<?
   session_start();
   
   if ( $_POST['action']="login" ) {

	   $connection= mysql_connect( "localhost", "jbf", "gimble3" ) or die(mysql_error());

		 $sql= "select * from cottagesystems.credentials where login = '".$_POST['login']."' and password= password('".$_POST['password']."') ";

		 $result= mysql_query( $sql, $connection ) or die(mysql_error());

		 if ($row=mysql_fetch_array($result)) {
  	    $_SESSION['login']="jbf";
		 } else {
				echo "Invalid credentials";
				echo "$sql";
        exit;
     }

   }

   $login= $_SESSION['login'];
   if ( $login=="jbf" ) {
      header("Location: jbf.php");
   }

?>