diff --git a/upload.php b/upload.php
index 3d4170f..3ad8018 100644
--- a/upload.php
+++ b/upload.php
@@ -4,10 +4,11 @@ include('config.php');
 
 if(isset($_FILES['upload'])) {
 	$extension = pathinfo($_FILES['upload']['name'], PATHINFO_EXTENSION);
-	$filename = generate_hash($hashlen) . '.' . $extension;
-	move_uploaded_file($_FILES['upload']['tmp_name'], $datadir . '/' . $filename);
-
-	echo json_encode(['datadir' => $datadir, 'filename' => $filename]);
+	if($extension == 'jpg' || $extension == 'jpeg' || $extension == 'png') {
+		$filename = generate_hash($hashlen) . '.' . $extension;
+		move_uploaded_file($_FILES['upload']['tmp_name'], $datadir . '/' . $filename);
+		echo json_encode(['datadir' => $datadir, 'filename' => $filename]);
+	}
 }
 
 function generate_hash(int $length) {