What are some potential pitfalls of relying on client-side validation for file uploads in PHP forms?

One potential pitfall of relying on client-side validation for file uploads in PHP forms is that it can easily be bypassed by users who disable JavaScript or manipulate the form data before submission. To ensure secure file uploads, it is essential to perform server-side validation and verification of the uploaded files.

if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
    $allowed_extensions = array('jpg', 'jpeg', 'png', 'gif');
    $file_extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
    
    if (!in_array($file_extension, $allowed_extensions)) {
        echo "Invalid file type. Please upload a JPG, JPEG, PNG, or GIF file.";
        exit;
    }
    
    // Process the file upload
} else {
    echo "Error uploading file. Please try again.";
}