When dealing remote form posts it is a really good idea to use a network sniffing tool so that you can see the communication taking place. For example in Chrome you could use: Developer Tools -> Network -> Documents, to view what is happening as you submit the form.
By sniffing the login form at ttps://webapp.wizards.com/login.aspx I can see the following posted parameters:
target:
dcinumber:
password:
action:login
If your request does not contain these parameters it is very possible that the web application will throw back your request (by rendering the page again with an error message). This is why you see the login page in your result.
So your post fields should look more like this:
array("dcinumber" =>$user, "password" => $password, 'target' => $target, 'action' => 'login')