shell bypass 403
<?php
include('../config/config.php');
date_default_timezone_set("Asia/Bangkok");
$project_name = $_POST['project_name'];
$project_desc = mysqli_real_escape_string($conn,$_POST['project_desc']);
$layout = $_POST['layout'];
$location = $_POST['location'];
$owner = $_POST['owner'];
$types = $_POST['types'];
$cats = $_POST['cats'];
$im_cover = $_FILES['im_cover']['tmp_name'];
$images_is = isset($_FILES['file']);
if(isset($_POST['title_youtube'])){
$title_youtube = $_POST['title_youtube'];
}
if($images_is){
$title_image = $_FILES['file']['tmp_name'];
}
if($title_youtube != "" || $title_youtube != null){
$type_image = $_FILES['im_cover']['type'];
$title_youtube = substr( $title_youtube ,32,11);
$images_name1 = $_FILES['im_cover']['name'];
$date_current = date("l jS \of F Y h:i:s A");
$upload_path = md5($project_name.$location.$date_current);
$images2 = mkdir("../upload/".$upload_path."/",0777);
chmod("../upload/".$upload_path."/",0777);
$images = "upload/".$upload_path."/".md5($date_current.$_FILES['im_cover']['size']).$images_name1;
$images1 = $_FILES['im_cover']['tmp_name'];
$file = strtolower($_FILES["im_cover"]["name"]);
$type= strrchr($file,".");
if($type == ".mp4"){
$types_video = "1";
}else{
$types_video = "2";
}
$images_2 = "upload/".$upload_path."/".md5($date_current.$_FILES['im_cover']['size']).$images_name1;
move_uploaded_file($_FILES['im_cover']['tmp_name'],"../upload/".$upload_path."/".md5($date_current.$_FILES['im_cover']['size']).$_FILES["im_cover"]["name"]);
$sql = "INSERT INTO projects (p_tt,p_im_show,p_l_id,p_t_id,p_c_id,p_name,p_desc,p_location,p_owner,p_typecover)";
$sql .= " VALUE ('".$title_youtube."','".$images."',".$layout.",'".$types ."','".$cats."','".$project_name."','". $project_desc ."','". $location."','". $owner ."','".$types_video."')";
}else if($title_image != "" || $title_image != null){
$images = $_FILES['file']['tmp_name'];
$images_name = $_FILES['file']['name'];
$date_current = date("l jS \of F Y h:i:s A");
$upload_path = md5($project_name.$location.$date_current);
$images2 = mkdir("../upload/".$upload_path."/",0777);
chmod("../upload/".$upload_path."/",0777);
$images = "upload/".$upload_path."/".md5($date_current.$_FILES['file']['size']).$images_name;
$images1 = $_FILES['im_cover']['tmp_name'];
$images_name1 = $_FILES['im_cover']['name'];
$file = strtolower($_FILES["im_cover"]["name"]);
$type= strrchr($file,".");
if($type == ".mp4"){
$types_video = "1";
}else{
$types_video = "2";
}
$images_2 = "upload/".$upload_path."/".md5($date_current.$_FILES['im_cover']['size']).$images_name1;
move_uploaded_file($_FILES['file']['tmp_name'],"../upload/".$upload_path."/".md5($date_current.$_FILES['file']['size']).$_FILES["file"]["name"]);
move_uploaded_file($_FILES['im_cover']['tmp_name'],"../upload/".$upload_path."/".md5($date_current.$_FILES['im_cover']['size']).$_FILES["im_cover"]["name"]);
$sql = "INSERT INTO projects (p_tt,p_im_show,p_l_id,p_t_id,p_c_id,p_name,p_desc,p_location,p_owner,p_typecover)";
$sql .= " VALUE ('".$images."','".$images_2."',".$layout.",'".$types ."','".$cats."','".$project_name."','". $project_desc ."','". $location."','". $owner ."','".$types_video."')";
}else{
echo 0;
exit;
}
$res = $conn->query($sql);
if($res === TRUE){
echo 1;
}else{
echo 0;
}
?>