diff --git a/admin/index.php b/admin/index.php
index a8e1d46..fa310e2 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -110,7 +110,6 @@
         $boolShowmap=$numShowmap==1;
     }
 
-    
     $arrTopic = array (
         1 => "Fußverkehr",
         2 => "Radverkehr",
diff --git a/ajax/ajax_location_push.php b/ajax/ajax_location_push.php
index e962beb..0d168a8 100644
--- a/ajax/ajax_location_push.php
+++ b/ajax/ajax_location_push.php
@@ -25,10 +25,8 @@ if (empty($strUsername) || empty($numLng) || empty($numLat)) {
     die("not valid!"); 
 }
 
-
 if ($boolUpload && !empty($_FILES['uploadfile']['name'])) {
     $file=$_FILES['uploadfile'];
-    $uploadfile = $uploaddir . basename($file['name']);
     $fileinfo = @getimagesize($file["tmp_name"]);
     if (!empty($fileinfo)) {
         //$info=read_gps_location($_FILES["uploadfile"]["tmp_name"]);
diff --git a/ajax/ajax_update.php b/ajax/ajax_update.php
index aa947ce..6747665 100644
--- a/ajax/ajax_update.php
+++ b/ajax/ajax_update.php
@@ -7,24 +7,28 @@ $strDescription = htmlentities(trim($_POST['description']));
 $strDescription = addslashes($strDescription);
 $numDefect    = (isset($_POST['defect'])) ? $_POST['defect'] : 0;
 $id           = (int) $_POST['loc_id'];
-$filename     ="";
+$filename     = "";
+$allowed_extensions = array("jpg", "jpeg", "png", "gif");
 
 $boolUploadOk=false;
 if ($boolUpload && ($_FILES['uploadfile']['size']>0)) {
-    $uploadfile = $uploaddir . basename($_FILES['uploadfile']['name']);
-    $fileinfo = @getimagesize($_FILES["uploadfile"]["tmp_name"]);
+    $file=$_FILES['uploadfile'];
+    $fileinfo = @getimagesize($file["tmp_name"]);
     if (!empty($fileinfo)) {
         //$info=read_gps_location($_FILES["uploadfile"]["tmp_name"]);
-        $i=1;
-        while (file_exists($uploadfile)) {
-            $uploadfile=$uploaddir.$i."_".basename($_FILES['uploadfile']['name']);
-            $i++;
+        $file_extension = pathinfo($file["name"], PATHINFO_EXTENSION);
+        if (!in_array(strtolower($file_extension), $allowed_extensions)) {
+            echo "Invalid file type. Please upload only jpg, jpeg, png, or gif images.";
+                exit();
         }
-        if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], $uploadfile)) {
-            $filename=$_FILES['uploadfile']['name'];
-            $filesize=$_FILES['uploadfile']['size'];
-            $filetype=$_FILES['uploadfile']['type'];
-            //echo "Filetype: ".$filetype;
+        $strNewfilename = uniqid("", true) . "." . $file_extension;
+        while (file_exists($uploaddir . $strNewfilename)) {
+            $strNewfilename = uniqid("", true) . "." . $file_extension;
+        }        
+        if (move_uploaded_file($file['tmp_name'], $uploaddir.$strNewfilename)) {
+            $filename=$strNewfilename;//$file['name'];
+            $filesize=$file['size'];
+            $filetype=$file['type'];   
             $boolUploadOk = true;
         } else {
             die("Upload failed with error code " . $_FILES['file']['error']);