UnknownSec Bypass 403

: /var/www/cotutilitydash/ [ drwxrwxr-x ]
name : mst_curd_user.php <?php require_once "config.php"; $msg=""; $creationdatetime = date("Y-m-d H:m:s"); $name=$_POST['name']; $mobile=$_POST['mobile']; $username=$_POST['username']; $psw=$_POST['psw']; $usertype=$_POST['usertype']; $id= $_POST['id']; $userid=0; $btnopration= $_POST['btnopration']; if($btnopration=="SAVE") { $query="select * from createusertb Where isdeleted='" . $gnotdeleted . "' "; $noofuser= get_noof_rows($conn,$query); if($noofuser<10) { $query="select * from createusertb Where username='".$username."' and isdeleted='" . $gnotdeleted . "' "; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $query="insert into createusertb(name,username,upassword,usertype,mobileno,isdeleted,userid,creationdatetime) values('".$name."','".$username."','".$psw."','".$usertype."','".$mobile."','".$gnotdeleted."','".$userid."','".$creationdatetime."')"; $result=insertrecord($conn,$query); if($result==true) $msg="Record save successfully"; else $msg="There is problem to save Record"; } else { $msg="Record is already exist"; } } else { $msg="only ten users are allowed."; } } else if($btnopration=="UPDATE") { $query="select * from createusertb Where id!='".$id."' and username='".$username."' and isdeleted='" . $gnotdeleted . "' "; $cnt= get_noof_rows($conn,$query); if($cnt==0) { $sql="update createusertb set name='".$name."', username='".$username."',upassword='".$psw."', usertype='".$usertype."',mobileno='".$mobile."' where id='".$id."' "; $result=updaterecord($conn,$sql); if($result==true) $msg= "Record update successfully"; else $msg="There is problem to save Record"; } else { $msg="Record is already exist"; } } else if($btnopration=="UPDATE") { } echo json_encode ($msg); ?>