-
Notifications
You must be signed in to change notification settings - Fork 1
/
api.php
32 lines (27 loc) · 859 Bytes
/
api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<?php
header('Content-Type: application/json; charset=utf-8');
$bot_token = "YOUR_BOT_TOKEN";
$secret = hash_hmac('sha256', $bot_token, 'WebAppData',TRUE);
$get = $_GET;
$init_data_parsed = explode("&", rawurldecode($get['initData']));
$payload = array();
foreach ($init_data_parsed as $value) {
$data_pair = explode("=", $value);
if ($data_pair[0] == 'hash')
$hash = $data_pair[1];
if ($data_pair[0] !== 'hash') {
array_push($payload, $data_pair[0] . '=' . $data_pair[1]);
}
}
sort($payload);
$toSign = implode("\n", $payload);
$signed = bin2hex(hash_hmac('sha256', $toSign, $secret,TRUE));
$valid = $signed == $hash;
echo json_encode(
["is_valid" => (int)$valid,
'sent_data' => $get,
"signed" => $signed,
"hash" => $hash,
"secret" => bin2hex($secret),
'toSign' => $toSign]
);