The fact that when you echo out the query string tells me that for some reason its a problem with the $_POST['username'] variable as your query string echo is blank between the single quotes after username= (high lighted in red). It should contain the username that was sent via the login form.
query = SELECT firstname, lastname, photo FROM `plateau_pros` WHERE username= ''
Main reason why I thought it might be a good idea to have an echo to check there is actually something being passed in the $_POST['username'] variable. Something like (shown in red):-
// Enable sessions
// Turn on magic quotes to prevent SQL injection attacks
// Connect to database
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());
//new sql query
echo "Post username = ".$_POST['username'];
$sql = "SELECT firstname, lastname, photo FROM `plateau_pros` WHERE username= '".$_POST['username']."'";
$result = mysql_query($sql, $conn) or die(mysql_error());
echo "query = ". $sql. "<br/>";
// Get Record Set
$result = mysql_fetch_array($sql, MYSQL_ASSOC);
If the echo for the username is blank you know its a problem somewhere along the line from the $_POST['username'] being posted to when your php page requests it.
I see your using sessions. I have no experience with using them but am wondering if that might have something to do with getting a blank value.
Maybe someone with more knowledge on sessions could jump in here and say absolutely nothing to do with it or a possibility and why.