<?php
session_start();
if(!isset($_SESSION['uid'])) { $err = 1; }
if($_SESSION['uid'] != 10022) { $err = 2; }

$valid_extensions = array('jpeg', 'jpg', 'png', 'gif', 'bmp');
$path = 'uploads/';

if(isset($_FILES['image']) && !$err) {
  $img = $_FILES['image']['name'];
  $tmp = $_FILES['image']['tmp_name'];
  $ext = strtolower(pathinfo($img, PATHINFO_EXTENSION));

  if(in_array($ext, $valid_extensions)) {					
	$path = $path.strtolower($img);		
	if(move_uploaded_file($tmp, $path))  {
	  echo "<img src='$path' title='$img' />";
	}
  } else {
	echo 'invalid';
  }
} elseif($err == 1) {
  echo 'noUser';
} elseif($err == 2) {
  echo 'noAcces';
}
?>