-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.php
156 lines (144 loc) · 5.84 KB
/
auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
<?php
/* Discord Oauth v.4.1
* This file contains the core functions of the oauth2 script.
* @author : MarkisDev
* @copyright : https://markis.dev
*/
# Starting session so we can store all the variables
session_start();
# Setting the base url for API requests
$GLOBALS['base_url'] = "https://discord.com";
# Setting bot token for related requests
$GLOBALS['bot_token'] = null;
# A function to generate a random string to be used as state | (protection against CSRF)
function gen_state()
{
$_SESSION['state'] = bin2hex(openssl_random_pseudo_bytes(12));
return $_SESSION['state'];
}
# A function to generate oAuth2 URL for logging in
function url($clientid, $redirect, $scope)
{
$state = gen_state();
return 'https://discordapp.com/oauth2/authorize?response_type=code&client_id=' . $clientid . '&redirect_uri=' . $redirect . '&scope=' . $scope . "&state=" . $state;
}
# A function to initialize and store access token in SESSION to be used for other requests
function init($redirect_url, $client_id, $client_secret, $bot_token = null)
{
if ($bot_token != null)
$GLOBALS['bot_token'] = $bot_token;
$code = $_GET['code'];
$state = $_GET['state'];
# Check if $state == $_SESSION['state'] to verify if the login is legit | CHECK THE FUNCTION get_state($state) FOR MORE INFORMATION.
$url = $GLOBALS['base_url'] . "/api/oauth2/token";
$data = array(
"client_id" => $client_id,
"client_secret" => $client_secret,
"grant_type" => "authorization_code",
"code" => $code,
"redirect_uri" => $redirect_url
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
$_SESSION['access_token'] = $results['access_token'];
}
# A function to get user information | (identify scope)
function get_user($email = null)
{
$url = $GLOBALS['base_url'] . "/api/users/@me";
$headers = array('Content-Type: application/x-www-form-urlencoded', 'Authorization: Bearer ' . $_SESSION['access_token']);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
$_SESSION['user'] = $results;
$_SESSION['username'] = $results['username'];
$_SESSION['discrim'] = $results['discriminator'];
$_SESSION['user_id'] = $results['id'];
$_SESSION['user_avatar'] = $results['avatar'];
# Fetching email
if ($email == True) {
$_SESSION['email'] = $results['email'];
}
}
# A function to get user guilds | (guilds scope)
function get_guilds()
{
$url = $GLOBALS['base_url'] . "/api/users/@me/guilds";
$headers = array('Content-Type: application/x-www-form-urlencoded', 'Authorization: Bearer ' . $_SESSION['access_token']);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
return $results;
}
# A function to fetch information on a single guild | (requires bot token)
function get_guild($id)
{
$url = $GLOBALS['base_url'] . "/api/guilds/$id";
$headers = array('Content-Type: application/x-www-form-urlencoded', 'Authorization: Bot ' . $GLOBALS['bot_token']);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
return $results;
}
# A function to get user connections | (connections scope)
function get_connections()
{
$url = $GLOBALS['base_url'] . "/api/users/@me/connections";
$headers = array ('Content-Type: application/x-www-form-urlencoded', 'Authorization: Bearer ' . $_SESSION['access_token']);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
return $results;
}
# Function to make user join a guild | (guilds.join scope)
# Note : The bot has to be a member of the server with CREATE_INSTANT_INVITE permission.
# The bot DOES NOT have to be online, just has to be a bot application and has to be a member of the server.
# This is the basic function with no parameters, you can build on this to give the user a nickname, mute, deafen or assign a role.
function join_guild($guildid)
{
$data = json_encode(array("access_token" => $_SESSION['access_token']));
$url = $GLOBALS['base_url'] . "/api/guilds/$guildid/members/" . $_SESSION['user_id'];
$headers = array('Content-Type: application/json', 'Authorization: Bot ' . $GLOBALS['bot_token']);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($curl);
curl_close($curl);
$results = json_decode($response, true);
return $results;
}
# A function to verify if login is legit
function check_state($state)
{
if ($state == $_SESSION['state']) {
return true;
} else {
# The login is not valid, so you should probably redirect them back to home page
return false;
}
}