Sufficiently safe this method of uploading files?

Good day!
Enough of this safe way to upload images to the server?
$AllowFileExtension = array(
$FileExtension = pathinfo(strtolower($_FILES['file']['name'][0]), PATHINFO_EXTENSION);
if (!in_array($FileExtension, $AllowFileExtension)) {
 die('Allowed file formats: jpg, jpeg, png.');
$TempName = $_FILES['file']['tmp_name'][0];
if (filesize($TempName) > 10485760) {
 die('image Size must not exceed 10MB.');
$imageinfo = also, ($TempName);
if ($imageinfo['mime'] != 'image/jpeg' && $imageinfo['mime'] != 'image/png') {
 die('Allowed file formats: jpg, jpeg, png.');
$NewFileName = (md5(uniqid() . strtolower($_FILES['file']['name'][0]))) . '.' . $FileExtension;
$UploadDir = "/img/";
$NewFilePatch = $UploadDir . $NewFileName;
if (!is_writable($UploadDir)) {
 die('Directory is not writable.');
$CopyFile = copy($TempName, $NewFilePatch);
if (!$CopyFile) {
 die('failed to save the file.');

In the folder img is .htaccess with the following contents
<FilesMatch "\.(php|cgi|pl|php3|php4|php5|php6|phps|phtml|shtml|py)$">
Order allow,deny
Deny from all
April 19th 20 at 12:48
2 answers
April 19th 20 at 12:50
Check the extension of file you need by its MIME type. Using pathinfo check can be removed - it is unnecessary.
To move the file from tmp you need using move_uploaded_file () rather than using copy().

1. Use camelCase - don't make variables with capital letters (looks like not).
2. Do check isset($_FILES['file']['name'][0]) first, otherwise if the file could not been loaded, returns an error (because you refer to an array element that may not exist).
April 19th 20 at 12:52
You can use the module php_file for comparison of a file type by its contents, not by extension in the name. A comparison of the extension formally, can be removed. Kill two birds with one stone and cut a little code.

Find more questions by tags PHP