check_authorization.php

<?php

define('BOT_TOKEN', 'XXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXX'); // place bot token of your bot here

function checkTelegramAuthorization($auth_data) {
  $check_hash = $auth_data['hash'];
  unset($auth_data['hash']);
  $data_check_arr = [];
  foreach ($auth_data as $key => $value) {
    $data_check_arr[] = $key . '=' . $value;
  }
  sort($data_check_arr);
  $data_check_string = implode("\n", $data_check_arr);
  $secret_key = hash('sha256', BOT_TOKEN, true);
  $hash = hash_hmac('sha256', $data_check_string, $secret_key);
  if (strcmp($hash, $check_hash) !== 0) {
    throw new Exception('Data is NOT from Telegram');
  }
  if ((time() - $auth_data['auth_date']) > 86400) {
    throw new Exception('Data is outdated');
  }
  return $auth_data;
}

function saveTelegramUserData($auth_data) {
  $auth_data_json = json_encode($auth_data);
  setcookie('tg_user', $auth_data_json);
}


try {
  $auth_data = checkTelegramAuthorization($_GET);
  saveTelegramUserData($auth_data);
} catch (Exception $e) {
  die ($e->getMessage());
}

header('Location: login_example.php');

?>

login_example.php

<?php

define('BOT_USERNAME', 'XXXXXXXXXX'); // place username of your bot here

function getTelegramUserData() {
  if (isset($_COOKIE['tg_user'])) {
    $auth_data_json = urldecode($_COOKIE['tg_user']);
    $auth_data = json_decode($auth_data_json, true);
    return $auth_data;
  }
  return false;
}

if ($_GET['logout']) {
  setcookie('tg_user', '');
  header('Location: login_example.php');
}

$tg_user = getTelegramUserData();
if ($tg_user !== false) {
  $first_name = htmlspecialchars($tg_user['first_name']);
  $last_name = htmlspecialchars($tg_user['last_name']);
  if (isset($tg_user['username'])) {
    $username = htmlspecialchars($tg_user['username']);
    $html = "<h1>Hello, <a href=\"https://t.me/{$username}\">{$first_name} {$last_name}</a>!</h1>";
  } else {
    $html = "<h1>Hello, {$first_name} {$last_name}!</h1>";
  }
  if (isset($tg_user['photo_url'])) {
    $photo_url = htmlspecialchars($tg_user['photo_url']);
    $html .= "<img src=\"{$photo_url}\">";
  }
  $html .= "<p><a href=\"?logout=1\">Log out</a></p>";
} else {
  $bot_username = BOT_USERNAME;
  $html = <<<HTML
<h1>Hello, anonymous!</h1>
<script async src="https://telegram.org/js/telegram-widget.js?2" data-telegram-login="{$bot_username}" data-size="large" data-auth-url="check_authorization.php"></script>
HTML;
}


  echo <<<HTML
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <title>Login Widget Example</title>
  </head>
  <body><center>{$html}</center></body>
</html>
HTML;

?>

it works when the data is formatted like this:

request_data = {
  "id": XXXXXXXXX,
  "first_name": "John",
  "last_name": "Smith",
  "username": "john_smith",
  "photo_url": "https://t.me/i/userpic/320/XjskdfasdfHGCAShsfgasdf.jpg",
  "auth_date": 1571890000,
  "hash": "a0c34b50c96acbcbf358b34d30a0ad69c5a5ced90427f34729499938b1faf02e"
}

but doesn't work when it formatted like this:

data = {
  "query_id": "AAAAAAAAAAA",
  "user": {
    "id": XXXXXXXXX,
    "first_name": "John",
    "last_name": "",
    "username": "john_smith",
    "language_code": "en",
    "is_premium": true,
    "allows_write_to_pm": true
  },
  "auth_date": "1692686970",
  "hash": "4317efd665c01a62973e1abd82aabe4128ca73ac67d0dba57d80656b8150dca5"
}

one of them must be data-onauth

Jk

How can I get code just by email cause my sim is deactivated

Can I receive code just by this email- cablindarm@gmail.com cause my number 09772813957 is deactivated due to unregistered sim

mwjira@gmail.com 0944747844

Nice

Сколько будет стоить такой ( папа бот)?

Сколько будет стоить такой ( папа бот)?

десятка

someone that implemented this in java?

Because the fields "id", "first_name", "last_name", "username", "photo_url" and "auth_date" are required (!!!) to build a hash check
I understand :)
Telegrams do not always send all fields

I have the same problem. How did you manage to solve the hash mismatch issue?

I have the same problem. How did you manage to solve the hash mismatch issue?

If you write code in PHP, I advise you to use the library tgWebValid to verify the user. It is light, simple and will do everything for you

bot token is not necessary. Bot name is enough. see https://github.dev/manzoorwanijk/telegram-auth for a simple TS implementation. It's in React but you can just copy the files and use in any framework

To verify the hash only the bot token's hash is needed, which can be public

Does anybody know how I can LOGOUT (or terminate session) in my browser tab via js?

If something, the "id" value can be used as a "chat_id" to send a message via a bot

i got a error Bot domain invalid

i got a error Bot domain invalid

Check if you are using https

#k

رمز ضروري. اسم بوت كافي انظر https://github.dev/manzoorwanijk/telegram-authTS البسيط. إنه موجود في React ولكن يمكنك فقط نسخ الملفات الموجودة في أي إطار عمل

لأن من المبلغ، لا يتطلب سوى سوى تجزئة الرمز المميز للروبوت، والذي يمكن أن يكون كاملاً

مرحبا. عزي. هل يمكتكي صنع واحد مثاله. اريد اذالك. ان تقوم بمساعدتي. ونشاء واحد خاص فين

رمز ضروري. اسم بوت كافي انظر https://github.dev/manzoorwanijk/telegram-authTS البسيط. إنه موجود في React ولكن يمكنك فقط نسخ الملفات الموجودة في أي إطار عمل
لأن من المبلغ، لا يتطلب سوى سوى تجزئة الرمز المميز للروبوت، والذي يمكن أن يكون كاملاً

مرحبا. عزي. هل يمكتكي صنع واحد مثاله. اريد اذالك. ان تقوم بمساعدتي. ونشاء واحد خاص فين

Telegram oauth does not have open link to redirect to consent screen for requesting access and the script provide by telegram document can not be rendered as component in front-end(keep return Bot domain is invalid), but when i get /auth/telegram/test from backend which return the html that has the script it works. And I do not want to use the default design button from that render from the script because it does not meet my ui design is there any solution you can suggest me?

Thanks you for code!

Does anyone know why telegram login widget doesn't work on .xyz TLD ?

Thanks

Does anybody know how I can LOGOUT (or terminate session) in my browser tab via js?

I am also looking for logout process. Please someone help me in this regard.

I'll just leave a link to the TgWebValid library here, maybe someone will need a full-fledged way to check the user and get all the possible data about him in a convenient way and with a modern approach

menda xatolik borBot domain invalid

Foydalanayotganingizni tekshiringhttps

QobilZamonov

Salom

Telegram login widget is not working on my web site and i don't understand why. It's just stuck when Telegram must send confirmation message. If i already logged in on telegram.org its working as needed, but i can't receive confirmation via my web site. Enabling cross site cookies does not resolve the problem

@rekkisomo @Comrade19632 if you find any solution, please ping

Telegram login widget is not working on my web site and i don't understand why. It's just stuck when Telegram must send confirmation message. If i already logged in on telegram.org its working as needed, but i can't receive confirmation via my web site. Enabling cross site cookies does not resolve the problem

@rekkisomo @Comrade19632 if you find any solution, please ping

@rekkisomo @Comrade19632 + anyone with same problem, here is the solution: https://stackoverflow.com/a/74193012/15090151

quote: "I fixed it by changing the domain. I don’t know why, but the telegram login widget does not want to work with the tgmm.xyz domain."

xyz ltd or maybe some other are rejected by Telegram for some reason.

I couldn't receive code through number.why?
Plz help me

I couldn't receive code through number.why? Plz help me

What is domain zone of your app, .xyz?