I have a simple PHP upload script I have started. I am not the best to PHP. Just looking for some suggestions.

I want to limit my script to only .JPG, .JPEG, .GIF and .PNG

Is this possible?

<?php
/*
    Temp Uploader
*/

    # vars
    $mx=rand();
    $advid=$_REQUEST["advid"];
    $hash=md5(rand);

    # create our temp dir
    mkdir("./uploads/tempads/".$advid."/".$mx."/".$hash."/", 0777, true);

    # upload dir
    $uploaddir = './uploads/tempads/'.$advid.'/'.$mx.'/'.$hash.'/';
    $file = $uploaddir . basename($_FILES['file']['name']);

    // I was thinking of a large IF STATEMENT HERE ..

    # upload the file
    if (move_uploaded_file($_FILES['file']['tmp_name'], $file)) {
      $result = 1;
    } else {
      $result = 0;
    }

    sleep(10);
    echo $result;

?>

Yes, quite easily. But first off, you need some extra bits:

// never assume the upload succeeded
if ($_FILES['file']['error'] !== UPLOAD_ERR_OK) {
   die("Upload failed with error code " . $_FILES['file']['error']);
}

$info = getimagesize($_FILES['file']['tmp_name']);
if ($info === FALSE) {
   die("Unable to determine image type of uploaded file");
}

if (($info[2] !== IMAGETYPE_GIF) && ($info[2] !== IMAGETYPE_JPEG) && ($info[2] !== IMAGETYPE_PNG)) {
   die("Not a gif/jpeg/png");
}

Relevant docs: file upload errors, getimagesize and image constants.

File path isn't necessarily the best way to check if an image really is an image. I could take a malicious javascript file, rename it to have the .jpg extension, and upload it. Now when you try to display it in your website, I may have just compromised your site.

Here is a function to validate it really is an image:

<?php
  function isImage($img){
      return (bool)getimagesize($img);
  }
?>

try this:

<?php

function isimage(){
$type=$_FILES['my-image']['type'];     

$extensions=array('image/jpg','image/jpe','image/jpeg','image/jfif','image/png','image/bmp','image/dib','image/gif');
    if(in_array($type, $extensions)){
        return true;
    }
    else
    {
        return false;
    }
}

    if(isimage()){
        //do codes..
    }

?>

Or take a look at: http://php.net/manual/en/function.pathinfo.php

if (substr($_FILES["fieldName"]["name"], strlen($_FILES["fieldName"]["name"])-4) == ".jpg")
{
    if(move_uploaded_file($_FILES["fieldName"]["tmp_name"],$path."/".$_FILES['fieldName']['name']))
    {
        echo "image sucessfully uploaded!";
    }
}

similarly you can check for other image formats too.