jpsagrisolution.com - UnknownSec 403

UnknownSec Bypass 403

: /var/www/jpsagrisolution/cpanel/product_images/sym/root/var/www/stbilling/cpanel/ [ drwxrwxr-x ]
name : manage_product.php
 <?php

require_once "../config.php";

session_start();
$userid=$_SESSION['userid'];
$financialyearid=$_SESSION['financialyearid'];
$productname = $_POST['productname'];
$hsncode = $_POST['hsncode'];
$unit = $_POST['unit'];
$salesprice = $_POST['salesprice'];
$cgst = $_POST['cgst'];
$sgst = $_POST['sgst'];
$igst = $_POST['igst'];

$hdid = $_POST['hdid'];
$btnopration = $_POST['btnopration'];
$creationdatetime = date("Y-m-d H:m:s");

$message= "";
$cnt="";

$query = "select count(0) as count from master where name='".$productname."'
          and  modificationdatetime is null and identifier='". $gproductidentifier."' and isdeleted='".$notdeleted."'";
$result = mysqli_query($conn, $query);
while ($row = mysqli_fetch_array($result)) {
    $message= $row["count"];
}


if ($btnopration=="Save") {
    if ($message=="0")
    {
    
    $query=" insert into master (name,salesprice,identifier,unit,financialyearid,createdbyid, creationdatetime,
            isdeleted, isactive,cgstinpercentage,sgstinPercentage,igstinpercentage,hsncode)
           values('{$productname}','{$salesprice}','{$gproductidentifier}','{$unit}','{$financialyearid}','{$userid}',
           '{$creationdatetime}','{$notdeleted}','{$gactive}','{$cgst}','{$sgst}','{$igst}','{$hsncode}')";
           
$result = mysqli_query($conn, $query);
    
    


        if ($result==true) {
            $message="1";
        }
    } else {
        $message="2";
    }
} elseif ($btnopration=="Update") {




    $query = "select count(0) as count from master where masterid!='".$hdid."'
              and name='".$productname."'  and  modificationdatetime is null and isdeleted='".$notdeleted."'";
              
    $result = mysqli_query($conn, $query);
    while ($row = mysqli_fetch_array($result)) {
        $data["count"]= $row["count"];
    }

    if ($data["count"]=="0") {




        $query= " Update master set modificationdatetime='".$creationdatetime."'
                 where masterid='".$hdid."'";
                mysqli_query($conn, $query);
                
            $query=" insert into master (name,salesprice,identifier,unit, financialyearid,createdbyid, creationdatetime,
            isdeleted, isactive,cgstinpercentage,sgstinPercentage,igstinpercentage,hsncode)
           values('{$productname}','{$salesprice}','{$gproductidentifier}','{$unit}','{$financialyearid}','{$userid}',
           '{$creationdatetime}','{$notdeleted}','{$gactive}','{$cgst}','{$sgst}','{$igst}','{$hsncode}')";
           
           
            $result=  mysqli_query($conn, $query);
            
            

        if ($result==true) {
            $message="3";
        }
    }

     else {
        $message="2";
    }
} elseif ($btnopration=="Delete") {

}
echo json_encode($message);
?>