Your script calls up a php behaviour depreciated for security reasons since php 4.2.0. You will find more details on http://be2.php.net/register_globals
Briefly, the variables from the forms are no longer recorded by default in the script text but accessible via the hashes $_GET $_POST and $_COOKIE. The variables you’re calling up are therefore not defined which explains why the mail content is empty, and you have to, for example, for security reasons use
$_GET[’login’] instead of $login (or $_POST[’login’] if the form is sent by post)
In the long term, the new php versions will no longer support this behaviour, we therefore strongly recommend you to revise your script.