- #if 0
- //
- strcpy(input, Username);
- strcpy(input, Salt);
- // TODO: Get user's SHA-1 hash
- sprintf(tmp, "uid=%s", Username);
- ldap_search_s(ld, "", LDAP_SCOPE_BASE, tmp, "userPassword", 0, res);
-
- sprintf(input+ofs, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
- h[ 0], h[ 1], h[ 2], h[ 3], h[ 4], h[ 5], h[ 6], h[ 7], h[ 8], h[ 9],
- h[10], h[11], h[12], h[13], h[14], h[15], h[16], h[17], h[18], h[19]
- );
- // Then create the hash from the provided salt
- // Compare that with the provided hash
- #endif
+ // Check authentication
+ if( !Client->bIsAuthed ) {
+ sendf(Client->Socket, "401 Not Authenticated\n");
+ return ;
+ }
+
+ // Check permissions
+ if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
+ sendf(Client->Socket, "403 Not a coke admin\n");
+ return ;
+ }
+
+ // Try to create user
+ if( Bank_CreateAcct(username) == -1 ) {
+ sendf(Client->Socket, "404 User exists\n");
+ return ;
+ }
+
+ {
+ char *thisName = Bank_GetAcctName(Client->UID);
+ Log_Info("Account '%s' created by '%s'", username, thisName);
+ free(thisName);
+ }
+
+ sendf(Client->Socket, "200 User Added\n");
+}
+
+void Server_Cmd_USERFLAGS(tClient *Client, char *Args)
+{
+ char *username, *flags, *reason=NULL;
+ int mask=0, value=0;
+ int uid;
+
+ // Parse arguments
+ if( Server_int_ParseArgs(1, Args, &username, &flags, &reason, NULL) ) {
+ if( !flags ) {
+ sendf(Client->Socket, "407 USER_FLAGS takes at least 2 arguments\n");
+ return ;
+ }
+ reason = "";
+ }
+
+ // Check authentication
+ if(!require_auth(Client)) return;
+
+ // Check permissions
+ if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
+ sendf(Client->Socket, "403 Not a coke admin\n");
+ return ;
+ }
+
+ // Get UID
+ uid = Bank_GetAcctByName(username, 0);
+ if( uid == -1 ) {
+ sendf(Client->Socket, "404 User '%s' not found\n", username);
+ return ;
+ }
+
+ // Parse flags
+ if( Server_int_ParseFlags(Client, flags, &mask, &value) )
+ return ;
+
+ if( giDebugLevel )
+ Debug(Client, "Set %i(%s) flags to %x (masked %x)\n",
+ uid, username, mask, value);
+
+ // Apply flags
+ Bank_SetFlags(uid, mask, value);
+
+ // Log the change
+ Log_Info("Updated '%s' with flag set '%s' by '%s' - Reason: %s",
+ username, flags, Client->Username, reason);
+
+ // Return OK
+ sendf(Client->Socket, "200 User Updated\n");
+}
+
+void Server_Cmd_UPDATEITEM(tClient *Client, char *Args)
+{
+ char *itemname, *price_str, *description;
+ int price;
+ tItem *item;
+
+ if( Server_int_ParseArgs(1, Args, &itemname, &price_str, &description, NULL) ) {
+ sendf(Client->Socket, "407 UPDATE_ITEM takes 3 arguments\n");
+ return ;
+ }
+
+ if(!require_auth(Client)) return;
+
+ // Check user permissions
+ if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
+ sendf(Client->Socket, "403 Not in coke\n");
+ return ;
+ }
+
+ item = _GetItemFromString(itemname);
+ if( !item ) {
+ // TODO: Create item?
+ sendf(Client->Socket, "406 Bad Item ID\n");
+ return ;
+ }
+
+ price = atoi(price_str);
+ if( price <= 0 && price_str[0] != '0' ) {
+ sendf(Client->Socket, "407 Invalid price set\n");
+ }
+
+ switch( DispenseUpdateItem( Client->UID, item, description, price ) )
+ {
+ case 0:
+ // Return OK
+ sendf(Client->Socket, "200 Item updated\n");
+ break;
+ default:
+ break;
+ }
+}
+
+void Server_Cmd_PINCHECK(tClient *Client, char *Args)
+{
+ char *username, *pinstr;
+ int pin;
+
+ if( Server_int_ParseArgs(0, Args, &username, &pinstr, NULL) ) {
+ sendf(Client->Socket, "407 PIN_CHECK takes 2 arguments\n");
+ return ;
+ }
+
+ if( !isdigit(pinstr[0]) || !isdigit(pinstr[1]) || !isdigit(pinstr[2]) || !isdigit(pinstr[3]) || pinstr[4] != '\0' ) {
+ sendf(Client->Socket, "407 PIN should be four digits\n");
+ return ;
+ }
+ pin = atoi(pinstr);
+
+ if(!require_auth(Client)) return;
+
+ // Get user
+ int uid = Bank_GetAcctByName(username, 0);
+ if( uid == -1 ) {
+ sendf(Client->Socket, "404 User '%s' not found\n", username);
+ return ;
+ }
+
+ // Check user permissions
+ if( uid != Client->UID && !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
+ sendf(Client->Socket, "403 Not in coke\n");
+ return ;
+ }