+
+ function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth, $headers)
+ {
+ GLOBAL $G_proxy_white_list;
+
+ if ($cds->dbg_get() > 0) {
+ fprintf(STDERR, "'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL');
+ }
+
+ if ($is_auth) {
+ proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, FALSE);
+ return FALSE;
+ }
+
+ foreach($G_proxy_white_list as $authproxy) {
+ if ($conn_ip == $authproxy) {
+ proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, FALSE);
+ return (FALSE);
+ }
+ }
+
+ foreach($this->scan_headers as $key){
+ //proxy detected? lets log...
+ if(array_key_exists($key, $headers)) {
+ // we already are behind a PROXY, this are our headers
+ proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, TRUE);
+ return TRUE;
+ }
+ }
+
+ do {
+ $opts = array( CURLOPT_HEADER => 0,
+ CURLOPT_RETURNTRANSFER => 1,
+ CURLOPT_FORBID_REUSE => true,
+ CURLOPT_HTTPHEADER => array('Connection: close'),
+ CURLOPT_POST => true,
+ CURLOPT_POSTFIELDS => array('conn_ip' => $conn_ip));
+
+ if (($ch = parent::pre_create($cds, PROXY_CHK_URL, $opts)) == FALSE)
+ break;
+
+ if (parent::create($cds, $ch) == FALSE)
+ break;
+
+ $cmd = new Proxy_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth);
+ $ctx->user[$user_idx]->pend_async++;
+
+ return $cmd;
+ } while (FALSE);
+
+ return FALSE;
+ }
+
+ function process($cmd, $ret)
+ {
+ if ($this->dbg_get() > 2) {
+ fprintf(STDERR, "CURL: 'proxy_chk' process: curl_multi_getcontent\n");
+ fprintf(STDERR, "%s", print_r($ret, TRUE));
+ }
+
+ $content = curl_multi_getcontent($cmd->ch_get());
+ if ($this->dbg_get() > 0) { fprintf(STDERR, "'proxy_chk' process: [%s]\n", $content); }
+
+ $is_proxy = FALSE;
+ if (mb_strpos($content, "is_proxy=true", 0, "UTF-8") !== FALSE) {
+ // fprintf(STDERR, "WARNING: stripos ok\n");
+ $is_proxy = TRUE;
+ }
+ else if (mb_strpos($content, "is_proxy=false", 0, "UTF-8") === FALSE) {
+ fprintf(STDERR, "WARNING: proxy check disabled\n");
+ }
+ else {
+ // fprintf(STDERR, "WARNING: NOT an active Proxy server on IP [%s]\n", $cmd->conn_ip);
+ ;
+ }
+
+ proxy_chk_postprocess($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_proxy);
+
+ return TRUE;
+ }
+
+ function timeout($cmd)
+ {
+ proxy_chk_timeout_cb($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth);
+ }
+}
+
+function tor_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_tor)
+{
+ log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_tor: %s",
+ $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_tor ? "YES" : "NO")));
+ if ($is_tor) {
+ $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON
+ }
+ $brisk->user[$user_idx]->pend_async--;
+}
+
+function tor_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth)
+{
+ log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s",
+ $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO")));
+ $brisk->user[$user_idx]->pend_async--;
+}
+
+function proxy_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_proxy)
+{
+ log_cds(sprintf("proxy: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_proxy: %s",
+ $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_proxy ? "YES" : "NO")));
+ if ($is_proxy) {
+ $brisk->kickuser_by_sess($user_sess, 6); // GHOST_SESS_REAS_PROX
+ }
+ $brisk->user[$user_idx]->pend_async--;
+}
+
+function proxy_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth)
+{
+ log_cds(sprintf("proxy timeout: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s",
+ $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO")));
+ $brisk->user[$user_idx]->pend_async--;