shell bypass 403
<?php
session_start();
if($_POST['f_name']!=' ' && $_POST['l_name'] != '' && $_POST['member']!=' ')
{
$fname= $_POST['f_name'];
$lname = $_POST['l_name'];
$subscription = $_POST['member'];
$source = $_POST['referral'];
$address = $_POST['add'];
$city = $_POST['city'];
$zip= $_POST['pcode'];
$state = $_POST['state'];
$email = $_POST['email'];
$contact = $_POST['p_number'];
if(isset($_POST['order_is_payment_online']))
$order_is_payment_online = $_POST['order_is_payment_online'];
if($order_is_payment_online[0] == 'Submit For Online Payment')
$submitProcess = 1;
else
$submitProcess = 0;
$subscrMemArr = array('Individual' => 'Individual Membership', 'Organazation' => 'Organazation Membership');
$order[] = array($subscrMemArr[$subscription], '100', '0', '100');
$order = serialize($order);
$_SESSION['myorder'] = $order;
$_SESSION['CustName'] = $fname;
$_SESSION['CustLastName'] = $lname;
$_SESSION['CustAddr'] = $address;
$_SESSION['CustDist'] = $city;
$_SESSION['CustState'] = '20';
$_SESSION['CustPin'] = $zip;
$_SESSION['CustEmail'] = $email;
$_SESSION['CustPhone'] = $contact;
$_SESSION['KnownSource'] = $source;
$_SESSION['grtotal'] = 100;
$_SESSION['submitProcess'] = $submitProcess;
$newURL = "http://".$_SERVER["HTTP_HOST"].'/order/process.php?path=c';
header('Location:'.$newURL);
exit();
}
?>