where do i put these?

if($_FILES['myfile']['size'] > 1048576) { 

	die('ERROR: 1 MB file limit');

}

?>

$allowed_ext = array('doc','txt','rtf'); //add file extensions here...

$ext = end(explode('.',$_FILES['myfile']['name']);

if(!in_array($ext,$allowed_ext)){ 

	die('File extension not allowed');

}

?>

into this:

function display_upload_form()

{

echo <<


    

    

    



    



    






    
Pick a File Already.


    




    




    




Types Allowed: jpg, swf, gif, png, fla, zip, rar, txt, mp3, wav



Size Limit: 50 MB








    




    

    



DISPLAY_UPLOAD_FORM;

}



// File Upload ****************************************************************



function execute_upload()

{

    // root path

    $path = $_SERVER['DOCUMENT_ROOT'];



    // upload directory. path will originate from root.

    $dirname = '/zymn/uploads/';



    // permission settings for newly created folders

    $chmod = 0755;



    // create file vars to make things easier to read.

    $filename = $_FILES['myfile']['name'];

    $filesize = $_FILES['myfile']['size'];

    $filetype = $_FILES['myfile']['type'];

    $file_tmp = $_FILES['myfile']['tmp_name'];

    $file_err = $_FILES['myfile']['error'];

    $file_ext = strrchr($filename, '.');



    // check if user actually put something in the file input field.

    if (($file_err == 0) && ($filesize != 0))

    {

        // Check extension.

        if (!$file_ext)

        {

            unlink($file_tmp);

            die('File must have an extension.');

        }



        // extra check to prevent file attacks.

        if (is_uploaded_file($file_tmp))

        {

            /*

            * check if the directory exists

            * if it doesnt exist, make the directory

            */

            $dir = $path . $dirname;



            if (!is_dir($dir))

            {

                $dir = explode('/', $dirname);



                foreach ($dir as $sub_dir)

                {

                    $path .= '/' . $sub_dir;

                    if (!is_dir($path))

                    {

                        if (!mkdir($path, $chmod))

                        {

                            unlink($file_tmp);

                            die('Error: Directory does not exist and was unable to be created.');

                        }

                    }

                }

            }



            /*

            * copy the file from the temporary upload directory

            * to its final detination.

            */

            if (@move_uploaded_file($file_tmp, $dir . '/' . $filename))

            {

                // success!

                echo "



                
Done. Be happy.


                
View Your Stupid Friggin File: $filename




                ";

            }

            else

            {

                // error moving file. check file permissions.

                unlink($file_tmp);

                echo 'Error: Unable to move file to designated directory.';

            }

        }

        else

        {

            // file seems suspicious... delete file and error out.

            unlink($file_tmp);

            echo 'Error: File does not appear to be a valid upload. Could be a file attack.';

        }

    }

    else

    {

        // Kill temp file, if any, and display error.

        if ($file_tmp != '')

        {

            unlink($file_tmp);

        }



        switch ($file_err)

        {

            case '0':

                echo 'That is not a valid file. 0 byte length.';

                break;



            case '1':

                echo 'This file, at ' . $filesize . ' bytes, exceeds the maximum allowed file size as set in php.ini. '.

                'Please contact your system admin.';

                break;



            case '2':

                echo 'This file exceeds the maximum file size specified in your HTML form.';

                break;



            case '3':

                echo 'File was only partially uploaded. This could be the result of your connection '.

                'being dropped in the middle of the upload.';



            case '4':

                echo 'You did not upload anything... Please go back and select a file to upload.';

                break;



        }

    }

}



// Logic Code *****************************************************************



if (isset($_POST['execute']))

{

    execute_upload();

}

else

{

    display_upload_form();

}





?>

I never really learned PHP, but here's my guess. In the execute_upload function...

    /* ...Snip.... */



    // create file vars to make things easier to read.

    $filename = $_FILES['myfile']['name'];

    $filesize = $_FILES['myfile']['size'];

    $filetype = $_FILES['myfile']['type'];

    $file_tmp = $_FILES['myfile']['tmp_name'];

    $file_err = $_FILES['myfile']['error'];

    $file_ext = strrchr($filename, '.');



    // check if user actually put something in the file input field.

    if (($file_err == 0) && ($filesize != 0))

    {

        // Check extension.

        if (!$file_ext)

        {

            unlink($file_tmp);

            die('File must have an extension.');

        }



		

        /* Added Size and Ext limits... */

        

        if($filesize > 1048576) {

            unlink($file_tmp);

            die('ERROR: 1 MB file limit');

        }

        

        $allowed_ext = array('doc','txt','rtf'); //add file extensions here...

        $ext = end(explode('.',$filename);

        if(!in_array($ext,$allowed_ext)){

            unlink($file_tmp);

            die('File extension not allowed');

        }



        /* End Add */

		

		

        // extra check to prevent file attacks.

        if (is_uploaded_file($file_tmp))

        {

            /*

            * check if the directory exists

            * if it doesnt exist, make the directory

            */

            $dir = $path . $dirname;



            if (!is_dir($dir))



    /* ...Snip.... */

Bolded area is where you put it.

it doesn't work...

geez, some simple code and it refuses it...