php mail form w/upload option not working correctly

Question

I am trying to create a quote form with basic contact info, checkbox option and an option to upload image then email complete form to my email address. I have the html portion but am have a problem with the php part. When form emails to me only sends contact info and fails to send which option is check with checkbox and image that was uploaded. Here is the code for the form html portion:

<form action="quote_form.php" method="post" enctype="multipart/form-data" name="QuoteForm" id="QuoteForm" onsubmit="MM_validateForm('Name','','R','LastName','','R','email','','RisEmail','Phone','','RisNum','textfield','','RisNum');MM_validateForm('Name','','R','LastName','','R','Phone','','RisNum','email','','RisEmail','info-about-item','','R');return document.MM_returnValue">
    <p>
        <label for="name">Name*</label>
        <input name="name" type="text" id="name" size="60" maxlength="60" />
    </p>
    <p>
        <label for="phone">Phone #*</label>
        <input name="phone" type="text" id="phone" size="30" maxlength="30" />
    </p>
    <p>
        <label for="email">Email* </label>
        <input name="email" type="text" id="email" size="30" maxlength="30" />
    </p>
    <p>
        <label>
            <input type="checkbox" name="ServiceType[]" value="pawn"  />
        Pawn</label>
      <br />
      <label>
        <input type="checkbox" name="ServiceType[]" value="buy"  />
        Buy</label>
        <br />
    </p>
    <p><br /><br />
        <span style="font-style: italic">(the more information the better --- description     i.e. brand, model and condition of item.)</span></p>
    <p>
        <textarea name="comments" id="comments" cols="50" rows="10"></textarea>
    </p>
    <p>
        <label for="file">Select File To Upload*</label>
        <input type="file" name="file" id="file" size="30" maxlength="30" />
    </p>
    <p>
        <input type="submit" name="submit" id="sumbit" value="Submit" />
        <input name="reset" type="reset" id="reset" value="Reset Form" />
    </p>
    <p>
        <input name="recipient" type="hidden" id="recipient" value="isabelpolanco23@gmail.com" />
        <input name="redirect" type="hidden" id="redirect" value="thankyou-pg.html" />
        <br />
    </p>
</form>

And here is the php portion:

<?php
if (isset($_POST['email'])) {
    $email_to = "isabelpolanco23@gmail.com";
    $email_subject = "Quote Form";

    function died($error) {
        echo "We are very sorry, but there were error(s) found with the form you submitted. ";
        echo "These errors appear below.<br /><br />";
        echo $error . "<br /><br />";
        echo "Please go back and fix these errors.<br /><br />";
        die();
    }

    if ($_FILES["file"]["error"] > 0) {
        echo "Error: " . $_FILES["file"]["error"] . "<br>";
    } else {
        echo "Upload: " . $_FILES["file"]["name"] . "<br>";
        echo "Type: " . $_FILES["file"]["type"] . "<br>";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
        echo "Stored in: " . $_FILES["file"]["tmp_name"];
    }

    if (!isset($_POST['name']) ||
        !isset($_POST['email']) ||
        !isset($_POST['phone']) ||
        !isset($_POST['comments'])
    ) {
        died('We are sorry, but there appears to be a problem with the form you submitted.');
    }

    $name = $_POST['name']; // required
    $email_from = $_POST['email']; // required
    $phone = $_POST['phone']; // not required
    $comments = $_POST['comments']; // required


    foreach ($_POST["servicetype"] as $value) {
if ($value=="pawn")
  $servicetype["pawn"] = true;
elseif ($value=="buy")
  $servicetype["buy"] = true;

} }

    $error_message = "";
    $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
    if (!preg_match($email_exp, $email_from)) {
        $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
    }
    $string_exp = "/^[A-Za-z .'-]+$/";
    if (!preg_match($string_exp, $name)) {
        $error_message .= 'The Name you entered does not appear to be valid.<br />';
    }
    if (strlen($comments) < 2) {
        $error_message .= 'The Comments you entered do not appear to be valid.<br />';
    }
    if (strlen($error_message) > 0) {
        died($error_message);
    }
    $email_message = "Form details below.\n\n";

    function clean_string($string)
    {
        $bad = array("content-type", "bcc:", "to:", "cc:", "href");
        return str_replace($bad, "", $string);
    }

    $email_message .= "Name: " . clean_string($name) . "\n";
    $email_message .= "Email: " . clean_string($email_from) . "\n";
    $email_message .= "Comments: " . clean_string($comments) . "\n";
    $email_message .= "Pawn: " . clean_string(($checkboxgroup1["pawn"]) ? "Yes" : "No") . "\n";
$email_message .= "Buy: " . clean_string(($checkboxgroup2["buy"]) ? "Yes" : "No") . "\n";

    $headers = 'From: ' . $email_from . "\r\n" .
        'Reply-To: ' . $email_from . "\r\n" .
        'X-Mailer: PHP/' . phpversion();
    @mail($email_to, $email_subject, $email_message, $headers);

    $allowedExts = array("gif", "jpeg", "jpg", "png");
    $temp = explode(".", $_FILES["file"]["name"]);
    $extension = end($temp);
    if ((($_FILES["file"]["type"] == "image/gif")
            || ($_FILES["file"]["type"] == "image/jpeg")
            || ($_FILES["file"]["type"] == "image/jpg")
            || ($_FILES["file"]["type"] == "image/pjpeg")
            || ($_FILES["file"]["type"] == "image/x-png")
            || ($_FILES["file"]["type"] == "image/png"))
        && ($_FILES["file"]["size"] < 20000)
        && in_array($extension, $allowedExts)
    ) {
        if ($_FILES["file"]["error"] > 0) {
            echo "Error: " . $_FILES["file"]["error"] . "<br>";
        } else {
            echo "Upload: " . $_FILES["file"]["name"] . "<br>";
            echo "Type: " . $_FILES["file"]["type"] . "<br>";
            echo "Size: " . ($_FILES["file"]["size"] / 3024) . " kB<br>";
            echo "Stored in: " . $_FILES["file"]["tmp_upload"];
        }
    } else {
        echo "Invalid file";
    }
?> 
<?php
header("Location:thankyou-pg.html");
exit;
?>

<?php } ?>

Answer 1

Your HTML form has checkboxes with the name "CheckboxGroup1", but it is not referenced at all in your PHP script. Also, your PHP script is looking for the form element with the name "servicetype", which is not present in your HTML form. You might have a name mismatch.

As for your file, you should check which part of your validation fails by seeing how far it gets into the "if" statements.

Edit

Looking at your code some more, you have several different problems acting in unison.

1. The "name" of your checkboxes are mismatched to your PHP script. Change the names of your checkboxes to "servicetype" in your HTML.

2. If you really intend on using checkboxes instead of radio buttons, either you need to assign different names to each checkbox or you need to pass them to your script as an array. To pass as an array, you would have to make the name of each checkbox "servicetype[]" instead. Putting "[]" at the end signifies that each element that is checked will have its value added as an element of the array named "servicetype", in this case. Otherwise, the value of one may overwrite the other.

   Also, the logic in your PHP script seems flawed in handling servicetype. Perhaps a better solution would be:

   $servicetype = array("pawn" => false, "buy" => false);
   
     foreach ($_POST["servicetype"] as $value) {
       if ($value=="pawn")
         $servicetype["pawn"] = true;
       elseif ($value=="buy")
         $servicetype["buy"] = true;
     }
   
   ...
   
   $email_message .= "Pawn: " . clean_string(($servicetype["pawn"]) ? "Yes" : "No") . "\n";
   $email_message .= "Buy: " . clean_string(($servicetype["buy"]) ? "Yes" : "No") . "\n";
   

   Additional notes:

   1. It is very bad practice to have the same ID on multiple elements. I recommend changing the ID's of both of your checkboxes to different values.

   2. This line is not necessary (at least not according to the code you've provided):

      $mail->body .= "servicetype: \r\n";
      

3. As for the file upload, you are not moving the file to a permanent location. When a file is uploaded, it is temporarily stored in the file path $_FILES["file"]["tmp_name"]. When your script finishes, that file is immediately deleted. So, you must move the file before your script finishes using move_uploaded_file(), like so:

   move_uploaded_file($_FILES["file"]["tmp_name"], "/home/user/pic");
   

   Some notes on this: Your destination directory must have the proper write permissions for PHP to create files in it. Second, it is highly advised that you move the file outside of your document root, so it is not publicly accessible on the web. If you do plan on making the image accessible over the web, I highly suggest you take some precautions as to not fall victim to malicious attacks.

   I don't know how you want to include this image in your email (whether you actually want to show it or just show its path), but I'll leave that to you. I hope this points you in the right direction.