UnknownSec Bypass 403

: /var/www/jpsagrisolution/cpanel/ [ drwxr-xr-x ]
name : update_product.php <?php include "../panelassets/config.php"; if(empty($_FILES['new-image']['name'])){ $image_name=$_POST['old_image']; }else { $error=array(); $removefilename="product_images/".$_POST['old_image']; unlink($removefilename); $file_name=$_FILES['new-image']['name']; $file_size=$_FILES['new-image']['size']; $file_tmp=$_FILES['new-image']['tmp_name']; $file_type=$_FILES['new-image']['type']; $file_ext=explode('.',$file_name); $file_ext=strtolower(end($file_ext)); $extensions=array("jpeg","jpg","png"); if(in_array($file_ext,$extensions)===false){ $error[]="This extension file is not allowed, Please choose a JPG or PNG file."; } if($file_size > 2097152) { $error="File size must be 2mb or lower."; } $new_name=time()."-".basename($file_name); $target="product_images/".$new_name; $image_name=$new_name; if(empty($errors)==true) { move_uploaded_file($file_tmp,$target); } else { print_r($error); die(); } } session_start(); $userid=$_SESSION['adminid']; $productname=mysqli_real_escape_string($conn, $_POST['productname']); $price=mysqli_real_escape_string($conn, $_POST['price']); $long_desc=mysqli_real_escape_string($conn, $_POST['long_desc']); $description=mysqli_real_escape_string($conn, $_POST['long_description']); $modificationdatetime = date("Y-m-d H:m:s"); $data=0; $cnt=""; $query = "select count(0) as count from producttb where productname='".$productname."' and id!= '".$_POST["hdid"] ."' and isdeleted='".$notdeleted."'"; $result = mysqli_query($conn,$query); while($row = mysqli_fetch_array($result)) { $cnt= $row["count"]; } if($cnt=="0") { $sql="UPDATE producttb SET productname='{$productname}',price='{$price}',long_desc='{$long_desc}',description='{$description}',image_name='{$image_name}',modifyuserid='{$userid}',modificationdatetime='{$modificationdatetime}' WHERE id='".$_POST["hdid"] ."' "; if(mysqli_query($conn, $sql)){ $data=1; } }else { $data=2; } echo json_encode($data); ?>