I’m sorry, I just saw the upload code without any authentication checks and assumed it was public. If it’s just used by you to administer the website, then the upload script is no problem.
I’m not that familiar with how file/image processing is supposed to work in plain PHP. I checked the documentation of the getimagesize() function (which apparently incorrectly detects the image as invalid) and did see this warning:
This function expects
filenameto be a valid image file. If a non-image file is supplied, it may be incorrectly detected as an image and the function will return successfully, but the array may contain nonsensical values.Do not use getimagesize() to check that a given file is a valid image. Use a purpose-built solution such as the Fileinfo extension instead.
Maybe using the recommended Fileinfo functions gives better results?