EDIT: Forgot to preface my post with this: Welcome to PHPBuilder! When posting PHP code, please use the board's [noparse]
[/noparse] bbcode tags as they make your code much easier to read and analyze.
You tell us; those are issues that would generate PHP error messages either on-screen (if you've got display_errors set to On) or in the error log (if you've got log_errors set to On), assuming you've got error_reporting properly set to E_ALL. So... are there any PHP errors being generated?
Since you haven't given us the above information, I'll simply make some general comments about the code:
/* Gathering Data Variables */
$name = $_POST['name'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$ship = $_POST['ship'];
$child = $_POST['child'];
$certnameF = $_POST['certname'];
$certphoto = $_POST['certphoto'];
$friend = $_POST['friend'];
Note that if the external data wasn't set, you'll be generating a bunch of E_NOTICE level error messages (since you're trying to access array indices that don't exist).
For that reason, I normally do two things when accessing external data (more specifically, in this case, POST'ed data):
Wrap all of the processing code in an if() statement that checks to see if some specific form element (e.g. a submit button) is present using [man]isset/man or [man]empty/man.l
Define variables that contain either the referenced external data or some default value (using the ternary operator for brevity), e.g.:
$foo = isset($_POST['foo']) ? $_POST['foo'] : NULL;
$bar = isset($_POST['bar']) ? (int)$_POST['bar'] : 0;
$uploaded_file = $_POST['uploaded_file'];
If "uploaded_file" is the name of a file upload form element (e.g. an <input type="file"> entity), then $_POST['uploaded_file'] will not exist. So... which is it? Is this a normal form field or is it a file upload filed?
// Access the $_FILES global variable for this specific file being uploaded
// and create local PHP variables from the $_FILES array of information
$fileName = $_FILES["uploaded_file"]["name"]; // The file name
$fileTmpLoc = $_FILES["uploaded_file"]["tmp_name"]; // File in the PHP tmp folder
Before you access (or, most importantly, use) any of this data, you should first check to see if the error code set by PHP indicates that the file upload was successful. In other words, if the error value isn't equal to the constant UPLOAD_ERR_OK then you should not process the file and optionally determine the nature of the error that occurred. See [man]features.file-upload.errors[/man] for more info.
$fileType = $_FILES["uploaded_file"]["type"]; // The type of file it is
Code comment is incorrect; that value will tell you what type of file the user claims (s)he has uploaded. I could easily upload "my_favorite_virus.exe" and simply tell you that it was an "image/gif" instead of a binary executable.
$fileErrorMsg = $_FILES["uploaded_file"]["error"]; // 0 = false | 1 = true
Again, code comment is incorrect; the error value is not a boolean value (see man page linked above for handling file upload errors).
if (!$fileTmpLoc) {
Not only is that if() condition confusing (why are you trying to evaluate a string as a boolean?), but it's not the recommended way to handle file uploads (which is to check the error value as noted above).
} else if (!preg_match("/.(gif|jpg|png)$/i", $fileName) ) {
// This condition is only if you wish to allow uploading of specific file types
echo "ERROR: Your image was not .gif, .jpg, or .png.";
Careful - the period in regular expression syntax has special meaning; it is used to denote any character. In other words, the filename "this_is_not_a_gif" is perfectly valid according to the regexp you're using above.
Also note that just because a file ends in ".gif" doesn't mean that it's a GIF image; if you truly want to validate that the file you're receiving is in fact an image, consider using [man]getimagesize/man or perhaps the [man]Fileinfo[/man] library of functions.
} else if ($fileErrorMsg == 1) { // if file upload error key is equal to 1
echo "ERROR: An error occured while processing the file. Try again.";
exit();
Again, already noted the problem with this above - the error value is more than just a boolean value.
$moveResult = move_uploaded_file($fileTmpLoc, "uploads/$fileName");
// Check to make sure the move result is true before continuing
if ($moveResult != true)
$body = <<<EOD
<br><hr><br>
Name: $name <br>
Phone: $phone <br>
Email: $email <br>
Ship: $ship <br>
Child: $child <br>
Certname: $certname <br>
Certphoto: $certphoto <br>
Friend: $friend <br>
uploaded_file: $uploaded_file <br>
EOD;
This part confuses me. Here, you're only defining the variable $body if the call to [man]move_upload_file/man failed, and yet later below you simply use the variable $body whether or not it was actually defined here.
Since I don't really understand the logic (either what is written or what was intended), I can't suggest how to fix this, so you might want to re-think what these statements are supposed to be doing.
Another problem with the $body variable is that you reference the $uploaded_file variable which, as noted above, doesn't contain any data if "uploaded_file" is actually a file upload element (which would appear to be the case). Thus, I'm not sure what data you expected to be placed there.
$headers = "From: $email\r\n";
Note that using the user-supplied e-mail address as the 'From' header in an e-mail is a bad idea (at least, it is if you don't explicitly set the 'Sender' header to be a valid e-mail address on your domain). Doing so makes it appear as if you're attempting to forge an e-mail sent from your mail server while claiming to be sent by someone else (who most likely does not receive/send their mail from your mail servers as well).
In other words, your mail server could be considered an open relay (or, worse, a spam server sending out fake e-mails) and automatically blacklisted.
$theResults = <<<EOD
<html>
<head>
<title>colorback</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body bgcolor="#FFFFFF">
<!-- ImageReady Slices (colorback.psd) -->
<table id="Table_01" width="800" border="0" cellpadding="0" cellspacing="0">
<tr>
<td colspan="7">
<img id="thankyou_01" src="images/thankyou_01.png" width="800" height="73" alt="" /></td>
</tr>
<tr>
<td>
<img id="thankyou_02" src="images/thankyou_02.jpg" width="85" height="55" alt="" /></td>
<td>
<img id="thankyou_03" src="images/thankyou_03.jpg" width="89" height="55" alt="" /></td>
<td>
<img id="thankyou_04" src="images/thankyou_04.jpg" width="89" height="55" alt="" /></td>
<td>
<img id="thankyou_05" src="images/thankyou_05.jpg" width="90" height="55" alt="" /></td>
<td>
<img id="thankyou_06" src="images/thankyou_06.jpg" width="123" height="55" alt="" /></td>
<td>
<img id="thankyou_07" src="images/thankyou_07.jpg" width="169" height="55" alt="" /></td>
<td>
<img id="thankyou_08" src="images/thankyou_08.jpg" width="155" height="55" alt="" /></td>
</tr>
<tr>
<td colspan="7">
<img id="thankyou_09" src="images/thankyou_09.png" width="800" height="449" alt="" /></td>
</tr>
<tr>
<td colspan="7">
<img id="thankyou_10" src="images/thankyou_10.png" width="800" height="23" alt="" /></td>
</tr>
</table>
<!-- End ImageReady Slices -->
</body>
</html>
EOD;
echo "$theResults";
?>
Any reason why you're storing all of that HTML data in a variable, only to simply print it to screen at the very next statement? Why not simply echo it out directly?
Even better, since the HTML doesn't even contain any PHP variables (i.e. it's just static data you're sending out), why use PHP at all? Just escape out of PHP mode (e.g. add a closing PHP tag) and let the content be directly passed along as plain output.
