protected string Auth()
{
String xml;
String strPhoto = Globals.APP_ROOT_PATH + "common/images/User1_120.png";
String strPhotoModeImage = Globals.APP_ROOT_PATH + "common/images/User1_40.png";
String query = "";
//Check if user filled login and password at the login screen (Chat authorization)
if (!String.IsNullOrEmpty(Request["user_name"]) && !String.IsNullOrEmpty(Request["password"]))
{
query = "SELECT * FROM registered_members WHERE login='" + Request["user_name"].ToString() + "' AND password='" + Request["password"].ToString() + "'";
}
// Check session existence with enabled Autologin
else if (Session["uid"] != null && Session["uid"] != string.Empty)
{
query = "SELECT * FROM registered_members WHERE login='" + Session["uid"].ToString() + "'";
}
// Non session/cookie based autologin authorization
else if(!String.IsNullOrEmpty(Request["uid"]))
{
query = "SELECT * FROM registered_members WHERE login='" + Request["uid"].ToString() + "'";
}
else
{
xml = "<auth error=\"AUTH_ERROR\" />";
}
// Connect to your database to retrieve user's profile info
if (!string.IsNullOrEmpty(query))
{
xml = "<auth error=\"AUTH_ERROR\" />";
DataTable dt = new DataTable();
SqlConnection connect = new SqlConnection(ConfigurationManager.ConnectionStrings["LocalSqlServer"].ConnectionString);
connect.Open();
SqlDataAdapter ad = new SqlDataAdapter(query, connect);
ad.Fill(dt);
connect.Close();
// Retrieve user's profile info from DataTable and generate xml response
if (dt.Rows.Count > 0)
{
xml = string.Format("<auth>" +
"<userName><![CDATA[{0}]]></userName>" +
"<gender>{1}</gender>" +
"<level>{2}</level>" +
"<photo><![CDATA[{3}]]></photo>" +
"<photoModeImage><![CDATA[{4}]]></photoModeImage>" +
"</auth>", dt.Rows[0]["username"].ToString(), dt.Rows[0]["gender"].ToString(), dt.Rows[0]["level"].ToString(), strPhoto, strPhotoModeImage);
}
}
else
{
xml = "<auth error=\"AUTH_ERROR\" />";
}
return xml;
}