UnknownSec Bypass 403

: /var/www/html/clientpnl/ [ drwxr-xr-x ]
name : grocery_liquor_status.php <?php require_once "../config.php"; require_once "../conclass.php"; session_start(); $regisid= $_SESSION["regisid"]; $canteenname= $_SESSION["usercanteenname"]; $todaydate=Date("Y-m-d"); $mon=Date("m"); $year=Date("Y"); $lastDayThisMonth = date("Y-m-t"); $lastdate= $lastDayThisMonth; $message="0"; $query="Select * from bookingtb where regisid='".$regisid."' and itemcategory='Grocery and Liquor' and year(bookingdatetime)='" . $year . "' and month(bookingdatetime)='". $mon. "' and isdeleted='" .$NotDeleted . "'"; $result = mysqli_query($conn, $query); $cnt = intval(mysqli_num_rows($result)); if($cnt>2) { $message="1"; } $query="Select * from bookingtb where regisid='".$regisid."' and (itemcategory='Grocery' or itemcategory='Liquor') and year(bookingdatetime)='" . $year . "' and month(bookingdatetime)='". $mon. "' and isdeleted='" .$NotDeleted . "'"; $result = mysqli_query($conn, $query); $cnt = intval(mysqli_num_rows($result)); if($cnt==4) { $message="1"; } $query="Select * from customerregistrationtb where regisid='".$regisid."'"; $result = mysqli_query($conn, $query); while($row = mysqli_fetch_array($result)) { if($row["cuspassword"]=="12345678") { $message="2"; } } echo json_encode($message); ?>