Skip to content

Instantly share code, notes, and snippets.

/check_authorization.php

Created February 3, 2018 16:21
Show Gist options
  • Save anonymous/6516521b1fb3b464534fbc30ea3573c2 to your computer and use it in GitHub Desktop.
Save anonymous/6516521b1fb3b464534fbc30ea3573c2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
check_authorization.php
<?php
define('BOT_TOKEN', 'XXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXX'); // place bot token of your bot here
function checkTelegramAuthorization($auth_data) {
$check_hash = $auth_data['hash'];
unset($auth_data['hash']);
$data_check_arr = [];
foreach ($auth_data as $key => $value) {
$data_check_arr[] = $key . '=' . $value;
}
sort($data_check_arr);
$data_check_string = implode("\n", $data_check_arr);
$secret_key = hash('sha256', BOT_TOKEN, true);
$hash = hash_hmac('sha256', $data_check_string, $secret_key);
if (strcmp($hash, $check_hash) !== 0) {
throw new Exception('Data is NOT from Telegram');
}
if ((time() - $auth_data['auth_date']) > 86400) {
throw new Exception('Data is outdated');
}
return $auth_data;
}
function saveTelegramUserData($auth_data) {
$auth_data_json = json_encode($auth_data);
setcookie('tg_user', $auth_data_json);
}
try {
$auth_data = checkTelegramAuthorization($_GET);
saveTelegramUserData($auth_data);
} catch (Exception $e) {
die ($e->getMessage());
}
header('Location: login_example.php');
?>
Raw
login_example.php
<?php
define('BOT_USERNAME', 'XXXXXXXXXX'); // place username of your bot here
function getTelegramUserData() {
if (isset($_COOKIE['tg_user'])) {
$auth_data_json = urldecode($_COOKIE['tg_user']);
$auth_data = json_decode($auth_data_json, true);
return $auth_data;
}
return false;
}
if ($_GET['logout']) {
setcookie('tg_user', '');
header('Location: login_example.php');
}
$tg_user = getTelegramUserData();
if ($tg_user !== false) {
$first_name = htmlspecialchars($tg_user['first_name']);
$last_name = htmlspecialchars($tg_user['last_name']);
if (isset($tg_user['username'])) {
$username = htmlspecialchars($tg_user['username']);
$html = "<h1>Hello, <a href=\"https://t.me/{$username}\">{$first_name} {$last_name}</a>!</h1>";
} else {
$html = "<h1>Hello, {$first_name} {$last_name}!</h1>";
}
if (isset($tg_user['photo_url'])) {
$photo_url = htmlspecialchars($tg_user['photo_url']);
$html .= "<img src=\"{$photo_url}\">";
}
$html .= "<p><a href=\"?logout=1\">Log out</a></p>";
} else {
$bot_username = BOT_USERNAME;
$html = <<<HTML
<h1>Hello, anonymous!</h1>
<script async src="https://telegram.org/js/telegram-widget.js?2" data-telegram-login="{$bot_username}" data-size="large" data-auth-url="check_authorization.php"></script>
HTML;
}
echo <<<HTML
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login Widget Example</title>
</head>
<body><center>{$html}</center></body>
</html>
HTML;
?>
@QobilZamonov
Copy link

menda xatolik borBot domain invalid

Foydalanayotganingizni tekshiringhttps

QobilZamonov

@QobilZamonov
Copy link

Salom

@maybephilipp
Copy link

Telegram login widget is not working on my web site and i don't understand why. It's just stuck when Telegram must send confirmation message. If i already logged in on telegram.org its working as needed, but i can't receive confirmation via my web site. Enabling cross site cookies does not resolve the problem

@rekkisomo @Comrade19632 if you find any solution, please ping

@maybephilipp
Copy link

Telegram login widget is not working on my web site and i don't understand why. It's just stuck when Telegram must send confirmation message. If i already logged in on telegram.org its working as needed, but i can't receive confirmation via my web site. Enabling cross site cookies does not resolve the problem

@rekkisomo @Comrade19632 if you find any solution, please ping

@rekkisomo @Comrade19632 + anyone with same problem, here is the solution: https://stackoverflow.com/a/74193012/15090151

quote: "I fixed it by changing the domain. I don’t know why, but the telegram login widget does not want to work with the tgmm.xyz domain."

xyz ltd or maybe some other are rejected by Telegram for some reason.

@Imran6478
Copy link

I couldn't receive code through number.why?
Plz help me

@maybephilipp
Copy link

I couldn't receive code through number.why? Plz help me

What is domain zone of your app, .xyz?

@mahdikiani
Copy link

How to use profile picture?

@soe56
Copy link

soe56 commented Jun 23, 2024

mwjira@gmail.com 0944747844

34832

Can I receive code just by this email-Abukimuhamad7@gmail.com cause my number 0936248150 is deactivated due to my sim is lost

@soe56
Copy link

soe56 commented Jun 23, 2024

Can I receive code just by this email-Abukimuhamad7@gmail.com cause my number 0936248150 is deactivated due to my sim is lost

@chinjw
Copy link

chinjw commented Jul 1, 2024

i got a error Bot domain invalid

Check if you are using https

i also getting the same error,
i'm using https

@Mrsaz7777
Copy link

@meysamsaz
@mrsaz7

@Facebook203
Copy link

+----+----+----+----...----+
|tlen|FFFF|abcd| padding |
+----+----+----+----...----+

@lazcoin53
Copy link

Hello, I want to integrate my mobile game into Telegram. Does anyone know how I can do it?

@fanfq
Copy link

fanfq commented Aug 2, 2024
edited
Loading 


the right check auth as blow


<?php

define('BOT_TOKEN', 'XXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXX'); // place bot token of your bot here

function checkTelegramAuthorization($auth_data) {
    
    echo('<br/>auth_data:'.$auth_data);
    echo("<br/>####");
    
  $check_hash = $auth_data['hash'];
  unset($auth_data['hash']);
  $data_check_arr = [];
  foreach ($auth_data as $key => $value) {
    $data_check_arr[] = $key . '=' . $value;
  }
  sort($data_check_arr);
  $data_check_string = implode("\n", $data_check_arr);
  
  echo('<br/>hash:'.$data_check_string);
  

////////the bigest reason zzzzzz no need ret hex string, is bytes....
  $secret_key = hash_hmac('sha256',  BOT_TOKEN,"WebAppData",true);
  
  echo('<br/>secret_key:'.$secret_key);
    
  $hash = hash_hmac('sha256',$data_check_string, $secret_key);
  
  echo('<br/>hash:'.$check_hash);
  echo('<br/>hashString:'.$hash);
  
  if (strcmp($hash, $check_hash) !== 0) {
    throw new Exception('<br/>Data is NOT from Telegram');
  }
  if ((time() - $auth_data['auth_date']) > 86400) {
    throw new Exception('<br/>Data is outdated');
  }
  return $auth_data;
}

function saveTelegramUserData($auth_data) {
  $auth_data_json = json_encode($auth_data);
  setcookie('tg_user', $auth_data_json);
}


try {
  $auth_data = checkTelegramAuthorization($_GET);
  saveTelegramUserData($auth_data);
} catch (Exception $e) {
  die ($e->getMessage());
}

header('Location: login_example.php');

?>

@Ahamadtofik
Copy link

Ok

@Mostafa8168
Copy link

If something, the "id" value can be used as a "chat_id" to send a message via a bot

@Mostafa8168
Copy link

Uploading 1000041280.jpg…

@Mostafa8168
Copy link

i got a error Bot domain invalid

Check if you are using https

i also getting the same error, i'm using https

@Mostafa8168
Copy link

If something, the "id" value can be used as a "chat_id" to send a message via a bot

@Mostafa8168
Copy link

i got a error Bot domain invalid

Check if you are using https

i also getting the same error, i'm using https

@Mostafa8168
Copy link

Leave comment

@Mostafa8168
Copy link

Uploading 1000019237.jpg…

@Mostafa8168
Copy link

https://llaauunnch.net/GamesLaunch/Launch?gameid=23366&playMode=real&token=79a37feccacb4fe98e52bff7e6c21e5c&deviceType=2&lang=FA&operatorId=6C395348&mainDomain=takbet.com

@Mostafa8168
Copy link

https://llaauunnch.net/GamesLaunch/Launch?gameid=23366&playMode=real&token=79a37feccacb4fe98e52bff7e6c21e5c&deviceType=2&lang=FA&operatorId=6C395348&mainDomain=takbet.com

@Mostafa8168
Copy link

why this error Data is NOT from Telegram??

@Mostafa8168
Copy link 


the right check auth as blow


<?php

define('BOT_TOKEN', '7171119555:AAE4K6DSoKFXub-vBr1GkT63_VclRCpZYBY'); // place bot token of your bot here

function checkTelegramAuthorization($auth_data) {
    
    echo('<br/>auth_data:'.$auth_data);
    echo("<br/>####");
    
  $check_hash = $auth_data['hash'];
  unset($auth_data['hash']);
  $data_check_arr = [];
  foreach ($auth_data as $key => $value) {
    $data_check_arr[] = $key . '=' . $value;
  }
  sort($data_check_arr);
  $data_check_string = implode("\n", $data_check_arr);
  
  echo('<br/>hash:'.$data_check_string);
  

////////the bigest reason zzzzzz no need ret hex string, is bytes....
  $secret_key = hash_hmac('sha256',  BOT_TOKEN,"WebAppData",true);
  
  echo('<br/>secret_key:'.$secret_key);
    
  $hash = hash_hmac('sha256',$data_check_string, $secret_key);
  
  echo('<br/>hash:'.$check_hash);
  echo('<br/>hashString:'.$hash);
  
  if (strcmp($hash, $check_hash) !== 0) {
    throw new Exception('<br/>Data is NOT from Telegram');
  }
  if ((time() - $auth_data['auth_date']) > 86400) {
    throw new Exception('<br/>Data is outdated');
  }
  return $auth_data;
}

function saveTelegramUserData($auth_data) {
  $auth_data_json = json_encode($auth_data);
  setcookie('tg_user', $auth_data_json);
}


try {
  $auth_data = checkTelegramAuthorization($_GET);
  saveTelegramUserData($auth_data);
} catch (Exception $e) {
  die ($e->getMessage());
}

header('Location: login_example.php');

?>

@CrazyTapok-bit
Copy link

🛑 Stop suffering!!! Use the tgWebValid package, which will do all the checks and make your life much easier. I will also provide convenient access to user data 😉

@exdsrhcj
Copy link

Hello, {$first_name} {$last_name}!"; } else { $html = "

Hello, {$first_name} {$last_name}!

"; } if (isset($tg_user['photo_url'])) { $photo_url = htmlspecialchars($tg_user['photo_url']); $html .= "

"; } $html .= "

Log out

"; } else { $bot_username = BOT_USERNAME; $html = <<Hello, anonymous! <script async src="https://telegram.org/js/telegram-widget.js?2" data-telegram-login="{$bot_username}" data-size="large" data-auth-url="check_authorization.php"></script> HTML; } echo << <title>Login Widget Example</title> {$html} HTML; ?>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment