Trouble with user authentication script

[dangeorge6]

Here's a user authentication script i'm working on interacting with a mySQL db.  The if statement in line 11 doesn't seem to work though.  When I enter nothing into the password and username fields on the login page, it doesn't seem to read this if statement as TRUE.  What gives?  Also, any critiques of the script would be helpful.  Thanks.

 

<?php 
require('php_scripts/globals.php');
session_start();
//if coming from login page set session variables
if(!$_SESSION['Username'] && !$_SESSION['Password']){
$_SESSION['Username'] = $_POST['Username'];
$_SESSION['Password'] = $_POST['Password'];
}
$username = addslashes($_SESSION['Username']);
$password = addslashes($_SESSION['Password']);
if($username == '' and $password == ''){
header( 'Location: index.php' ) ; session_destroy();
}
//queries
$query_main = 
	 "SELECT profile_id, username, password 
	  FROM $SQL_MAIN_TABLE 
	  WHERE 
  	  username = '$username'
  	  and password = '$password'";
$query_just_user = 
	 "SELECT profile_id, username, password 
	  FROM $SQL_MAIN_TABLE 
	  WHERE 
  	  username = '$username'";
		  
if(!$_SESSION['loggedIn']){
//query database for login
$link = mysql_connect($LOCALHOST, $SQL_USER, $SQL_PASSWORD);
	if (!$link) {
   		die('Could not connect: ' . mysql_error());
	}

mysql_select_db($SQL_DB) or die('Could not select database');
// Performing SQL query

$result_main = mysql_query($query_main) or die('Query failed: ' . mysql_error());
$num_main=mysql_numrows($result_main);
$result_just_user = mysql_query($query_just_user) or die('Query failed: ' . mysql_error());
$num_just_user = mysql_numrows($result_just_user);
	if($num_main != 0){
	$_SESSION['loggedIn'] = 'yes';
	}
	else{
		if($num_just_user != 0){
			header( 'Location: index.php?loginerror=2' ) ; session_destroy();
		}
		else{header( 'Location: index.php?loginerror=1' ) ; session_destroy();}
	}
}

?>

[kickassamd]

Try

if(empty($username) || empty($password)){
header( 'Location: index.php' ) ; session_destroy();
}