Skip to content

Instantly share code, notes, and snippets.

Created February 3, 2018 16:21
Show Gist options
  • Save anonymous/6516521b1fb3b464534fbc30ea3573c2 to your computer and use it in GitHub Desktop.
Save anonymous/6516521b1fb3b464534fbc30ea3573c2 to your computer and use it in GitHub Desktop.
<?php
define('BOT_TOKEN', 'XXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXX'); // place bot token of your bot here
function checkTelegramAuthorization($auth_data) {
$check_hash = $auth_data['hash'];
unset($auth_data['hash']);
$data_check_arr = [];
foreach ($auth_data as $key => $value) {
$data_check_arr[] = $key . '=' . $value;
}
sort($data_check_arr);
$data_check_string = implode("\n", $data_check_arr);
$secret_key = hash('sha256', BOT_TOKEN, true);
$hash = hash_hmac('sha256', $data_check_string, $secret_key);
if (strcmp($hash, $check_hash) !== 0) {
throw new Exception('Data is NOT from Telegram');
}
if ((time() - $auth_data['auth_date']) > 86400) {
throw new Exception('Data is outdated');
}
return $auth_data;
}
function saveTelegramUserData($auth_data) {
$auth_data_json = json_encode($auth_data);
setcookie('tg_user', $auth_data_json);
}
try {
$auth_data = checkTelegramAuthorization($_GET);
saveTelegramUserData($auth_data);
} catch (Exception $e) {
die ($e->getMessage());
}
header('Location: login_example.php');
?>
<?php
define('BOT_USERNAME', 'XXXXXXXXXX'); // place username of your bot here
function getTelegramUserData() {
if (isset($_COOKIE['tg_user'])) {
$auth_data_json = urldecode($_COOKIE['tg_user']);
$auth_data = json_decode($auth_data_json, true);
return $auth_data;
}
return false;
}
if ($_GET['logout']) {
setcookie('tg_user', '');
header('Location: login_example.php');
}
$tg_user = getTelegramUserData();
if ($tg_user !== false) {
$first_name = htmlspecialchars($tg_user['first_name']);
$last_name = htmlspecialchars($tg_user['last_name']);
if (isset($tg_user['username'])) {
$username = htmlspecialchars($tg_user['username']);
$html = "<h1>Hello, <a href=\"https://t.me/{$username}\">{$first_name} {$last_name}</a>!</h1>";
} else {
$html = "<h1>Hello, {$first_name} {$last_name}!</h1>";
}
if (isset($tg_user['photo_url'])) {
$photo_url = htmlspecialchars($tg_user['photo_url']);
$html .= "<img src=\"{$photo_url}\">";
}
$html .= "<p><a href=\"?logout=1\">Log out</a></p>";
} else {
$bot_username = BOT_USERNAME;
$html = <<<HTML
<h1>Hello, anonymous!</h1>
<script async src="https://telegram.org/js/telegram-widget.js?2" data-telegram-login="{$bot_username}" data-size="large" data-auth-url="check_authorization.php"></script>
HTML;
}
echo <<<HTML
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login Widget Example</title>
</head>
<body><center>{$html}</center></body>
</html>
HTML;
?>
@SoeAung95
Copy link

<script src="https://gist.github.com/SoeAung95/10311da6f589778177739b35c127471c.js"></script>

@Shagorhossain83
Copy link

@SoeAung95
Copy link

git config --global user.email "[email protected]"

@SoeAung95
Copy link

git config user.email "[email protected]"

@SoeAung95
Copy link

$ git config user.email
[email protected]

@Chiming97
Copy link

Cara mengaktifkan akun telegram kena spam di blockir bagaimana brow

@azharalisoomro1
Copy link

@POWERFULLGOLDUK_BOT

@azharalisoomro1
Copy link

Stay updated with the latest gold prices in real-time! 📊 Get instant notifications and market trends right in your Telegram.

@azharalisoomro1
Copy link

📢 Live Gold Price Updates – Join Now!

@netnimit1998
Copy link

@Ahmed7339
Copy link

<script src="https://gist.github.com/anonymous/6516521b1fb3b464534fbc30ea3573c2.js"></script>

@inf1nite-lo0p
Copy link

Here's a TypeScript/Node.js implementation of this:

import crypto from "node:crypto";

const BOT_TOKEN = "XXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXX";
const MAX_AGE = 300; // 5 minutes

/**
 * The raw Telegram login payload received from the client.
 *
 * All values are strings or undefined. The `hash` field is required
 * to validate the data using HMAC-SHA256 with the bot token.
 */
export interface TelegramAuthData {
    /**
     * Unique user identifier (Telegram ID)
     */
    id: string;

    /**
     * User’s first name
     */
    first_name?: string;

    /**
     * User’s last name
     */
    last_name?: string;

    /**
     * Telegram username
     */
    username?: string;

    /**
     * Optional URL to the user’s Telegram profile picture
     */
    photo_url?: string;

    /**
     * UNIX timestamp in seconds when the auth data was generated
     */
    auth_date: string;

    /**
     * HMAC-SHA256 hash for verifying data integrity
     */
    hash: string;

    /**
     * Any additional properties included in the request
     */
    [key: string]: string | undefined;
}

/**
 * Verified and normalized Telegram user identity after integrity checks.
 */
export interface TelegramVerifiedData {
    /**
     * Unique Telegram user ID
     */
    id: string;

    /**
     * User’s first name
     */
    firstName?: string;

    /**
     * User’s last name
     */
    lastName?: string;

    /**
     * Telegram username
     */
    username?: string;

    /**
     * Profile picture URL
     */
    photoUrl?: string;

    /**
     * Parsed auth date as a JavaScript `Date` object
     */
    authDate: Date;

    /**
     * Original payload (with guaranteed non-undefined string values)
     */
    raw: Record<string, string>;
}

/**
 * Verifies Telegram login data using Telegram’s secure login protocol.
 * Performs HMAC-based hash verification and auth_date freshness check.
 */
function verify(input: Record<string, string>): TelegramVerifiedData {
    const { hash: checkHash, ...data } = input as TelegramAuthData;

    if (!checkHash) {
        throw new Error("Missing hash in Telegram login data");
    }

    /**
     * The `TelegramAuthData`'s hash should match against the sorted `key=val` list of its entries.
     * {@link https://core.telegram.org/widgets/login#checking-authorization}
     */
    const sorted = Object.entries(data)
        .map(([k, v]) => `${k}=${v}`)
        .sort()
        .join("\n");

    /**
     * Port of sample PHP provided by Telegram organization to Javascript:
     * {@link https://gist.github.com/anonymous/6516521b1fb3b464534fbc30ea3573c2}
     */
    const secretKey = crypto.createHash("sha256").update(BOT_TOKEN).digest();
    const computedHash = crypto.createHmac("sha256", secretKey).update(sorted).digest("hex");

    if (computedHash !== checkHash) {
        throw new Error("Telegram data integrity check failed (hash mismatch)");
    }

    const authDate = parseInt(data.auth_date || "", 10);

    if (!authDate || Date.now() / 1000 - authDate > MAX_AGE) {
        throw new Error("Telegram login data is outdated");
    }

    const raw = Object.fromEntries(Object.entries(data).filter(([, v]) => typeof v === "string")) as Record<string, string>;

    return {
        id: data.id,
        firstName: data.first_name,
        lastName: data.last_name,
        username: data.username,
        photoUrl: data.photo_url,
        authDate: new Date(authDate * 1000),
        raw,
    };
}
// Simple callback for Express.js can be used with other frameworks too.

/**
 * Verifies Telegram login payload sent via client-side POST
 */
export function handleCallback(req: Request, res: Response) {
    try {
        // import `verify()`
        const user = verify(req.body as Record<string, string>);

        res.json({ message: "Verified successfully", user });
    } catch (error) {
        res.status(400).json({
            message: "Telegram login failed",
            error: error instanceof Error ? error.message : error,
        });
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment