It's very simple! Just add this line of code in your file :
require 'discord.php`;
That's it! You've successfully added the oauth script to your code!
TO Make it easier, I've added a demo working of the whole script. Open it and adjust it to your needs.
To use it, you will need a quick overview on how this script works. This is not a library, its more like a code snippet. Basically, once you include the file in your login file, you just have to call some predefined functions. This makes oauth for Discord a breeze. Like I mentioned, I've now added a demo - just fill in the details and you'll have a basic understanding of how it works.
After the user authorizes the application, a code is sent by Discord to the Rediect URI. This script which is in your Reirect URI folder will grab the code sent by Discord through a GET request and will POST it to the oauth API along with your data to get an authorizaion token. This authorization token is again sent to the send to the Discord API (which depends on your required scope) to get the user data, which is then utilized by you, that is you make SESSIONS with the data you receieved.
Too confusing? Just use the demo!
So, the state parameter is sent along with your oauth url to Discord. Discord then returns the same value when you're asking for the code.
What you basically want to do is check if $state
is equal to $_SESSION['state']
. If they're not equal, redirect the user back to home page. This is done to ensure that the login was actually legit (to prevent CSRF attacks).
Well, the state
value generated by the script is unique for each user and is valid only for that session. This means, nobody else can fake a state
value and login.
Join my server and DM me - Markis#0227 your questions and I will sort them. Feel free to request for more functions :)
Server Link : https://join.markis.dev