+ type = "coke";
+ }
+ else if( flags & USER_FLAG_ADMIN ) {
+ type = "admin";
+ }
+ else {
+ type = "user";
+ }
+
+ if( flags & USER_FLAG_DISABLED )
+ disabled = ",disabled";
+ if( flags & USER_FLAG_DOORGROUP )
+ door = ",door";
+
+ // TODO: User flags/type
+ sendf(
+ Client->Socket, "202 User %s %i %s%s%s\n",
+ Bank_GetAcctName(UserID), Bank_GetBalance(UserID),
+ type, disabled, door
+ );
+}
+
+void Server_Cmd_USERADD(tClient *Client, char *Args)
+{
+ char *username;
+
+ // Parse arguments
+ if( Server_int_ParseArgs(0, Args, &username, NULL) ) {
+ sendf(Client->Socket, "407 USER_ADD takes 1 argument\n");
+ return ;
+ }
+
+ // Check authentication
+ if( !Client->bIsAuthed ) {
+ sendf(Client->Socket, "401 Not Authenticated\n");
+ return ;
+ }
+
+ // Check permissions
+ if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
+ sendf(Client->Socket, "403 Not a coke admin\n");
+ return ;
+ }
+
+ // Try to create user
+ if( Bank_CreateAcct(username) == -1 ) {
+ sendf(Client->Socket, "404 User exists\n");
+ return ;
+ }
+
+ {
+ char *thisName = Bank_GetAcctName(Client->UID);
+ Log_Info("Account '%s' created by '%s'", username, thisName);
+ free(thisName);
+ }
+
+ sendf(Client->Socket, "200 User Added\n");
+}
+
+void Server_Cmd_USERFLAGS(tClient *Client, char *Args)
+{
+ char *username, *flags, *reason=NULL;
+ int mask=0, value=0;
+ int uid;
+
+ // Parse arguments
+ if( Server_int_ParseArgs(1, Args, &username, &flags, &reason, NULL) ) {
+ if( !flags ) {
+ sendf(Client->Socket, "407 USER_FLAGS takes at least 2 arguments\n");
+ return ;
+ }
+ reason = "";
+ }
+
+ // Check authentication
+ if(!require_auth(Client)) return;
+
+ // Check permissions
+ if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
+ sendf(Client->Socket, "403 Not a coke admin\n");
+ return ;
+ }
+
+ // Get UID
+ uid = Bank_GetAcctByName(username, 0);
+ if( uid == -1 ) {
+ sendf(Client->Socket, "404 User '%s' not found\n", username);
+ return ;
+ }
+
+ // Parse flags
+ if( Server_int_ParseFlags(Client, flags, &mask, &value) )
+ return ;
+
+ if( giDebugLevel )
+ Debug(Client, "Set %i(%s) flags to %x (masked %x)\n",
+ uid, username, mask, value);
+
+ // Apply flags
+ Bank_SetFlags(uid, mask, value);
+
+ // Log the change
+ Log_Info("Updated '%s' with flag set '%s' by '%s' - Reason: %s",
+ username, flags, Client->Username, reason);
+
+ // Return OK
+ sendf(Client->Socket, "200 User Updated\n");
+}
+
+void Server_Cmd_UPDATEITEM(tClient *Client, char *Args)
+{
+ char *itemname, *price_str, *description;
+ int price;
+ tItem *item;
+
+ if( Server_int_ParseArgs(1, Args, &itemname, &price_str, &description, NULL) ) {
+ sendf(Client->Socket, "407 UPDATE_ITEM takes 3 arguments\n");
+ return ;
+ }
+
+ if(!require_auth(Client)) return;
+
+ // Check user permissions
+ if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
+ sendf(Client->Socket, "403 Not in coke\n");
+ return ;
+ }
+
+ item = _GetItemFromString(itemname);
+ if( !item ) {
+ // TODO: Create item?
+ sendf(Client->Socket, "406 Bad Item ID\n");
+ return ;
+ }
+
+ price = atoi(price_str);
+ if( price <= 0 && price_str[0] != '0' ) {
+ sendf(Client->Socket, "407 Invalid price set\n");
+ }
+
+ switch( DispenseUpdateItem( Client->UID, item, description, price ) )
+ {
+ case 0:
+ // Return OK
+ sendf(Client->Socket, "200 Item updated\n");
+ break;
+ default:
+ break;
+ }
+}
+
+void Server_Cmd_PINCHECK(tClient *Client, char *Args)
+{
+ char *username, *pinstr;
+ int pin;
+
+ if( Server_int_ParseArgs(0, Args, &username, &pinstr, NULL) ) {
+ sendf(Client->Socket, "407 PIN_CHECK takes 2 arguments\n");
+ return ;
+ }
+
+ if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) {
+ sendf(Client->Socket, "407 PIN should be four digits\n");
+ return ;
+ }
+ pin = atoi(pinstr);
+
+ if(!require_auth(Client)) return;
+
+ // Get user
+ int uid = Bank_GetAcctByName(username, 0);
+ if( uid == -1 ) {
+ sendf(Client->Socket, "404 User '%s' not found\n", username);
+ return ;
+ }
+
+ // Check user permissions
+ if( uid != Client->UID && !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
+ sendf(Client->Socket, "403 Not in coke\n");
+ return ;
+ }
+
+ // Get the pin
+ static time_t last_wrong_pin_time;
+ static int backoff = 1;
+ if( time(NULL) - last_wrong_pin_time < backoff ) {
+ sendf(Client->Socket, "407 Rate limited (%i seconds remaining)\n",
+ backoff - (time(NULL) - last_wrong_pin_time));
+ return ;
+ }
+ last_wrong_pin_time = time(NULL);
+ if( !Bank_IsPinValid(uid, pin) )
+ {
+ sendf(Client->Socket, "401 Pin incorrect\n");
+ struct sockaddr_storage addr;
+ socklen_t len = sizeof(addr);
+ char ipstr[INET6_ADDRSTRLEN];
+ getpeername(Client->Socket, (void*)&addr, &len);
+ struct sockaddr_in *s = (struct sockaddr_in *)&addr;
+ inet_ntop(addr.ss_family, &s->sin_addr, ipstr, sizeof(ipstr));
+ Debug_Notice("Bad pin from %s for %s by %i", ipstr, username, Client->UID);
+ if( backoff < 5)
+ backoff ++;
+ return ;
+ }
+
+ last_wrong_pin_time = 0;
+ backoff = 1;
+ sendf(Client->Socket, "200 Pin correct\n");
+ return ;
+}
+void Server_Cmd_PINSET(tClient *Client, char *Args)
+{
+ char *pinstr;
+ int pin;
+
+
+ if( Server_int_ParseArgs(0, Args, &pinstr, NULL) ) {
+ sendf(Client->Socket, "407 PIN_SET takes 1 argument\n");
+ return ;
+ }
+
+ if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) {
+ sendf(Client->Socket, "407 PIN should be four digits\n");
+ return ;
+ }
+ pin = atoi(pinstr);
+
+ if(!require_auth(Client)) return;
+
+ int uid = Client->EffectiveUID > 0 ? Client->EffectiveUID : Client->UID;
+ CLIENT_DEBUG(Client, "Setting PIN for UID %i", uid);
+ // Can only pinset yourself (well, the effective user)
+ Bank_SetPin(uid, pin);
+ sendf(Client->Socket, "200 Pin updated\n");
+ return ;
+}
+void Server_Cmd_CARDADD(tClient* Client, char* Args)
+{
+ char* card_id;
+ if( Server_int_ParseArgs(0, Args, &card_id, NULL) ) {
+ sendf(Client->Socket, "407 CARD_ADD takes 1 argument\n");
+ return ;
+ }
+
+ if(!require_auth(Client)) return;
+
+ int uid = Client->EffectiveUID > 0 ? Client->EffectiveUID : Client->UID;
+ CLIENT_DEBUG(Client, "Add card '%s' to UID %i", card_id, uid);
+ if( Bank_AddAcctCard(uid, card_id) )
+ {
+ sendf(Client->Socket, "408 Card already exists\n");
+ return ;
+ }
+ sendf(Client->Socket, "200 Card added\n");
+}
+
+// --- INTERNAL HELPERS ---
+void Debug(tClient *Client, const char *Format, ...)
+{
+ va_list args;
+ //printf("%010i [%i] ", (int)time(NULL), Client->ID);
+ printf("[%i] ", Client->ID);
+ va_start(args, Format);
+ vprintf(Format, args);
+ va_end(args);
+ printf("\n");
+}
+
+int sendf(int Socket, const char *Format, ...)
+{
+ va_list args;
+ int len;
+
+ va_start(args, Format);
+ len = vsnprintf(NULL, 0, Format, args);
+ va_end(args);
+
+ {
+ char buf[len+1];
+ va_start(args, Format);
+ vsnprintf(buf, len+1, Format, args);
+ va_end(args);
+
+ #if DEBUG_TRACE_CLIENT
+ printf("sendf: %s", buf);
+ #endif