/// <summary>
        /// assigns the auth-cookie to user
        /// </summary>
        public static void FormsAuthLogin(string userName, bool rememberMe, HttpContext context)
        {
            LoginUtils.ResetBruteForceCounter(context);

            if (!rememberMe)
            {
                FormsAuthentication.SetAuthCookie(userName, false);
            }
            else
            {
                FormsAuthentication.Initialize();
                DateTime expires = DateTime.Now.AddDays(20);
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                                                                                 userName,
                                                                                 DateTime.Now,
                                                                                 expires, // value of time out property
                                                                                 true,    // Value of IsPersistent property
                                                                                 String.Empty,
                                                                                 FormsAuthentication.FormsCookiePath);

                string encryptedTicket = FormsAuthentication.Encrypt(ticket);

                HttpCookie authCookie = new HttpCookie(
                    FormsAuthentication.FormsCookieName,
                    encryptedTicket);
                authCookie.Expires = expires;

                HttpContext.Current.Response.Cookies.Add(authCookie);
            }
        }
        public static bool VerifyAutoLogin(string username, string pswHash, string email, string userHash, string sharedSecret, out string result, Func <int> addUserMethod)
        {
            result = "";

            if (LoginUtils.IsBruteForce(System.Web.HttpContext.Current, true))
            {
                return(false);
            }

            if (username == null)             //username not passed - get out
            {
                LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
                return(false);
            }

            if (pswHash == null && (email == null || userHash == null))             //pswHash not passwed AND email/userHash not passed - get out
            {
                LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
                return(false);
            }

            //logging in an existing user with his password hash
            if (pswHash != null)
            {
                int    userId;
                string password;
                if (UserHelpers.GetUserIdAndPswByUsername(username, Instance.CurrentInstanceID, out userId, out password))
                {
                    if (CryptoUtils.MD5Hash(password).ToLower() == pswHash.ToLower() || password.ToLower() == pswHash.ToLower())
                    {
                        UserHelpers.CurrentUserID = userId;
                        LoginUtils.ResetBruteForceCounter(System.Web.HttpContext.Current, true);
                        LoginUtils.FormsAuthLogin(username, false, System.Web.HttpContext.Current);
                        return(true);
                    }
                    else
                    {
                        result = "Invalid parameters passed. Wait 5 minutes and try again.";
                    }
                }
                else
                {
                    result = "Invalid parameters passed. Wait 5 minutes and try again.";
                }
                LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
                return(false);
            }

            //logging in a user (either new or existing) with the app "shared secret"
            if (email != null && userHash != null)
            {
                if (string.IsNullOrEmpty(sharedSecret))
                {
                    result = "No shared key specified.";
                    return(false);
                }
                string computedHash = CryptoUtils.MD5Hash(username + email + sharedSecret);
                if (userHash.ToLower() != computedHash.ToLower())
                {
                    LoginUtils.LogInvalidLoginAttempt(System.Web.HttpContext.Current, true);
                    result = "Invalid parameters passed. Wait 5 minutes and try again.";
                    return(false);
                }

                int userId = UserHelpers.GetUserIDByUsername(username, Instance.CurrentInstanceID);
                if (userId == 0)                 //user not found - lets add him (call delegate)
                {
                    try
                    {
                        userId = addUserMethod();
                    }
                    catch (Exception ex)
                    {
                        result = ex.Message;
                        return(false);
                    }
                }

                UserHelpers.CurrentUserID = userId;
                LoginUtils.ResetBruteForceCounter(System.Web.HttpContext.Current, true);
                LoginUtils.FormsAuthLogin(username, false, System.Web.HttpContext.Current);
                return(true);
            }

            return(false);
        }