shell bypass 403
<?php
include('../config/config.php');
$direc_name = $_POST['direc_name'];
$direc_posi = $_POST['direc_posi'];
$q = $_POST['q'];
if(isset($_FILES['file']['tmp_name'])){
$sql = "SELECT * FROM directors WHERE d_id = ".$q." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
$image = $row['d_image'];
@unlink("../".$image);
}
$images1 = $_FILES['file']['tmp_name'];
$images_name1 = $_FILES['file']['name'];
$images = "images/direc/".$images_name1;
move_uploaded_file($_FILES['file']['tmp_name'],"../images/direc/".$_FILES["file"]["name"]);
$sql = "update directors SET d_name = '".$direc_name ."',d_postion = '".$direc_posi."',d_image = '".$images."' WHERE d_id = ".$q."";
}else{
$sql = "update directors SET d_name = '".$direc_name ."',d_postion = '".$direc_posi."' WHERE d_id = ".$q."";
}
$res = $conn->query($sql);
if($res === TRUE ){
echo 1;
}else{
echo 0;
}
?>