-
Notifications
You must be signed in to change notification settings - Fork 57
/
discord.php
177 lines (164 loc) · 6.87 KB
/
discord.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
<?php
/* Discord Oauth v.4.1
* This file contains the core functions of the oauth2 script.
* @author : MarkisDev
* @copyright : https://markis.dev
*/
# Starting session so we can store all the variables
session_start();
# Setting the base url for API requests
$GLOBALS['base_url'] = "https://discord.com";
# Setting bot token for related requests
$GLOBALS['bot_token'] = null;
# A function to generate a random string to be used as state | (protection against CSRF)
function gen_state()
{
$_SESSION['state'] = bin2hex(openssl_random_pseudo_bytes(12));
return $_SESSION['state'];
}
# A function to generate oAuth2 URL for logging in
function url($clientid, $redirect, $scope)
{
$state = gen_state();
return 'https://discordapp.com/oauth2/authorize?response_type=code&client_id=' . $clientid . '&redirect_uri=' . $redirect . '&scope=' . $scope . "&state=" . $state;
}
# A function to initialize and store access token in SESSION to be used for other requests
function init($redirect_url, $client_id, $client_secret, $bot_token = null)
{
if ($bot_token != null)
$GLOBALS['bot_token'] = $bot_token;
$code = $_GET['code'];
$state = $_GET['state'];
# Check if $state == $_SESSION['state'] to verify if the login is legit | CHECK THE FUNCTION get_state($state) FOR MORE INFORMATION.
$url = $GLOBALS['base_url'] . "/api/oauth2/token";
$data = array(
"client_id" => $client_id,
"client_secret" => $client_secret,
"grant_type" => "authorization_code",
"code" => $code,
"redirect_uri" => $redirect_url
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
$_SESSION['access_token'] = $results['access_token'];
}
# A function to get user information | (identify scope)
function get_user($email = null)
{
$url = $GLOBALS['base_url'] . "/api/users/@me";
$headers = array('Content-Type: application/x-www-form-urlencoded', 'Authorization: Bearer ' . $_SESSION['access_token']);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
$_SESSION['user'] = $results;
$_SESSION['username'] = $results['username'];
$_SESSION['discrim'] = $results['discriminator'];
$_SESSION['user_id'] = $results['id'];
$_SESSION['user_avatar'] = $results['avatar'];
# Fetching email
if ($email == True) {
$_SESSION['email'] = $results['email'];
}
}
# A function to give roles to the user
# Note : The bot has to be a member of the server with MANAGE_ROLES permission.
# The bot DOES NOT have to be online, just has to be a bot application and has to be a member of the server.
# This is the basic function which requires few parameters. [ 1: Guild ID, 2: Role ID ]
function give_role($guildid, $roleid)
{
$data = json_encode(array("roles" => array("$roleid")));
$url = $GLOBALS['base_url'] . "/api/guilds/$guildid/members/" . $_SESSION['user_id'] . "/roles/$roleid";
$headers = array('Content-Type: application/json', 'Authorization: Bot ' . $GLOBALS['bot_token']);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
return $results;
}
# A function to get user guilds | (guilds scope)
function get_guilds()
{
$url = $GLOBALS['base_url'] . "/api/users/@me/guilds";
$headers = array('Content-Type: application/x-www-form-urlencoded', 'Authorization: Bearer ' . $_SESSION['access_token']);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
return $results;
}
# A function to fetch information on a single guild | (requires bot token)
function get_guild($id)
{
$url = $GLOBALS['base_url'] . "/api/guilds/$id";
$headers = array('Content-Type: application/x-www-form-urlencoded', 'Authorization: Bot ' . $GLOBALS['bot_token']);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
return $results;
}
# A function to get user connections | (connections scope)
function get_connections()
{
$url = $GLOBALS['base_url'] . "/api/users/@me/connections";
$headers = array('Content-Type: application/x-www-form-urlencoded', 'Authorization: Bearer ' . $_SESSION['access_token']);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
return $results;
}
# Function to make user join a guild | (guilds.join scope)
# Note : The bot has to be a member of the server with CREATE_INSTANT_INVITE permission.
# The bot DOES NOT have to be online, just has to be a bot application and has to be a member of the server.
# This is the basic function with no parameters, you can build on this to give the user a nickname, mute, deafen or assign a role.
function join_guild($guildid)
{
$data = json_encode(array("access_token" => $_SESSION['access_token']));
$url = $GLOBALS['base_url'] . "/api/guilds/$guildid/members/" . $_SESSION['user_id'];
$headers = array('Content-Type: application/json', 'Authorization: Bot ' . $GLOBALS['bot_token']);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
return $results;
}
# A function to verify if login is legit
function check_state($state)
{
if ($state == $_SESSION['state']) {
return true;
} else {
# The login is not valid, so you should probably redirect them back to home page
return false;
}
}