Created
February 3, 2018 16:21
-
Star
(482)
You must be signed in to star a gist -
Fork
(189)
You must be signed in to fork a gist
-
-
Save anonymous/6516521b1fb3b464534fbc30ea3573c2 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| define('BOT_USERNAME', 'XXXXXXXXXX'); // place username of your bot here | |
| function getTelegramUserData() { | |
| if (isset($_COOKIE['tg_user'])) { | |
| $auth_data_json = urldecode($_COOKIE['tg_user']); | |
| $auth_data = json_decode($auth_data_json, true); | |
| return $auth_data; | |
| } | |
| return false; | |
| } | |
| if ($_GET['logout']) { | |
| setcookie('tg_user', ''); | |
| header('Location: login_example.php'); | |
| } | |
| $tg_user = getTelegramUserData(); | |
| if ($tg_user !== false) { | |
| $first_name = htmlspecialchars($tg_user['first_name']); | |
| $last_name = htmlspecialchars($tg_user['last_name']); | |
| if (isset($tg_user['username'])) { | |
| $username = htmlspecialchars($tg_user['username']); | |
| $html = "<h1>Hello, <a href=\"https://t.me/{$username}\">{$first_name} {$last_name}</a>!</h1>"; | |
| } else { | |
| $html = "<h1>Hello, {$first_name} {$last_name}!</h1>"; | |
| } | |
| if (isset($tg_user['photo_url'])) { | |
| $photo_url = htmlspecialchars($tg_user['photo_url']); | |
| $html .= "<img src=\"{$photo_url}\">"; | |
| } | |
| $html .= "<p><a href=\"?logout=1\">Log out</a></p>"; | |
| } else { | |
| $bot_username = BOT_USERNAME; | |
| $html = <<<HTML | |
| <h1>Hello, anonymous!</h1> | |
| <script async src="https://telegram.org/js/telegram-widget.js?2" data-telegram-login="{$bot_username}" data-size="large" data-auth-url="check_authorization.php"></script> | |
| HTML; | |
| } | |
| echo <<<HTML | |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <title>Login Widget Example</title> | |
| </head> | |
| <body><center>{$html}</center></body> | |
| </html> | |
| HTML; | |
| ?> |
Mostafa8168
commented
Aug 15, 2024
If something, the "id" value can be used as a "chat_id" to send a message via a bot
i got a error
Bot domain invalidCheck if you are using
httpsi also getting the same error, i'm using https
Leave comment
why this error Data is NOT from Telegram??
the right check auth as blow <?php define('BOT_TOKEN', '7171119555:AAE4K6DSoKFXub-vBr1GkT63_VclRCpZYBY'); // place bot token of your bot here function checkTelegramAuthorization($auth_data) { echo('<br/>auth_data:'.$auth_data); echo("<br/>####"); $check_hash = $auth_data['hash']; unset($auth_data['hash']); $data_check_arr = []; foreach ($auth_data as $key => $value) { $data_check_arr[] = $key . '=' . $value; } sort($data_check_arr); $data_check_string = implode("\n", $data_check_arr); echo('<br/>hash:'.$data_check_string); ////////the bigest reason zzzzzz no need ret hex string, is bytes.... $secret_key = hash_hmac('sha256', BOT_TOKEN,"WebAppData",true); echo('<br/>secret_key:'.$secret_key); $hash = hash_hmac('sha256',$data_check_string, $secret_key); echo('<br/>hash:'.$check_hash); echo('<br/>hashString:'.$hash); if (strcmp($hash, $check_hash) !== 0) { throw new Exception('<br/>Data is NOT from Telegram'); } if ((time() - $auth_data['auth_date']) > 86400) { throw new Exception('<br/>Data is outdated'); } return $auth_data; } function saveTelegramUserData($auth_data) { $auth_data_json = json_encode($auth_data); setcookie('tg_user', $auth_data_json); } try { $auth_data = checkTelegramAuthorization($_GET); saveTelegramUserData($auth_data); } catch (Exception $e) { die ($e->getMessage()); } header('Location: login_example.php'); ?>
🛑 Stop suffering!!! Use the tgWebValid package, which will do all the checks and make your life much easier. I will also provide convenient access to user data 😉
Hello, {$first_name} {$last_name}!";
} else {
$html = "
Hello, {$first_name} {$last_name}!
"; } if (isset($tg_user['photo_url'])) { $photo_url = htmlspecialchars($tg_user['photo_url']); $html .= "
I just want to apeciate this unique simplisity, its much more simple than discord or twitter and yet secure.
Hgj
I am always stuckup at "import PHP settings". Can someone help?
I'm back 🌄
iam back
Ihg
I happy
Halp
[](url)
<title>Telegram Login Widget</title>the right check auth as blow <?php define('BOT_TOKEN', 'XXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXX'); // place bot token of your bot here function checkTelegramAuthorization($auth_data) { echo('<br/>auth_data:'.$auth_data); echo("<br/>####"); $check_hash = $auth_data['hash']; unset($auth_data['hash']); $data_check_arr = []; foreach ($auth_data as $key => $value) { $data_check_arr[] = $key . '=' . $value; } sort($data_check_arr); $data_check_string = implode("\n", $data_check_arr); echo('<br/>hash:'.$data_check_string); ////////the bigest reason zzzzzz no need ret hex string, is bytes.... $secret_key = hash_hmac('sha256', BOT_TOKEN,"WebAppData",true); echo('<br/>secret_key:'.$secret_key); $hash = hash_hmac('sha256',$data_check_string, $secret_key); echo('<br/>hash:'.$check_hash); echo('<br/>hashString:'.$hash); if (strcmp($hash, $check_hash) !== 0) { throw new Exception('<br/>Data is NOT from Telegram'); } if ((time() - $auth_data['auth_date']) > 86400) { throw new Exception('<br/>Data is outdated'); } return $auth_data; } function saveTelegramUserData($auth_data) { $auth_data_json = json_encode($auth_data); setcookie('tg_user', $auth_data_json); } try { $auth_data = checkTelegramAuthorization($_GET); saveTelegramUserData($auth_data); } catch (Exception $e) { die ($e->getMessage()); } header('Location: login_example.php'); ?>
Telegram Login
<!-- Telegram Login Widget -->
<script async
src="https://telegram.org/js/telegram-widget.js?22"
data-telegram-login="MagicSszBot" <!-- Bot Username -->
data-size="large"
data-auth-url="https://yourdomain.com/auth/telegram" <!-- Backend Callback URL -->
data-request-access="write">
</script>
<title>Telegram Login Widget</title>
Telegram Login
<!-- Telegram Login Widget -->
<script async
src="https://telegram.org/js/telegram-widget.js?22"
data-telegram-login="MagicSszBot" <!-- Replace with your Bot Username -->
data-size="large"
data-auth-url="https://yourdomain.com/auth/telegram" <!-- Replace with your Callback URL -->
data-request-access="write">
</script>
<script src="https://gist.github.com/SoeAung95/10311da6f589778177739b35c127471c.js"></script>
git config --global user.email "[email protected]"
git config user.email "[email protected]"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment