拒绝上传非图像文件类型，仅允许上传目录中的特定.php文件

I'm not very good when it comes to .htaccess rules so I'm seeking your help.

I'm trying to find a set of rules that would enhance the security of my PHP app in the following manners:

1. Deny upload of all file types except for images [jpg, png, gif] and docs [pdf, doc, docx]
2. Deny access to all [php, php3] files except for index.php, image.php in folder /uploads and all sub folders

PS: My goal is to deny the upload and direct access to malicious uploaders even if they find away to bypass my uploads handler. The reason I'm seeking a solution with .htaccess is because rewriting the code would be very time consuming as the app has been deployed on a number of websites.