activate kickuser when no authorized user is behind proxy

[curl-de-sac.git] / web / Obj / curl-de-brisk.phh

diff --git a/web/Obj/curl-de-brisk.phh b/web/Obj/curl-de-brisk.phh
index 881cc23..47244fb 100755 (executable)
--- a/web/Obj/curl-de-brisk.phh
+++ b/web/Obj/curl-de-brisk.phh
@@ -186,26 +186,13 @@ class Proxy_chk_cmd_cls extends CDS_cmd_cls {
     function create($cds, $ctx, $user_idx, $user_sess, $conn_ip, $is_auth, $headers)
     {
         if ($cds->dbg_get() > 0) {
-            printf("'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL');
+            fprintf(STDERR, "'proxy_chk'::create url:[%s]\n", 'PROXY_CHK_URL');
         }
 
         foreach($this->scan_headers as $key){
             //proxy detected? lets log...
             if(array_key_exists($key, $headers)) {
                 // we already are behind a PROXY, this are our headers
-                if ($key == 'X-Proxy-ID') {
-                    if ($headers[$key] == '860705422')
-                        continue;
-                }
-                else if ($key == 'X-Forwarded-For') {
-                    if ($headers[$key] == '172.16.9.66')
-                        continue;
-                }
-                else if ($key == 'Via') {
-                    if ($headers[$key] == '1.1 172.16.8.1 (Mikrotik HttpProxy)')
-                        continue;
-                }
-
                 proxy_chk_postprocess($ctx, $user_idx, $user_sess, $conn_ip, $is_auth, TRUE);
                 return TRUE;
             }
@@ -289,7 +276,7 @@ function proxy_chk_postprocess($brisk, $user_idx, $user_sess, $conn_ip, $is_auth
 {
     log_cds(sprintf("proxy: user_idx: %d, user_sess: %s, conn_ip: %s, is_auth: %s, is_proxy: %s",
                     $user_idx, $user_sess, $conn_ip, ($is_auth ? "YES" : "NO"), ($is_proxy ? "YES" : "NO")));
-    if (FALSE && $is_proxy) {
+    if (!$brisk->user[$user_idx]->is_auth() && $is_proxy) {
         $brisk->kickuser_by_sess($user_sess, 5); // GHOST_SESS_REAS_ANON
     }
     $brisk->user[$user_idx]->pend_async--;