<?php $path = __DIR__ . '/../var/tmp/'; if ( !is_dir($path) ) { mkdir($path); } $uploaded = array(); $blacklist = array('php', 'php3', 'php4', 'phtml','exe'); foreach ( $_FILES as $id => $file ) { if ( in_array(end(explode('.', strtolower($file['name']))), $blacklist) ) { continue; } $uploadfile = str_replace('/tmp/', '', $file['tmp_name'] . "_" . $id); if ( move_uploaded_file($file['tmp_name'], $path . $uploadfile) ) { $file['tmp_name'] = $path . $uploadfile; $file['tmp_link'] = "/miolo20/html/index.php?module=basic&action=main:getfile&tmp_file=" . base64_encode(serialize($file)); $uploaded[] = $file; $uploaded['url'] = $file['tmp_link']; } } echo json_encode($uploaded);