I am trying to get email contact from hotmail with php or javascript. I have read that windows live api return only hash of the email contact, and it is proved by the code example: http://isdk.dev.live.com/ISDK.aspx
But some web site like facebook can retrieve the plaintext of email contact from hotmail. How it is possible?
Thanks a lot.
You can test this code (dont forget to [SECRET API KEY] with your api key) :
<?php
function isEmail($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL);
}
function unfucked_base_convert ($numstring, $frombase, $tobase) {
$chars = "0123456789abcdefghijklmnopqrstuvwxyz";
$tostring = substr($chars, 0, $tobase);
$length = strlen($numstring);
$result = '';
for ($i = 0; $i < $length; $i++) {
$number[$i] = strpos($chars, $numstring{$i});
}
do {
$divide = 0;
$newlen = 0;
for ($i = 0; $i < $length; $i++) {
$divide = $divide * $frombase + $number[$i];
if ($divide >= $tobase) {
$number[$newlen++] = (int)($divide / $tobase);
$divide = $divide % $tobase;
} elseif ($newlen > 0) {
$number[$newlen++] = 0;
}
}
$length = $newlen;
$result = $tostring{$divide} . $result;
}
while ($newlen != 0);
return $result;
}
function hexaTo64SignedDecimal($hexa) {
$bin = unfucked_base_convert($hexa, 16, 2);
if(64 === strlen($bin) and 1 == $bin[0]) {
$inv_bin = strtr($bin, '01', '10');
$i = 63;
while (0 !== $i) {
if(0 == $inv_bin[$i]) {
$inv_bin[$i] = 1;
$i = 0;
}
else {
$inv_bin[$i] = 0;
$i–;
}
}
return '-'.unfucked_base_convert($inv_bin, 2, 10);
}
else {
return unfucked_base_convert($hexa, 16, 10);
}
}
function email2nickname($email) {
$output = str_replace(array('.', '-', '_', ',', ':'), ' ', substr($email, 0, strpos($email, '@')));
$output = str_replace(array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9), '', $output);
$output = ucwords($output);
return $output;
}
function grabLiveContacts($token) {
if(!empty($token)) {
$HOTMAIL_CLIENT_SECRET='[SECRET API KEY]';
parse_str(urldecode($token), $parsedToken);
$token = base64_decode($parsedToken['delt']);
$cryptkey = substr( hash('sha256', 'ENCRYPTION' . $HOTMAIL_CLIENT_SECRET, true), 0, 16);
parse_str(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $cryptkey, substr($token, 16), MCRYPT_MODE_CBC, substr($token, 0, 16)),$result);
$intlid = hexaTo64SignedDecimal($parsedToken['lid']);
$url = 'https://livecontacts.services.live.com/users/@C@'.$intlid.'/rest/livecontacts';
$headers = array(
'Authorization: DelegatedToken dt="'.$parsedToken['delt'].'"'
);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$data = curl_exec($ch);
$xml = new SimpleXMLElement($data);
$grab = array();
$grab['user'] = array(
'name'=>trim(strval($xml->Owner->Profiles->Personal->DisplayName)),
'email'=>trim(strval($xml->Owner->WindowsLiveID)), 'token'=>$token
);
$grab['contacts'] = array();
foreach ($xml->Contacts->Contact as $entry) {
$name = trim(strval($entry->Profiles->Personal->DisplayName));
if (isset($entry->Emails->Email->Address)){
$email = trim(strval($entry->Emails->Email->Address));
if(!empty($email)) {
if(empty($name)) {
$name = trim(strval($entry->Profiles->Personal->FirstName));
$name .= ' '.trim(strval($entry->Profiles->Personal->LastName));
$name = trim($name);
}
if(empty($name)) {
$name = trim(strval($entry->Profiles->Personal->NickName));
}
if(empty($name) or isEmail($name)) {
$name = email2nickname($email);
}
$grab['contacts'][] = array('name'=>$name, 'email'=>$email);
}
}
}
return $grab;
}
else return false;
}
if(isset($_POST['ConsentToken'])) {
$grab = grabLiveContacts($_POST['ConsentToken']);
foreach ($grab['contacts'] as $contact){
if (isset($contact['email'])){
echo($contact['email']."</br>");
}
}
}
?>