Implement logging in with Telegram.

index.php

@@ -0,0 +1,93 @@
+<?php
+
+require "login.php";
+
+use \ScA\Student\TGLogin\TGLogin;
+
+$is_logged_in = (TGLogin::from_cookie() != NULL);
+
+?>
+<!DOCTYPE html>
+<html lang='en'>
+
+<head>
+    <title>XII Sc A - Class Portal</title>
+    <link rel='stylesheet' type='text/css' href='stylesheet.css' />
+    <script src="script.js">
+    </script>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+</head>
+
+<body onload="clean()">
+    <h1>XII Sc A - Class Portal</h1>
+    <hr />
+    <div>
+        <?php
+
+        $logged_in_str = "
+    <table>
+    <tr>
+        <td><a href='name_list/'>Name List</a></td>
+        <td><a href='contact/'>Contact Teachers</a></td>
+    </tr>
+    <tr>
+        <td><a href='/go/?url=http://schoolatweb.byethost7.com/bdmi/online_index.php' class='insecure'>School
+                Portal</a>
+        </td>
+        <td><a href='/go/?url=https://play.google.com/store/apps/details?id=com.bdmi.vawsum'>School App</a>
+        </td>
+    </tr>
+    <tr>
+        <td><a href='schedule/'>Class Schedule</a></td>
+        <td><a href='attendance/'>Attendance</a></td>
+    </tr>
+    <tr>
+        <td><a href='resources/'>Resources</a></td>
+        <td><a href='assignments/'>Assignments</a></td>
+    </tr>
+    <tr>
+        <td><a href='/go/?url=https://t.me/joinchat/AAAAAEhiLVecUgh9hZynzw'>Telegram Channel</a></td>
+        <td><a href='/go/?url=https://trello.com/b/xS4L8vFx/'>Trello Board</a></td>
+    </tr>
+    <tr>
+        <td colspan=\"2\"><br /></td>
+    </tr>
+    <tr>
+        <td colspan=\"2\">
+            <a href='teacher/'>Open Teachers' Portal</a>
+        </td>
+    </tr>
+    <tr>
+        <td colspan=\"2\">
+            <a href='loginhandler.php?logout'>Logout</a>
+        </td>
+    </tr>
+</table>";
+
+        $status_message = "";
+
+        if (isset($_GET["loggedout"])) {
+            $status_message = "<p><i>Logged out.</i></p>";
+        }
+
+        if (isset($_GET["loginfailed"])) {
+            $status_message = "<p class='red'><i>Failed to login.</i></p>";
+        }
+
+        $not_logged_in_str = "
+        {$status_message}
+        <p>Telegram user data is never stored on the server.<br/>Your data is secure.</p>
+        <p align=center id='tglogin'><script async src=\"https://telegram.org/js/telegram-widget.js?2\" data-telegram-login='" . BOT_USERNAME . "' data-size='large' data-auth-url='loginhandler.php'></script></p>
+        ";
+
+        if ($is_logged_in) {
+            echo $logged_in_str;
+        } else {
+            echo $not_logged_in_str;
+        }
+
+        ?>
+    </div>
+</body>
+
+</html>

login.php

@@ -0,0 +1,102 @@
+<?php
+
+namespace ScA\Student\TGLogin;
+
+use \ScA\Student\Student;
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/telegram/BDMIOnlineClassesBot/defs.php';
+require_once "student.php";
+
+const SERVER_KEY = "l80YmT0iWFJ193eXQFMcVANDl3DOsrme";
+
+class TGLogin
+{
+    /**
+     * Should be set only if the object is valid.
+     * 
+     * @var string
+     */
+    public $id;
+
+    public function store()
+    {
+        $secret_key = hash('sha256', BOT_API_KEY . SERVER_KEY);
+        $hash = hash_hmac('sha256', $this->id, $secret_key);
+        setcookie("tg_id", $this->id, time() + 7 * 86400, '/sc_a/', '', true);
+        setcookie("tg_id_hash", $hash, time() + 7 * 86400, '/sc_a/', '', true);
+    }
+
+    public static function logout()
+    {
+        setcookie("tg_id", '', time() - 7 * 86400, '/sc_a/', '', true);
+        setcookie("tg_id_hash", '', time() - 7 * 86400, '/sc_a/', '', true);
+    }
+
+    public static function from_auth_data($auth_data)
+    {
+        // Extract hash
+        $check_hash = $auth_data['hash'];
+        unset($auth_data['hash']);
+
+        // Create data check string
+        $data_check_arr = [];
+        foreach ($auth_data as $key => $value) {
+            $data_check_arr[] = $key . '=' . $value;
+        }
+        sort($data_check_arr);
+        $data_check_string = implode("\n", $data_check_arr);
+
+        // Check autheniticity of data
+        $secret_key = hash('sha256', BOT_API_KEY, true);
+        $hash = hash_hmac('sha256', $data_check_string, $secret_key);
+
+        if (!hash_equals($hash, $check_hash)) {
+            return NULL;
+        }
+
+        // Check whether data is up to date
+        if ((time() - $auth_data['auth_date']) > 86400) {
+            return NULL;
+        }
+
+        // Check whether the student is actually real.
+        if (!(new Student(NULL, $auth_data['id']))->is_valid) {
+            return NULL;
+        }
+
+        $obj = new TGLogin();
+        $obj->id = $auth_data['id'];
+        return $obj;
+    }
+
+    public static function from_cookie()
+    {
+        // Check whether the cookies exist and contain something.
+        if (!isset($_COOKIE['tg_id']) || !isset($_COOKIE['tg_id_hash'])) {
+            return NULL;
+        }
+        if (!$_COOKIE['tg_id'] || !$_COOKIE['tg_id_hash']) {
+            TGLogin::logout();
+            return NULL;
+        }
+
+        // Check whether data is authentic.
+        $id = $_COOKIE['tg_id'];
+        $secret_key = hash('sha256', BOT_API_KEY . SERVER_KEY);
+        $hash = hash_hmac('sha256', $id, $secret_key);
+        if (!hash_equals($hash, $_COOKIE['tg_id_hash'])) {
+            TGLogin::logout();
+            return NULL;
+        }
+
+        // Check whether the student is actually real.
+        if (!(new Student(NULL, $id))->is_valid) {
+            TGLogin::logout();
+            return NULL;
+        }
+
+        $obj = new TGLogin();
+        $obj->id = $id;
+        return $obj;
+    }
+}

loginhandler.php

@@ -0,0 +1,20 @@
+<?php
+
+require "login.php";
+
+use \ScA\Student\TGLogin\TGLogin;
+
+if (isset($_GET["logout"])) {
+    TGLogin::logout();
+    header("Location: index.php?loggedout");
+    exit;
+}
+
+if ($o = TGLogin::from_auth_data($_GET)) {
+    $o->store();
+    header("Location: index.php");
+    exit;
+} else {
+    header("Location: index.php?loginfailed");
+    exit;
+}

script.js

@@ -0,0 +1,29 @@
+function check(url) {
+    var xmlHttp = new XMLHttpRequest();
+    xmlHttp.open("GET", url, false); // false for synchronous request
+    try {
+        xmlHttp.send(null);
+    }
+    catch (e) {
+        return false;
+    }
+    return (xmlHttp.status == 200);
+}
+
+function repl() {
+    console.log("Access failed.");
+    document.getElementById("tglogin").innerHTML = `
+    <fieldset>In place of this message, you should see a button to login with Telegram.<br/><br/>Try using 1.1.1.1 from Play Store.<br/>
+    <a href='https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone'>Get 1.1.1.1 on Google Play</a></fieldset>
+    `;
+}
+
+function clean() {
+    var b = check("https://telegram.org/js/telegram-widget.js?2");
+    if (!b) {
+        repl();
+    }
+    document.body.removeAttribute("onload");
+    // The script never gets seen.
+    document.head.removeChild(document.getElementsByTagName("script")[0]);
+}

stylesheet.css

@@ -117,3 +117,15 @@ button {
 	padding: 14px 25px;
 	font-size: 23px;
 }
+
+fieldset {
+	background-color: #222222;
+	font-family: "Arial", "Courier", "Letter Gothic";
+	color: #BBBBBB;
+	border-radius: 10px;
+	border-style: solid;
+	padding: 13px 22px;
+	font-size: 16px;
+	text-align: center;
+	vertical-align: center;
+}