login and logout with telegram

2018-06-07 13:21:35 +02:00 · 2018-06-07 13:21:35 +02:00 · c96cc6e1c5
parent 65f6de7289
commit c96cc6e1c5
4 changed files with 72 additions and 2 deletions
--- a/check.php
+++ b/check.php
@ -0,0 +1,12 @@
+<?php
+require_once("config.php");
+require_once("telegram.php");
+
+try {
+	$auth_data = checkTelegramAuthorization($_GET);
+	saveTelegramUserData($auth_data);
+  } catch (Exception $e) {
+	die ($e->getMessage());
+  }
+  header('Location: index.php');
+  ?>
--- a/index.php
+++ b/index.php
@ -21,6 +21,12 @@ if (isset($_GET['ajax']))
  $offset = $_GET['offset'];
 }

+if (isset($_GET['subscriber_logout'])){
+  setcookie('tg_user', '');
+	setcookie('referer', '', time() - 3600);
+  header('Location: index.php');
+}
+
 Template::render_header("Status");
 ?>
    <div class="text-center">
--- a/telegram.php
+++ b/telegram.php
@ -18,4 +18,46 @@ function getTelegramUserData() {
 		return $auth_data;
 	}
 	return false;
-}
+}
+/** 
+ * Check if data is from telegram
+ * 
+ * This checks if the data provides is from telegram. It includes a Fix for firefox
+ * 
+ * @param mixed $auth_data The Authentication Data
+ * 
+ * @return $auth_data
+ * 
+*/
+function checkTelegramAuthorization($auth_data) {
+	$check_hash = $auth_data['hash'];
+	unset($auth_data['hash']);
+	$data_check_arr = [];
+	foreach ($auth_data as $key => $value) {
+	 // $data_check_arr[] = $key . '=' . $value;
+	  $data_check_arr[] = $key . '=' . str_replace('https:/t', 'https://t', $value);
+	}
+	sort($data_check_arr);
+	$data_check_string = implode("\n", $data_check_arr);
+	$secret_key = hash('sha256', TG_BOT_API_TOKEN, true);
+	$hash = hash_hmac('sha256', $data_check_string, $secret_key);
+	if (strcmp($hash, $check_hash) !== 0) {
+	  throw new Exception('Data is NOT from Telegram');
+	}
+	if ((time() - $auth_data['auth_date']) > 86400) {
+	  throw new Exception('Data is outdated');
+	}
+	return $auth_data;
+  }
+
+
+/**
+ * Save telegram userdata
+ * 
+ * Save the telegram user data in a cookie
+ *  @return void
+ */  
+function saveTelegramUserData($auth_data) {
+	$auth_data_json = json_encode($auth_data);
+	setcookie('tg_user', $auth_data_json);
+  }
--- a/template.php
+++ b/template.php
@ -1,3 +1,4 @@
+<<<<<<< HEAD
 <?php 
 //This should later be translatable, maybe find a better solution?
 //This is here for better generation of POT files :)
@ -8,6 +9,8 @@ $some = array(_("Some systems are experiencing major outages"), _("Some systems
 $all = array(_("Our systems are experiencing major outages."), _("Our systems are experiencing minor outages"), _("Our systems are under maintenance"), _("All systems operational"));
 $permissions = array(_("Super admin"), _("Admin"), _("Editor"));

+require_once("telegram.php"); 
+
 /**
 * Class that encapsulates methods to render header and footer
 */
@ -64,7 +67,14 @@ class Template{
            </div>
            <div class="navbar-collapse collapse navbar-right navbar-admin">
              <ul class="nav navbar-nav">
-                <li><a href="#"><script async src="https://telegram.org/js/telegram-widget.js?4" data-telegram-login="jhuesserstatusbot" data-size="small" data-userpic="false" data-auth-url="https://status.jhuesser.ch/check.php" data-request-access="write"></script></a></li>
+              <?php
+              $tg_user = getTelegramUserData();
+              if($tg_user !== false){
+                  echo '<li><a href="https://status.jhuesser.ch/index.php?subscriber_logout=1">Logout</a></li>';
+              } else {
+                echo '<li><a href="#"><script async src="https://telegram.org/js/telegram-widget.js?4" data-telegram-login="jhuesserstatusbot" data-size="small" data-userpic="false" data-auth-url="https://status.jhuesser.ch/check.php" data-request-access="write"></script></a></li>';
+              }
+              ?>
              </ul>
            </div>
            <!--/.nav-collapse -->