Invalid result

Sabry.Superman · December 15, 2022, 6:06pm

Hello,

Here is my url: https://sparkles-tester.rf.gd/index.php

It works normally as you can login, but there are 2 issues:

The avatar doesn’t load
It doesn’t make user joining the discord server

You may wonder what’s the link with infinityfree?

It is that with a localhost, the code has no problem at all, both works properly, therefore I assume the issue comes from infinityfree. The only difference that I made with my folders is that I did put src at the root of infinityfree, but according to the code, it shouldn’t have any effect on the code.

This being said could you please help me? Thanks

Greenreader9 · December 15, 2022, 6:19pm

I see a login with discord button that when clicked redirects be to Discords OAuth page.

Since I don’t want to link my Discord account to your website, I am not going to go any furthure.

Can you share the code that relates to fetching the avatar and having the user join the server? Also, are there any errors in the browser console?

Sabry.Superman · December 15, 2022, 6:35pm

Can you share the code that relates to fetching the avatar and having the user join the server? Also, are there any errors in the browser console?

Yes, sure:

And no, the console has no error

Sabry.Superman · December 15, 2022, 6:43pm

On localhost it gives this

On infinityfree

Additionally, (totally understandable that you don’t want to link your account), on localhost it makes the user join the server normally, but it isn’t the case for infinityfree

Sabry.Superman · December 16, 2022, 12:08am

@Greenreader9 Sorry for pinging you but this being said, do you have an idea please?

The exact same code from localhost was added there (just localhost path edited) and I just removed the src folder to add it on the root path, but that’s all.

Greenreader9 · December 16, 2022, 12:20am

So I connected my Discord account to your site, and I think there is something wrong with the way you are connecting to the Discord API.

I do not see your application in my authorized apps on Discord, and using dev tools, it looks like I was never actually logged in.

As to why this is happening, it’s a backend error, somewhere. Is Discord configured to use this live version instead of localhost? Are the things you are doing allowed/accepted on production servers? If you turn on error messages (Control panel → alter php config) codes anything show?

Sabry.Superman · December 16, 2022, 12:28am

As to why this is happening, it’s a backend error, somewhere. Is Discord configured to use this live version instead of localhost? Are the things you are doing allowed/accepted on production servers? If you turn on error messages (Control panel → alter php config) codes anything show?

I have no idea if the server allows this neither about if Discord can handle such version instead of localhost, I assume so because some website are similarly made but idk if it is hosted on infinityfree, as for Control panel → alter php config, I enabled it, this is what it shows

Line 15

Greenreader9 · December 16, 2022, 12:31am

$_SESSION['userData'] and $_SESSION['guilds'] probably do not exist.

Also do not see $discord_id or $avatar defined anywhere.

Sabry.Superman · December 16, 2022, 12:33am

Although it is the same code as it is for my localhost

And it works perfectly for my localhost

Would a video help to show the localhost?

As for defining them, it is defined on another file from what I can see (process-oauth.php)

Greenreader9 · December 16, 2022, 12:39am

Which makes me think the issue is how Discord is talking to your site.

And where is $result defined?

Sabry.Superman · December 16, 2022, 12:40am

process-oauth.php too

(Well, there are 18 like that, are you able to see my code or do you need pictures?

Which makes me think the issue is how Discord is talking to your site.

Is there a way to fix this?

Greenreader9 · December 16, 2022, 12:42am

So you have a curl request, to what? Can you share the entire code (copy paste) here?

Well you have to find the problem first

Sabry.Superman · December 16, 2022, 12:45am

yes, sure, here it is

<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

if(!isset($_GET['code'])){
    echo 'no code';
    exit();
}

$discord_code = $_GET['code'];


$payload = [
    'code'=>$discord_code,
    'client_id'=>'HIDDEN',
    'client_secret'=>'HIDDEN',
    'grant_type'=>'authorization_code',
    'redirect_uri'=>'http://sparkles-tester/process-oauth.php',
    'scope'=>'identify%20guids',
];

print_r($payload);

$payload_string = http_build_query($payload);
$discord_token_url = "https://discordapp.com/api/oauth2/token";

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $discord_token_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

$result = curl_exec($ch);

if(!$result){
    echo curl_error($ch);
}

$result = json_decode($result,true);
$access_token = $result['access_token'];

$discord_users_url = "https://discordapp.com/api/users/@me";
$header = array("Authorization: Bearer $access_token", "Content-Type: application/x-www-form-urlencoded");

$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_URL, $discord_users_url);
curl_setopt($ch, CURLOPT_POST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

$result = curl_exec($ch);

$result = json_decode($result, true);

//guild ID
$guild_ID ='HIDDEN';
$addUserToGuild = addUserToGuild($result['id'],$access_token,$guild_ID);

session_start();

$_SESSION['logged_in'] = true;
$_SESSION['userData'] = [
    'name'=>$result['username'],
    'discord_id'=>$result['id'],
    'avatar'=>$result['avatar'],
    'guilds'=>getUsersGuilds($access_token)
];

header("location: dashboard.php");
exit();



function addUserToGuild($discord_ID,$token,$guild_ID){
    $payload = [
        'access_token'=>$token,
    ];

    $discord_api_url = 'https://discordapp.com/api/guilds/'.$guild_ID.'/members/'.$discord_ID;

    $bot_token = "HIDDEN";
    $header = array("Authorization: Bot $bot_token", "Content-Type: application/json");

    $ch = curl_init();
    //set the url, number of POST vars, POST data
    curl_setopt($ch, CURLOPT_HTTPHEADER,$header);
    curl_setopt($ch,CURLOPT_URL, $discord_api_url);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT"); //must be put for this method..
    curl_setopt($ch,CURLOPT_POSTFIELDS, json_encode($payload)); //must be a json body
    curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

    $result = curl_exec($ch);
    
    if(!$result){
        echo curl_error($ch);
    }else{
        return true;
    }
}

function getUsersGuilds($auth_token){
    //url scheme /users/@me/guilds
    $discord_api_url = "https://discordapp.com/api";
    $header = array("Authorization: Bearer $auth_token","Content-Type: application/x-www-form-urlencoded");
    $ch = curl_init();
    //set the url, number of POST vars, POST data
    curl_setopt($ch, CURLOPT_HTTPHEADER,$header);
    curl_setopt($ch,CURLOPT_URL, $discord_api_url.'/users/@me/guilds');
    curl_setopt($ch,CURLOPT_POST, false);
    //curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    $result = curl_exec($ch);
    $result = json_decode($result,true);
    return $result;
}

Yes, ofc, what scared me is that I thought it was an issue of infinityfree not supporting it

Sabry.Superman · December 16, 2022, 1:26am

Soo, do you have an idea about what could possibly be the issue please along with a fix?

KangJL · December 16, 2022, 3:20am

I believe free hosting blocked discord access

Admin · December 16, 2022, 12:20pm

This.

Access to the Discord API (and many other chat platform APIs) is blocked because of rampant abuse for spam bots.

So I’m sorry to say that you either have to remove the Discord login system, or move the site to premium hosting instead.

Sabry.Superman · December 16, 2022, 12:51pm

Okay, it’s fine, I’ll look for another solution. Thanks though

Sabry.Superman · December 18, 2022, 1:42am

Hi, so you said I have to remove the Discord login system, I’m not against it at all but does infinityfree support a way (whichever that way is) to add a user to a discord guild?

Admin · December 18, 2022, 10:53am

Whatever you’re trying to do on Discord, you’ll have to do so through their API, which is blocked, so it’s going to be hard.

Come to think of it, maybe you can do something using an intermediary like IFTTT or Zapier? Those services can be used to build automations across services. Which often means you can trigger a webhook from your website to do things at other services like Discord.

Sabry.Superman · December 20, 2022, 11:58pm

I will check this. Thanks!