shell bypass 403
<table id="visaul" class="table table-bordered table-hover" style="background-color:white;">
<thead>
<tr>
<th>#</th>
<th>Project Name</th>
<th>Project Location</th>
<th>Project Owner</th>
<th>Project Create Date</th>
<th>Status Online</th>
<th>Setting</th>
<th>Edit</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php
include('../config/config.php');
$sql = "SELECT * FROM projects ";
if(($_POST['p'] == "T001" && $_POST['q'] == "C000")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' ";
}else if(($_POST['p'] == "T002" && $_POST['q'] == "C000")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' ";
}else if(($_POST['p'] == "T003" && $_POST['q'] == "C000")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' ";
}else if(($_POST['p'] == "T001" && $_POST['q'] == "C001")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T001" && $_POST['q'] == "C002")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T001" && $_POST['q'] == "C003")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T001" && $_POST['q'] == "C004")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T001" && $_POST['q'] == "C005")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T001" && $_POST['q'] == "C008")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T002" && $_POST['q'] == "C001")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T002" && $_POST['q'] == "C002")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T002" && $_POST['q'] == "C003")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T002" && $_POST['q'] == "C004")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T002" && $_POST['q'] == "C005")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T002" && $_POST['q'] == "C006")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T002" && $_POST['q'] == "C007")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T003" && $_POST['q'] == "C001")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T003" && $_POST['q'] == "C002")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T003" && $_POST['q'] == "C003")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T003" && $_POST['q'] == "C004")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T003" && $_POST['q'] == "C005")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T003" && $_POST['q'] == "C006")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}else if(($_POST['p'] == "T003" && $_POST['q'] == "C007")){
$p = $_POST['p'];
$q = $_POST['q'];
$sql .= "WHERE p_t_id = '".$p."' and p_c_id = '".$q."' ";
}
$res = $conn->query($sql);
$num = 0;
while($row = $res->fetch_assoc()){
?>
<tr>
<td><?php echo ++$num; ?></td>
<td><?php echo $row['p_name']; ?></td>
<td><?php echo $row['p_location']; ?></td>
<td><?php echo $row['p_owner']; ?></td>
<td><?php echo $row['p_create_at']; ?></td>
<td><?php if($row['p_status'] == 1){ echo '<p style="color:green">Online</p>'; }else{ echo '<p style="color:red">Offline</p>'; } ?></td>
<td> <?php
if($row['p_l_id'] == 1 ){
?>
<a href="set_image.php?q=<?php echo $row['p_id']; ?>" class="btn btn-info"><i class="fa fa-cog" aria-hidden="true"></i></a>
<?php }else if($row['p_l_id'] == 2){
?>
<a href="set_image2.php?q=<?php echo $row['p_id']; ?>" class="btn btn-info"><i class="fa fa-cog" aria-hidden="true"></i></a>
<?php
}else if($row['p_l_id'] == 3){ ?>
<a href="set_image3.php?q=<?php echo $row['p_id']; ?>" class="btn btn-info"><i class="fa fa-cog" aria-hidden="true"></i></a>
<?php
}else if($row['p_l_id'] == 4){
?>
<a href="set_image4.php?q=<?php echo $row['p_id']; ?>" class="btn btn-info"><i class="fa fa-cog" aria-hidden="true"></i></a>
<?php
}else{
?>
<a href="set_image5.php?q=<?php echo $row['p_id']; ?>" class="btn btn-info"><i class="fa fa-cog" aria-hidden="true"></i></a>
<?php
}
?>
</td>
<td> <a href="edit_project.php?q=<?php echo $row['p_id'] ?>" atr="<?php echo $row['p_id'] ?>" class="btn btn-warning edit_project" id="edit_project"><i class="fa fa-pencil" aria-hidden="true"></i></a></td>
<td><a href="#" atr="<?php echo $row['p_id'] ?>" class="btn btn-danger del_project" id="del_project"><i class="fa fa-trash-o" aria-hidden="true"></i></a></td>
</tr>
<?php }?>
</tbody>
</table>
<script>
$(function () {
$('#visaul').DataTable({
'paging' : true,
'lengthChange': true,
'searching' : true,
'ordering' : true,
'info' : true,
'autoWidth' : false
})
})
</script>
<script>
$(".del_project").click(function(){
var q = $(this).attr('atr');
if(confirm("Warning!! you want Delete Project Yes/No ?")){
$.ajax({
url:"del_project.php",
type:"POST",
data:{q:q},
}).done(function(data){
if(data == 1){
console.log(data);
$("#error_del_project").html('<div class="alert alert-success"><strong>Delete Project Complete</div>').delay(3000).fadeOut(function(){ window.location.href="project_list.php" });
}else{
console.log(data);
$("#error_del_project").html('<div class="alert alert-danger">Delete Project Not Complete</div>').delay(3000).fadeOut();
return false;
}
});
}else{
return false;
}
});
</script>