forked from newburns/osCommerce-234-bootstrap-wADDONS
/
aas.php
62 lines (47 loc) · 2.04 KB
/
aas.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?php
/*
Alternative Administration System
Version: 0.3
Created By John Barounis, johnbarounis.com
Website: http://www.alternative-administration-system.com
Information: returns online users number and time in json
*/
chdir('../../../../');
require('includes/application_top.php');
if(!isset($_SERVER['HTTP_X_AAS'])) die;
if(isset($sessionTimeout)){
$dataType = (isset($_POST['dataType']) ? $_POST['dataType'] : 'html');
if($dataType=='json') echo json_encode(array('response'=>'aasSessionTimeout'));
else echo'aasSessionTimeout';
die;
}
if($_SERVER['HTTP_X_AAS']!==$_SESSION['admin']['AAS']['ajaxToken']) die;
defined('AAS') or define('AAS', 1);
header('Cache-Control: no-cache, must-revalidate');
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Content-type: application/json; charset=utf-8');
header("access-control-allow-origin: *");
if(isset($sessionTimeout)) $json=json_encode(array('aasSessionTimeout'));
else{
$json = json_encode(array(time() * 1000, tep_db_num_rows(tep_db_query("select ip_address from " . TABLE_WHOS_ONLINE))));
}
# JSON if no callback
if( ! isset($_GET['callback'])) exit($json);
# JSONP if valid callback
if(is_valid_callback($_GET['callback'])) exit("{$_GET['callback']}($json)");
# Otherwise, bad request
header('status: 400 Bad Request', true, 400);
function is_valid_callback($subject){
$identifier_syntax
= '/^[$_\p{L}][$_\p{L}\p{Mn}\p{Mc}\p{Nd}\p{Pc}\x{200C}\x{200D}]*+$/u';
$reserved_words = array('break', 'do', 'instanceof', 'typeof', 'case',
'else', 'new', 'var', 'catch', 'finally', 'return', 'void', 'continue',
'for', 'switch', 'while', 'debugger', 'function', 'this', 'with',
'default', 'if', 'throw', 'delete', 'in', 'try', 'class', 'enum',
'extends', 'super', 'const', 'export', 'import', 'implements', 'let',
'private', 'public', 'yield', 'interface', 'package', 'protected',
'static', 'null', 'true', 'false');
return preg_match($identifier_syntax, $subject)
&& ! in_array(mb_strtolower($subject, 'UTF-8'), $reserved_words);
}
?>