Thats ok, as long as you understand that it is just a rough idea, you do need to add some form of security to the sanitize function and that you do need to do a bit more than just blindly accept a form.
I suggest that you add a check to ensure that your script received the form and the script is not processing push data from a web bot or a brute force attempt to find a weakness.
I also suggest that you have a couple of hidden fields that is something like
<input type="hidden" name="login" value="" readonly />
<input type="hidden" name="pass" value="" readonly />
which you also check, a web bot is not interested in if a field is hidden or readonly or not, it will see the name of login and pass and it will be programmed to assume that they are what they say they are (bit like a honey trap) and you can check that the fields are also present and also empty!!! If they are not then you know something is wrong and your script could then reject the submission
I also advise that when you detect anything hinkey going on that your script monitors the IP address and part of your checks are made to see if you have logged the IP address and number of attempts, if they are persistent then your script does not process but dumps the user at an empty page.
I had a web login page that would accept any log in attempt, it recorded the users IP address and simply left the user at a page thanking them for logging in, then a legitimate user would know where to go whereas anyone else would be left scratching their heads or if they were a bot then it would be apparent from the number of attempts in a specific time and all they would get is a blank screen treatment.