Since the URL is executed directly by JS, I think you should use $site_sess->url(ROOT_PATH."user_availability.php", "&")
otherwise you'll get url with &
P.S.
$user_name = (isset($HTTP_POST_VARS['user_name'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_name'])) : "";
$user_name = ereg_replace("( ){2,}", " ", $user_name);
if (isset($HTTP_POST_VARS['user_name'])) {
can be optimized with:
if (isset($HTTP_POST_VARS['user_name'])) {
$user_name = preg_replace("/[ ]{2,}/", " ", un_htmlspecialchars(trim($HTTP_POST_VARS['user_name'])));
I don't know why ereg_replace() exists, in my benchmark it's over 50% slower then preg_replace()