As several people here have stated, do not trust user input - ever. By sanitizing your input, especially username & password fields you help to ward off SQL Injection attacks.
For all that is good & holy don't store usernames or passwords in cookies, they're sent back & forth to the server on every request and anyone watching the stream can snatch that data...then you're in big trouble.
Here's a couple articles you should read on sessions, security and hashing - just hashing your passwords to SHA1 or MD5 isn't enough, salt them so they're even more robust. There's no such thing as impenetrable security - even if you do EVERYTHING right someone can break it - it's inevitable. Your job is to make things as hard to break/exploit as possible.
The more work involved in breaking into your site, the more valuable your content has to be to be worth the effort. Your job is to discourage malicious users.
This article has some nice info on creating unique fingerprints for your visitors, helps to make session hijacking more difficult - PHP Security Guide: Sessions
This article deals with basic password hashing & salting techniques - Password Hashing
This is by no means an end all & be all - you can make a career doing security and the like, but they're a good starting point. Someone here can probably point to better / more advanced articles, but I've personally found these helpful in shoring up my code.