shell bypass 403
<?php
//function autoload
spl_autoload_register(function($class) {
include("../admin_login/classess/".$class.".php");
});
$sqlfun = new sqlfunction();
$admin = new admin_login();
if(isset($_POST['mobile']) && isset($_POST['pin']) && isset($_POST['token']))
{
$secretKey = $_POST['pin'];
$deviceToken = $_POST['token'];
$mobile = $_POST['mobile'];
$p_id = $admin->verifyCredentials3($deviceToken, $secretKey,$mobile);
if($p_id)
{
//$cnd = "parent_id = '$p_id'";
//$check = $sqlfun->fetchdata("player",$cnd);
$check = $sqlfun->query("select reg_date,p_f_name,p_mobile from player where parent_id = '$p_id' order by p_id desc");
if($check->rowCount() > 0)
{
while($row = $check->fetch(PDO::FETCH_OBJ)){
$row->p_mobile = substr($row->p_mobile, 8);
$row1[] = $row;
}
echo json_encode(array("res"=>"success","msg"=>"data found","data"=>$row1));
}
else
{
echo json_encode(array("res"=>"failure","msg"=>"not found","data"=>array()));
}
}
else
{
echo json_encode(array("res"=>"failure","msg"=>"not valid","data"=>new stdClass()));
}
}
else
{
echo json_encode(array("res"=>"failure","msg"=>"param not found","data"=>array()));
}