From b5c5a2c8cffb3e4bff0c05c9eb4c88458cf2ecee Mon Sep 17 00:00:00 2001
From: Thomas Nilsen <thomas.nilsen@doc-s.co.uk>
Date: Sun, 25 Nov 2018 17:25:44 +0100
Subject: [PATCH] Moved, renamed and modified Telegram related files.

- Made functions from ./telegram.php into a class and moved to
  classes/telegram.php

- Renamed check.php to telegram_check.php to make it easier to
  understand what the file belongs to.

- SESSIONS used to control if user is logged on or not

- Telegram users will be identified as typeID = 2 in the
  subscribers table.
---
 check.php            | 12 -------
 classes/telegram.php | 82 ++++++++++++++++++++++++++++++++++++++++++++
 telegram.php         | 63 ----------------------------------
 telegram_check.php   | 33 ++++++++++++++++++
 4 files changed, 115 insertions(+), 75 deletions(-)
 delete mode 100644 check.php
 create mode 100644 classes/telegram.php
 delete mode 100644 telegram.php
 create mode 100644 telegram_check.php

diff --git a/check.php b/check.php
deleted file mode 100644
index 4553a06..0000000
--- a/check.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-require_once("config.php");
-require_once("telegram.php");
-
-try {
-	$auth_data = checkTelegramAuthorization($_GET);
-	saveTelegramUserData($auth_data);
-  } catch (Exception $e) {
-	die ($e->getMessage());
-  }
-  header('Location: index.php');
-  ?>
\ No newline at end of file
diff --git a/classes/telegram.php b/classes/telegram.php
new file mode 100644
index 0000000..5d506c7
--- /dev/null
+++ b/classes/telegram.php
@@ -0,0 +1,82 @@
+<?php
+Class Telegram
+{
+
+    /**
+     * Get telegram user data
+     * 
+     * Gets telegram user data from cookie and save it to array
+     * 
+     * @return void
+     *
+     * @author Telegram
+     *
+     *
+     * @since 0.1
+     */
+    function getTelegramUserData() {
+    	if (isset($_COOKIE['tg_user'])) {
+            $auth_data_json = urldecode($_COOKIE['tg_user']);
+            $auth_data = json_decode($auth_data_json, true);
+            return $auth_data;
+        }
+        return false;
+    }
+    /** 
+     * Check if data is from telegram
+     * 
+     * This checks if the data provides is from telegram. It includes a Fix for firefox
+     * 
+     * @param mixed $auth_data The Authentication Data
+     * 
+     * @return $auth_data
+     * 
+    */
+    function checkTelegramAuthorization($auth_data) {
+    	$check_hash = $auth_data['hash'];
+    	unset($auth_data['hash']);
+    	$data_check_arr = [];
+    	foreach ($auth_data as $key => $value) {
+    	 // $data_check_arr[] = $key . '=' . $value;
+    	  $data_check_arr[] = $key . '=' . str_replace('https:/t', 'https://t', $value);
+    	}
+    	sort($data_check_arr);
+    	$data_check_string = implode("\n", $data_check_arr);
+    	$secret_key = hash('sha256', TG_BOT_API_TOKEN, true);
+    	$hash = hash_hmac('sha256', $data_check_string, $secret_key);
+    	if (strcmp($hash, $check_hash) !== 0) {
+    	  throw new Exception('Data is NOT from Telegram');
+    	}
+    	if ((time() - $auth_data['auth_date']) > 86400) {
+    	  throw new Exception('Data is outdated');
+    	}
+    	return $auth_data;
+    }
+    
+    
+    /**
+     * Save telegram userdata
+     * 
+     * Save the telegram user data in a cookie
+     *  @return void
+     */  
+    function saveTelegramUserData($auth_data) {
+    	$auth_data_json = json_encode($auth_data);
+    	setcookie('tg_user', $auth_data_json);
+    }
+  
+    function get_telegram_subscriberid($user)
+    {
+        global $mysqli;
+        $stmt = $mysqli->prepare("SELECT subscriberID FROM subscribers WHERE typeID=1 AND userID LIKE ? LIMIT 1");
+        $stmt->bind_param("s", $user);
+        $stmt->execute();
+        $result = $stmt->get_result();
+        if ( $result->num_rows) {
+            $row = $result->fetch_assoc();
+            $subscriberID = $row['subscriberID'];          
+            return $subscriberID;
+        }
+        return null;  // Return null on false          
+    }
+}
\ No newline at end of file
diff --git a/telegram.php b/telegram.php
deleted file mode 100644
index bf25641..0000000
--- a/telegram.php
+++ /dev/null
@@ -1,63 +0,0 @@
-<?php
-/**
- * Get telegram user data
- * 
- * Gets telegram user data from cookie and save it to array
- * 
- * @return void
- *
- * @author Telegram
- *
- *
- * @since 0.1
- */
-function getTelegramUserData() {
-	if (isset($_COOKIE['tg_user'])) {
-		$auth_data_json = urldecode($_COOKIE['tg_user']);
-		 $auth_data = json_decode($auth_data_json, true);
-		return $auth_data;
-	}
-	return false;
-}
-/** 
- * Check if data is from telegram
- * 
- * This checks if the data provides is from telegram. It includes a Fix for firefox
- * 
- * @param mixed $auth_data The Authentication Data
- * 
- * @return $auth_data
- * 
-*/
-function checkTelegramAuthorization($auth_data) {
-	$check_hash = $auth_data['hash'];
-	unset($auth_data['hash']);
-	$data_check_arr = [];
-	foreach ($auth_data as $key => $value) {
-	 // $data_check_arr[] = $key . '=' . $value;
-	  $data_check_arr[] = $key . '=' . str_replace('https:/t', 'https://t', $value);
-	}
-	sort($data_check_arr);
-	$data_check_string = implode("\n", $data_check_arr);
-	$secret_key = hash('sha256', TG_BOT_API_TOKEN, true);
-	$hash = hash_hmac('sha256', $data_check_string, $secret_key);
-	if (strcmp($hash, $check_hash) !== 0) {
-	  throw new Exception('Data is NOT from Telegram');
-	}
-	if ((time() - $auth_data['auth_date']) > 86400) {
-	  throw new Exception('Data is outdated');
-	}
-	return $auth_data;
-  }
-
-
-/**
- * Save telegram userdata
- * 
- * Save the telegram user data in a cookie
- *  @return void
- */  
-function saveTelegramUserData($auth_data) {
-	$auth_data_json = json_encode($auth_data);
-	setcookie('tg_user', $auth_data_json);
-  }
\ No newline at end of file
diff --git a/telegram_check.php b/telegram_check.php
new file mode 100644
index 0000000..ccb4dc2
--- /dev/null
+++ b/telegram_check.php
@@ -0,0 +1,33 @@
+<?php
+require_once ("config.php");
+require_once ("classes/telegram.php");
+require_once ("classes/subscriber.php");
+
+$telegram   = new Telegram();
+$subscriber = new Subscriber();
+
+try {
+    $auth_data = $telegram->checkTelegramAuthorization($_GET);
+    $telegram->saveTelegramUserData($auth_data);
+} catch (Exception $e) {
+    die($e->getMessage());
+}
+
+// Check if user is registered in DB
+$subscriber->firstname = $auth_data['first_name'];
+$subscriber->lastname  = $auth_data['last_name'];
+$subscriber->typeID    = 1;
+$subscriber->userID    = $auth_data['id'];
+$subscriber->active    = 1; // Telegram user should always be active if they can be validated
+
+$subscriber_id  = $subscriber->get_subscriber_by_userid(true); // If user does not exists, create it
+$subscriber->id = $subscriber_id;
+
+// make sure we don't have a logged in email subscriber
+$subscriber->set_logged_in();
+//$_SESSION['subscriber_valid'] = true;
+//$_SESSION['subscriber_typeid'] = 1;
+//$_SESSION['subscriber_userid'] = $auth_data['id'];
+//$_SESSION['subscriber_id'] = $subscriber_id;
+
+header('Location: subscriptions.php');