UnknownSec Bypass 403

: /var/www/html/adminpnl/ [ drwxr-xr-x ]
name : save_downloads.php <?php require_once "../config.php"; require_once "../conclass.php"; if(isset($_FILES['fileToUpload'])){ $error=array(); $file_name=$_FILES['fileToUpload']['name']; $file_size=$_FILES['fileToUpload']['size']; $file_tmp=$_FILES['fileToUpload']['tmp_name']; $file_type=$_FILES['fileToUpload']['type']; //$file_ext=strtolower(end(explode('.',$file_name))); $arr = explode(".", $file_name); $file_ext = strtolower(array_pop($arr)); //$fileName = array_shift($arr); $extensions=array("pdf","jpg","png","jpeg","doc"); if(in_array($file_ext,$extensions)===false){ $error[]="This extension file is not allowed, Please choose a JPG or PNG file."; } if($file_size > 2097152) { $error="File size must be 2mb or lower."; } $new_name=time()."-".basename($file_name); $target="downloads/".$new_name; $image_name=$new_name; if(empty($errors)==true){ move_uploaded_file($file_tmp,$target); }else{ print_r($error); die(); } } //session_start(); $downloadstitle=mysqli_real_escape_string($conn, $_POST['downloadstitle']); $date=date("d M, Y"); //$author=$_SESSION['userid']; echo $sql="INSERT INTO downloadstb(downloadstitle,file_name,added_on) VALUES('{$downloadstitle}','{$image_name}','{$date}')"; //$sql .="UPDATE category SET post=post+1 WHERE category_id={$category}"; if(mysqli_query($conn, $sql)) { header("Location: {$hostname}/adminpnl/downloads.php"); } else { echo '<div class="alert alert-danger">Query Failed.</div>'; } ?>