Windows live api get email contact vs email hash

2019-04-15 10:51发布

问题:

I am trying to get email contact from hotmail with php or javascript. I have read that windows live api return only hash of the email contact, and it is proved by the code example: http://isdk.dev.live.com/ISDK.aspx

But some web site like facebook can retrieve the plaintext of email contact from hotmail. How it is possible?

Thanks a lot.

回答1:

You can test this code (dont forget to [SECRET API KEY] with your api key) :

<?php
function isEmail($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL);
}

function unfucked_base_convert ($numstring, $frombase, $tobase) {
$chars = "0123456789abcdefghijklmnopqrstuvwxyz";
$tostring = substr($chars, 0, $tobase);

$length = strlen($numstring);
$result = '';
for ($i = 0; $i < $length; $i++) {
    $number[$i] = strpos($chars, $numstring{$i});
}
do {
    $divide = 0;
    $newlen = 0;
    for ($i = 0; $i < $length; $i++) {
        $divide = $divide * $frombase + $number[$i];
        if ($divide >= $tobase) {
            $number[$newlen++] = (int)($divide / $tobase);
            $divide = $divide % $tobase;
        } elseif ($newlen > 0) {
            $number[$newlen++] = 0;
        }
    }
    $length = $newlen;
    $result = $tostring{$divide} . $result;
}
while ($newlen != 0);
return $result;
}

function hexaTo64SignedDecimal($hexa) {
$bin = unfucked_base_convert($hexa, 16, 2);
if(64 === strlen($bin) and 1 == $bin[0]) {
    $inv_bin = strtr($bin, '01', '10');
    $i = 63;
    while (0 !== $i) {
        if(0 == $inv_bin[$i]) {
            $inv_bin[$i] = 1;
            $i = 0;
        }
        else {
            $inv_bin[$i] = 0;
            $i–;
        }
    }
    return '-'.unfucked_base_convert($inv_bin, 2, 10);
}
else {
    return unfucked_base_convert($hexa, 16, 10);
}
} 

function email2nickname($email) {
$output = str_replace(array('.', '-', '_', ',', ':'), ' ', substr($email, 0, strpos($email, '@')));
$output = str_replace(array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9), '', $output);
$output = ucwords($output);
return $output;
}

function grabLiveContacts($token) {
if(!empty($token)) {
    $HOTMAIL_CLIENT_SECRET='[SECRET API KEY]';
            parse_str(urldecode($token), $parsedToken);

            $token = base64_decode($parsedToken['delt']);
            $cryptkey = substr( hash('sha256', 'ENCRYPTION' . $HOTMAIL_CLIENT_SECRET, true), 0, 16);
            parse_str(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $cryptkey, substr($token, 16), MCRYPT_MODE_CBC, substr($token, 0, 16)),$result);

            $intlid = hexaTo64SignedDecimal($parsedToken['lid']);

    $url = 'https://livecontacts.services.live.com/users/@C@'.$intlid.'/rest/livecontacts';

    $headers = array(
        'Authorization: DelegatedToken dt="'.$parsedToken['delt'].'"'
    );

    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 60);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    $data = curl_exec($ch);

            $xml = new SimpleXMLElement($data);

    $grab = array();

    $grab['user'] = array(
        'name'=>trim(strval($xml->Owner->Profiles->Personal->DisplayName)),
        'email'=>trim(strval($xml->Owner->WindowsLiveID)), 'token'=>$token
    );
    $grab['contacts'] = array();

    foreach ($xml->Contacts->Contact as $entry) {
        $name = trim(strval($entry->Profiles->Personal->DisplayName));
                    if (isset($entry->Emails->Email->Address)){
        $email = trim(strval($entry->Emails->Email->Address));
        if(!empty($email)) {
            if(empty($name)) {
                $name = trim(strval($entry->Profiles->Personal->FirstName));
                $name .= ' '.trim(strval($entry->Profiles->Personal->LastName));
                $name = trim($name);
            }
            if(empty($name)) {
                $name = trim(strval($entry->Profiles->Personal->NickName));
            }
            if(empty($name) or isEmail($name)) {
                $name = email2nickname($email);
            }
            $grab['contacts'][] = array('name'=>$name, 'email'=>$email);
        }
                    }
    }

    return $grab;
}
else return false;
}

if(isset($_POST['ConsentToken'])) {

$grab = grabLiveContacts($_POST['ConsentToken']);

    foreach ($grab['contacts'] as $contact){
        if (isset($contact['email'])){
        echo($contact['email']."</br>");
        }
    }



}

?>


回答2:

Simply change the scope to:

wl.basic,wl.contacts_emails