UnknownSec Bypass 403

: /var/www/html/clientpnl/ [ drwxr-xr-x ]
name : edit_mobileno.php <?php include "top.php"; if($_SESSION['pswchangeyesorno']=="0") { header("Location: change_password.php"); } ?> <script type="text/javascript"> $(document).ready(function(){ getmobileno(); } ); function getmobileno() { $.ajax({ method: 'POST', url: 'get_mobileno.php', data: '', dataType:"JSON", success:function(data) { document.getElementById("txtMobileNo").value=data; } }); } function editmobileno() { var flag = true; var inputField1 =document.getElementById("txtMobileNo"); if (inputField1.value == "") { flag = false; alert("Please enter mobile no."); document.getElementById("txtMobileNo").focus(); return false; } let text = "Do you want update mobile no"; if (confirm(text) == true) { var mobileno= document.getElementById("txtMobileNo").value; $.ajax({ method: 'POST', url: 'update_mobileno.php', data: '&mobileno=' + mobileno, dataType:"JSON", success:function(data) { if(data==1) { alert("Mobile no update successfully."); document.getElementById("txtMobileNo").value=""; } else { alert("There is problem to update mobile no"); } } }); } else { text = "You canceled!"; } } </script> <!-- /contact-form --> <section class="w3l-contact-main"> <div class="contact-infhny py-5"> <div class="container py-lg-3"> <div class="row align-form-map"> <div class="col-lg-10 title-content text-left mb-lg-4 mb-4"> <h4 class="hny-title mb-3">Welcome, <span><?php echo $_SESSION['username']; ?> !</span> View/Update Your Mobile No.</h4> </div> <div class="col-lg-12 form-inner-cont"> <label for="w3lSender">Mobile No. </label> <input type="email" name="w3lSender" id="txtMobileNo" placeholder="Enter your new mobile no." required="" /> <br><br> <button type="submit" style="width: 100%" name="send" id="btnlogin" onclick="editmobileno();" class="btn btn-contact">Update</button> </div> </br> </div> </div> </div> </section> <?php include "footer.php";?>