public override void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (var rdr = new StreamReader(context.Request.InputStream)) query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); using (var db = new Database(Program.Settings.GetValue("conn"))) { Account acc = db.Verify(query["guid"], query["password"]); int charSlots = db.MaxCharSlotPrice(query["guid"]); byte[] status; if (acc == null) { status = Encoding.UTF8.GetBytes("<Error>Account credentials not valid</Error>"); } else { MySqlCommand cmd = db.CreateQuery(); cmd.CommandText = "SELECT fame FROM stats WHERE accId=@accId;"; cmd.Parameters.AddWithValue("@accId", acc.AccountId); if ((int) cmd.ExecuteScalar() < charSlots) status = Encoding.UTF8.GetBytes("<Error>Not enough fame</Error>"); else { cmd = db.CreateQuery(); cmd.CommandText = "UPDATE stats SET fame = fame - @price WHERE accId=@accId"; cmd.Parameters.AddWithValue("@accId", acc.AccountId); cmd.Parameters.AddWithValue("@price", charSlots); if (cmd.ExecuteNonQuery() > 0) { cmd = db.CreateQuery(); cmd.CommandText = "UPDATE accounts SET maxCharSlot = maxCharSlot + 1 WHERE id=@accId"; cmd.Parameters.AddWithValue("@accId", acc.AccountId); if (cmd.ExecuteNonQuery() > 0) status = Encoding.UTF8.GetBytes("<Success/>"); else status = Encoding.UTF8.GetBytes("<Error>Internal Error</Error>"); } else status = Encoding.UTF8.GetBytes("<Error>Internal Error</Error>"); } } context.Response.OutputStream.Write(status, 0, status.Length); } }