Created
February 3, 2018 16:21
-
-
Save anonymous/6516521b1fb3b464534fbc30ea3573c2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
define('BOT_USERNAME', 'XXXXXXXXXX'); // place username of your bot here | |
function getTelegramUserData() { | |
if (isset($_COOKIE['tg_user'])) { | |
$auth_data_json = urldecode($_COOKIE['tg_user']); | |
$auth_data = json_decode($auth_data_json, true); | |
return $auth_data; | |
} | |
return false; | |
} | |
if ($_GET['logout']) { | |
setcookie('tg_user', ''); | |
header('Location: login_example.php'); | |
} | |
$tg_user = getTelegramUserData(); | |
if ($tg_user !== false) { | |
$first_name = htmlspecialchars($tg_user['first_name']); | |
$last_name = htmlspecialchars($tg_user['last_name']); | |
if (isset($tg_user['username'])) { | |
$username = htmlspecialchars($tg_user['username']); | |
$html = "<h1>Hello, <a href=\"https://t.me/{$username}\">{$first_name} {$last_name}</a>!</h1>"; | |
} else { | |
$html = "<h1>Hello, {$first_name} {$last_name}!</h1>"; | |
} | |
if (isset($tg_user['photo_url'])) { | |
$photo_url = htmlspecialchars($tg_user['photo_url']); | |
$html .= "<img src=\"{$photo_url}\">"; | |
} | |
$html .= "<p><a href=\"?logout=1\">Log out</a></p>"; | |
} else { | |
$bot_username = BOT_USERNAME; | |
$html = <<<HTML | |
<h1>Hello, anonymous!</h1> | |
<script async src="https://telegram.org/js/telegram-widget.js?2" data-telegram-login="{$bot_username}" data-size="large" data-auth-url="check_authorization.php"></script> | |
HTML; | |
} | |
echo <<<HTML | |
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta charset="utf-8"> | |
<title>Login Widget Example</title> | |
</head> | |
<body><center>{$html}</center></body> | |
</html> | |
HTML; | |
?> |
why this error Data is NOT from Telegram??
the right check auth as blow <?php define('BOT_TOKEN', '7171119555:AAE4K6DSoKFXub-vBr1GkT63_VclRCpZYBY'); // place bot token of your bot here function checkTelegramAuthorization($auth_data) { echo('<br/>auth_data:'.$auth_data); echo("<br/>####"); $check_hash = $auth_data['hash']; unset($auth_data['hash']); $data_check_arr = []; foreach ($auth_data as $key => $value) { $data_check_arr[] = $key . '=' . $value; } sort($data_check_arr); $data_check_string = implode("\n", $data_check_arr); echo('<br/>hash:'.$data_check_string); ////////the bigest reason zzzzzz no need ret hex string, is bytes.... $secret_key = hash_hmac('sha256', BOT_TOKEN,"WebAppData",true); echo('<br/>secret_key:'.$secret_key); $hash = hash_hmac('sha256',$data_check_string, $secret_key); echo('<br/>hash:'.$check_hash); echo('<br/>hashString:'.$hash); if (strcmp($hash, $check_hash) !== 0) { throw new Exception('<br/>Data is NOT from Telegram'); } if ((time() - $auth_data['auth_date']) > 86400) { throw new Exception('<br/>Data is outdated'); } return $auth_data; } function saveTelegramUserData($auth_data) { $auth_data_json = json_encode($auth_data); setcookie('tg_user', $auth_data_json); } try { $auth_data = checkTelegramAuthorization($_GET); saveTelegramUserData($auth_data); } catch (Exception $e) { die ($e->getMessage()); } header('Location: login_example.php'); ?>
🛑 Stop suffering!!! Use the tgWebValid package, which will do all the checks and make your life much easier. I will also provide convenient access to user data 😉
Hello, {$first_name} {$last_name}!";
} else {
$html = "
Hello, {$first_name} {$last_name}!
"; } if (isset($tg_user['photo_url'])) { $photo_url = htmlspecialchars($tg_user['photo_url']); $html .= ""; } $html .= ""; } else { $bot_username = BOT_USERNAME; $html = <<Hello, anonymous! <script async src="https://telegram.org/js/telegram-widget.js?2" data-telegram-login="{$bot_username}" data-size="large" data-auth-url="check_authorization.php"></script> HTML; } echo << <title>Login Widget Example</title> {$html} HTML; ?>I just want to apeciate this unique simplisity, its much more simple than discord or twitter and yet secure.
Hgj
I am always stuckup at "import PHP settings". Can someone help?
I'm back 🌄
iam back
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Leave comment