PHP Registration Script Not Working

[masterjake]

I made a nice, protected php registration script but the headers don't seem to work. It's not redirecting at all =/. Why?

Code:

<?php
if (!isset($_SESSION)) {
session_start();
}

if ((isset($_GET['action'])) && ($_GET['action']=="register")) {
if (($_POST['username']) && ($_POST['password']) && ($_POST['confirmpassword']) && ($_POST['email']) && ($_POST['confirmemail']) && ($_POST['ip'])) {

function ultraprotect(&$newVal) {
$newVal = stripslashes($newVal);
$newVal = strip_tags($newVal);
$disabledChars = array("`", "~", "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "-", "+", "=", "{", "}", "[", "]", "|", "\\", ",", ".", "?", "/", "\"", "'", ">", "<", ":", ";", " ");
$newVal = str_replace($disabledChars, "", $newVal);
}

$username = $_POST['username'];
$password = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$email = $_POST['email'];
$confirmemail = $_POST['confirmemail'];
$ip = $_POST['ip'];

ultraprotect($username);
ultraprotect($password);
ultraprotect($confirmpassword);
ultraprotect($email);
ultraprotect($confirmemail);

$c = mysql_connect("localhost", "myuser", "mypass");
$d = mysql_select_db("mydb");

if ((strlen($password) < 3) || (strlen($password) > 32)) { $errorMessage = "Your password must be between 3 - 32 valid characters!"; }
if ((strlen($username) < 3) || (strlen($username) > 32)) { $errorMessage = "Your username must be between 3 - 32 valid characters!"; }
if ($email != $confirmemail) { $errorMessage = "Your e-mail addresses do not match!"; }
if ($password != $confirmpassword) { $errorMessage = "Your passwords do not match!"; }
if (!$confirmemail) { $errorMessage = "Please confirm your e-mail address!"; }
if (!$email) { $errorMessage = "Please enter your e-mail address!"; }
if (!$confirmpassword) { $errorMessage = "Please confirm your password!"; }
if (!$password) { $errorMessage = "Please enter your password!"; }
if (!$username) { $regerrorMessage = "Please enter your username!"; }

$result = mysql_query("SELECT * FROM `users` WHERE username='$username'");
$result2 = mysql_query("SELET * FROM `users` WHERE email='$email'");

if (mysql_num_rows($result) > 0) { $errorMessage = "Your username is already in use!"; }
if (mysql_num_rows($result2) > 0) { $errorMessage = "Your e-mail address is already in use!"; }

if (!errorMessage) {

$password = md5($password);
$date = date("l, F j, Y @ g:i A");

mysql_query("INSERT INTO `users` (username, password, email, ip, joined) VALUES('$username', '$password', '$email', '$ip', '$date')");
header("Location: success.php?username=".$username);

} else {

$newErrorMessage = str_replace(" ", "+", $errorMessage);
header("Location: error.php?errorMessage=".$newErrorMessage);

}

}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>

<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
<link rel="stylesheet" type="text/css" href="http://masterjake.x10hosting.com/css/stylesheet.css" media="screen"/>
<title>Master Jake - Tutorials, Downloads, Reviews, and More!</title>
</head>

<body>

<div id="container">

<div id="content">

    <h1 id="site-title">Master Jake</h1>
    <p id="site-description">Tutorials, Downloads, Reviews, and More!</p>

<!-- PARAGRAPH START -->

    <h1 class="decay">Register</h1>
<div class="descr">Posted by Master Jake on Saturday, September 13, 2008 @ 4:19 PM</div>
<p>
By clicking "Register" you are agreeing to the <a href="http://masterjake.x10hosting.com/terms">Terms and Conditions</a>.<br>
Valid characters include "a-z, A-Z, 0-9, and _" all other characters will be stripped.
</p>
<p>
<form name="registerForm" action="index.php?action=register" method="post">
<input type="hidden" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>">
<table border="0" cellspacing="2" cellpadding="2">
<tr><td colspan="2" align="center">Website Information</td><td></td></tr>
<tr><td>Username:</td><td><input type="text" name="username"></td><td>(between 3 - 32 valid characters)</td></tr>
<tr><td>Password:</td><td><input type="password" name="password"></td><td>(between 3 - 32 valid characters)</td></tr>
<tr><td>Confirm:</td><td><input type="password" name="confirmpassword"></td><td></td></tr>
<tr><td>E-Mail:</td><td><input type="text" name="email"></td><td></td></tr>
<tr><td>Confirm:</td><td><input type="text" name="confirmemail"></td><td></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="Submit" value=" Register "></td><td></td></tr>
</table>
</form>
<br>

<!-- FOOTER -->


    <div id="footer">

        <span class="left">Copyright &copy; 2008 Jake Chappell. All rights reserved. Template by <a href="http://arcsin.se">Arcsin</a>.
        <div class="clearer"><span></span></div>

    </div>

</div>

<!-- NAVIGATION -->

<?php include("../include/navigation.php"); ?>

<!-- END -->


</div>

</body>

</html>

[Salvatos]

I've always been told that session_start(); should always be the first thing in your page, so I don't know if putting it in an if works.

But the problem is probably the lack of $ here:
if (!errorMessage) {

[freecrm]

Your session start is fine.

Just looking through my Dreamweaver generated scripts, the redirect headers are formed like this...

header(sprintf("Location: %s", $gotopath));

But I'm not sure why!

Just one thing - I assume that this is your index page - in which case, why don't you use

$editFormAction = $_SERVER['PHP_SELF'];

<form action="<?php echo $editFormAction; ?>" method="POST" name="registerForm" id="registerForm">

If this isn't your index page, the form is taking you away from the script you want to run!

I must admit, your code is difficult to get through because of the way it scrolls so I might be missing the point!!