Discord OAuth Script - [Login With Discord, PHP]

How To use it?

It's very simple! Just add this line of code in your file : require 'discord.php'; That's it! You've successfully added the oauth script to your code! To make it easier, I've added a demo working of the whole script. Use it and adjust it to your needs.

How do I integrate it into my website

To use it, you will need a quick overview on how this script works. This is not a library, its more like a code snippet. Basically, once you include the file in your login file, you just have to call some predefined functions. This makes oauth for Discord a breeze. Like I mentioned, I've now added a demo - just fill in the details and you'll have a basic understanding of how it works.

How does Oauth work?

After the user authorizes the application, a code is sent by Discord to the Rediect URI. This script which is in your Reirect URI folder will grab the code sent by Discord through a GET request and will POST it to the oauth API along with your data to get an authorizaion token. This authorization token is again sent to the send to the Discord API (which depends on your required scope) to get the user data, which is then utilized by you, that is you make SESSIONS with the data you receieved.

Too confusing? Just use the demo!

What scopes does the script handle?

The script handles identify, guilds and guilds.join scopes. It can also use email scope, but some modifications will be required. Join the server and ask me for help if you want to use email scope.

You can use identify and guilds without having to use a bot token, but to use guilds.join you will have to replace null of $bot_token with your Discord bot token in the init() function in login.php and have guilds.join enabled in index.php.

Make sure the bot is in your server with CREATE_INSTANT_INVITE permissions and that you call the function join_guild() after get_user() in login.php - since it adds the user who's logging in.

The guilds.join scope can add a user with a nickname, mute or deafen him or add him with a role to a server. This script DOES NOT account for any of these. If you need help with these, join the server and feel free to ask me!

How do I make use of the state parameter in the script?

So, the state parameter is sent along with your oauth url to Discord. Discord then returns the same value when you're asking for the code.
What you basically want to do is check if $state is equal to $_SESSION['state']. If they're not equal, redirect the user back to home page. This is done to ensure that the login was actually legit (to prevent CSRF attacks).

How does it help prevent CSRF?

Well, the state value generated by the script is unique for each user and is valid only for that session. This means, nobody else can fake a state value and login.

I have more doubts as on how to use it and I want to request more functions!

Join my server and DM me - Markis#0227 your questions and I will sort them. Feel free to request for more functions :)

Server Link : https://join.markis.dev