php file upload management system that needs to be logged in

<?php
$admin_pw="admin";//Manage password$uploaddir="upload";//Upload directorysession_start();
if($_GET['action']=="getcode")
{
 setcode();
 exit();
}
if($_POST['password']==$admin_pw && $_POST['yz']==$_SESSION['yzcode'])
{
 $_SESSION['logined']=$admin_pw;
}
if($_GET['action']=="logout")
{
 $_SESSION['logined']="";
 header("location: ".$_SERVER['PHP_SELF']);
 exit();
}
if($_SESSION['logined']!=$admin_pw)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http:///TR/xhtml1/DTD/">
<html xmlns="http:///1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Please log in</title>
</head>
<body>
<form action="" method="post">
Enter your password：&lt;input type="password" name="password" style="width:100px;" /&gt;&lt;br /&gt;Verify characters：&lt;input type="text" style="width:40px;" name="yz" /&gt;&lt;a href="#" onclick="='?action=getcode';"><img src="?action=getcode" alt="verification code" name="tzm" /></a><br /><input type="submit" value="enter management" />&lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;
&lt;?php
}
else
{
?&gt;
&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http:///TR/xhtml1/DTD/"&gt;
&lt;html xmlns="http:///1999/xhtml"&gt;
&lt;head&gt;
&lt;meta http-equiv="Content-Type" content="text/html; charset=utf-8" /&gt;
&lt;title&gt;File upload&lt;/title&gt;
&lt;/head&gt;
&lt;body&gt;
&lt;?php
 if($_POST['ac']=="upload")
 {
 $fileall=explode('.',$_FILES['file']['name']);
 $filetype=$fileall[count($fileall)-1];
 $filename=$uploaddir."/".$_FILES['file']['name']."_".rand(1,999999999).".".$filetype;
 $fileexists=file_exists($filename);
 while($fileexists==true)
 {
 $filename=$uploaddir."/".$_FILES['file']['name']."_".rand(1,999999999).".".$filetype;
 $fileexists=file_exists($filename);
 }
 if(move_uploaded_file($_FILES["file"]["tmp_name"],$filename))
 {
 $url="http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; 
 echo "document:".$filename." Upload successfully！&lt;br&gt;File address：&lt;input type=text style='width:350px;' value=".dirname($url)."/".$filename." /&gt;&lt;a href=".dirname($url)."/".$filename." target="_blank"&gt;test&lt;/a&gt;";
 }
 else
 {
 echo "document".$filename."Upload failed!";
 }
 }
?&gt;
&lt;form action="" method="post" enctype="multipart/form-data"&gt;
Select a file：&lt;input type="file" name="file"  width="100px" /&gt;&lt;input type="hidden" name="ac" value="upload" /&gt;&lt;input type="submit" value="Upload" /&gt;
&lt;/form&gt;
&lt;p&gt;&lt;a href="?action=logout"&gt;Log out&lt;/a&gt;&lt;/p&gt;
&lt;/body&gt;
&lt;/html&gt;
&lt;?php
}

function setcode()
{
 Header("Content-type: image/gif");
 $border = 0; //Do you want borders? 1 Want: 0 Don't $how = 4; //The number of verification code digits $w = $how*15; //Picture width $h = 20; //Picture height $fontsize = 5; //Font size $alpha = "abcdefghijkmnopqrstuvwxyz"; //Verification code content 1: letters $number = "0123456789"; //Verification code content 2: Number $randcode = ""; //Initialization of verification code string srand((double)microtime()*1000000); //Initialize random number seed $im = ImageCreate($w, $h); //Create verification image $bgcolor = ImageColorAllocate($im, 255, 255, 255); //Set background color ImageFill($im, 0, 0, $bgcolor); //Fill background color if($border)
 {
 $black = ImageColorAllocate($im, 0, 0, 0); //Set border color ImageRectangle($im, 0, 0, $w-1, $h-1, $black);//Draw border }
 for($i=0; $i&lt;$how; $i++)
 { 
 $alpha_or_number = mt_rand(0, 1); //Letter or number $str = $alpha_or_number ? $alpha : $number;
 $which = mt_rand(0, strlen($str)-1); //Which character to take $code = substr($str, $which, 1); //Get characters $j = !$i ? 4 : $j+15; //Draw character position $color3 = ImageColorAllocate($im, mt_rand(0,100), mt_rand(0,100), mt_rand(0,100)); //The character will be colored ImageChar($im, $fontsize, $j, 3, $code, $color3); //Draw characters $randcode .= $code; //Add verification code string bit by bit }
 $_SESSION['yzcode'] = $randcode;
 Imagegif($im);
 ImageDestroy($im);
}
?&gt;