How to make file restriction

[Warptweet]

Umm... somebody tried helping before, but it didnt work.

How can I add a file extension restriction to this code?
I know this has been done a million times, but I dont know where to add a file extension restriction code in this... can you help me?

[code]<head><title>Warptweet.com - Uploader</title>
<style type="text/css">
<!--
body {background-color: white; color: white;}
a {color: white;}
a:hover {font-size: 110%;}
-->
</style>
</head>
<body>
<div align="center">
<fieldset>
<legend>Warptweet.com File Upload</legend>
<?php
if ($_FILES["file"]["error"] > 0)
  {
  echo "Error: " . $_FILES["file"]["error"] . "
";
  }
else
  {
  echo "Filename: " . $_FILES["file"]["name"] . "
";
  echo "Type: " . $_FILES["file"]["type"] . "
";
  echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb
";
  }
if (file_exists("filer/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "filer/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "http://www.warptweet.com/wh/filer/" . $_FILES["file"]["name"];
      }
?>
<center><a href="index.htm"><--Back Home[/url]</center>
</body>
</html> [/code]

[trq]

What kind of files are you wanting to accept? Judging a file by its extension is not secure. If you only want to allow images your best to use [url=http://php.net/getimagesize]getimagesize[/url], this will allways return false if the file is not an image.

[Warptweet]

I only want .gm6 files, .gm5 files, .gmd files, and .zip files to be allowed to be uploaded.

Regardless of security, it DOES cut the image file uploads being annoyingly uploaded.

[trq]

Well all you need do is check the extension against an array of extensions. Something like....

[code]
<?php
  $allowed = array('gm6','gm5','gmd','zip');
  foreach($_FILES as $file) {
    if (!inarray(substr($file['type'],-3,3),$allowed)) {
      // file not allowed.
    }
  }
?>
[/code]

[Warptweet]

The only thing is, I don't know WHERE inside the code to put that.

Could you put it in the right spot?
I'm afraid that if I put that code in the wrong line or spot inside my code, it might screw up.
Do you know where? If you can add it to my code, that would be great.

Thanks!

[SharkBait]

You could probably put it in the [code=php:0]else[/code] section below the [code=php:0] if($_FILES['file']['error'] > 0) [/code]

So if there were no file errors, then you look through the files that were uploaded and check to see if any were invalid extension.

If they were all the correct extention, then you can do you [code=php:0]move_uploaded_file()[/code] to move the tempoary file to the correct location.

[Warptweet]

Errrrr.... *cough*......

les de intelligance language?

Ummmm....
I dont get it.
Considering that code has the

<? php

and ends with the

?>

it kind confuses me what to take away and on, can you please do it for me?
I'm REALLY sorry, but at least all it takes is to copy and paste it onto my code. :D