UnknownSec Bypass 403

: /var/www/html/adminpnl/ [ drwxr-xr-x ]
name : add_user.php <?php include "top.php"; /*if(isset($_POST['send'])){ include "../config.php"; $usertype=mysqli_real_escape_string($conn,$_POST['usertype']); $canteen=mysqli_real_escape_string($conn,$_POST['canteen']); $username=mysqli_real_escape_string($conn,$_POST['username']); $password=mysqli_real_escape_string($conn,$_POST['password']); $mobileno=mysqli_real_escape_string($conn,$_POST['mobileno']); $isdeleted=0; $active=1; $creationdatetime=date("Y-m-d"); $modificationdatetime=date("Y-m-d"); $sql = "SELECT username FROM userdetailstb WHERE username = '{$username}' and usertype='{$usertype}' and isdeleted=0 and active=1"; $result = mysqli_query($conn,$sql) or die("Query Failed."); if(mysqli_num_rows($result) > 0){ //echo "<p style='color:red;text-align:center;margin:10px 0'>Username already Exists.</p>"; echo "<div class='alert alert-danger'>User name already exists.</div>"; }else{ $sql1 = "INSERT INTO userdetailstb (usertype,username,psw,mobileno,isdeleted,active,creationdatetime,modificationdatetime,canteenname) VALUES('{$usertype}','{$username}','{$password}','{$mobileno}',{$isdeleted},{$active},'{$creationdatetime}','{$modificationdatetime}','{$canteen}')"; if(mysqli_query($conn,$sql1)) { header("Location: {$hostname}/adminpnl/user.php"); } } }*/ ?> <style> select { -webkit-appearance: none; -moz-appearance: none; -ms-appearance: none; appearance: none; outline: 0; /*background: green;*/ background-image: none; border: 1px solid #c3c3c3; } .select { position: relative; display: block; width: 20em; height: 3em; line-height: 3; width: 100%; /*background: #2C3E50;*/ overflow: hidden; border-radius: .25em; } select { width: 100%; height: 100%; margin: 0; padding: 0 0 0 .5em; color: #000; cursor: pointer; } select::-ms-expand { display: none; } .select::after { content: '\25BC'; position: absolute; top: 0; right: 0; bottom: 0; padding: 0 1em; background: #293462; pointer-events: none; } .select:hover::after { color: #F39C12; } <!-- For different browsers --> .select::after { -webkit-transition: .25s all ease; -o-transition: .25s all ease; transition: .25s all ease; } </style> <!-- /contact-form --> <section class="w3l-contact-main"> <div class="contact-infhny py-5"> <div class="container py-lg-3"> <div class="title-content text-left mb-lg-4 mb-4"> <h6 class="sub-title">Manage User</h6> <h3 class="hny-title">Fill details to Create<span> NEW USER</span></h3> </div> <div class="row align-form-map"> <div class="col-lg-12 form-inner-cont"> <form action="save_user.php" method ="POST" autocomplete="off" class="signin-form"> <!--<form action="<?php $_SERVER["PHP_SELF"]; ?>" method ="POST" autocomplete="off" class="signin-form">--> <div class="form-input"> <label for="w3lSender">Role*</label> <div class="select"> <select name="usertype" id="usertype"> <option value="Super Admin">Super Admin</option> <option value="Admin">Admin</option> </select> </div> </div> <div class="form-input"> <label for="w3lSender">Canteen*</label> <div class="select"> <select name="canteen" id="canteen"> <option value="Banbasa CSD">Banbasa CSD</option> <option value="Khatima CSD">Khatima CSD</option> </select> </div> </div> <div class="form-input"> <label for="w3lSender">User Name*</label> <input type="text" name="username" id="username" placeholder="" required="" /> </div> <div class="form-input"> <label for="w3lSender">Password*</label> <input type="password" name="password" id="password" placeholder="" required="" /> </div> <div class="form-input"> <label for="w3lSender">Mobile No.*</label> <input type="text" name="mobileno" id="mobileno" placeholder="" required="" /> </div> <button type="submit" style="width: 100%" name="send" class="btn btn-contact">Submit</button> </form> </div> </div> </div> </section> <!-- //contact-form --> <?php include "footer.php";?>