<?php
$data_check_arr = explode('&', rawurldecode($data_check_string));
$needle = 'hash=';
$check_hash = FALSE;
foreach( $data_check_arr AS &$val ){
if( substr( $val, 0, strlen($needle) ) === $needle ){
$check_hash = substr_replace( $val, '', 0, strlen($needle) );
$val = NULL;
}
}
// if( $check_hash === FALSE ) return FALSE;
$data_check_arr = array_filter($data_check_arr);
sort($data_check_arr);
$data_check_string = implode("
", $data_check_arr);
$secret_key = hash_hmac( 'sha256', $bot_token, "WebAppData", TRUE );
$hash = bin2hex( hash_hmac( 'sha256', $data_check_string, $secret_key, TRUE ) );
if( strcmp($hash, $check_hash) === 0 ){
// validation success
}else{
// validation failed
}