Because you specifically ask about security:

• For comparing hashes like SHA, you should use hash_equals().

• If you are requiring the use of a password, you shouldn't use SHA-512. While it's certainly better than MD5, instead use bcrypt. Bcrypt is heavily recommended for password storage, especially long-term.

With bcrypt, instead of using hash() and hash_equals(), you would use password_hash() and password_verify().

• Should new directories really have read and execute permissions for the group and other users? Likewise, I would check the permissions of the file itself.

I would personally have the files as 0600 and directories as 0700 unless other permissions are needed.

• Checking the file extension is only helpful for preventing naive false uploads. On Linux and most UNIX-like operating systems, a file extension means very little (if anything). It could be any type of file with a JPEG extension, likewise anything could have a JPEG file extension.

I don't know about the rest of the code.

Because you specifically ask about security:

• For comparing hashes like SHA, you should use hash_equals().

• If you are requiring the use of a password, you shouldn't use SHA-512. While it's certainly better than MD5, instead use bcrypt. Bcrypt is heavily recommended for password storage, especially long-term.

  With bcrypt, instead of using hash() and hash_equals(), you would use password_hash() and password_verify().

• Should new directories really have read and execute permissions for the group and other users? Likewise, I would check the permissions of the file itself.

  I would personally have the files as 0600 and directories as 0700 unless other permissions are needed.

• Checking the file extension is only helpful for preventing naive false uploads. On Linux and most UNIX-like operating systems, a file extension means very little (if anything). It could be any type of file with a JPEG extension, likewise anything could have a JPEG file extension.

I don't know about the rest of the code.

Because you specifically ask about security:

• For comparing hashes, you should use hash_equals().

• If you are requiring the use of a password, you shouldn't use SHA-512. While it's certainly better than MD5, instead use bcrypt. Bcrypt is heavily recommended for password storage, especially long-term.

• Should new directories really have read and execute permissions for the group and other users? Likewise, I would check the permissions of the file itself. I would personally have the files as 0600 and directories as 0700 unless other permissions are needed.

• Checking the file extension is only helpful for preventing naive false uploads. In Linux, an "file extension" means very little (if anything). It could be any type of file with a JPEG extension, likewise anything could have a JPEG file extension.

I don't know about the rest of the code.

Because you specifically ask about security:

• For comparing hashes like SHA, you should use hash_equals().

• If you are requiring the use of a password, you shouldn't use SHA-512. While it's certainly better than MD5, instead use bcrypt. Bcrypt is heavily recommended for password storage, especially long-term.

With bcrypt, instead of using hash() and hash_equals(), you would use password_hash() and password_verify().

• Should new directories really have read and execute permissions for the group and other users? Likewise, I would check the permissions of the file itself.

I would personally have the files as 0600 and directories as 0700 unless other permissions are needed.

• Checking the file extension is only helpful for preventing naive false uploads. On Linux and most UNIX-like operating systems, a file extension means very little (if anything). It could be any type of file with a JPEG extension, likewise anything could have a JPEG file extension.

I don't know about the rest of the code.