PHP : UPLOAD

$pw = 'eko';
//direktori dimana skrip di jalankan
$dir = "D:/xampplite/htdocs/";
//tipe data yang di perbolehkan untuk upload
$types = array("application/octet-stream","text/plain","application/pdf","image/png","image/x-png","audio/wav","audio/mpeg","image/gif","image/jpeg","image/pjpeg","application/x-zip-compressed");

if((isset($_POST['submit'])) and ($_POST['pass'] == $pw))
{
//Shorten Variables
$tempor = $_FILES['upload']['tmp_name'];
$new_nama =$_FILES['upload']['name'];
$path = $_POST['subdir'];
$fullpath = $_SERVER['DOCUMENT_ROOT'].'/up_download/';
$fullpath = str_replace("..", "", str_replace("\.", "", str_replace("//", "/", $fullpath)));
$nama_baru = ereg_replace("[^a-z0-9._]", "", str_replace(" ", "_", str_replace("%20", "_", strtolower($new_nama) ) ) );

if ((in_array($_FILES['upload']['type'], $types)) and (!file_exists($fullpath.$nama_baru)))
{
move_uploaded_file($tempor,$fullpath . $nama_baru);

print "File $nama_baru {$FILES['upload']['size'] } bytes telah sukses di upload ke $fullpath
";
print "Mau lihat isinya
";
}
else
{
print "File {$_FILES[upload][name]} tidak bisa di upload, mungkin karena salah tipe data atau data telah ada.
";
$name = $_FILES['upload']['name'];
$type = $_FILES['upload']['type'];
$size = $_FILES['upload']['size'];
$tmp = $_FILES['upload']['name'];

print "Nama: $name
Type: $type
Size: $size
Tmp: $tmp
";
print "lihat isi folder";
}
}

print "

";
//print "";
print "Password :
";
print "File Upload :
";
print "";
?>