3 require_once($G_base . 'Obj/curl-de-sac.phh');
5 define('TOR_CHK_URL', 'http://localhost/curl-de-sac/test/tor_mock.ppp');
6 define('PROXY_CHK_URL', 'http://localhost/curl-de-sac/test/proxy_mock.ppp');
9 * Operational Brisk stuff
11 function brisk_cds_reload($brisk)
13 if ($brisk->cds != NULL) {
14 $brisk->cds->cmd_cls_deregister_all();
19 $brisk->cds = new Curl_de_sac();
21 // create tor_chk_cls and proxy_chk_cls
22 $tor_chk_cls = new Tor_chk_cmd_cls();
23 $proxy_chk_cls = new Proxy_chk_cmd_cls();
25 // registrer tor_chk_cls and proxy_chk_cls
26 fprintf(STDERR, "MAIN: Register 'tor_chk_cls'\n");
27 if (($brisk->cds->cmd_cls_register($tor_chk_cls)) == FALSE) {
28 fprintf(STDERR, "MAIN: 'tor_chk_cls' registration failed\n");
31 fprintf(STDERR, "MAIN: Register 'proxy_chk_cls'\n");
32 if (($brisk->cds->cmd_cls_register($proxy_chk_cls)) == FALSE) {
33 fprintf(STDERR, "MAIN: 'proxy_chk_cls' registration failed\n");
40 function brisk_cds_execute($brisk, $ghost, $real_idx, $sess, $ip, $authenticate, $header)
42 if ($brisk->cds->execute("tor_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) {
43 log_main("cds_execute failed");
45 if ($brisk->cds->execute("proxy_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) {
46 log_main("cds_execute failed");
53 class Tor_chk_cmd extends CDS_cmd {
60 function Tor_chk_cmd($cmd_cls, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth)
62 parent::__construct($cmd_cls, $ch);
64 $this->user_idx = $user_idx;
65 $this->user_sess = $user_sess;
66 $this->conn_ip = $conn_ip;
67 $this->is_auth = $is_auth;
71 class Tor_chk_cmd_cls extends CDS_cmd_cls {
72 function Tor_chk_cmd_cls()
74 parent::__construct("tor_chk", 10);
77 function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth)
79 if ($cds->dbg_get() > 0) {
80 fprintf(STDERR, "'tor_chk'::create url:[%s]\n", 'TOR_CHK_URL');
84 $opts = array( CURLOPT_HEADER => 0,
85 CURLOPT_RETURNTRANSFER => 1,
86 CURLOPT_FORBID_REUSE => true,
87 CURLOPT_HTTPHEADER => array('Connection: close'),
89 CURLOPT_POSTFIELDS => array('QueryIP' => $conn_ip));
91 if (($ch = parent::pre_create($cds, TOR_CHK_URL, $opts)) == FALSE)
94 if (parent::create($cds, $ch) == FALSE)
97 $ctx->user[$user_idx]->pend_async++;
98 $cmd = new Tor_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth);
106 function process($cmd, $ret)
108 if ($this->dbg_get() > 2) {
109 fprintf(STDERR, "CURL: 'tor_chk' process: curl_multi_getcontent\n");
110 fprintf(STDERR, "%s", print_r($ret, TRUE));
113 $content = curl_multi_getcontent($cmd->ch_get());
114 if ($this->dbg_get() > 0) { fprintf(STDERR, "'tor_chk' process: [%s]\n", $content); }
117 if (mb_strpos($content,
118 "The IP Address you entered matches one or more active Tor servers",
119 0, "UTF-8") !== FALSE) {
120 // fprintf(STDERR, "WARNING: stripos ok\n");
123 else if (mb_strpos($content,
124 "The IP Address you entered is NOT an active Tor server",
125 0, "UTF-8") === FALSE) {
126 fprintf(STDERR, "WARNING: tor check disabled\n");
129 // fprintf(STDERR, "WARNING: NOT an active Tor server on IP [%s]\n", $cmd->conn_ip);
133 tor_chk_postprocess($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_tor);
138 function timeout($cmd)
140 tor_chk_timeout_cb($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth);
144 class Proxy_chk_cmd extends CDS_cmd {
151 function Proxy_chk_cmd($cmd_cls, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth)
153 parent::__construct($cmd_cls, $ch);
155 $this->user_idx = $user_idx;
156 $this->user_sess = $user_sess;
157 $this->conn_ip = $conn_ip;
158 $this->is_auth = $is_auth;
162 class Proxy_chk_cmd_cls extends CDS_cmd_cls {
163 function Proxy_chk_cmd_cls()
165 parent::__construct("proxy_chk", 10);
167 $this->scan_headers = array(
169 'Http-X-Forwarded-For',
170 'Http-Forwarded-For',
174 'Http-Forwarded-For-Ip',
182 'Http-Proxy-Connection'
186 function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth, $headers)
188 if ($cds->dbg_get() > 0) {
189 fprintf(STDERR, "'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL');
192 foreach($this->scan_headers as $key){
193 //proxy detected? lets log...
194 if(array_key_exists($key, $headers)) {
195 // we already are behind a PROXY, this are our headers
196 proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, TRUE);
202 $opts = array( CURLOPT_HEADER => 0,
203 CURLOPT_RETURNTRANSFER => 1,
204 CURLOPT_FORBID_REUSE => true,
205 CURLOPT_HTTPHEADER => array('Connection: close'),
206 CURLOPT_POST => true,
207 CURLOPT_POSTFIELDS => array('conn_ip' => $conn_ip));
209 if (($ch = parent::pre_create($cds, PROXY_CHK_URL, $opts)) == FALSE)
212 if (parent::create($cds, $ch) == FALSE)
215 $cmd = new Proxy_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth);
216 $ctx->user[$user_idx]->pend_async++;
224 function process($cmd, $ret)
226 if ($this->dbg_get() > 2) {
227 fprintf(STDERR, "CURL: 'proxy_chk' process: curl_multi_getcontent\n");
228 fprintf(STDERR, "%s", print_r($ret, TRUE));
231 $content = curl_multi_getcontent($cmd->ch_get());
232 if ($this->dbg_get() > 0) { fprintf(STDERR, "'proxy_chk' process: [%s]\n", $content); }
235 if (mb_strpos($content, "is_proxy=true", 0, "UTF-8") !== FALSE) {
236 // fprintf(STDERR, "WARNING: stripos ok\n");
239 else if (mb_strpos($content, "is_proxy=false", 0, "UTF-8") === FALSE) {
240 fprintf(STDERR, "WARNING: proxy check disabled\n");
243 // fprintf(STDERR, "WARNING: NOT an active Proxy server on IP [%s]\n", $cmd->conn_ip);
247 proxy_chk_postprocess($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_proxy);
252 function timeout($cmd)
254 proxy_chk_timeout_cb($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth);
258 function tor_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_tor)
260 log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_tor: %s",
261 $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_tor ? "YES" : "NO")));
263 $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON
265 $brisk->user[$user_idx]->pend_async--;
268 function tor_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth)
270 log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s",
271 $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO")));
272 $brisk->user[$user_idx]->pend_async--;
275 function proxy_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_proxy)
277 log_cds(sprintf("proxy: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_proxy: %s",
278 $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_proxy ? "YES" : "NO")));
279 if (!$brisk->user[$user_idx]->is_auth() && $is_proxy) {
280 $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON
282 $brisk->user[$user_idx]->pend_async--;
285 function proxy_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth)
287 log_cds(sprintf("proxy timeout: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s",
288 $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO")));
289 $brisk->user[$user_idx]->pend_async--;