This repository has been archived by the owner on Aug 27, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d0ef026
commit 5e519e8
Showing
6 changed files
with
256 additions
and
50 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
<?php | ||
|
||
require "login.php"; | ||
|
||
use \ScA\Student\TGLogin\TGLogin; | ||
|
||
$is_logged_in = (TGLogin::from_cookie() != NULL); | ||
|
||
?> | ||
<!DOCTYPE html> | ||
<html lang='en'> | ||
|
||
<head> | ||
<title>XII Sc A - Class Portal</title> | ||
<link rel='stylesheet' type='text/css' href='stylesheet.css' /> | ||
<script src="script.js"> | ||
</script> | ||
<meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
</head> | ||
|
||
<body onload="clean()"> | ||
<h1>XII Sc A - Class Portal</h1> | ||
<hr /> | ||
<div> | ||
<?php | ||
|
||
$logged_in_str = " | ||
<table> | ||
<tr> | ||
<td><a href='name_list/'>Name List</a></td> | ||
<td><a href='contact/'>Contact Teachers</a></td> | ||
</tr> | ||
<tr> | ||
<td><a href='/go/?url=http://schoolatweb.byethost7.com/bdmi/online_index.php' class='insecure'>School | ||
Portal</a> | ||
</td> | ||
<td><a href='/go/?url=https://play.google.com/store/apps/details?id=com.bdmi.vawsum'>School App</a> | ||
</td> | ||
</tr> | ||
<tr> | ||
<td><a href='schedule/'>Class Schedule</a></td> | ||
<td><a href='attendance/'>Attendance</a></td> | ||
</tr> | ||
<tr> | ||
<td><a href='resources/'>Resources</a></td> | ||
<td><a href='assignments/'>Assignments</a></td> | ||
</tr> | ||
<tr> | ||
<td><a href='/go/?url=https://t.me/joinchat/AAAAAEhiLVecUgh9hZynzw'>Telegram Channel</a></td> | ||
<td><a href='/go/?url=https://trello.com/b/xS4L8vFx/'>Trello Board</a></td> | ||
</tr> | ||
<tr> | ||
<td colspan=\"2\"><br /></td> | ||
</tr> | ||
<tr> | ||
<td colspan=\"2\"> | ||
<a href='teacher/'>Open Teachers' Portal</a> | ||
</td> | ||
</tr> | ||
<tr> | ||
<td colspan=\"2\"> | ||
<a href='loginhandler.php?logout'>Logout</a> | ||
</td> | ||
</tr> | ||
</table>"; | ||
|
||
$status_message = ""; | ||
|
||
if (isset($_GET["loggedout"])) { | ||
$status_message = "<p><i>Logged out.</i></p>"; | ||
} | ||
|
||
if (isset($_GET["loginfailed"])) { | ||
$status_message = "<p class='red'><i>Failed to login.</i></p>"; | ||
} | ||
|
||
$not_logged_in_str = " | ||
{$status_message} | ||
<p>Telegram user data is never stored on the server.<br/>Your data is secure.</p> | ||
<p align=center id='tglogin'><script async src=\"https://telegram.org/js/telegram-widget.js?2\" data-telegram-login='" . BOT_USERNAME . "' data-size='large' data-auth-url='loginhandler.php'></script></p> | ||
"; | ||
|
||
if ($is_logged_in) { | ||
echo $logged_in_str; | ||
} else { | ||
echo $not_logged_in_str; | ||
} | ||
|
||
?> | ||
</div> | ||
</body> | ||
|
||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
<?php | ||
|
||
namespace ScA\Student\TGLogin; | ||
|
||
use \ScA\Student\Student; | ||
|
||
require_once $_SERVER['DOCUMENT_ROOT'] . '/telegram/BDMIOnlineClassesBot/defs.php'; | ||
require_once "student.php"; | ||
|
||
const SERVER_KEY = "l80YmT0iWFJ193eXQFMcVANDl3DOsrme"; | ||
|
||
class TGLogin | ||
{ | ||
/** | ||
* Should be set only if the object is valid. | ||
* | ||
* @var string | ||
*/ | ||
public $id; | ||
|
||
public function store() | ||
{ | ||
$secret_key = hash('sha256', BOT_API_KEY . SERVER_KEY); | ||
$hash = hash_hmac('sha256', $this->id, $secret_key); | ||
setcookie("tg_id", $this->id, time() + 7 * 86400, '/sc_a/', '', true); | ||
setcookie("tg_id_hash", $hash, time() + 7 * 86400, '/sc_a/', '', true); | ||
} | ||
|
||
public static function logout() | ||
{ | ||
setcookie("tg_id", '', time() - 7 * 86400, '/sc_a/', '', true); | ||
setcookie("tg_id_hash", '', time() - 7 * 86400, '/sc_a/', '', true); | ||
} | ||
|
||
public static function from_auth_data($auth_data) | ||
{ | ||
// Extract hash | ||
$check_hash = $auth_data['hash']; | ||
unset($auth_data['hash']); | ||
|
||
// Create data check string | ||
$data_check_arr = []; | ||
foreach ($auth_data as $key => $value) { | ||
$data_check_arr[] = $key . '=' . $value; | ||
} | ||
sort($data_check_arr); | ||
$data_check_string = implode("\n", $data_check_arr); | ||
|
||
// Check autheniticity of data | ||
$secret_key = hash('sha256', BOT_API_KEY, true); | ||
$hash = hash_hmac('sha256', $data_check_string, $secret_key); | ||
|
||
if (!hash_equals($hash, $check_hash)) { | ||
return NULL; | ||
} | ||
|
||
// Check whether data is up to date | ||
if ((time() - $auth_data['auth_date']) > 86400) { | ||
return NULL; | ||
} | ||
|
||
// Check whether the student is actually real. | ||
if (!(new Student(NULL, $auth_data['id']))->is_valid) { | ||
return NULL; | ||
} | ||
|
||
$obj = new TGLogin(); | ||
$obj->id = $auth_data['id']; | ||
return $obj; | ||
} | ||
|
||
public static function from_cookie() | ||
{ | ||
// Check whether the cookies exist and contain something. | ||
if (!isset($_COOKIE['tg_id']) || !isset($_COOKIE['tg_id_hash'])) { | ||
return NULL; | ||
} | ||
if (!$_COOKIE['tg_id'] || !$_COOKIE['tg_id_hash']) { | ||
TGLogin::logout(); | ||
return NULL; | ||
} | ||
|
||
// Check whether data is authentic. | ||
$id = $_COOKIE['tg_id']; | ||
$secret_key = hash('sha256', BOT_API_KEY . SERVER_KEY); | ||
$hash = hash_hmac('sha256', $id, $secret_key); | ||
if (!hash_equals($hash, $_COOKIE['tg_id_hash'])) { | ||
TGLogin::logout(); | ||
return NULL; | ||
} | ||
|
||
// Check whether the student is actually real. | ||
if (!(new Student(NULL, $id))->is_valid) { | ||
TGLogin::logout(); | ||
return NULL; | ||
} | ||
|
||
$obj = new TGLogin(); | ||
$obj->id = $id; | ||
return $obj; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<?php | ||
|
||
require "login.php"; | ||
|
||
use \ScA\Student\TGLogin\TGLogin; | ||
|
||
if (isset($_GET["logout"])) { | ||
TGLogin::logout(); | ||
header("Location: index.php?loggedout"); | ||
exit; | ||
} | ||
|
||
if ($o = TGLogin::from_auth_data($_GET)) { | ||
$o->store(); | ||
header("Location: index.php"); | ||
exit; | ||
} else { | ||
header("Location: index.php?loginfailed"); | ||
exit; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
function check(url) { | ||
var xmlHttp = new XMLHttpRequest(); | ||
xmlHttp.open("GET", url, false); // false for synchronous request | ||
try { | ||
xmlHttp.send(null); | ||
} | ||
catch (e) { | ||
return false; | ||
} | ||
return (xmlHttp.status == 200); | ||
} | ||
|
||
function repl() { | ||
console.log("Access failed."); | ||
document.getElementById("tglogin").innerHTML = ` | ||
<fieldset>In place of this message, you should see a button to login with Telegram.<br/><br/>Try using 1.1.1.1 from Play Store.<br/> | ||
<a href='https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone'>Get 1.1.1.1 on Google Play</a></fieldset> | ||
`; | ||
} | ||
|
||
function clean() { | ||
var b = check("https://telegram.org/js/telegram-widget.js?2"); | ||
if (!b) { | ||
repl(); | ||
} | ||
document.body.removeAttribute("onload"); | ||
// The script never gets seen. | ||
document.head.removeChild(document.getElementsByTagName("script")[0]); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters