<?php
//Connect to users database
$db = mysql_connect('localhost','database_user_goes_here','database_password_goes_here') or die(mysql_error());
mysql_select_db('database_name',$db) or die(mysql_error());
//Init request parameters
$userName = (isset($_REQUEST["user_name"])) ? urldecode($_REQUEST["user_name"]) : "";
$password = (isset($_REQUEST["password"])) ? urldecode($_REQUEST["password"]) : "";
$uid = (isset($_REQUEST["uid"])) ? urldecode($_REQUEST["uid"]) : "";
//Check if user filled login and password in the login screen (Chat authorization)
if($userName != "" && $password != "")
{
$sql = "SELECT * FROM users_table WHERE login='".$userName."' AND password='".$password."'";
}
//session/cookie base authorization (Auto login)
else if ($_SESSION['user_id']!="")
{
$sql = "SELECT * FROM users_table WHERE id='".$_SESSION["user_id"]."'";
}
// Non session/cookie based autologin authorization
else if ($uid!="")
{
$sql = "SELECT * FROM users_table WHERE id='".$_GET['uid']."'";
}
else
{
echo '<auth error="AUTH_ERROR" />';
exit;
}
//Select user data
$result = mysql_query($sql,$db);
if(mysql_num_rows($result)==1)
{
//User found. get user info
$usersInfo = mysql_fetch_array($result);
$photo = 'http://www.yourdomain.com/images/photos/'.$usersInfo['id'].'.png';
$photoModeImage = 'http://www.yourdomain.com/images/photos_small/'.$usersInfo['id'].'.png';
$answer = '<auth>';
$answer .= '<userName><![CDATA['.$userName.']]></userName>';
$answer .= '<gender>'.$usersInfo['gender'].'</gender>'; //male, female or couple
$answer .= '<level>'.$usersInfo['level'].'</level>';
$answer .= '<photo><![CDATA['.$photo.']]></photo>';
$answer .= '<photoModeImage><![CDATA['.$photoModeImage.']]></photoModeImage>';
$answer .= '</auth>';
echo $answer;
exit;
}
else
{
//User not found OR authorization failed
echo '<auth error="AUTH_ERROR" />';
exit;
}
?>