diff --git a/upload.php b/upload.php
index 4256a9b..bbb8aca 100644
--- a/upload.php
+++ b/upload.php
@@ -6,8 +6,15 @@
 ob_start();
 error_reporting(0);
 
-$allowed_mime = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
-$max_bytes    = 20 * 1024 * 1024; // 20 Mt
+// Testiendpoint: avaa upload.php?test selaimessa — pitäisi näyttää {"ok":"php_running"}
+if (isset($_GET['test'])) {
+    ob_clean();
+    header('Content-Type: application/json');
+    echo json_encode(['ok' => 'php_running', 'gd' => function_exists('getimagesize'), 'fileinfo' => function_exists('mime_content_type')]);
+    exit;
+}
+
+$max_bytes = 20 * 1024 * 1024; // 20 Mt
 
 header('Content-Type: application/json');
 
@@ -42,11 +49,15 @@ if ($f['size'] > $max_bytes) {
     exit;
 }
 
-$mime = mime_content_type($f['tmp_name']);
-if (!in_array($mime, $allowed_mime, true)) {
+// getimagesize() on osa GD-kirjastoa (ei vaadi fileinfo-laajennusta)
+$imginfo  = @getimagesize($f['tmp_name']);
+$type_map = [IMAGETYPE_JPEG => 'image/jpeg', IMAGETYPE_PNG => 'image/png',
+             IMAGETYPE_GIF  => 'image/gif',  IMAGETYPE_WEBP => 'image/webp'];
+$mime = $imginfo ? ($type_map[$imginfo[2]] ?? null) : null;
+if (!$mime) {
     ob_clean();
     http_response_code(415);
-    echo json_encode(['error' => 'Only images (jpeg/png/gif/webp) allowed']);
+    echo json_encode(['error' => 'Vain kuvat (jpeg/png/gif/webp) hyväksytään']);
     exit;
 }