The task is to associate a Telegram account with an online store account. What are some ways to make it safe? Does it make sense to request a login password?
- Do you want asterisks to appear when you enter your password? - Vladimir Gamalyan
- 2Just like they do it in other services like google, yandex, twitter and so on? Make a token and use it only (look at the bot for the github). - antonpp
- 2And the stars are stupid. No third-party service should have access to the password in any way: neither send the password to the server with the store explicitly, nor store the password hash. - antonpp
|
2 answers
For my case I found a simpler solution - I suggest the user to follow the link to the website of the online store for authorization. In case of successful authorization, I associate the client ID on the site with the chat ID in Telegram , then redirect the user from the login page to the bot.
Thus, the entire reservoir of tasks associated with authorization is removed from the bot due to the (already implemented) functionality on the site.
Anatol anatol
3,052 one 13 37
|
if(mb_substr($message,0,6)=="/pass "){ $pass = mb_substr($message,6); // берем параль после /pass } It is possible so, to take the message from the beginning of the line
Alexander Sizintsev Alexander Sizintsev
657 ten 36
|