How to get a Discord User's Server Roles using PHP and Redirect With Simple Permissions
4 min read

How to get a Discord User's Server Roles using PHP and Redirect With Simple Permissions

How to get a Discord User's Server Roles using PHP and Redirect With Simple Permissions

Here is the scenario. You want to log a user into your website, and then see if they have the required role (from your discord server) to view something on your site. In my example, I will redirect admins to a special page, moderators to their page, and the rest of users to a regular, login protected page.

Video Tutorial:

Source Code:

Check out the GitHub if you want to start with a plug-n-play template:

Getting Started:

Start with my Login with Discord (PHP) tutorial on YouTube. It's about 20 minutes, but will get you up to speed on how to set up your discord developer account, and make some API calls with PHP!

1) Update your OAuth URL

If you followed the tutorial, your redirect URL probably looks like this:

Because we only picked the "scope" permission.

To get the user's roles, we need the permission as well.

To add that into your URL, head on over to the Discord Developer Dashboard, and go to your application, and check the additional scope as seen here:

Now, copy the OAuth URL and paste it into your init-oauth.php file.


$discord_url = "";
header("Location: $discord_url");


2) Update your API Page (process-oauth.php)

Here is where we can now use our new permission to get information about the user's roles.

Get your server's guild id

Before we can do anything to find out the role of a user on a discord server, we needs its guild id.

Right click your discord server icon on discord, and select the bottom option "Copy Server ID"

For example, mine is 98672642795098937

Get the user's role by passing the guild id

In process-oauth.php, let's make a function that takes in the access-token discord gave us, and search "our" roles on a discord server by passing it's guild id

function getGuildObject($access_token, $guild_id){
        //requires the following scope:
        $discord_api_url = "";
        $header = array("Authorization: Bearer $access_token","Content-Type: application/x-www-form-urlencoded");
        $ch = curl_init();
        //set the url, number of POST vars, POST data
        curl_setopt($ch, CURLOPT_HTTPHEADER,$header);
        curl_setopt($ch,CURLOPT_URL, $discord_api_url.'/users/@me/guilds/'.$guild_id.'/member');
        curl_setopt($ch,CURLOPT_POST, false);
        //curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
        curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        $result = curl_exec($ch);
        $result = json_decode($result,true);
        return $result;

The guild object will return something like this...

    [avatar] => 
    [communication_disabled_until] => 
    [flags] => 0
    [joined_at] => 2022-06-15T20:18:32.991000+00:00
    [nick] => 
    [pending] => 
    [premium_since] => 
    [roles] => Array
            [0] => 1134940682650402968

    [user] => Array
            [id] => 118583685640355840
            [username] => Exit
            [avatar] => f2e98ae1156588254d4a6e3d9197fc8e
            [discriminator] => 9063
            [public_flags] => 0
            [flags] => 0
            [banner] => 
            [accent_color] => 
            [global_name] => Exit
            [avatar_decoration] => 
            [banner_color] => 

    [mute] => 
    [deaf] => 
    [bio] => 
    [banner] => 

Oh look! We have a roles array.

Let's access it, and test if it has a role that we care about.

$guild_roles = $guildObject['roles'];
// see if roles has the correct role_id within the array

$role = 'user';
if(in_array('1134940795481370646', $guild_roles)){
    $role = 'admin';
}else if(in_array('1134940682650402968', $guild_roles)){
    $role = 'moderator';

How do I know what 1134940795481370646 is?
Go to Server Settings > Roles >> Copy Role Id

Ok, now let's update the user's session, so we can keep track of their role. Also, we can redirect them to their special, protected page!

$_SESSION['logged_in'] = true;
$_SESSION['userData'] = [

    header("location: admin-lounge.php");
}else if($role=='moderator'){
    header("location: moderator-lounge.php");
    header("location: dashboard.php");

Here's an example of the admin-lounge.php page



    header("location: index.php?error=not_admin");
<!doctype html>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <link href="../dist/output.css" rel="stylesheet">
  <link rel="stylesheet" href="" integrity="sha512-KfkfwYDsLkIlwQp6LFnl8zNdLGxu9YAA1QvwINks4PhcElQSvqcyVLLD9aMhXd13uQjoXtEKNosOWaZqXgel0g==" crossorigin="anonymous" referrerpolicy="no-referrer" />
    <div class='flex items-center justify-center h-screen font-bold'><?php echo 'Welcome, Admin'; ?></div>