diff --git a/controllers/forms.js b/controllers/forms.js
index 51ea54fb..61032509 100644
--- a/controllers/forms.js
+++ b/controllers/forms.js
@@ -6,6 +6,32 @@ const express  = require('express')
 	, Posts = require(__dirname+'/../db/posts.js')
 	, Mongo = require(__dirname+'/../db/db.js')
 	, remove = require('fs-extra').remove
+	, upload = require('express-fileupload')
+	, path = require('path')
+	, postFiles = upload({
+        createParentPath: true,
+        safeFileNames: /[^\w-]+/g,
+        preserveExtension: 4,
+        limits: {
+            fileSize: 10 * 1024 * 1024,
+            files: 3
+        },
+        abortOnLimit: true,
+        useTempFiles: true,
+        tempFileDir: path.join(__dirname+'/../tmp/')
+    })
+	, bannerFiles = upload({
+        createParentPath: true,
+        safeFileNames: /[^\w-]+/g,
+        preserveExtension: 4,
+        limits: {
+            fileSize: 10 * 1024 * 1024,
+            files: 10
+        },
+        abortOnLimit: true,
+        useTempFiles: true,
+        tempFileDir: path.join(__dirname+'/../tmp/')
+    })
 	, removeBans = require(__dirname+'/../models/forms/removebans.js')
 	, makePost = require(__dirname+'/../models/forms/make-post.js')
 	, uploadBanners = require(__dirname+'/../models/forms/uploadbanners.js')
@@ -152,7 +178,7 @@ router.post('/register', verifyCaptcha, (req, res, next) => {
 });
 
 // make new post
-router.post('/board/:board/post', Boards.exists, banCheck, paramConverter, verifyCaptcha, async (req, res, next) => {
+router.post('/board/:board/post', Boards.exists, banCheck, postFiles, paramConverter, verifyCaptcha, async (req, res, next) => {
 
 	let numFiles = 0;
 	if (req.files && req.files.file) {
@@ -255,7 +281,7 @@ router.post('/board/:board/settings', csrf, Boards.exists, checkPermsMiddleware,
 });
 
 //upload banners
-router.post('/board/:board/addbanners', csrf, Boards.exists, checkPermsMiddleware, paramConverter, async (req, res, next) => {
+router.post('/board/:board/addbanners', bannerFiles, csrf, Boards.exists, checkPermsMiddleware, paramConverter, async (req, res, next) => {
 
 	let numFiles = 0;
 	if (req.files && req.files.file) {
diff --git a/models/forms/uploadbanners.js b/models/forms/uploadbanners.js
index 2c26f85b..88291d3e 100644
--- a/models/forms/uploadbanners.js
+++ b/models/forms/uploadbanners.js
@@ -29,20 +29,27 @@ module.exports = async (req, res, next, numFiles) => {
 	for (let i = 0; i < numFiles; i++) {
 		const file = req.files.file[i];
 		const filename = file.sha256 + path.extname(file.name);
-		file.filename = filename; //for error to delete failed files
-		filenames.push(filename);
+		file.filename = filename;
 
 		//check if already exists
 		const exists = await pathExists(`${uploadDirectory}banner/${req.params.board}/${filename}`);
+
 		if (exists) {
-			await deleteTempFiles(req.files.file);
+			await remove(file.tempFilePath);
+			continue;
+/* dont stop uploading the other banners just because one already exists.
 			return res.status(409).render('message', {
 				'title': 'Conflict',
 				'message': `Invalid file ${file.name}. Banner already exists.`,
 				'redirect': redirect
 			});
+*/
 		}
 
+		//add to list after checking it doesnt already exist
+		filenames.push(filename);
+
+		//make directory if doesnt exist
 		await ensureDir(`${uploadDirectory}banner/${req.params.board}/`);
 
 		//get metadata from tempfile
@@ -76,7 +83,7 @@ module.exports = async (req, res, next, numFiles) => {
 
 	return res.render('message', {
 		'title': 'Success',
-		'message': `Uploaded ${filenames.length} banners.`,
+		'message': `Uploaded ${filenames.length} new banners.`,
 		'redirect': redirect
 	});
 
diff --git a/server.js b/server.js
index 602dbe2d..1f35c7d9 100644
--- a/server.js
+++ b/server.js
@@ -12,8 +12,7 @@ const express  = require('express')
 	, bodyParser = require('body-parser')
 	, cookieParser = require('cookie-parser')
 	, configs = require(__dirname+'/configs/main.json')
-	, Mongo = require(__dirname+'/db/db.js')
-	, upload = require('express-fileupload');
+	, Mongo = require(__dirname+'/db/db.js');
 
 (async () => {
 
@@ -23,18 +22,6 @@ const express  = require('express')
 	// parse forms and allow file uploads
 	app.use(bodyParser.urlencoded({extended: true}));
 	app.use(bodyParser.json());
-	app.use(upload({
-		createParentPath: true,
-		safeFileNames: true,
-		preserveExtension: 4,
-		limits: {
-			fileSize: 10 * 1024 * 1024,
-			files: 3
-		},
-		abortOnLimit: true,
-		useTempFiles: true,
-		tempFileDir: path.join(__dirname+'/tmp/')
-	}));
 
 	// session store
 	app.set('trust proxy', 1);