Discord have changed the way bots work quite a few times. Recently, though, they built a system that lets you create and register “slash commands” — commands that you can type into the Discord chat and which do things, like /hello — and which are powered by “webhooks”. That is: when someone uses your command, it sends an HTTP request to a URL of your choice, and your URL then responds, and that process powers what your users see in Discord. Importantly, this means that operating a Discord bot does not require a long-running server process. You don’t need to host it somewhere where you worry about the bot process crashing, how you’re going to recover from that, all that stuff. No daemon required. In fact, you can make a complete Discord bot in one single PHP file. You don’t even need any PHP libraries. One file, which you upload to your completely-standard shared hosting webspace, the same way you might upload any other simple PHP thing. Here’s some notes on how I did that.
The Discord documentation is pretty annoying and difficult to follow; all the stuff you need is in there, somewhere, but it’s often hard to find where, and there’s very little that explains why a thing is the way it is. It’s tough to grasp the “Zen” of how Discord wants you to work with their stuff. But in essence, you’ll need to create a Discord app: follow their instructions to do that. Then, we’ll write our small PHP file, and upload it; finally, fill in the URL of that PHP file as the “interactive endpoint URL” in your newly-created app’s general information page in the Discord developer admin. You can then add the bot to a server by visiting the URL from the “URL generator” for your app in the Discord dev admin.
The PHP file will get sent blocks of JSON, which describe what a user is doing — a command they’ve typed, parameters to that command, or whatever — and respond with something which is shown to the user — the text of a message which is your bot’s reply, or a command to alter the text of a previous message, or add a clickable button to it, and the like. I won’t go into detail about all the things you can do here (if that would be interesting, let me know and maybe I’ll write a followup or two), but the basic structure of your bot needs to be that it authenticates the incoming request from Discord, it interprets that request, and it responds to that request.
Authentication first. When you create your app, you get a client_public_key value, a big long string of hex digits that will look like c78c32c3c7871369fa67 or whatever. Your PHP file needs to know this value somehow. (How you do that is up to you; think of this like a MySQL username and password, and handle this the same way you do those.) Then, every request that comes in will have two important HTTP headers: X-Signature-ED25519 and X-Signature-Timestamp. You use a combination of these (which provide a signature for the incoming request) and your public key to check whether the request is legitimate. There are PHP libraries to do this, but fortunately we don’t need them; PHP has the relevant signature verification stuff built in, these days. So, to read the content of the incoming post and verify the signature on it:
/* read the incoming request data */
$postData = file_get_contents('php://input');
/* get the signature and timestamp header values */
$signature = isset($_SERVER['HTTP_X_SIGNATURE_ED25519']) ?
$_SERVER['HTTP_X_SIGNATURE_ED25519'] : "";
$timestamp = isset($_SERVER['HTTP_X_SIGNATURE_TIMESTAMP']) ?
$_SERVER['HTTP_X_SIGNATURE_TIMESTAMP'] : "";
/* check the signature */
$sigok = sodium_crypto_sign_verify_detached(
hex2bin($signature),
$timestamp . $postData,
hex2bin($client_public_key));
/* If signature is not OK, reject the request */
if (!$sigok) {
http_response_code(401);
die();
}
We need to correctly reject invalidly signed requests, because Discord will check that we do — they will occasionally send test requests with bad signatures to confirm that you’re doing the check. (They do this when you first add the URL to the Discord admin screens; if it won’t let you save the settings, then it’s because Discord thinks your URL returned the wrong thing. This is annoying, because you have no idea why Discord didn’t like it; best bet is to add lots of error_log() logging of inputs and outputs to your PHP file and inspect the results carefully.)
Next, interpret the incoming request and do things with it. The only thing we have to respond to here is a ping message; Discord will send them as part of their irregular testing, and expects to get back a correctly-formatted pong message.
$data = json_decode($postData);
if ($data->type == 1) { // this is a ping message
echo json_encode(array('type' => 1)); // response: pong
die();
}
The magic numbers there (1 for a ping, 1 for a pong) are both defined in the Discord docs (incoming values being the “Interaction Type” field and outgoing values the “Interaction Callback Type”.)
After that, the world’s approximately your oyster. You check the incoming type field for the type of incoming thing this is — a slash command, a button click in a message, whatever — and respond appropriately. This is all stuff for future posts if there’s interest, but the docs (in particular the “receiving and responding and “message components” sections) have all the detail. For your bot to provide a slash command, you have to register it first, which is a faff; I wrote a little Python script to do that. You only have to do it once. The script looks approximately like this; you’ll need your APP_ID and your BOT_TOKEN from the Discord dashboard.
import requests, json
MY_COMMAND = {
"name": 'doit',
"description": 'Do the thing',
"type": 1
}
discord_endpoint = _
f"https://discord.com/api/v10/applications/{APP_ID}/commands"
requests.request("PUT", discord_endpoint,
json=[MY_COMMAND], headers={
"Authorization": f"Bot {BOT_TOKEN}",
"User-Agent": 'mybotname (myboturl, 1.0.0)',
})
Once you’ve done that, you can use /doit in a channel with your bot in, and your PHP bot URL will receive the incoming request for you to process.
– I think while developing Wayland-as-an-ecosystem we are now entrenched into narrow concepts of how a desktop should work. While discussing Wayland protocol additions, a lot of concepts clash, people from different desktops with different design philosophies debate the merits of those over and over again never reaching any conclusion (just as you will never get an answer out of humans whether sushi or pizza is the clearly superior food, or whether CSD or SSD is better). Some people want to use Wayland as a vehicle to force applications to submit to their desktop’s design philosophies, others prefer the smallest and leanest protocol possible, other developers want the most elegant behavior possible. To be clear, I think those are all very valid approaches.
︎
KDE PIM Kaddressbook snap
KDE Plasma desktop 5.27.8 on Kubuntu 23.10
Xubuntu 23.10, featuring the latest updates from Xfce 4.18 and GNOME 44.
The Xubuntu 23.10 desktop, featuring the latest wallpaper by Xubuntu&aposs own Pasi Lallinaho
Color emoji are now supported in Xubuntu 23.10
Baobab 45.0 features a visual refresh to match the other GNOME 45 apps
Disks 45.0 received a minimal bug-fixing update
Fonts 45.0 features the latest GNOME 45 design trends
Software 45.0 is mostly a bugfix release with some usability enhancements
Rhythmbox 3.4.7 includes some bug fixes while also removing party mode
Dictionary 0.8.5 fixes some bugs while also applying some light UI enhancements
Mousepad 0.6.1 adds a new search setting and fixes a variety of bugs
Notifications 0.8.2 incorporates numerous bug fixes and improves logging support
Power Manager 4.18.2 improves memory management and screensaver integration
Ristretto 0.13.1 (finally) introduces printing support
Screensaver 4.18.2 fixes several stability and usability issues
Screenshooter 1.10.4 improves usability and adds two new file types
Thunar 4.18.7 features some bug fixes and performance improvements
The lesser-known Media Tags plugin received minor technical updates
Xfburn 0.7.0 continues to receive updates as one of the best-supported burning apps around
Panel 4.18.4 fixes memory management issues and improves scaling
Panel Profiles 1.0.14 significantly improves file handling
Clipman 1.6.4 improves memory management and tidies up the UI
CPU Graph 1.2.8 makes more information readily available from the panel
Indicator Plugin 2.4.2 removes the downstream Xubuntu delta, guaranteeing better support
Mailwatch 1.3.1 improves logging and UI scaling support
Netload 1.4.1 shows your network utilization, with correct units, in the panel
PulseAudio Plugin 0.4.8 greatly improves device and MPRIS (media player) support
Verve 2.0.3 plays better with the updates the panel has received in recent years
Weather 0.11.1 makes it easier to configure the plugin and improves UI scaling
Whisker Menu 2.8.0 improves power user support with more menu popup options