<?php

$path = __DIR__ . '/../var/tmp/';
if ( !is_dir($path) )
{
    mkdir($path);
}

$uploaded = array();
$blacklist = array('php', 'php3', 'php4', 'phtml','exe');

foreach ( $_FILES as $id => $file )
{
    if ( in_array(end(explode('.', strtolower($file['name']))), $blacklist) )
    {
        continue;
    }

    $uploadfile = str_replace('/tmp/', '', $file['tmp_name'] . "_" . $id);

    if ( move_uploaded_file($file['tmp_name'], $path . $uploadfile) )
    {
        $file['tmp_name'] = $path . $uploadfile;
        $file['tmp_link'] = "/miolo20/html/index.php?module=basic&action=main:getfile&tmp_file=" . base64_encode(serialize($file));
        $uploaded[] = $file;
        $uploaded['url'] = $file['tmp_link'];
    }
}

echo json_encode($uploaded);