As I can see, at the moment the file upload.php contains several serious and security related issues.
- Completely inappropriate way of uploading files to Moodle (to the dirroot)
- No access control
- No validation / sanitization of the user input (e.g. $_REQUEST["name"] containing paths with ../../../.. etc allowing to traverse.
This is unacceptable way of uploading files to Moodle. Let me suggest to stick with the standard forms and repository APIs for things like this.