diff --git a/config.php b/config.php index 8938d8a..a35f09e 100644 --- a/config.php +++ b/config.php @@ -110,23 +110,13 @@ function alert($txt, $type = false, $callid = null){ ]); } -$range = [ - '149.154.160.0/22', - '149.154.164.0/22', - '91.108.4.0/22', - '91.108.56.0/22', - '91.108.8.0/22', - '95.161.64.0/20', - ]; function check($return = false){ - global $range; - foreach ($range as $rg) { - if (ip_in_range($_SERVER['REMOTE_ADDR'], $rg)) { - return true; - } - } - if ($return == true) { - return false; + global $botSecret; + + $secretToken = $_SERVER['HTTP_X_TELEGRAM_BOT_API_SECRET_TOKEN'] ?? ''; + + if ($secretToken == $botSecret) { + return true; } die('You do not have access'); diff --git a/wizwiz.sh b/wizwiz.sh index 512b524..31404c6 100644 --- a/wizwiz.sh +++ b/wizwiz.sh @@ -302,11 +302,14 @@ wait fi sleep 2 + + SECRET_TOKEN=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 128) # print file echo -e "> /var/www/html/wizwizxui-timebot/baseInfo.php echo -e "error_reporting(0);" >> /var/www/html/wizwizxui-timebot/baseInfo.php echo -e "${ASAS}botToken = '${YOUR_BOT_TOKEN}';" >> /var/www/html/wizwizxui-timebot/baseInfo.php + echo -e "${ASAS}botSecret = '${SECRET_TOKEN}';" >> /var/www/html/wizwizxui-timebot/baseInfo.php echo -e "${ASAS}dbUserName = '${dbuser}';" >> /var/www/html/wizwizxui-timebot/baseInfo.php echo -e "${ASAS}dbPassword = '${dbpass}';" >> /var/www/html/wizwizxui-timebot/baseInfo.php echo -e "${ASAS}dbName = '${dbname}';" >> /var/www/html/wizwizxui-timebot/baseInfo.php @@ -316,7 +319,7 @@ wait sleep 1 - curl -F "url=https://${YOUR_DOMAIN}/wizwizxui-timebot/bot.php" "https://api.telegram.org/bot${YOUR_BOT_TOKEN}/setWebhook" + curl -F "url=https://${YOUR_DOMAIN}/wizwizxui-timebot/bot.php" -F "secret_token=${SECRET_TOKEN}" "https://api.telegram.org/bot${YOUR_BOT_TOKEN}/setWebhook" MESSAGE="✅ The wizwiz bot has been successfully installed! @wizwizch" curl -s -X POST "https://api.telegram.org/bot${YOUR_BOT_TOKEN}/sendMessage" -d chat_id="${YOUR_CHAT_ID}" -d text="$MESSAGE"