shell bypass 403
<?php
include('../config/config.php');
$q = $_POST['q'];
$pro_name = $_POST['pro_name'];
$sql = "SELECT * FROM projects WHERE p_id = ".$q." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
$im_show = $row['p_im_show'];
$check_path = substr($im_show,7,32);
}
if(isset($_FILES['file1']['tmp_name'])){
$sql1 = "SELECT * FROM project_details WHERE pd_no = 1 and p_pd_id = ".$q."";
$res1 = $conn->query($sql1);
while($row1 = $res1->fetch_assoc()){
$test = substr($row1['im_pd_id'],0,6);
if($test == "upload"){
$oldPicture = "../".$row1['im_pd_id'];
if (file_exists($oldPicture)) {
unlink($oldPicture);
}
}
$images = $_FILES['file1']['tmp_name'];
$images_name = $_FILES['file1']['name'];
$upload_path = $check_path;
$images1 = "upload/".$upload_path."/".md5($date_current.$_FILES['file1']['size'].rand(1,1000000).time()).$images_name;
move_uploaded_file($_FILES['file1']['tmp_name'],"../".$images1);
$sql = "UPDATE project_details SET im_pd_id = '".$images1."' WHERE pd_no = 1 and p_pd_id = ".$q."";
$res = $conn->query($sql);
if($res == TRUE){
$check_1 = true;
}
}
}else{
$check_1 = TRUE;
}
if(isset($_FILES['file2']['tmp_name'])){
$sql2 = "SELECT * FROM project_details WHERE pd_no = 2 and p_pd_id = ".$q."";
$res2 = $conn->query($sql2);
while($row2 = $res2->fetch_assoc()){
$test = substr($row2['im_pd_id'],0,6);
if($test == "upload"){
$oldPicture = "../".$row2['im_pd_id'];
if (file_exists($oldPicture)) {
unlink($oldPicture);
}
}
$images = $_FILES['file2']['tmp_name'];
$images_name = $_FILES['file2']['name'];
$upload_path = $check_path;
$images2 = "upload/".$upload_path."/".md5($date_current.$_FILES['file2']['size'].rand(1,1000000).time()).$images_name;
move_uploaded_file($_FILES['file2']['tmp_name'],"../".$images2);
$sql = "UPDATE project_details SET im_pd_id = '".$images2."' WHERE pd_no = 2 and p_pd_id = ".$q." ";
$res = $conn->query($sql);
if($res == TRUE){
$check_2 = true;
}
}
}else{
$check_2 = TRUE;
}
if(isset($_FILES['file3']['tmp_name'])){
$sql3 = "SELECT * FROM project_details WHERE pd_no = 3 and p_pd_id = ".$q."";
$res3 = $conn->query($sql3);
while($row3 = $res3->fetch_assoc()){
$test = substr($row3['im_pd_id'],0,6);
if($test == "upload"){
$oldPicture = "../".$row3['im_pd_id'];
if (file_exists($oldPicture)) {
unlink($oldPicture);
}
}
$images = $_FILES['file3']['tmp_name'];
$images_name = $_FILES['file3']['name'];
$upload_path = $check_path;
$images3 = "upload/".$upload_path."/".md5($date_current.$_FILES['file3']['size'].rand(1,1000000).time()).$images_name;
move_uploaded_file($_FILES['file3']['tmp_name'],"../".$images3);
$sql = "UPDATE project_details SET im_pd_id = '".$images3."' WHERE pd_no = 3 and p_pd_id = ".$q." ";
$res = $conn->query($sql);
if($res == TRUE){
$check_3 = true;
}
}
}else{
$check_3 = TRUE;
}
if(isset($_FILES['file4']['tmp_name'])){
$sql4 = "SELECT * FROM project_details WHERE pd_no = 4 and p_pd_id = ".$q."";
$res4 = $conn->query($sql4);
while($row4 = $res4->fetch_assoc()){
$test = substr($row4['im_pd_id'],0,6);
if($test == "upload"){
$oldPicture = "../".$row4['im_pd_id'];
if (file_exists($oldPicture)) {
unlink($oldPicture);
}
}
$images = $_FILES['file4']['tmp_name'];
$images_name = $_FILES['file4']['name'];
$upload_path = $check_path;
$images4 = "upload/".$upload_path."/".md5($date_current.$_FILES['file4']['size'].rand(1,1000000).time()).$images_name;
move_uploaded_file($_FILES['file4']['tmp_name'],"../".$images4);
$sql = "UPDATE project_details SET im_pd_id = '".$images4."' WHERE pd_no = 4 and p_pd_id = ".$q." ";
$res = $conn->query($sql);
if($res == TRUE){
$check_4 = true;
}
}
}else{
$check_4 = TRUE;
}
if(($check_1 === true) and ($check_2 === true) and ($check_3 === true) and ($check_4 === true)){
echo 1;
}else{
echo 0;
}
?>