Just when I thought I was about finished. This script used to work, I don't know what happened except I changed to a session variable. This will enable admins to make new admins.

form:
<?php
session_start();
if (!$_SESSION) {
header("location: loginpage.php");
}
?>
..
<?php
// using md5 random
// $length = 8 can be change, its length of password character
function randompassword($length)
{
return substr(md5(rand().rand()), 0, $length);
}

$password= randompassword($length = 8);
?>

<br />
<br />
<form method="POST" action="addadmin.php" onsubmit="return Form1_Validator(this)" name="theForm" language="JavaScript">
First Name:<input type="text" name="firstname" value=""><br />
Last Name:<input type="text" name="lastname" value=""><br />
Login Name:<input type="text" name="username" value=""><br />
Password:<input type="text" name="password" value=" <?php echo $password ?>"><br />
Access Level:<select size=1 name="accesslevel">
<option selected value="Admin">Admin</option>
<option value="SuperUser">SuperUser</option>
</select><br />
Email:<input type="text" name="email" value=""><br />
<input type="submit" name="submit" value="Add Admin"><input type="reset">
</form>

addpage:
<?php
session_start();
if (!$_SESSION) {
header("location: loginpage.php");
}
//prevents caching
header("Expires: Fri, 01 Jan 1988 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();


?>

<?php
include ('config.php');
$table_name ="authorize";

//make query to database
$sql ="SELECT * FROM $table_name WHERE username= '$_SESSION[username]'";
$result = @mysql_query($sql) or die(mysql_error());

$firstname=mysql_real_escape_string((addcslashes($_POST[firstname], "%_")));
$lastname=mysql_real_escape_string((addcslashes($_POST[lastname], "%_")));
$login=mysql_real_escape_string((addcslashes($_POST[username], "%_")));
$password=mysql_real_escape_string((addcslashes($_POST[password], "%_")));
$access_level=mysql_real_escape_string((addcslashes($_POST[accesslevel], "%_")));
$email=mysql_real_escape_string((addcslashes($_POST[email], "%_")));

echo $result;
echo '<br />';
echo $firstname;
echo '<br />';
echo $lastname;
echo '<br />';
echo $login;
echo '<br />';
echo $password;
echo '<br />';
echo $access_level;
echo '<br />';
echo $email;
//get the number of rows in the result set
$num = mysql_num_rows($result);
echo 'number of rows';
echo $num;
if ($num != 0){

echo "<P>We apologize, that username already exists.</P>";
echo "<P><a href=\"#\" onClick=\"history.go(-1)\">Try Another Username.</a></p>";
echo "$_POST[username]";
exit;
//no matter what I do, it ends up saying username exists. I look in cpanel to make sure, it is not there. What am I missing?

}else{

//or add it to the database
$sql_add = "INSERT INTO $table_name (firstname, lastname, username, password, access_level, email) VALUES ('$firstname', '$lastname', '$login',
'$password', '$access_level', '$email');";

$result = @mysql_query($sql_add) or die(mysql_error());
echo 'Admin Added';

}
?>
<br /><a href="addnewadmin.php">Add another?</a><br/> <form action="email_user.php" method="get"><input type="submit" value="SEND USER EMAIL"/>
<input type=hidden name=login value="<?php echo $login ?>" />
<input type=hidden name=password value="<?php echo $password ?>" />
<input type=hidden name=email value="<?php echo $email ?>" />
</form><br />
<a href="index.php">Admin Home</a> <a href="viewmembers.php">View/Modify/Delete User</a>
</body>
</html>
Thanks!
I take out the session variable and it works just fine! Why?