RedSparr0w/discord-proxy.php

## discord-proxy.php
<?php
require('../session.php');

ini_set('max_execution_time', 30); // 30 seconds maximum execution time

define('OAUTH2_CLIENT_ID', YOUR_DISCORD_CLIENT_ID_HERE);
define('OAUTH2_CLIENT_SECRET', YOUR_DISCORD_CLIENT_SECRET_HERE);
define('OAUTH2_REDIRECT_URI', (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http') . '://' . $_SERVER[HTTP_HOST] . strtok($_SERVER['REQUEST_URI'], '?'));

$authorizeURL = 'https://discord.com/api/oauth2/authorize';
$tokenURL = 'https://discord.com/api/oauth2/token';
$apiURLBase = 'https://discord.com/api/users/@me';
$revokeURL = 'https://discord.com/api/oauth2/token/revoke';

if (get('redirect_uri')) $_SESSION['redirect_uri'] = get('redirect_uri');

// Start the login process by sending the user to Discord's authorization page
if(get('action') == 'login') {

    $params = array(
        'client_id' => OAUTH2_CLIENT_ID,
        'redirect_uri' => OAUTH2_REDIRECT_URI,
        'response_type' => 'code',
        'scope' => 'identify guilds'
    );

    // Redirect the user to Discord's authorization page
    header('Location: https://discordapp.com/api/oauth2/authorize' . '?' . http_build_query($params));
    die();
}

// Log the user out
if(get('action') == 'logout') {

    apiRequest($revokeURL, array(
        'token' => session('discord_access_token'),
        'client_id' => OAUTH2_CLIENT_ID,
        'client_secret' => OAUTH2_CLIENT_SECRET,
      ));

    // Log user out of our site
    unset($_SESSION['discord_access_token']);
    unset($_SESSION['discord_id']);
    unset($_SESSION['discord_avatar']);
    unset($_SESSION['discord_username']);
    unset($_SESSION['discord_discriminator']);

    // Reload page
    header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
    die();
}

// When Discord redirects the user back here, there will be a code parameter in the query string
if(get('code')) {
  // Exchange the auth code for a token
  $token = apiRequest($tokenURL, array(
    'grant_type' => 'authorization_code',
    'client_id' => OAUTH2_CLIENT_ID,
    'client_secret' => OAUTH2_CLIENT_SECRET,
    'redirect_uri' => OAUTH2_REDIRECT_URI,
    'code' => get('code')
  ));

  if ($token->error) {
      die('Something went wrong, try again later..');
  }

  $_SESSION['discord_access_token'] = $token->access_token;

  $user = apiRequest($apiURLBase);

  $_SESSION['discord_id'] = $user->id;
  $_SESSION['discord_avatar'] = $user->avatar;
  $_SESSION['discord_username'] = $user->username;
  $_SESSION['discord_discriminator'] = $user->discriminator;
}

function apiRequest($url, $post=FALSE, $headers=array()) {
  $ch = curl_init($url);
  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);

  $response = curl_exec($ch);


  if($post)
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));

  $headers[] = 'Accept: application/json';

  if(session('discord_access_token'))
    $headers[] = 'Authorization: Bearer ' . session('discord_access_token');

  curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

  $response = curl_exec($ch);
  return json_decode($response);
}

function get($key, $default=NULL) {
  return array_key_exists($key, $_GET) ? $_GET[$key] : $default;
}

function session($key, $default=NULL) {
  return array_key_exists($key, $_SESSION) ? $_SESSION[$key] : $default;
}

// Our output here
if(session('discord_id')) {
    if (session('redirect_uri')) {
        header('Location: ' . session('redirect_uri') . '?discordID=' . session('discord_id'));
        echo 'redirecting to ' . session('redirect_uri') . '?discordID=' . session('discord_id');
        unset($_SESSION['redirect_uri']);
    } else {
        header('Location: /');
    }
}
	<?php
	require('../session.php');

	ini_set('max_execution_time', 30); // 30 seconds maximum execution time

	define('OAUTH2_CLIENT_ID', YOUR_DISCORD_CLIENT_ID_HERE);
	define('OAUTH2_CLIENT_SECRET', YOUR_DISCORD_CLIENT_SECRET_HERE);
	define('OAUTH2_REDIRECT_URI', (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http') . '://' . $_SERVER[HTTP_HOST] . strtok($_SERVER['REQUEST_URI'], '?'));

	$authorizeURL = 'https://discord.com/api/oauth2/authorize';
	$tokenURL = 'https://discord.com/api/oauth2/token';
	$apiURLBase = 'https://discord.com/api/users/@me';
	$revokeURL = 'https://discord.com/api/oauth2/token/revoke';

	if (get('redirect_uri')) $_SESSION['redirect_uri'] = get('redirect_uri');

	// Start the login process by sending the user to Discord's authorization page
	if(get('action') == 'login') {

	$params = array(
	'client_id' => OAUTH2_CLIENT_ID,
	'redirect_uri' => OAUTH2_REDIRECT_URI,
	'response_type' => 'code',
	'scope' => 'identify guilds'
	);

	// Redirect the user to Discord's authorization page
	header('Location: https://discordapp.com/api/oauth2/authorize' . '?' . http_build_query($params));
	die();
	}

	// Log the user out
	if(get('action') == 'logout') {

	apiRequest($revokeURL, array(
	'token' => session('discord_access_token'),
	'client_id' => OAUTH2_CLIENT_ID,
	'client_secret' => OAUTH2_CLIENT_SECRET,
	));

	// Log user out of our site
	unset($_SESSION['discord_access_token']);
	unset($_SESSION['discord_id']);
	unset($_SESSION['discord_avatar']);
	unset($_SESSION['discord_username']);
	unset($_SESSION['discord_discriminator']);

	// Reload page
	header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
	die();
	}

	// When Discord redirects the user back here, there will be a code parameter in the query string
	if(get('code')) {
	// Exchange the auth code for a token
	$token = apiRequest($tokenURL, array(
	'grant_type' => 'authorization_code',
	'client_id' => OAUTH2_CLIENT_ID,
	'client_secret' => OAUTH2_CLIENT_SECRET,
	'redirect_uri' => OAUTH2_REDIRECT_URI,
	'code' => get('code')
	));

	if ($token->error) {
	die('Something went wrong, try again later..');
	}

	$_SESSION['discord_access_token'] = $token->access_token;

	$user = apiRequest($apiURLBase);

	$_SESSION['discord_id'] = $user->id;
	$_SESSION['discord_avatar'] = $user->avatar;
	$_SESSION['discord_username'] = $user->username;
	$_SESSION['discord_discriminator'] = $user->discriminator;
	}

	function apiRequest($url, $post=FALSE, $headers=array()) {
	$ch = curl_init($url);
	curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);

	$response = curl_exec($ch);


	if($post)
	curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));

	$headers[] = 'Accept: application/json';

	if(session('discord_access_token'))
	$headers[] = 'Authorization: Bearer ' . session('discord_access_token');

	curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

	$response = curl_exec($ch);
	return json_decode($response);
	}

	function get($key, $default=NULL) {
	return array_key_exists($key, $_GET) ? $_GET[$key] : $default;
	}

	function session($key, $default=NULL) {
	return array_key_exists($key, $_SESSION) ? $_SESSION[$key] : $default;
	}

	// Our output here
	if(session('discord_id')) {
	if (session('redirect_uri')) {
	header('Location: ' . session('redirect_uri') . '?discordID=' . session('discord_id'));
	echo 'redirecting to ' . session('redirect_uri') . '?discordID=' . session('discord_id');
	unset($_SESSION['redirect_uri']);
	} else {
	header('Location: /');
	}
	}