check_authorization.php

<?php

define('BOT_TOKEN', 'XXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXX'); // place bot token of your bot here

function checkTelegramAuthorization($auth_data) {
  $check_hash = $auth_data['hash'];
  unset($auth_data['hash']);
  $data_check_arr = [];
  foreach ($auth_data as $key => $value) {
    $data_check_arr[] = $key . '=' . $value;
  }
  sort($data_check_arr);
  $data_check_string = implode("\n", $data_check_arr);
  $secret_key = hash('sha256', BOT_TOKEN, true);
  $hash = hash_hmac('sha256', $data_check_string, $secret_key);
  if (strcmp($hash, $check_hash) !== 0) {
    throw new Exception('Data is NOT from Telegram');
  }
  if ((time() - $auth_data['auth_date']) > 86400) {
    throw new Exception('Data is outdated');
  }
  return $auth_data;
}

function saveTelegramUserData($auth_data) {
  $auth_data_json = json_encode($auth_data);
  setcookie('tg_user', $auth_data_json);
}


try {
  $auth_data = checkTelegramAuthorization($_GET);
  saveTelegramUserData($auth_data);
} catch (Exception $e) {
  die ($e->getMessage());
}

header('Location: login_example.php');

?>

login_example.php

<?php

define('BOT_USERNAME', 'XXXXXXXXXX'); // place username of your bot here

function getTelegramUserData() {
  if (isset($_COOKIE['tg_user'])) {
    $auth_data_json = urldecode($_COOKIE['tg_user']);
    $auth_data = json_decode($auth_data_json, true);
    return $auth_data;
  }
  return false;
}

if ($_GET['logout']) {
  setcookie('tg_user', '');
  header('Location: login_example.php');
}

$tg_user = getTelegramUserData();
if ($tg_user !== false) {
  $first_name = htmlspecialchars($tg_user['first_name']);
  $last_name = htmlspecialchars($tg_user['last_name']);
  if (isset($tg_user['username'])) {
    $username = htmlspecialchars($tg_user['username']);
    $html = "<h1>Hello, <a href=\"https://t.me/{$username}\">{$first_name} {$last_name}</a>!</h1>";
  } else {
    $html = "<h1>Hello, {$first_name} {$last_name}!</h1>";
  }
  if (isset($tg_user['photo_url'])) {
    $photo_url = htmlspecialchars($tg_user['photo_url']);
    $html .= "<img src=\"{$photo_url}\">";
  }
  $html .= "<p><a href=\"?logout=1\">Log out</a></p>";
} else {
  $bot_username = BOT_USERNAME;
  $html = <<<HTML
<h1>Hello, anonymous!</h1>
<script async src="https://telegram.org/js/telegram-widget.js?2" data-telegram-login="{$bot_username}" data-size="large" data-auth-url="check_authorization.php"></script>
HTML;
}


  echo <<<HTML
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <title>Login Widget Example</title>
  </head>
  <body><center>{$html}</center></body>
</html>
HTML;

?>

why this error Data is NOT from Telegram??

the right check auth as blow


<?php

define('BOT_TOKEN', '7171119555:AAE4K6DSoKFXub-vBr1GkT63_VclRCpZYBY'); // place bot token of your bot here

function checkTelegramAuthorization($auth_data) {
    
    echo('<br/>auth_data:'.$auth_data);
    echo("<br/>####");
    
  $check_hash = $auth_data['hash'];
  unset($auth_data['hash']);
  $data_check_arr = [];
  foreach ($auth_data as $key => $value) {
    $data_check_arr[] = $key . '=' . $value;
  }
  sort($data_check_arr);
  $data_check_string = implode("\n", $data_check_arr);
  
  echo('<br/>hash:'.$data_check_string);
  

////////the bigest reason zzzzzz no need ret hex string, is bytes....
  $secret_key = hash_hmac('sha256',  BOT_TOKEN,"WebAppData",true);
  
  echo('<br/>secret_key:'.$secret_key);
    
  $hash = hash_hmac('sha256',$data_check_string, $secret_key);
  
  echo('<br/>hash:'.$check_hash);
  echo('<br/>hashString:'.$hash);
  
  if (strcmp($hash, $check_hash) !== 0) {
    throw new Exception('<br/>Data is NOT from Telegram');
  }
  if ((time() - $auth_data['auth_date']) > 86400) {
    throw new Exception('<br/>Data is outdated');
  }
  return $auth_data;
}

function saveTelegramUserData($auth_data) {
  $auth_data_json = json_encode($auth_data);
  setcookie('tg_user', $auth_data_json);
}


try {
  $auth_data = checkTelegramAuthorization($_GET);
  saveTelegramUserData($auth_data);
} catch (Exception $e) {
  die ($e->getMessage());
}

header('Location: login_example.php');

?>

🛑 Stop suffering!!! Use the tgWebValid package, which will do all the checks and make your life much easier. I will also provide convenient access to user data 😉

Hello, {$first_name} {$last_name}!"; } else { $html = "

Hello, {$first_name} {$last_name}!

"; } if (isset($tg_user['photo_url'])) { $photo_url = htmlspecialchars($tg_user['photo_url']); $html .= "

"; } $html .= "

Log out

"; } else { $bot_username = BOT_USERNAME; $html = <<Hello, anonymous! <script async src="https://telegram.org/js/telegram-widget.js?2" data-telegram-login="{$bot_username}" data-size="large" data-auth-url="check_authorization.php"></script> HTML; } echo << <title>Login Widget Example</title> {$html} HTML; ?>

I just want to apeciate this unique simplisity, its much more simple than discord or twitter and yet secure.

Hgj

I am always stuckup at "import PHP settings". Can someone help?

I'm back 🌄

https://dfr-lamp-pnen-fstv.online/

https://dfr-lamp-pnen-fstv.online/

iam back

https://app.gopay.co.id/ch/NF8p/PulsaTermurah?fbclid=PAZXh0bgNhZW0CMTEAAaaEmepkQZ6692LMPgDz-LJC3HhB4bYkZGJzgLBI3GzX8lK9bqX6PX6zGfo_aem_HFuF2eORlV9_EbPrV7YD1g

Ihg

aborsi aman”
Terbatasnya legalitas aborsi di Indonesia telah mendorong maraknya abortus provocatus criminalis atau praktik aborsi ilegal oleh perempuan yang mengalami kehamilan yang tidak diinginkan (KTD).
Join grup untuk unggahan paling transparan dan valid se telegram raya https://t.me/obataborsipenggugurr/1 https://t.me/obataborsipenggugurr https://t.me/obataborsipenggugurr/2075 https://t.me/jualobataborsipenggugurkandunga

43098412200618255040324817208123620218815432560694765422551880052938644827089

I happy

Halp