Drupal has a function called file_save_upload()

The docs say that it "Saves a file upload to a new location." Let's see what it really does...

Reads in from global arrays

// Make sure there's an upload to process.
  if (empty($_FILES['files']['name'][$source])) {
    return NULL;
  }

Accesses global variables

global $user;

Validates input

if (isset($validators['file_validate_extensions'][0])) {
      // Build the list of non-munged extensions if the caller provided them.
      $extensions = $validators['file_validate_extensions'][0];
    }

Saves to the DB

if ($file = file_save($file)) {

Prints messages to the screen

if ($file->destination === FALSE) {
    drupal_set_message(t('The file %source could not be uploaded because a file by that name already exists in the destination %directory.', array('%source' => $source, '%directory' => $destination)), 'error');
    return FALSE;
  }

Writes to the disk

if (!move_uploaded_file($_FILES['files']['tmp_name'][$source], $file->uri)) {

Sets permissions on the disk

// Set the permissions on the new file.
  drupal_chmod($file->uri);

Could we shove any more stuff in here?

Some ideas:

• Let's have it also send emails with the files as