Anyone who has administered or moderated an IRC channel, bulletin board site or similar will recognize the scenario. A troublemaker, whether because what they're posting is abusive, illegal or just simply against the terms of service of the site or server in question is banned and reappears under a new identity and new IP address, courtesy of a proxy that has been left wide open and where the system administrator is, unsurprisingly, reticent in responding to your emails pleading with them to tighten up their security.
Nonetheless, whatever the practical reason, there may be a business case for checking that users connecting to your Web server are not using such an open proxy. Ultimately the means of doing this is simply to test the IP address that they claim to be coming through and see if it will accept you without authentication.
First of all we're going to wrap this all up into a function which accepts a simple parameter of the IP address ($IP) to check as a string and will return a Boolean response, as to whether the IP is an open proxy or not:

function isOpenProxy($IP) {
However, we're also going to define four variables too: the URL to which we're looking to connect to via the suspected proxy, our default return value, the socket timeout and which ports to try and connect through.
The last of these, in conjunction with the socket timeout, should be kept to a short list. The most common ports used by proxies are 80, 3128, 1080, 8080; although you could potentially connect via practically any port, but this would be impractical to check as each could require to time out as part of the check. Nonetheless we define our four variables:

$Ports = array(80312810808080);
$bOpenProxy false;
$Timeout 5;
You'll note I've defined my ports as an array, so that I may loop through them when attempting to connect thus:

foreach ($Ports as $Port){
$fp fsockopen($IP$Port$errno$errstr$Timeout);
If we don't get an error straight away, we send our request. You'll note that some of the headers are slightly different to your standard HTTP request, in that first of all we include the full URL and not just the file path in the GET and add Host and Proxy-Connection headers to the request.

if ($errno == ) {
$FPut "GET http://".$URL."/ HTTP/1.0\r\n";
$FPut .= "Proxy-Connection: Keep-Alive\r\n";
$FPut .= "Pragma: no-cache\r\n";
$FPut .= "Host: ".$URL."\r\n";
$FPut .= "User-Agent: Proxy-Validator\r\n";
$FPut .= "\r\n";
$HTTP_Response fgets($fp128);
strlen(stristr($HTTP_Response"200")) > 0){
$bOpenProxy true;
Of our response, should we get one, we actually only require the first line to check if a HTTP 200 response has been returned, telling us that the proxy returned us the requested page. Then, and only then, do we change the value of our retuned value to true, which we will return once we've cleaned up any open sockets:

The greatest limitation to this check, as you'll have guessed, is timeouts; even at a value of five seconds, checking the above ports could take as long as twenty seconds. Thus it should be used sparingly, such as when a user attempts to log in, and should also not be taken as a definitive test either.
However, this can be a useful additional tool to filter out unwanted visitors to your Web server.