// Checking file types of the uploaded file with known mime types list to prevent uploading unwanted files if(isset($_FILES) && count($_FILES)) { require_once BASEDIR.'includes/mimetypes_include.php'; $mime_types = mimeTypes(); foreach($_FILES as $each) { if(isset($each['name']) && strlen($each['tmp_name'])) { $file_info = pathinfo($each['name']); $extension = $file_info['extension']; if(array_key_exists($extension, $mime_types)) { if($mime_types[$extension]!=$each['type']) { die('Prevented an unwanted file upload attempt!'); } } /*else { //Let's disable this for now //almost impossible with provided array, but we throw an error anyways die('Unknown file type'); }*/ unset($file_info,$extension); } } unset($mime_types); }