Web Apps

[misqkrk]

Hello, are you planning to add web_app? https://core.telegram.org/bots/webapps#initializing-web-apps

[Eleirbag89]

No I'm not planning to add the Web App feature. If I would what should be implemented in the library ? From what I gathered you should need to import the telegram JS library and code your App.

Am I missing something ?

[hijera]

Validation code for submits maybe? (Title: Validating data received via the Web App) i found one on js, just need to port to php: https://gist.github.com/konstantin24121/49da5d8023532d66cc4db1136435a885

[reyeff]

Yes please. i recently using this library for my bot. it will be usefull if this library added this method.

[Eleirbag89]

Validation code for submits maybe? (Title: Validating data received via the Web App) i found one on js, just need to port to php: https://gist.github.com/konstantin24121/49da5d8023532d66cc4db1136435a885

Should be pretty easy, do you have a working app where we can do some testing ?

$secret = hash_hmac('sha256', 'TELEGRAM_BOT_TOKEN', 'WebAppData');
$get = $_GET;
$hash = $get['hash'];
ksort($get);

$payload = array();
foreach($get as $key => $value){
   if ($key != 'hash') {
      array_push($payload, $key . "=" . $value);
   }
}
$toSign = implode('\n', $payload);
$signed = hash_hmac('sha256', $toSign, $secret );
$valid = $signed == $hash;
echo "Is valid " . $valid

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[hijera]

oh, missed it... i'll check a bit later :)

[hijera]

Checked that code, that didn't worked, but after i added ",TRUE" parameter to hash_hmac, it started to work well: And in a fact, we can get "hash" just from initData. (Based on https://stackoverflow.com/questions/71905866/cant-validate-telegram-web-app-for-bots-user)

$bot_token = "YOUR_BOT_TOKEN";
$secret = hash_hmac('sha256', $bot_token, 'WebAppData',TRUE);
$get = $_GET;

$init_data_parsed = explode("&", rawurldecode($get['initData']));
$payload = array();

foreach ($init_data_parsed as $value) {
    $data_pair = explode("=", $value);
    if ($data_pair[0] == 'hash')
        $hash = $data_pair[1];
    if ($data_pair[0] !== 'hash') {
        array_push($payload, $data_pair[0] . '=' . $data_pair[1]);
    }
}

sort($payload);

$toSign = implode("\n", $payload);
$signed = bin2hex(hash_hmac('sha256', $toSign, $secret,TRUE));

$valid = $signed == $hash;

i also made repo with working code: https://github.com/hijera/telegrambotphp_webapp_test

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.