PHP Upload - Multiple files & Restrict file types

Question

I currently have an upload option for the user and it will upload to a folder, and update the database with the files name to then be retrieved later on.

I would like to be able to do multiple uploads and each uploaded file go into specific columns per the upload field they've selected and uploaded said file.

3 Browse sections (upload options), 1 being badgephoto, 2 being drivers license, 3 being social security card.

if possible upload each file into their own specified folder location.

I would like to also restrict all files in exception for image types, PDF, or document files.

I currently have the following.

if(isset($_POST['btn-upload']))
{    

    $file = rand(1000,100000)."-".$_FILES['file']['name'];
    $file_loc = $_FILES['file']['tmp_name'];
    $file_size = $_FILES['file']['size'];
    $file_type = $_FILES['file']['type'];
    $folder="badge/";

    // new file size in KB
    $new_size = $file_size/1024;  
    // new file size in KB

    // make file name in lower case
    $new_file_name = strtolower($file);
    // make file name in lower case

    $final_file=str_replace(' ',$FirstName,$new_file_name);

    if(move_uploaded_file($file_loc,$folder.$final_file))
    {
        $sql="UPDATE users t1 SET t1.badgephoto='$final_file', t1.badgetype='$file_type', t1.badgesize='$new_size' WHERE t1.API='$API'";

        mysql_query($sql);
        ?>
        <script>
        alert('successfully uploaded');
        window.location.href='badgephoto.php?success';
        </script>
        <?php
    }
    else
    {
?>
        <script>
        alert('error while uploading file');
        window.location.href='badgephoto.php?fail';
        </script>
        <?php
    }
}

HTML

    <form action="badgephoto.php" method="post" enctype="multipart/form-data">
    <input type="file" name="file" accept="application/msword, text/plain, application/pdf, image/*" /> <!-- would be badgephoto -->
    <input type="file" name="file_drivers" accept="application/msword, text/plain, application/pdf, image/*" />
    <input type="file" name="file_social" accept="application/msword, text/plain, application/pdf, image/*" />
    <button type="submit" name="btn-upload">Upload Badge Photo</button>
    </form>

Any help would be greatly appreciated.

Answer 1

if(isset($_POST['btn-upload']))
{    
    foreach ($_FILES as $key => $value) {
    $file = rand(1000,100000)."-".$_FILES[$key]['name'];
    $file_loc = $_FILES[$key]['tmp_name'];
    $file_size = $_FILES[$key]['size'];
    $file_type = $_FILES[$key]['type'];
    $folder="badge/";

    // new file size in KB
    $new_size = $file_size/1024;  
    // new file size in KB

    // make file name in lower case
    $new_file_name = strtolower($file);
    // make file name in lower case

    $final_file=str_replace(' ',$FirstName,$new_file_name);

    $allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF);
    $detectedType = exif_imagetype($file_loc);
    $fileTypecorrect = in_array($detectedType, $allowedTypes);


        if($new_size < 5120 && $fileTypecorrect){

            if(move_uploaded_file($file_loc,$folder.$final_file))
            {
                $sql="UPDATE users t1 SET t1.badgephoto='$final_file', t1.badgetype='$file_type', t1.badgesize='$new_size' WHERE t1.API='$API'";

                mysql_query($sql);
                ?>
                <script>
                alert('successfully uploaded');
                window.location.href='badgephoto.php?success';
                </script>
                <?php
            }
        }
    }
    else
    {
?>
        <script>
        alert('error while uploading file');
        window.location.href='badgephoto.php?fail';
        </script>
        <?php
    }
}