I assume you're using CURL because you want to post to another server?
Here is a good explanation of that part:
If you're posting the form (username/password) to the same server,
Then I'm not sure why you're using CURL.
I think we need to know more before answering the cookie part, because
I'm not sure if cookies are the correct thing ... maybe PHP SESSION?
Or is there a MySQL database involved with the username/password?
How do you determine if the username and password is correct?