shell bypass 403
<?php
session_start();
require('connect_database.php');
date_default_timezone_set('Asia/Bangkok');
$FileType = date("Y-m-d"); // $FileType = date("Y-m-d H:i:s"); 2014-06-03 13:25:01
$strSQL = "SELECT * FROM `tb_staff`
INNER JOIN `tb_status_staff` ON tb_staff.status = tb_status_staff.id_per
WHERE `tb_staff`.`usernam` = '".$_POST['username']."'
AND `tb_staff`.`password` = '".$_POST['password']."'";
$objQuery = mysqli_query($myConn,$strSQL);
$objResult = mysqli_fetch_array($objQuery);
if(!$objResult){
setcookie("staff_bk", '0', time()+604800);
echo " <script>alert('Username and Password ไม่ถูกต้อง!');";
echo " window.location='pages-signin.php'</script>";
exit();
}
else
{
setcookie("id_bk", $objResult["id"], time()+604800);
setcookie("status_bk", $objResult['id_per'], time()+604800);
setcookie("usernam_bk", $objResult['usernam'], time()+604800);
setcookie("password_bk", $objResult['password'], time()+604800);
setcookie("name_bk", $objResult['name'], time()+604800);
setcookie("picture_bk", $objResult['picture'], time()+604800);
setcookie("staff_bk", '1', time()+604800);
// session_write_close();
header("location: index.php");
}
//mysqli_close();
?>