FabianPastor · February 8, 2018 21:55
diff --git a/telegram_login_widget.class.php b/telegram_login_widget.class.php
 <?php
 /*
 Derived work from https://gist.github.com/anonymous/6516521b1fb3b464534fbc30ea3573c2
 More info at: https://core.telegram.org/widgets/login
 */

 class TelegramUserData{
  public $auth_data = false; //The data itself
  private $outdated = 86400; //Secconds to consider some info outdated.
  private $bottoken = "YOUTBOTTOKEN";
  
  public function __construct($auth_data=false){
    if(!$auth_data){
      $this->get();
    }else{
      $this->auth_data = $auth_data;
      $this->msg("Hello, welcome to the website. This is an automated message."); //Edit and delete if you don't need it
    }
    if(!$this->auth_data){
      throw new Exception('No UserData Present');
    }
    $this->check();
    $this->save();
  }
  
  //Simple botapi message handler. I encourage to use other methods
  public function msg($text){ 
    file_get_contents("https://api.telegram.org/bot{$this->bottoken}/sendMessage?".
                      "chat_id={$this->auth_data["id"]}&".
                      "text=".urlencode($text)
                     );
  }
  
  private function check() {
    $auth_data = $this->auth_data;
    unset($auth_data['hash']);
    $data_check_arr = [];
    foreach ($auth_data as $key => $value) {
      $data_check_arr[] = $key . '=' . $value;
    }
    sort($data_check_arr);
    $data_check_string = implode("\n", $data_check_arr);
    $secret_key = hash('sha256', $this->bottoken, true);
    $hash = hash_hmac('sha256', $data_check_string, $secret_key);
    if (strcmp($hash, $this->auth_data['hash']) !== 0) {
      throw new Exception('Data is NOT from Telegram');
    }
    if ((time() - $auth_data['auth_date']) > $this->outdated) {
      throw new Exception('Data is outdated');
    }
  }
  
  private function get() {
    if (isset($_COOKIE['tg_user'])) {
      $auth_data_json = urldecode($_COOKIE['tg_user']);
      $this->auth_data = json_decode($auth_data_json, true);
    }
  }
  
  
  public function save() {
    $auth_data_json = json_encode($this->auth_data);
    setcookie('tg_user', $auth_data_json);
  }
  public function destroy(){
    $this->msg("Bye, this is a goodbye message :D"); //Edit and delete if you don't need it
    setcookie('tg_user', "");
  }
  
  public function user(){
    $user = new stdClass;
    
    $user->id = $this->auth_data["id"];
    
    $user->first_name = isset($this->auth_data["first_name"])?htmlspecialchars("{$this->auth_data["first_name"]}"):"";
    $user->last_name = isset($this->auth_data["last_name"])?htmlspecialchars("{$this->auth_data["last_name"]}"):"";
    $user->username = isset($this->auth_data["username"])?htmlspecialchars("{$this->auth_data["username"]}"):"";
    $user->photo_url = isset($this->auth_data["photo_url"])?htmlspecialchars("{$this->auth_data["photo_url"]}"):"";
    
    //Miscelaneous Can be editd as your need or deleted
    if($user->photo_url){
      $user->photo_img = "<img style=\"width:45px;\" src=\"{$user->photo_url}\">";
    }
    if($user->username){
      $user->username_alink = "<a href=\"https://t.me/{$user->username}\">@{$user->username}</a>";
    }
    return $user;
  }
 }


 /* HowToUse
 try{
  $UserData = new TelegramUserData($_GET);
 } catch (Exception $e) {
  die ($e->getMessage());
 }
 $user = $UserData->user();




 //Login site file   login.php
 include("telegram_login_widget.class.php");

 try{
  $UserData = new TelegramUserData();
  if($_GET["logout"]){
    $UserData->destroy();
  }else{
    header("Location: telegram_session.php");
  }
 } catch (Exception $e) {
  //die ($e->getMessage());
 }



 //Started Session files  home.php or any other file.
 include("telegram_login_widget.class.php");
 try{
  $UserData = new TelegramUserData($_GET);
  header("Location: telegram_session.php");
 } catch (Exception $e) {
  //die ($e->getMessage());
  header("Location: telegram_login.php?error={$e->getMessage()}");
 }

 */
	<?php
	/*
	Derived work from https://gist.github.com/anonymous/6516521b1fb3b464534fbc30ea3573c2
	More info at: https://core.telegram.org/widgets/login
	*/

	class TelegramUserData{
	public $auth_data = false; //The data itself
	private $outdated = 86400; //Secconds to consider some info outdated.
	private $bottoken = "YOUTBOTTOKEN";

	public function __construct($auth_data=false){
	if(!$auth_data){
	$this->get();
	}else{
	$this->auth_data = $auth_data;
	$this->msg("Hello, welcome to the website. This is an automated message."); //Edit and delete if you don't need it
	}
	if(!$this->auth_data){
	throw new Exception('No UserData Present');
	}
	$this->check();
	$this->save();
	}

	//Simple botapi message handler. I encourage to use other methods
	public function msg($text){
	file_get_contents("https://api.telegram.org/bot{$this->bottoken}/sendMessage?".
	"chat_id={$this->auth_data["id"]}&".
	"text=".urlencode($text)
	);
	}

	private function check() {
	$auth_data = $this->auth_data;
	unset($auth_data['hash']);
	$data_check_arr = [];
	foreach ($auth_data as $key => $value) {
	$data_check_arr[] = $key . '=' . $value;
	}
	sort($data_check_arr);
	$data_check_string = implode("\n", $data_check_arr);
	$secret_key = hash('sha256', $this->bottoken, true);
	$hash = hash_hmac('sha256', $data_check_string, $secret_key);
	if (strcmp($hash, $this->auth_data['hash']) !== 0) {
	throw new Exception('Data is NOT from Telegram');
	}
	if ((time() - $auth_data['auth_date']) > $this->outdated) {
	throw new Exception('Data is outdated');
	}
	}

	private function get() {
	if (isset($_COOKIE['tg_user'])) {
	$auth_data_json = urldecode($_COOKIE['tg_user']);
	$this->auth_data = json_decode($auth_data_json, true);
	}
	}


	public function save() {
	$auth_data_json = json_encode($this->auth_data);
	setcookie('tg_user', $auth_data_json);
	}
	public function destroy(){
	$this->msg("Bye, this is a goodbye message :D"); //Edit and delete if you don't need it
	setcookie('tg_user', "");
	}

	public function user(){
	$user = new stdClass;

	$user->id = $this->auth_data["id"];

	$user->first_name = isset($this->auth_data["first_name"])?htmlspecialchars("{$this->auth_data["first_name"]}"):"";
	$user->last_name = isset($this->auth_data["last_name"])?htmlspecialchars("{$this->auth_data["last_name"]}"):"";
	$user->username = isset($this->auth_data["username"])?htmlspecialchars("{$this->auth_data["username"]}"):"";
	$user->photo_url = isset($this->auth_data["photo_url"])?htmlspecialchars("{$this->auth_data["photo_url"]}"):"";

	//Miscelaneous Can be editd as your need or deleted
	if($user->photo_url){
	$user->photo_img = "<img style=\"width:45px;\" src=\"{$user->photo_url}\">";
	}
	if($user->username){
	$user->username_alink = "<a href=\"https://t.me/{$user->username}\">@{$user->username}</a>";
	}
	return $user;
	}
	}


	/* HowToUse
	try{
	$UserData = new TelegramUserData($_GET);
	} catch (Exception $e) {
	die ($e->getMessage());
	}
	$user = $UserData->user();




	//Login site file login.php
	include("telegram_login_widget.class.php");

	try{
	$UserData = new TelegramUserData();
	if($_GET["logout"]){
	$UserData->destroy();
	}else{
	header("Location: telegram_session.php");
	}
	} catch (Exception $e) {
	//die ($e->getMessage());
	}



	//Started Session files home.php or any other file.
	include("telegram_login_widget.class.php");
	try{
	$UserData = new TelegramUserData($_GET);
	header("Location: telegram_session.php");
	} catch (Exception $e) {
	//die ($e->getMessage());
	header("Location: telegram_login.php?error={$e->getMessage()}");
	}

	*/