cds != NULL) { $brisk->cds->cmd_cls_deregister_all(); unset($brisk->cds); $brisk->cds = NULL; } // create cds $brisk->cds = new Curl_de_sac(); // create tor_chk_cls and proxy_chk_cls $tor_chk_cls = new Tor_chk_cmd_cls(); $proxy_chk_cls = new Proxy_chk_cmd_cls(); // registrer tor_chk_cls and proxy_chk_cls fprintf(STDERR, "MAIN: Register 'tor_chk_cls'\n"); if (($brisk->cds->cmd_cls_register($tor_chk_cls)) == FALSE) { fprintf(STDERR, "MAIN: 'tor_chk_cls' registration failed\n"); return (FALSE); } fprintf(STDERR, "MAIN: Register 'proxy_chk_cls'\n"); if (($brisk->cds->cmd_cls_register($proxy_chk_cls)) == FALSE) { fprintf(STDERR, "MAIN: 'proxy_chk_cls' registration failed\n"); return (FALSE); } return (TRUE); } function brisk_cds_execute($brisk, $ghost, $real_idx, $sess, $ip, $authenticate, $header) { if ($brisk->cds->execute("tor_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) { log_main("cds_execute failed"); } if ($brisk->cds->execute("proxy_chk", $brisk, $real_idx, $sess, $ip, $authenticate != FALSE, $header) == FALSE) { log_main("cds_execute failed"); } } /* * CDS commands stuff */ class Tor_chk_cmd extends CDS_cmd { var $ctx; var $user_idx; var $user_sess; var $conn_ip; var $is_auth; function Tor_chk_cmd($cmd_cls, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth) { parent::__construct($cmd_cls, $ch); $this->ctx = $ctx; $this->user_idx = $user_idx; $this->user_sess = $user_sess; $this->conn_ip = $conn_ip; $this->is_auth = $is_auth; } } class Tor_chk_cmd_cls extends CDS_cmd_cls { function Tor_chk_cmd_cls() { parent::__construct("tor_chk", 10); } function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth) { if ($cds->dbg_get() > 0) { fprintf(STDERR, "'tor_chk'::create url:[%s]\n", 'TOR_CHK_URL'); } do { $opts = array( CURLOPT_HEADER => 0, CURLOPT_RETURNTRANSFER => 1, CURLOPT_FORBID_REUSE => true, CURLOPT_HTTPHEADER => array('Connection: close'), CURLOPT_POST => true, CURLOPT_POSTFIELDS => array('QueryIP' => $conn_ip)); if (($ch = parent::pre_create($cds, TOR_CHK_URL, $opts)) == FALSE) break; if (parent::create($cds, $ch) == FALSE) break; $ctx->user[$user_idx]->pend_async++; $cmd = new Tor_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth); return $cmd; } while (FALSE); return FALSE; } function process($cmd, $ret) { if ($this->dbg_get() > 2) { fprintf(STDERR, "CURL: 'tor_chk' process: curl_multi_getcontent\n"); fprintf(STDERR, "%s", print_r($ret, TRUE)); } $content = curl_multi_getcontent($cmd->ch_get()); if ($this->dbg_get() > 0) { fprintf(STDERR, "'tor_chk' process: [%s]\n", $content); } $is_tor = FALSE; if (mb_strpos($content, "The IP Address you entered matches one or more active Tor servers", 0, "UTF-8") !== FALSE) { // fprintf(STDERR, "WARNING: stripos ok\n"); $is_tor = TRUE; } else if (mb_strpos($content, "The IP Address you entered is NOT an active Tor server", 0, "UTF-8") === FALSE) { fprintf(STDERR, "WARNING: tor check disabled\n"); } else { // fprintf(STDERR, "WARNING: NOT an active Tor server on IP [%s]\n", $cmd->conn_ip); ; } tor_chk_postprocess($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_tor); return TRUE; } function timeout($cmd) { tor_chk_timeout_cb($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth); } } class Proxy_chk_cmd extends CDS_cmd { var $ctx; var $user_idx; var $user_sess; var $conn_ip; var $is_auth; function Proxy_chk_cmd($cmd_cls, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth) { parent::__construct($cmd_cls, $ch); $this->ctx = $ctx; $this->user_idx = $user_idx; $this->user_sess = $user_sess; $this->conn_ip = $conn_ip; $this->is_auth = $is_auth; } } class Proxy_chk_cmd_cls extends CDS_cmd_cls { function Proxy_chk_cmd_cls() { parent::__construct("proxy_chk", 10); $this->scan_headers = array( 'Http-Via', 'Http-X-Forwarded-For', 'Http-Forwarded-For', 'Http-X-Forwarded', 'Http-Forwarded', 'Http-Client-Ip', 'Http-Forwarded-For-Ip', 'Via', 'X-Forwarded-For', 'Forwarded-For', 'X-Forwarded', 'Forwarded', 'Client-Ip', 'Forwarded-For-Ip', 'Http-Proxy-Connection' ); } function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth, $headers) { if ($cds->dbg_get() > 0) { fprintf(STDERR, "'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL'); } foreach($this->scan_headers as $key){ //proxy detected? lets log... if(array_key_exists($key, $headers)) { // we already are behind a PROXY, this are our headers proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, TRUE); return TRUE; } } do { $opts = array( CURLOPT_HEADER => 0, CURLOPT_RETURNTRANSFER => 1, CURLOPT_FORBID_REUSE => true, CURLOPT_HTTPHEADER => array('Connection: close'), CURLOPT_POST => true, CURLOPT_POSTFIELDS => array('conn_ip' => $conn_ip)); if (($ch = parent::pre_create($cds, PROXY_CHK_URL, $opts)) == FALSE) break; if (parent::create($cds, $ch) == FALSE) break; $cmd = new Proxy_chk_cmd($this, $ch, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth); $ctx->user[$user_idx]->pend_async++; return $cmd; } while (FALSE); return FALSE; } function process($cmd, $ret) { if ($this->dbg_get() > 2) { fprintf(STDERR, "CURL: 'proxy_chk' process: curl_multi_getcontent\n"); fprintf(STDERR, "%s", print_r($ret, TRUE)); } $content = curl_multi_getcontent($cmd->ch_get()); if ($this->dbg_get() > 0) { fprintf(STDERR, "'proxy_chk' process: [%s]\n", $content); } $is_proxy = FALSE; if (mb_strpos($content, "is_proxy=true", 0, "UTF-8") !== FALSE) { // fprintf(STDERR, "WARNING: stripos ok\n"); $is_proxy = TRUE; } else if (mb_strpos($content, "is_proxy=false", 0, "UTF-8") === FALSE) { fprintf(STDERR, "WARNING: proxy check disabled\n"); } else { // fprintf(STDERR, "WARNING: NOT an active Proxy server on IP [%s]\n", $cmd->conn_ip); ; } proxy_chk_postprocess($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth, $is_proxy); return TRUE; } function timeout($cmd) { proxy_chk_timeout_cb($cmd->ctx, $cmd->user_idx, $cmd->user_sess, $cmd->conn_ip, $cmd->is_auth); } } function tor_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_tor) { log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_tor: %s", $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_tor ? "YES" : "NO"))); if ($is_tor) { $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON } $brisk->user[$user_idx]->pend_async--; } function tor_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth) { log_cds(sprintf("tor: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s", $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"))); $brisk->user[$user_idx]->pend_async--; } function proxy_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth, $is_proxy) { log_cds(sprintf("proxy: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_proxy: %s", $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_proxy ? "YES" : "NO"))); if (!$brisk->user[$user_idx]->is_auth() && $is_proxy) { $brisk->kickuser_by_sess($user_sess, 6); // GHOST_SESS_REAS_PROX } $brisk->user[$user_idx]->pend_async--; } function proxy_chk_timeout_cb($brisk, $user_idx, $user_sess, $conn_ip, $is_auth) { log_cds(sprintf("proxy timeout: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s", $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"))); $brisk->user[$user_idx]->pend_async--; } ?>