Hi guys,

I have an upload site that allows files to be uploaded then downloaded via URL.

Code:
<?php
ob_start();

session_start();

$extensions = array("jpg", "png","jpeg", "gif", "zip", "rar", "swf", "tiff", "bmp", "txt", "fla", "7z", "tar", "gz", "iso", 

"dmg", "mp3", "wav", "m4a", "aac", "doc", "docx", "xls", "rtf", "ppt", "bsd", "exe", "psd", "c4d", "pdf", "dwg", "max", "ipa", 

"vtf", "iam", "ipt", "flv", "cap", "scr");
$maxsize = 104288000;
$server = "http://www.andredomain.com";

$name = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$size = $_FILES['file']['size'];

$random = md5(uniqid(rand(), true));
$random = substr($random, 0, 20);

if (!$name || !$temp || !$size)
{
   echo "Go back and select a file.";
   exit();
}

foreach ($_FILES as $file)
{
 if ($file['tmp_name'] != null) 
 {
	$thisext1=explode(".", strtolower($file['name']));
	$thisext=$thisext1[count($thisext1)-1];
  if (!in_array($thisext, $extensions))
  {
    echo "That file type is not allowed.";
   exit(); 
  }
 }
}

if ($size > $maxsize)
{
   echo "File size too big.";
   exit();
}

$destination = 'Uploads/' . $random ;
mkdir($destination);
move_uploaded_file($temp, $destination."/".$name);

$final = $server."/".$destination."/".$name;

$contents = file_get_contents("http://is.gd/create.php?format=simple&url=$final");


?>
Now i want to move the Uploads directory 1 level up from the root. Would this be the right way?

Code:
<?php
ob_start();

session_start();

$extensions = array("jpg", "png","jpeg", "gif", "zip", "rar", "swf", "tiff", "bmp", "txt", "fla", "7z", "tar", "gz", "iso", 

"dmg", "mp3", "wav", "m4a", "aac", "doc", "docx", "xls", "rtf", "ppt", "bsd", "exe", "psd", "c4d", "pdf", "dwg", "max", "ipa", 

"vtf", "iam", "ipt", "flv", "cap", "scr");
$maxsize = 104288000;
$server = "/var/www/vhosts/andredomain.com/Uploads";

$name = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$size = $_FILES['file']['size'];

$random = md5(uniqid(rand(), true));
$random = substr($random, 0, 20);

if (!$name || !$temp || !$size)
{
   echo "Go back and select a file.";
   exit();
}

foreach ($_FILES as $file)
{
 if ($file['tmp_name'] != null) 
 {
	$thisext1=explode(".", strtolower($file['name']));
	$thisext=$thisext1[count($thisext1)-1];
  if (!in_array($thisext, $extensions))
  {
    echo "That file type is not allowed.";
   exit(); 
  }
 }
}

if ($size > $maxsize)
{
   echo "File size too big.";
   exit();
}

$destination = '../uploads/' . $random ;
mkdir($destination);
move_uploaded_file($temp, $destination."/".$name);

$final = $server."/".$destination."/".$name;

$contents = file_get_contents("http://is.gd/create.php?format=simple&url=$final");

$filesource = '/var/www/vhosts/andredomain.com/Uploads';

$myfile = file_get_contents('$filesource."/".$destination."/".$name');


?>

<?php ob_start(); ?>

<!DOCTYPE html>
<html>
<head>
<title>File Uploaded!</title>
<link rel="stylesheet" href="style.css" type="text/css">
<link REL="SHORTCUT ICON" HREF="images/favicon.ico">
</head>
<body>
	<div id="topbar">
		<div class="content">
			<div class="logo"><img src="images/logo.png" height="90"/></div>
		</div>
	</div>
	<div id="navbar">
		<ul>
			<li><a href="http://www.uploadvillage.com" id="active">Uploaded! Back Home?</a></li>
			<li><a href="http://www.uploadvillage.com/tos.php">TOS</a></li>
			<li><a href="http://www.uploadvillage.com/faq.php">FAQ</a></li>
			<li><a href="http://www.uploadvillage.com/contact.php">Contact Us</a></li>
			<li><a href="http://www.uploadvillage.com/donate.php">Donate</a></li>
		</ul>
</span>
</center>
<div id="main"><center>
     <div id="side1"><br><BR><BR>
<br /><strong>Uploaded!</strong><br />       
        <span class="small">
        <br />
Bypass  Filter (SHORT URL):<br />




<input type="text" size="10" onClick=select() value="<?php echo  $contents;?>" READONLY><p />

        Direct download :<br />
        <input type="text" size="28" onClick=select() value="<?php echo $final; ?>" READONLY><p />
        Forum Code download/view:<br />
        <input type="text" size="38" onClick=select() value="<?php echo $final; ?>" READONLY><p />
<a href="<?php echo $server; ?>/delete.php?filename=<?php echo $name; ?>&folder=<?php echo $destination; ?>">Delete your file?

</a>

        </span>	
				<div class="clear"></div></center>
			</div></CENTER>
<br><center><span class="small">&copy; Upload Village 2010.</span></center>
<center><a href="http://www.facebook.com/pages/UploadVillagecom/186225441417890"><img src="images/facebook.ico"></a></center>
		</div>
		</div>
		<div class="clear"></div>
	</div>
</body>
<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-17632658-8']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
</html>