无法为机器人用户验证 Telegram Web App
Can't validate Telegram Web App for Bots user
我试过为机器人的电报网络应用程序做用户验证脚本。我不知道如何解决它。哈希和编码字符串相似但不相同。
电报文章(文档):https://core.telegram.org/bots/webapps#validating-data-received-via-the-web-app
$bot_token="5368097647:AAFU8jBho71pglrzDeGw6LawrVuMmxaxpEQ";
$data_check_string=$_POST['a'];
$data_check_string=explode("&", urldecode($data_check_string));
foreach ($data_check_string as &$arrvalue) {
$hash="";
if (substr($arrvalue, 0, 4)=='hash'){
$hash=explode("=", $arrvalue)[1];
break;
}
}
sort($data_check_string);
$data_check_string=implode('\n', $data_check_string);
$secret_key = $sig = hash_hmac('sha256', $bot_token, "WebAppData");
if (hash_hmac('sha256', $data_check_string, $secret_key) == $hash) {
print("fromtg");
}
else{
print("notg");
}
?>
- 加入数组
implode("\n", $data_check_arr);
- 在
hash_mac函数中将第四个参数设置为TRUE(输出原始二进制数据);
- 在比较两个散列之前应用
bin2hex函数计算散列以将二进制数据转换为十六进制表示;
这是我的代码:
<?php
$data_check_arr = explode('&', rawurldecode($data_check_string));
$needle = 'hash=';
$check_hash = FALSE;
foreach( $data_check_arr AS &$val ){
if( substr( $val, 0, strlen($needle) ) === $needle ){
$check_hash = substr_replace( $val, '', 0, strlen($needle) );
$val = NULL;
}
}
// if( $check_hash === FALSE ) return FALSE;
$data_check_arr = array_filter($data_check_arr);
sort($data_check_arr);
$data_check_string = implode("\n", $data_check_arr);
$secret_key = hash_hmac( 'sha256', $bot_token, "WebAppData", TRUE );
$hash = bin2hex( hash_hmac( 'sha256', $data_check_string, $secret_key, TRUE ) );
if( strcmp($hash, $check_hash) === 0 ){
// validation success
}else{
// validation failed
}
我试过为机器人的电报网络应用程序做用户验证脚本。我不知道如何解决它。哈希和编码字符串相似但不相同。
电报文章(文档):https://core.telegram.org/bots/webapps#validating-data-received-via-the-web-app
$bot_token="5368097647:AAFU8jBho71pglrzDeGw6LawrVuMmxaxpEQ";
$data_check_string=$_POST['a'];
$data_check_string=explode("&", urldecode($data_check_string));
foreach ($data_check_string as &$arrvalue) {
$hash="";
if (substr($arrvalue, 0, 4)=='hash'){
$hash=explode("=", $arrvalue)[1];
break;
}
}
sort($data_check_string);
$data_check_string=implode('\n', $data_check_string);
$secret_key = $sig = hash_hmac('sha256', $bot_token, "WebAppData");
if (hash_hmac('sha256', $data_check_string, $secret_key) == $hash) {
print("fromtg");
}
else{
print("notg");
}
?>
- 加入数组
implode("\n", $data_check_arr); - 在
hash_mac函数中将第四个参数设置为TRUE(输出原始二进制数据); - 在比较两个散列之前应用
bin2hex函数计算散列以将二进制数据转换为十六进制表示;
这是我的代码:
<?php
$data_check_arr = explode('&', rawurldecode($data_check_string));
$needle = 'hash=';
$check_hash = FALSE;
foreach( $data_check_arr AS &$val ){
if( substr( $val, 0, strlen($needle) ) === $needle ){
$check_hash = substr_replace( $val, '', 0, strlen($needle) );
$val = NULL;
}
}
// if( $check_hash === FALSE ) return FALSE;
$data_check_arr = array_filter($data_check_arr);
sort($data_check_arr);
$data_check_string = implode("\n", $data_check_arr);
$secret_key = hash_hmac( 'sha256', $bot_token, "WebAppData", TRUE );
$hash = bin2hex( hash_hmac( 'sha256', $data_check_string, $secret_key, TRUE ) );
if( strcmp($hash, $check_hash) === 0 ){
// validation success
}else{
// validation failed
}