UnknownSec Bypass 403

: /var/www/zenithentcare/stmedicosoftware/ [ drwxrwxr-x ]
name : user_authentification.php <?php require_once "config.php"; $usertype = mysqli_real_escape_string($conn, $_POST['usertype']); $username= mysqli_real_escape_string($conn, $_POST['username']); $psw =mysqli_real_escape_string($conn, $_POST['psw']); $remember =mysqli_real_escape_string($conn, $_POST['rem']); //$msg=""; $data="0"; session_start(); ini_set('session_gc_maxtime', 10 * 365 * 24 * 60 * 60); $query = "select * from userdetailstb where username= '".$username."' and permissiontype='".$usertype."'"; $result = mysqli_query($conn, $query); while($row = mysqli_fetch_array($result)) { if($psw==$row['userpassword']){ if(!empty($remember)){ setcookie("username", $row["username"],time()+ (10 * 365 * 24 * 60 * 60)); setcookie("usertype", $row["permissiontype"],time()+ (10 * 365 * 24 * 60 * 60)); setcookie("userid", $row["userdetailsid"],time()+ (10 * 365 * 24 * 60 * 60)); setcookie("userpassword", $row["userpassword"],time()+ (10 * 365 * 24 * 60 * 60)); $_SESSION['username']= $row["username"]; $_SESSION['userid']= $row["userdetailsid"]; $_SESSION['usertype']= $row["permissiontype"]; $_SESSION["start"]=time(); $_SESSION["expire"]=$_SESSION["start"] + (10 * 365 * 24 * 60 * 60); if($row["permissiontype"]=="Doctor") { $_SESSION['doctorid']= $row["doctorid"]; } }else{ if(isset($_COOKIE["username"])){ setcookie("username", ""); } if(isset($_COOKIE["userid"])){ setcookie("userid", ""); } if(isset($_COOKIE["usertype"])){ setcookie("usertype", ""); } if(isset($_COOKIE["userpassword"])){ setcookie("userpassword", ""); } } $data="1"; }else{ $data="2"; } } $query="Select max(financialyearid) as financialyearid from financialyear"; $result1 = mysqli_query($conn, $query); while($row = mysqli_fetch_array($result1)) { $_SESSION['financialyearid']= $row["financialyearid"]; } // echo json_encode($msg); echo json_encode($data); ?>