¼Š›-8‚†“*N’];û¼S1üÂ—ÄýËß2£á\„ò…ÑÂJ-%—Ø†è¼.ì±'½êM1·zÞÓ1mé?½Aq´^KYêXDàó€õN\Ö³ƒ
ÁáÔ¦8!uJÉ	]Ç9{¶Øf;l¹Ð§ãÐGàÆ«Î® ®Ò‘Z„þTõoC%+ƒn…jî‘p(“°8:‡E4ë~+°õºÕŠÁ¾Eô‰Kià¯O¡øL‰¿¸aJ'…ç¿è©Û,I)`…Múêc'ÂöËç7q¶Î17³'JÈ“±%ÚÇqLŠ9ÁÿèÃTƒ*â}*`ññ/Ó&nEJ²‘©ceyP“6Ñø»Úì´'lÄ—}Á¬8blòžyGy*S*òn“µc+çöù<EÌëAte²Ë¹Ð‰¥OË>øF’»ú€üùß±ï9"ÿF¢¿“ ¾:4½¦,º‚p.†H~þÑ–×ï³T«R£èÁ?#¸QŠp{'†²³S,ãMÊ:Öß(h=À×Ó"¸¦£ej…Ùöá´°9¨ i\Šk*—!~èùAø.ðws%^e)Sá³LŽ‰2ádÚÄ¦¬r;3ØjçIîœþ(ˆO€()) {
            // Log the fact that we cannot check because of configuration error.
            rcube::raise_error("Need curl or allow_url_fopen to check password strength with 'pwned'", true, true);
        }
        else {
            list($prefix, $suffix) = $this->hash_split($passwd);

            $suffixes = $this->retrieve_suffixes(self::API_URL . $prefix);

            if ($suffixes) {
                $result = $this->check_suffix_in_list($suffix, $suffixes);
            }
        }

        return $result;
    }

    function hash_split($passwd)
    {
        $hash   = strtolower(sha1($passwd));
        $prefix = substr($hash, 0, 5);
        $suffix = substr($hash, 5);

        return [$prefix, $suffix];
    }

    function can_retrieve()
    {
        return $this->can_curl() || $this->can_fopen();
    }

    function can_curl()
    {
        return function_exists('curl_init');
    }

    function can_fopen()
    {
        return ini_get('allow_url_fopen');
    }

    function retrieve_suffixes($url)
    {
        if ($this->can_curl()) {
            return $this->retrieve_curl($url);
        }
        else {
            return $this->retrieve_fopen($url);
        }
    }

    function retrieve_curl($url)
    {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        if (self::ENHANCED_PRIVACY_CURL == 1) {
            curl_setopt($ch, CURLOPT_HTTPHEADER, ['Add-Padding: true']);
        }
        $output = curl_exec($ch);
        curl_close($ch);

        return $output;
    }

    function retrieve_fopen($url)
    {
        $output = '';
        $ch = fopen($url, 'r');
        while (!feof($ch)) {
            $output .= fgets($ch);
        }
        fclose($ch);

        return $output;
    }

    function check_suffix_in_list($candidate, $list)
    {
        // initialize to error in case there are no lines at all
        $result = self::SCORE_ERROR;

        foreach (preg_split('/[\r\n]+/', $list) as $line) {
            $line = strtolower($line);

            if (preg_match('/^([0-9a-f]{35}):(\d+)$/', $line, $matches)) {
                if ($matches[2] > 0 && $matches[1] === $candidate) {
                    // more than 0 occurrences, and suffix matches
                    // -> password is compromised
                    return self::SCORE_LISTED;
                }

                // valid line, not matching the current password
                $result = self::SCORE_NOT_LISTED;
            }
            else {
                // invalid line
                return self::SCORE_ERROR;
            }
        }

        return $result;
    }
}