I suspect wget is working correctly and the site is malfunctioning.
It's difficult to say why without knowing what site, but I suspect --user and --password aren't doing what you want. They will not input passwords into form-elements.
--post-data=string
--post-file=file
Use POST as the method for all HTTP requests and send the specified
data in the request body. --post-data sends string as data,
whereas --post-file sends the contents of file. Other than that,
they work in exactly the same way. In particular, they both expect
content of the form "key1=value1&key2=value2", with percent-encod-
ing for special characters; the only difference is that one expects
its content as a command-line paramter and the other accepts its
content from a file.
The real question is, what data does this website expect in POST? There is no generic answer, that is up to their implementation, you'll have to look at its <form>s to see that.
Wow, they're really taking the long, long, long way around. Though I can kind of send the point of sending the hash, not the password -- except if anyone steals that hash instead, that's just as useful. In other words everyone that looks at the page without a browser sees right through it...
sha1sum is open-source and freely available. I thought it was part of openssl, but apparently it's in GNU Coreutils. It may also be available as part of busybox (which many Linux systems keep around for emergencies).
Try iconv -l to see what codes it can convert between.