shell bypass 403
<?php
//function autoload
spl_autoload_register(function($class) {
include("../admin_login/classess/".$class.".php");
});
$sqlfun = new sqlfunction();
$admin = new admin_login();
if(isset($_POST['pin']) && $_POST['pin'] == "CA:DB:17:C3:E1:45:15:FA:D1:54:DD:56:EE:41:B4:E9:86:83:C9:95"){
if(isset($_POST['mble']) && isset($_POST['pswd']) && isset($_POST['token']))
{
$mble = $_POST['mble'];
$pswd = $_POST['pswd'];
$token = $_POST['token'];
$cnd = "p_mobile = '$mble' && pwdd = '$pswd'";
$check = $sqlfun->fetchdata("player",$cnd);
if($check->rowCount() > 0)
{
$cn = "p_mobile = '$mble'";
$da = array("device_token"=>$token);
$sqlfun->updated("player",$da,$cn);
$row = $check->fetch(PDO::FETCH_OBJ);
unset($row->device_token);
echo json_encode(array("res"=>"success","msg"=>"login successful","data"=>$row));
}
else
{
echo json_encode(array("res"=>"failure","msg"=>"wrong credentials","data"=>new stdClass()));
}
}
else
{
echo json_encode(array("res"=>"failure","msg"=>"mobile and password not found","data"=>new stdClass()));
}
}
else
{
echo json_encode(array("res"=>"failure","msg"=>"param not found","data"=>new stdClass()));
}
?>