jpsagrisolution.com - UnknownSec 403

UnknownSec Bypass 403

: /var/www/html/adminpnl/ [ drwxr-xr-x ]
name : update_user.php
 <?php include "top.php";
if(isset($_POST['send'])){
  include "../config.php";
  $userid=mysqli_real_escape_string($conn,$_POST['user_id']);
  $usertype=mysqli_real_escape_string($conn,$_POST['usertype']);
  $canteen=mysqli_real_escape_string($conn,$_POST['canteen']);
  $username=mysqli_real_escape_string($conn,$_POST['username']);
  $password=mysqli_real_escape_string($conn,$_POST['password']);
  $mobileno=mysqli_real_escape_string($conn,$_POST['mobileno']);
  $modificationdatetime=date("Y-m-d");


  $sql = "UPDATE userdetailstb SET usertype='{$usertype}', username='{$username}', psw='{$password}', mobileno='{$mobileno}' WHERE userid={$userid}";
  if(mysqli_query($conn,$sql)) {
    header("Location: {$hostname}/adminpnl/user.php");
  }
}
?>
<style>
   select {
       -webkit-appearance: none;
       -moz-appearance: none;
       -ms-appearance: none;
       appearance: none;
       outline: 0;
       /*background: green;*/

       background-image: none;
       border: 1px solid #c3c3c3;
   }

   .select {
       position: relative;
       display: block;
       width: 20em;
       height: 3em;
       line-height: 3;
       width: 100%;
       /*background: #2C3E50;*/
       overflow: hidden;
       border-radius: .25em;
   }

   select {
       width: 100%;
       height: 100%;
       margin: 0;
       padding: 0 0 0 .5em;
       color: #000;
       cursor: pointer;
   }

   select::-ms-expand {
       display: none;
   }

   .select::after {
       content: '\25BC';
       position: absolute;
       top: 0;
       right: 0;
       bottom: 0;
       padding: 0 1em;
       background: #293462;
       pointer-events: none;
   }

   .select:hover::after {
       color: #F39C12;
   }

   <!-- For different browsers --> .select::after {
       -webkit-transition: .25s all ease;
       -o-transition: .25s all ease;
       transition: .25s all ease;
   }
   </style>
<!-- /contact-form -->
<section class="w3l-contact-main">
  <div class="contact-infhny py-5">
    <div class="container py-lg-3">
      <div class="title-content text-left mb-lg-4 mb-4">
        <h6 class="sub-title">Admin Login</h6>
        <h3 class="hny-title">Fill details to login in<span> ADMIN PANEL</span></h3>
      </div>
      <div class="row align-form-map">
        <div class="col-lg-12 form-inner-cont">
          <?php
                include "../config.php";
                $user_id=$_GET['id'];
                $sql="SELECT * FROM userdetailstb WHERE userid={$user_id}";
                $result=mysqli_query($conn,$sql) or die("Query Failed.");

                if(mysqli_num_rows($result)>0){
                  while ($row = mysqli_fetch_assoc($result)) {
                ?>
            <form  action="<?php $_SERVER["PHP_SELF"]; ?>" method ="POST" autocomplete="off" class="signin-form">
            <div class="form-input">
              <div class="form-input">
                  <input type="hidden" name="user_id"  value="<?php echo $row['UserID'];?>" placeholder="" >
              </div>
              <label for="w3lSender">Role*</label>
              <div class="select">
                  <select class="form-control" name="usertype" id="usertype" value="<?php echo $row['UserType']; ?>">
                      <?php
                        if($row['UserType'] == "Admin"){
                          echo "<option value='Super Admin'>Super Admin</option>
                                <option value='Admin' selected>Admin</option>";
                          }else {
                            echo "<option value='Super Admin' selected>Super Admin</option>
                                  <option value='Admin'>Admin</option>";
                          }
                      ?>
                  </select>
              </div>
            </div>
            <div class="form-input">
              <label for="w3lSender">Canteen*</label>
              <div class="select">
                  <select class="form-control" name="canteen" id="canteen" value="<?php echo $row['Canteen']; ?>">
                      <?php
                        if($row['Canteen'] == "Khatima"){
                          echo "<option value='Banbasa'>Banbasa CSD</option>
                                <option value='Khatima' selected>Khatima CSD</option>";
                          }else {
                            echo "<option value='Banbasa' selected>Banbasa CSD</option>
                                  <option value='Khatima'>Khatima CSD</option>";
                          }
                      ?>
                  </select>
              </div>
            </div>
            <div class="form-input">
              <label for="w3lSender">User Name*</label>
              <input type="text" name="username" id="username" value="<?php echo $row['UserName'];?>" placeholder="" required="" />
            </div>
            <div class="form-input">
              <label for="w3lSender">Password*</label>
              <input type="password" name="password" id="password" value="<?php echo $row['Psw'];?>" placeholder="" required="" />
            </div>
            <div class="form-input">
              <label for="w3lSender">Mobile No.*</label>
              <input type="text" name="mobileno" id="mobileno" value="<?php echo $row['MobileNo'];?>" placeholder="" required="" />
            </div>

            <button type="submit" name="send" class="btn btn-contact">Submit</button>

          </form>
          <?php
              }
            }
          ?>
        </div>
      </div>
    </div>
</section>
<!-- //contact-form -->


<?php include "footer.php";?>