How can I assign a unique circuit to each user in php-tor more correctly? Now I use CURL and in a clever way generate a unique circuit for each user. But is it really unique?
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'site.onion');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:9050');
curl_setopt($ch, CURLOPT_PROXYUSERPWD, 'user'.$user_id.':password');
curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
$result = curl_exec($ch);
curl_close($ch);
Using CURLOPT_PROXYUSERPWD with different $user_id allows you to generate different IP addresses.
How correct is this method to use? The IP does change and it turns out that each user has a unique one, but does the chain itself change? Or are all these IP addresses under the same chain?
I installed tor on the server like this:
apt-get install tor
This is what Tor Browser does to isolate requests for a specific domain to single circuit. Each SOCKS request with the same credentials re-use the same circuit (as long as it's alive) and for new credentials a new circuit is created.
The result is that each request with a different set of credentials uses a different circuit and should have different middle and exit nodes. The guard node is unlikely to change between circuits.
As long as the circuits remain active and functional, requests with those credentials will use the same circuit.
Based on your question, this is the correct method to use and each user will get a unique circuit. Depending on how many you create, there's no guarantee that every single circuit will have a different exit node because exits are limited.
In a previous answer here I wrote up some info on how to monitor Tor logs so you can isolate stream events to figure out which circuits they belong to and ultimately what nodes the circuit is built from. You might find that useful for your purposes and if you DM me I can share some unpublished PHP code for doing all of this automatically through the Tor controller.