Glaringly obvious issues:
1. $HTTP_POST_FILES is deprecated. Use $_FILES instead.
2. If checking the mime type you don't need the following:
PHP Code:
$valid_filename = "/^[A-Za-z0-9_-\s]+\.(jpg|gif|png)$/";
if (preg_match($valid_filename, $_FILES['file']['name']).....
3. This will break on an SuPHP configured server:
PHP Code:
if (!file_exists($uploaddir."/tn"))
{
mkdir($uploaddir."/tn", 0700);
chmod($uploaddir."/tn", 0777);
}
Check the directory is writeable before trying to force 777 permissions on a folder. If ownership is set correctly you don't need 777 permissions.