Check against sender ID

This addresses a security vulnerability in the userbot.
2021-04-09 20:57:58 +02:00 · 2021-04-09 20:57:58 +02:00 · d55af1b501
commit d55af1b501
parent 1fc9329259
2 changed files with 5 additions and 0 deletions
--- a/2
+++ b/2
@ -5,6 +5,7 @@ mkconfig(){
 	echo "Please get your credentials from https://my.telegram.org."
 	read -p "App API ID (api_id): " api_id
 	read -p "App API hash (api_hash): " api_hash
+	read -p "Your user ID: " myid
 	read -p "Do you wish to use a log chat? (y/n): " logrpl
 	if [ "$logrpl" = "y" ]
 	then
@ -14,6 +15,7 @@ mkconfig(){
 	fi
 	echo "api_id = $api_id" >> config.py
 	echo "api_hash = '$api_hash'" >> config.py
+	echo "myid = $myid" >> config.py
 	echo "logchat = $logchat" >> config.py
 }

--- a/ubot.py
+++ b/ubot.py
@ -8,6 +8,9 @@ client = TelegramClient('ubot', api_id, api_hash)
 async def edit(event):
 	msg = event.raw_text

+	if event.sender_id != myid:
+		return
+
 	if msg.startswith('.alive'):
 		rpl = "Userbot alive and well!"
 		await event.edit(rpl)