shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : add_money.php
<?php
//function autoload
       spl_autoload_register(function($class) {
  include("../admin_login/classess/".$class.".php");
});
        
        $sqlfun = new sqlfunction();
        $admin = new admin_login();
            
            date_default_timezone_set('Asia/Kolkata');
            if(isset($_POST['name']) && isset($_POST['mobile']) && isset($_POST['amount'])  && isset($_POST['transaction_id']) && isset($_POST['token'])  && isset($_POST['pin']))
                {
                    
                   // $date = $_POST['date'];
                   // $p_id = $_POST['p_id'];
                    $name = $_POST['name'];
                    $mobile = $_POST['mobile'];
                    $amount = $_POST['amount'];
                   // $time = $_POST['time'];
                    $transaction_id = $_POST['transaction_id'];
                    $deviceToken = $_POST['token'];
                    $secretKey = $_POST['pin'];
                    
                    $check_message = $sqlfun->query("select payment_preference,bonus_minimum_amnt,bonus_setting,bonus_percentage,intent_setting from message");
                    $row_message = $check_message->fetch(PDO::FETCH_OBJ);
                    $bonus_setting = $row_message->bonus_setting;
                    $bonus_percentage = $row_message->bonus_percentage;
                    $intent_setting = $row_message->intent_setting;
                    $bonus_minimum_amnt = $row_message->bonus_minimum_amnt;
                    $payment_preference = $row_message->payment_preference;
                    
                    $p_id = $admin->verifyCredentials3($deviceToken, $secretKey,$mobile);
                        if($p_id)
                        {
                            
                                            
                                    if($intent_setting == "manual"){
                                        $datas = array(
                                            "date" =>date("Y-m-d"),
                                            "player_id" =>$p_id,
                                            "p_name" =>$name,
                                            "p_mobile" =>$mobile,
                                            "amount" =>$amount,
                                            "time" =>date("H:i"),
                                            "transaction_id" =>$transaction_id,
                                            //"screenshot"=>"https://matkakingonline.co.in/screenshot/".$image_filename,
                                            "status" =>"Pending",
                                            );
                                            
                                            if($_FILES['photo']['name']){
                                                $image_name = $_FILES['photo']['name'];
                                                $image_type = $_FILES['photo']['type'];
                                                $image_tmp  = $_FILES['photo']['tmp_name'];
                                                $image_size = $_FILES['photo']['size'];
                                                $image_ext = pathinfo($image_name,PATHINFO_EXTENSION);
                                                $image_dir = "../screenshot/";
                                                $image_url = $image_dir.time()."screenshot.".$image_ext;
                                                $image_filename = ltrim($image_url,"../screenshot/");
                                                move_uploaded_file($image_tmp,$image_url);
                                                $datas["screenshot"]=$image_filename;
                                             }
                                            
                                            if($bonus_minimum_amnt <= $amount){
                                                if($bonus_setting == "yes"){
                                                    $bonus_amount = ceil($amount * $bonus_percentage/100);
                                                    $datas['bonus'] = $bonus_amount;
                                                }
                                            }
                                            
                                            // $check_setting = $sqlfun->query("select ");
                                            
                                            if($sqlfun->ins_data("add_money_request",$datas))
                                                {
                                                    $data = array("res"=>"success","msg" =>"request has been submitted successfully"); 
                                                }
                                                else
                                                {
                                                    $data = array("res"=>"failure","msg" =>"Something went wrong"); 
                                                }
                                    }
                                    else if($intent_setting == "automatic")
                                    {
                                        if($payment_preference == "payumoney")
                                        {
                                            // $datas = array(
                                            // "date" =>date("Y-m-d"),
                                            // "player_id" =>$p_id,
                                            // "p_name" =>$name,
                                            // "p_mobile" =>$mobile,
                                            // "amount" =>$amount,
                                            // "time" =>date("H:i:s"),
                                            // "transaction_id" =>$transaction_id,
                                            // //"screenshot"=>"https://matkakingonline.co.in/screenshot/".$image_filename,
                                            // "status" =>"Pending",
                                            // );
                                            
                                            // if($_FILES['photo']['name']){
                                            //     $image_name = $_FILES['photo']['name'];
                                            //     $image_type = $_FILES['photo']['type'];
                                            //     $image_tmp  = $_FILES['photo']['tmp_name'];
                                            //     $image_size = $_FILES['photo']['size'];
                                            //     $image_ext = pathinfo($image_name,PATHINFO_EXTENSION);
                                            //     $image_dir = "../screenshot/";
                                            //     $image_url = $image_dir.time()."screenshot.".$image_ext;
                                            //     $image_filename = ltrim($image_url,"../screenshot/");
                                            //     move_uploaded_file($image_tmp,$image_url);
                                            //     $datas["screenshot"]=$image_filename;
                                            //  }
                                            
                                            // if($bonus_minimum_amnt <= $amount){
                                            //     if($bonus_setting == "yes"){
                                            //         $bonus_amount = ceil($amount * $bonus_percentage/100);
                                            //         $datas['bonus'] = $bonus_amount;
                                            //     }
                                            // }
                                            
                                        
                                            
                                            // if($sqlfun->ins_data("add_money_request",$datas))
                                            //     {
                                                    $data = array("res"=>"success","msg" =>"request has been submitted successfully"); 
                                                // }
                                                // else
                                                // {
                                                //     $data = array("res"=>"failure","msg" =>"Something went wrong"); 
                                                // }
                                            
                                        }
                                        else if($payment_preference == "razorpay")
                                        {
                                             $data = array("res"=>"success","msg" =>"request has been submitted successfully");
                                        }
                                        else if($payment_preference == "cashfree")
                                        {
                                             $data = array("res"=>"success","msg" =>"request has been submitted successfully");
                                        }
                                        else if($payment_preference == "phonepay")
                                        {
                                        //      $datas = array(
                                        //     "date" =>date("Y-m-d"),
                                        //     "player_id" =>$p_id,
                                        //     "p_name" =>$name,
                                        //     "p_mobile" =>$mobile,
                                        //     "amount" =>$amount,
                                        //     "time" =>date("H:i"),
                                        //     "transaction_id" =>$transaction_id,
                                        //     //"screenshot"=>"https://matkakingonline.co.in/screenshot/".$image_filename,
                                        //     "status" =>"Pending",
                                        //   // "method"=>$_SERVER['REQUEST_METHOD']
                                        //     );
                                            
                                        //     //  if($_FILES['photo']['name']){
                                        //     //     $image_name = $_FILES['photo']['name'];
                                        //     //     $image_type = $_FILES['photo']['type'];
                                        //     //     $image_tmp  = $_FILES['photo']['tmp_name'];
                                        //     //     $image_size = $_FILES['photo']['size'];
                                        //     //     $image_ext = pathinfo($image_name,PATHINFO_EXTENSION);
                                        //     //     $image_dir = "../screenshot/";
                                        //     //     $image_url = $image_dir.time()."screenshot.".$image_ext;
                                        //     //     $image_filename = ltrim($image_url,"../screenshot/");
                                        //     //     move_uploaded_file($image_tmp,$image_url);
                                        //     //     $datas["screenshot"]=$image_filename;
                                        //     //  }
                                            
                                        //     if($bonus_minimum_amnt <= $amount){
                                        //         if($bonus_setting == "yes"){
                                        //             $bonus_amount = ceil($amount * $bonus_percentage/100);
                                        //             $datas['bonus'] = $bonus_amount;
                                                    
                                        //         }
                                        //     }
                                            
                                            
                                            
                                        //     if($sqlfun->ins_data("add_money_request",$datas))
                                        //         {
                                                   $data = array("res"=>"success","msg" =>"request has been submitted successfully"); 
                                                // }
                                                // else
                                                // {
                                                //     $data = array("res"=>"failure","msg" =>"Something went wrong"); 
                                                // }  
                                        }
                                        else if($payment_preference == "qrpay")
                                        {
                                           $transaction_id = strtotime(date('Y-m-d H:i:s')) . substr(microtime(), 2, 6);
                                           $datas = array(
                                            "date" =>date("Y-m-d"),
                                            "player_id" =>$p_id,
                                            "p_name" =>$name,
                                            "p_mobile" =>$mobile,
                                            "amount" =>$amount,
                                            "time" =>date("H:i"),
                                            "transaction_id" =>$transaction_id,
                                            //"screenshot"=>"https://matkakingonline.co.in/screenshot/".$image_filename,
                                            "status" =>"Pending",
                                           // "method"=>$_SERVER['REQUEST_METHOD']
                                            );
                                            
                                            
                                            
                                            if($bonus_minimum_amnt <= $amount){
                                                if($bonus_setting == "yes"){
                                                    $bonus_amount = ceil($amount * $bonus_percentage/100);
                                                    $datas['bonus'] = $bonus_amount;
                                                    
                                                }
                                            }
                                            
                                            
                                            
                                            if($sqlfun->ins_data("add_money_request",$datas))
                                                {
                                                    //
                                                        $url = 'https://pay.farmstofridge.co.in/api/create-order';
                                                        // Form data to be sent in the request
                                                        $data56 = [
                                                            'customer_mobile' => $mobile,
                                                            'user_token' => '69f4250ec35c351e8352473e203e3a18',
                                                            'amount' => $amount,
                                                            'order_id' => $transaction_id,
                                                            'redirect_url' => 'https://gutlooks.com/success.php',
                                                            'remark1' => $mobile,
                                                            'remark2' => $mobile
                                                        ];
                                                        
                                                        // Initialize cURL session
                                                        $ch = curl_init($url);
                                                        
                                                        // Set cURL options
                                                        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  // To return the response as a string
                                                        curl_setopt($ch, CURLOPT_POST, true);             // To send a POST request
                                                        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data56));  // Encode the data to application/x-www-form-urlencoded
                                                        
                                                        // Execute the request and get the response
                                                        $response = curl_exec($ch);
                                                        
                                                        // // Check for errors
                                                        // if(curl_errno($ch)) {
                                                        //     echo 'Error:' . curl_error($ch);
                                                        // } else {
                                                        //     echo 'Response:' . $response; // Print the response from the API
                                                        // }
                                                        
                                                        // Close the cURL session
                                                        curl_close($ch);
                                                    if($response){
                                                        $data = array("res"=>"success","msg" =>"request has been submitted successfully","data"=>json_decode($response));
                                                    }else{
                                                        $data = array("res"=>"failure","msg" =>"Something went wrong","data"=>new stdClass()); 
                                                    }
                                                }
                                                else
                                                {
                                                    $data = array("res"=>"failure","msg" =>"Something went wrong","data"=>new stdClass()); 
                                                }  
                                        }
                                        else{
                                        
                                         $datas = array(
                                            "date" =>date("Y-m-d"),
                                            "player_id" =>$p_id,
                                            "p_name" =>$name,
                                            "p_mobile" =>$mobile,
                                            "amount" =>$amount,
                                            "time" =>date("H:i"),
                                            "transaction_id" =>$transaction_id,
                                            //"screenshot"=>"https://matkakingonline.co.in/screenshot/".$image_filename,
                                            "status" =>"Approved",
                                           // "method"=>$_SERVER['REQUEST_METHOD']
                                            );
                                            
                                             if($_FILES['photo']['name']){
                                                $image_name = $_FILES['photo']['name'];
                                                $image_type = $_FILES['photo']['type'];
                                                $image_tmp  = $_FILES['photo']['tmp_name'];
                                                $image_size = $_FILES['photo']['size'];
                                                $image_ext = pathinfo($image_name,PATHINFO_EXTENSION);
                                                $image_dir = "../screenshot/";
                                                $image_url = $image_dir.time()."screenshot.".$image_ext;
                                                $image_filename = ltrim($image_url,"../screenshot/");
                                                move_uploaded_file($image_tmp,$image_url);
                                                $datas["screenshot"]=$image_filename;
                                             }
                                            
                                            if($bonus_minimum_amnt <= $amount){
                                                if($bonus_setting == "yes"){
                                                    $bonus_amount = ceil($amount * $bonus_percentage/100);
                                                    $datas['bonus'] = $bonus_amount;
                                                    
                                                }
                                            }
                                            
                                            
                                            
                                            if($sqlfun->ins_data("add_money_request",$datas))
                                                {
                                                    $add_last_id = $sqlfun->last_id();
                                                    //fetch wallet
                                                    $checkk_player = $sqlfun->query("select * from player where p_id = '$p_id'");
                                                    $roww_player = $checkk_player->fetch(PDO::FETCH_OBJ);
                                                    $wallet= $roww_player->wallet;
                                                      if($bonus_setting == "yes"){
                                                            $final_wallet = $bonus_amount + $amount + $wallet; 
                                                      }
                                                      else
                                                      {
                                                          $final_wallet = $amount + $wallet;
                                                      }
                                                    //
                                                    
                                                    $cnd_p_up = $checkk_player = $sqlfun->query("update player set wallet = '$final_wallet' where p_id = '$p_id'");
                                                    
                                                    $wallet_data = array(
                                                            "date" =>date("Y-m-d"),
                                                            "row_id"=>$add_last_id,
                                                            "type"=>"Recharge",
                                                            "user_id"=>$p_id,
                                                            "amount"=>$amount,
                                                            "left_balance"=>$final_wallet,
                                                        );
                                                        
                                                          if($bonus_setting == "yes"){
                                                             $wallet_data['bonus'] = $bonus_amount; 
                                                          }
                                                    $sqlfun->ins_data("wallet_history",$wallet_data);
                                                    
                                                    $data = array("res"=>"success","msg" =>"request has been submitted successfully"); 
                                                }
                                                else
                                                {
                                                    $data = array("res"=>"failure","msg" =>"Something went wrong"); 
                                                }  
                                    }
                                    }
                                                
                        }
                        else
                        {
                            $data = array("res"=>"failure","msg" =>"Invalid credentials"); 
                        }
                            
                            
                }else{
                    
                            $data = array("res"=>"failure","msg" =>"Invalid credentials 1");
                }
                echo json_encode($data);
        ?>
© 2026 GrazzMean