First of all, nothing is urgent when you post here.
1) Are you using this in combination with php? If so, see 2, else I don't know
2)
Are you referring to $HTTP_POST_VARS['username'] and $HTTP_POST_VARS['password'] being empty or to $username and $password being empty (or $HTTP_GET_VARS in case of a GET method)?
There is indeed a setting somewhere (can't remember which one) that can prevent use of $username and $password. If that's indeed the problem, use $HTTP_POST_VARS or $HTTP_GET_VARS; I guess the former will be the case (makes sense as GET will display password in url) but I'm not sure if your form uses POST or GET for the method.
PS I think that the setting you're looking for is
register_globals in php.ini. The default value has changed somewhere along the line for security reasons (see
http://www.php.net/register_globals )