From 7e0484fb876edee227daeb71e17792d25ad92e88 Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@users.mediawiki.org>
Date: Mon, 28 Mar 2005 15:19:24 +0000
Subject: [PATCH] Support for SORBS DNSBL

---
 includes/DefaultSettings.php |  5 +++++
 includes/User.php            | 42 ++++++++++++++++++++++++++++++++++--
 languages/Language.php       |  3 +++
 3 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 755c091eca..a8e6bce757 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -1217,6 +1217,11 @@ $wgSortSpecialPages = true;
  */
 $wgDisabledActions = array();
 
+/**
+ * Use http.dnsbl.sorbs.net to check for open proxies
+ */
+$wgEnableSorbs = true;
+
 } else {
 	die();
 }
diff --git a/includes/User.php b/includes/User.php
index 9fb1fd0bdd..5f0e2c2ca8 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -251,8 +251,8 @@ class User {
 	 * just slightly outta sync and soon corrected - safer to block slightly more that less.
 	 * And it's cheaper to check slave first, then master if needed, than master always.
 	 */
-	function getBlockedStatus( $bFromSlave = false ) {
-		global $wgIP, $wgBlockCache, $wgProxyList;
+	function getBlockedStatus() {
+		global $wgIP, $wgBlockCache, $wgProxyList, $wgEnableSorbs;
 
 		if ( -1 != $this->mBlockedby ) { return; }
 
@@ -292,8 +292,46 @@ class User {
 				$this->mBlockreason = wfMsg( 'proxyblockreason' );
 			}
 		}
+
+		# DNSBL
+		if ( !$this->mBlockedby && $wgEnableSorbs ) {
+			if ( $this->inSorbsBlacklist( $wgIP ) ) {
+				$this->mBlockedBy = wfMsg( 'sorbs' );
+				$this->mBlockereason = wfMsg( 'sorbsreason' );
+			}
+		}
+			
 	}
 
+	function inSorbsBlacklist( $ip ) {
+		$fname = 'User::inSorbsBlacklist';
+		wfProfileIn( $fname );
+		
+		$found = false;
+		$host = '';
+		
+		if ( preg_match( '/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/', $ip, $m ) ) {
+			# Make hostname
+			for ( $i=4; $i>=1; $i-- ) {
+				$host .= $m[$i] . '.';
+			}
+			$host .= 'http.dnsbl.sorbs.net.';
+
+			# Send query
+			$ipList = gethostbynamel( $host );
+			
+			if ( $ipList ) {
+				wfDebug( "Hostname $host is {$ipList[0]}, it's a proxy!\n" );
+				$found = true;
+			} else {
+				wfDebug( "Requested $host, not found.\n" );
+			}
+		}
+
+		wfProfileOut( $fname );
+		return $found;
+	}
+	
 	/**
 	 * Check if user is blocked
 	 * @return bool True if blocked, false otherwise
diff --git a/languages/Language.php b/languages/Language.php
index 6895de81bc..4059730d95 100644
--- a/languages/Language.php
+++ b/languages/Language.php
@@ -1412,6 +1412,9 @@ the list of currently operational bans and blocks.',
 'proxyblocker'	=> 'Proxy blocker',
 'proxyblockreason'	=> 'Your IP address has been blocked because it is an open proxy. Please contact your Internet service provider or tech support and inform them of this serious security problem.',
 'proxyblocksuccess'	=> "Done.\n",
+'sorbs'         => 'SORBS DNSBL',
+'sorbsreason'   => 'Your IP address is listed as an open proxy in the [http://www.sorbs.net SORBS] DNSBL.',
+
 
 # Developer tools
 #
-- 
2.20.1