There's no point in disabling *.php images, because you can just as easily serve a png/jpg/gif etc. file as a PHP file. Only real way to prevent it is to whitelist the allowed image hosts.

A lot of your code is redundant, but should work.