<?php

die('File upload disabled. See code at <a href="index.php">index</a>.');

// Print out the $_FILES array so we can see what happened
echo '<pre>';
print_r($_FILES);
echo '</pre>';

// Make sure no error happened on file upload
if ($_FILES['upload']['error'] > 0)
{
    die("Error " . $_FILES['upload']['error']);
}

// Use regular expressions to whitelist allowed file extensions
if (!preg_match("/^[a-z0-9_-]+\.(jpg|gif)$/i",
    $_FILES['upload']['name']))
{
    die("Invalid file");
}

// Approach 2 to files: load them into GD, then spit them back out.
// This forces the output to actually be a JPEG file (or no file at all).
$img = imagecreatefromjpeg($_FILES['upload']['tmp_name']);
imagejpeg($img, "/uploads/" . $_FILES['upload']['name']);

// Approach 1 to files: simply move them somewhere.
if (!move_uploaded_file(
        $_FILES['upload']['tmp_name'],
        "/uploads/" . $_FILES['upload']['name'])
)
{
    die("Upload failed");
}
else
{
    die("Upload success");
}

?>