files bypassing filetype selection in php

i've got if/else in place to make sure only certain 开发者_Python百科types of audio can be uploaded, but it doesn't seem to be working as other file types(images) are making it past my upload form. What's wrong with my code?

<?php 

 if($_POST['submit']=="in_mp3") 

{ 
$_FILES['file']['name'] = str_replace (" ", "", $_FILES['file']['name']);
if ($_FILES['file']['name'] != "") { 
        if (($_FILES['file']['type'] == "audio/mpeg" or "audio/ogg") || ($_FILES['file']['type'] == "application/force-download")) { 
            if ($_FILES["file"]["size"] < 6097152) {             
                    move_uploaded_file($_FILES["file"]["tmp_name"], "sound/" . $_FILES["file"]["name"]); 
                       echo "File has been stored in your uploads directory.";} 
else { echo "Please upload a file that is under 5 mb!";} 
} else { 
    echo "Please upload a mp3 or ogg file!"; 
    exit;} 
} else { echo "Please enter a file.";} 
} 

You need to edit your if condition. The problem is that you evaluate "audio/ogg", which is not equal to "", and therefore, your if condition is always met. Try:

if ($_FILES['file']['type'] == "audio/mpeg" || $_FILES['file']['type'] == "audio/ogg" || $_FILES['file']['type'] == "application/force-download") {

You could also check the file extension:

if (in_array(end(explode(".", $_FILES['file']['name'])), array('mpg','mpeg', 'm2v', 'mp2', 'mp3', 'ogv', 'oga', 'ogx', 'ogg', 'spx')))