From 37a8760fe1ab34e54a6e929a4ba1cf22d579d742 Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@users.mediawiki.org>
Date: Wed, 10 Mar 2004 14:24:40 +0000
Subject: [PATCH] proxy check

---
 includes/DefaultSettings.php |  4 ++++
 includes/EditPage.php        | 40 ++++++++++++++++++++++++++++++++++++
 includes/proxy_check.php     | 30 +++++++++++++++++++++++++++
 languages/Language.php       |  4 ++++
 4 files changed, 78 insertions(+)
 create mode 100644 includes/proxy_check.php

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index fc1aff1a88..332d486a8b 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -129,6 +129,10 @@ $wgSysopRangeBans		= false; # Allow sysops to ban IP ranges
 $wgDefaultBlockExpiry	= "24 hours"; # default expiry time
                                 # strtotime format, or "infinite" for an infinite block
 $wgAutoblockExpiry		= 86400; # Number of seconds before autoblock entries expire
+$wgBlockOpenProxies = false; # Automatic open proxy test on edit
+$wgProxyPorts = array( 80, 81, 1080, 3128, 8080 );
+$wgProxyScriptPath = "$IP/proxy_check.php";
+$wgProxyMemcExpiry = 86400;
 
 # Client-side caching:
 $wgCachePages       = true; # Allow client-side caching of pages
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 1e224d10b4..a6556489ee 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -188,6 +188,7 @@ class EditPage {
 			$this->edittime = $this->mArticle->getTimestamp();
 			$this->textbox1 = $this->mArticle->getContent(true);
 			$this->summary = "";
+			$this->proxyCheck();
 		}
 		$wgOut->setRobotpolicy( "noindex,nofollow" );
 		
@@ -405,7 +406,46 @@ htmlspecialchars( $wgLang->recodeForEdit( $this->textbox1 ) ) .
 		$wgOut->returnToMain( false );
 	}
 
+	# Forks processes to scan the originating IP for an open proxy server
+	# MemCached can be used to skip IPs that have already been scanned
+	function proxyCheck()
+	{
+		global $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath;
+		global $wgIP, $wgUseMemCached, $wgMemc, $wgDBname, $wgProxyMemcExpiry;
+		
+		if ( !$wgBlockOpenProxies ) {
+			return;
+		}
+		
+		# Get MemCached key
+		$skip = false;
+		if ( !$wgUseMemCached ) {
+			$mcKey = "$wgDBname:proxy:ip:$wgIP";
+			$mcValue = $wgMemc->get( $mcKey );
+			if ( $mcValue ) {
+				$skip = true;
+			}
+		}
 
+		# Fork the processes
+		if ( !$skip ) {
+			$title = Title::makeTitle( NS_SPECIAL, "Blockme" );
+			$url = $title->getFullURL();
+			foreach ( $wgProxyPorts as $port ) {
+				$params = implode( " ", array(
+				  escapeshellarg( $wgProxyScriptPath ),
+				  escapeshellarg( $wgIP ),
+				  escapeshellarg( $port ),
+				  escapeshellarg( $url )
+				));
+				exec( "php $params &>/dev/null &" );
+			}
+			# Set MemCached key
+			if ( $wgUseMemCached ) {
+				$wgMemc->set( $mcKey, 1, $wgProxyMemcExpiry );
+			}
+		}
+	}
 }
 
 ?>
diff --git a/includes/proxy_check.php b/includes/proxy_check.php
new file mode 100644
index 0000000000..a739e78c06
--- /dev/null
+++ b/includes/proxy_check.php
@@ -0,0 +1,30 @@
+<?php
+
+# Command line script to check for an open proxy at a specified location
+
+# Exit if there are not enough parameters, or if it's not command line mode
+
+if ( ( isset( $_REQUEST ) && array_key_exists( "argv", $_REQUEST ) ) || count( $argv ) < 4 ) {
+	exit();
+}
+
+# Get parameters
+$ip = $argv[1];
+$port = $argv[2];
+$url = $argv[3];
+
+# Open socket
+$sock = fsockopen($ip, $port, $errno, $errstr, 5);
+if ($errno == 0 ) {
+	# Send payload
+	$request = "GET $url HTTP/1.0\r\n";
+	$request .= "Proxy-Connection: Keep-Alive\r\n";
+	$request .= "Pragma: no-cache\r\n";
+	$request .= "Host: ".$url."\r\n";
+	$request .= "User-Agent: MediaWiki open proxy check\r\n";
+	$request .= "\r\n";
+	fputs($sock, $request);
+	$response = fgets($sock, 128);
+	fclose($sock);
+}
+?>
diff --git a/languages/Language.php b/languages/Language.php
index 49af2bcaca..d6389fac8f 100644
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -394,6 +394,7 @@ $wgLanguageNamesEn =& $wgLanguageNames;
 	"Whatlinkshere" => "",
 	"Recentchangeslinked" => "",
 	"Movepage"		=> "",
+	"Blockme"       => "",
 	"Booksources"	=> "External book sources",
 #	"Categories"	=> "Page categories",
 	"Export"		=> "XML page export",
@@ -1277,6 +1278,9 @@ the list of currently operational bans and blocks.",
 "range_block_disabled"	=> "The sysop ability to create range blocks is disabled.",
 "ipb_expiry_invalid"	=> "Expiry time invalid.",
 "ip_range_invalid"	=> "Invalid IP range.\n",
+"proxyblocker"	=> "Proxy blocker",
+"proxyblockreason"	=> "Your IP address has been blocked because it is an open proxy. Please contact your Internet service provider or tech support and inform them of this serious security problem.",
+"proxyblocksuccess"	=> "Done.\n",
 
 # Developer tools
 #
-- 
2.20.1