Closed misqkrk closed 1 year ago
No I'm not planning to add the Web App feature. If I would what should be implemented in the library ? From what I gathered you should need to import the telegram JS library and code your App.
Am I missing something ?
Validation code for submits maybe? (Title: Validating data received via the Web App) i found one on js, just need to port to php: https://gist.github.com/konstantin24121/49da5d8023532d66cc4db1136435a885
Yes please. i recently using this library for my bot. it will be usefull if this library added this method.
Validation code for submits maybe? (Title: Validating data received via the Web App) i found one on js, just need to port to php: https://gist.github.com/konstantin24121/49da5d8023532d66cc4db1136435a885
Should be pretty easy, do you have a working app where we can do some testing ?
$secret = hash_hmac('sha256', 'TELEGRAM_BOT_TOKEN', 'WebAppData');
$get = $_GET;
$hash = $get['hash'];
ksort($get);
$payload = array();
foreach($get as $key => $value){
if ($key != 'hash') {
array_push($payload, $key . "=" . $value);
}
}
$toSign = implode('\n', $payload);
$signed = hash_hmac('sha256', $toSign, $secret );
$valid = $signed == $hash;
echo "Is valid " . $valid
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
oh, missed it... i'll check a bit later :)
Checked that code, that didn't worked, but after i added ",TRUE" parameter to hash_hmac, it started to work well: And in a fact, we can get "hash" just from initData. (Based on https://stackoverflow.com/questions/71905866/cant-validate-telegram-web-app-for-bots-user)
$bot_token = "YOUR_BOT_TOKEN";
$secret = hash_hmac('sha256', $bot_token, 'WebAppData',TRUE);
$get = $_GET;
$init_data_parsed = explode("&", rawurldecode($get['initData']));
$payload = array();
foreach ($init_data_parsed as $value) {
$data_pair = explode("=", $value);
if ($data_pair[0] == 'hash')
$hash = $data_pair[1];
if ($data_pair[0] !== 'hash') {
array_push($payload, $data_pair[0] . '=' . $data_pair[1]);
}
}
sort($payload);
$toSign = implode("\n", $payload);
$signed = bin2hex(hash_hmac('sha256', $toSign, $secret,TRUE));
$valid = $signed == $hash;
i also made repo with working code: https://github.com/hijera/telegrambotphp_webapp_test
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hello, are you planning to add web_app? https://core.telegram.org/bots/webapps#initializing-web-apps