I personally would not recommend just checking file extensions alone. Couple points you need to consider based on your current approach:
- Imagine, if I upload a file called mypicture.jpg.php would your current if statement logic catch that out? Might be worth a test?
- Following (1) if answer was no, then next question would be does your application check if any php code is contained inside the jpg image which could lead to various privilege escalations on the webserver?
Thus, following the previous answer from Stratadox I would also read this OWASP Unrestricted File Upload page. The OWASP link kindly provided by Stratadox focuses more on prevention techniques and the link I provided is more the attacking side. I think combined together this should help.
In summary, you could keep the current file extension checks but maybe expand few more advanced checks inside the if statement. Good suggestion already mentioned above is native PHP image checking functions/libraries e.g. gd or imagick.
NOTE - always research any native PHP image checking functions/libraries for security flaws (Google will help) and ensure you are configuring functions/settings correctly. This is a good practice to get into to make you a more security minded developer (and make some big $) :)
Hope this helps.