File Upload Not Uploading Files on File Extension Check

Question

While checking the file extension of uploaded images, my code always returns false, resulting in the image not being uploaded. The images uploaded have the appropriate extensions.

My questions is why is it not accepting the file? If the check is taken out the file, it is successfully uploaded.

FYI, there are other checks, so don't fret that this is my only security check. It's just that this is the one that is causing all the problems.

$name = $_FILES['file']['name'];
$tmp_name = $_FILES['file']['tmp_name'];
$pre_ext = explode(".", $tmp_name);
$ext = end($pre_ext);   

if (getimagesize($tmp_name) != false)
{
    //below is the check that is causing all the problems
    if ($ext == "PNG" || $ext == "png" || $ext == "jpg" || $ext == "JPG" || $ext == "jpeg" || $ext == "JPEG" || $ext == "GIF" || $ext == "gif"){
        if ($_FILES['file']['error'] == 0)      
        {
            move_uploaded_file($tmp_name, 'post_images/' . $name);
        }       
    }   
}

Answer 1

$name = $_FILES['file']['name'];
$tmp_name = $_FILES['file']['tmp_name'];
$pre_ext = explode(".", $name);

Should fix it. I recommend to check the file itself, and not only the extension. tmp_name is the temp name on your server, usually something like /tmp/random8y7ofad9