Server - Added bac to mark zero priced slots as erroring

[tpg/opendispense2.git] / src / server / server.c
diff --git a/src/server/server.c b/src/server/server.c

index 330ac66..b7ca068 100644 (file)
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -14,21 +14,30 @@
  #include <netinet/in.h>
  #include <arpa/inet.h>
  #include <unistd.h>
+#include <fcntl.h>     // O_*
  #include <string.h>
  #include <limits.h>
  #include <stdarg.h>
+#include <signal.h>    // Signal handling
+#include <ident.h>     // AUTHIDENT
+#include <time.h>      // time(2)
  
  #define        DEBUG_TRACE_CLIENT      0
+#define HACK_NO_REFUNDS        1
  
  // Statistics
  #define MAX_CONNECTION_QUEUE   5
  #define INPUT_BUFFER_SIZE      256
+#define CLIENT_TIMEOUT 10      // Seconds
  
  #define HASH_TYPE      SHA1
  #define HASH_LENGTH    20
  
  #define MSG_STR_TOO_LONG       "499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n"
  
+#define IDENT_TRUSTED_NETWORK 0x825F0D00
+#define IDENT_TRUSTED_NETMASK 0xFFFFFFC0
+
  // === TYPES ===
  typedef struct sClient
  {
@@ -54,20 +63,27 @@ void        Server_ParseClientCommand(tClient *Client, char *CommandString);
  void   Server_Cmd_USER(tClient *Client, char *Args);
  void   Server_Cmd_PASS(tClient *Client, char *Args);
  void   Server_Cmd_AUTOAUTH(tClient *Client, char *Args);
+void   Server_Cmd_AUTHIDENT(tClient *Client, char *Args);
  void   Server_Cmd_SETEUSER(tClient *Client, char *Args);
  void   Server_Cmd_ENUMITEMS(tClient *Client, char *Args);
  void   Server_Cmd_ITEMINFO(tClient *Client, char *Args);
  void   Server_Cmd_DISPENSE(tClient *Client, char *Args);
+void   Server_Cmd_REFUND(tClient *Client, char *Args);
  void   Server_Cmd_GIVE(tClient *Client, char *Args);
+void   Server_Cmd_DONATE(tClient *Client, char *Args);
  void   Server_Cmd_ADD(tClient *Client, char *Args);
+void   Server_Cmd_SET(tClient *Client, char *Args);
  void   Server_Cmd_ENUMUSERS(tClient *Client, char *Args);
  void   Server_Cmd_USERINFO(tClient *Client, char *Args);
  void   _SendUserInfo(tClient *Client, int UserID);
  void   Server_Cmd_USERADD(tClient *Client, char *Args);
  void   Server_Cmd_USERFLAGS(tClient *Client, char *Args);
+void   Server_Cmd_UPDATEITEM(tClient *Client, char *Args);
  // --- Helpers ---
+void   Debug(tClient *Client, const char *Format, ...);
   int   sendf(int Socket, const char *Format, ...);
-void   HexBin(uint8_t *Dest, char *Src, int BufSize);
+ int   Server_int_ParseArgs(int bUseLongArg, char *ArgStr, ...);
+ int   Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value);
  
  // === CONSTANTS ===
  // - Commands
@@ -78,23 +94,34 @@ const struct sClientCommand {
         {"USER", Server_Cmd_USER},
         {"PASS", Server_Cmd_PASS},
         {"AUTOAUTH", Server_Cmd_AUTOAUTH},
+       {"AUTHIDENT", Server_Cmd_AUTHIDENT},
         {"SETEUSER", Server_Cmd_SETEUSER},
         {"ENUM_ITEMS", Server_Cmd_ENUMITEMS},
         {"ITEM_INFO", Server_Cmd_ITEMINFO},
         {"DISPENSE", Server_Cmd_DISPENSE},
+       {"REFUND", Server_Cmd_REFUND},
         {"GIVE", Server_Cmd_GIVE},
+       {"DONATE", Server_Cmd_DONATE},
         {"ADD", Server_Cmd_ADD},
+       {"SET", Server_Cmd_SET},
         {"ENUM_USERS", Server_Cmd_ENUMUSERS},
         {"USER_INFO", Server_Cmd_USERINFO},
         {"USER_ADD", Server_Cmd_USERADD},
-       {"USER_FLAGS", Server_Cmd_USERFLAGS}
+       {"USER_FLAGS", Server_Cmd_USERFLAGS},
+       {"UPDATE_ITEM", Server_Cmd_UPDATEITEM}
  };
-#define NUM_COMMANDS   (sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0]))
+#define NUM_COMMANDS   ((int)(sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0])))
  
  // === GLOBALS ===
- int   giServer_Port = 1020;
- int   giServer_NextClientID = 1;
- int   giServer_Socket;
+// - Configuration
+ int   giServer_Port = 11020;
+ int   gbServer_RunInBackground = 0;
+char   *gsServer_LogFile = "/var/log/dispsrv.log";
+char   *gsServer_ErrorLog = "/var/log/dispsrv.err";
+// - State variables
+ int   giServer_Socket;        // Server socket
+ int   giServer_NextClientID = 1;      // Debug client ID
+ 
  
  // === CODE ===
  /**
@@ -106,6 +133,8 @@ void Server_Start(void)
         struct sockaddr_in      server_addr, client_addr;
  
         atexit(Server_Cleanup);
+       // Ignore SIGPIPE (stops crashes when the client exits early)
+       signal(SIGPIPE, SIG_IGN);
  
         // Create Server
         giServer_Socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
@@ -126,6 +155,38 @@ void Server_Start(void)
                 perror("Binding");
                 return ;
         }
+
+       // Fork into background
+       if( gbServer_RunInBackground )
+       {
+               int pid = fork();
+               if( pid == -1 ) {
+                       fprintf(stderr, "ERROR: Unable to fork\n");
+                       perror("fork background");
+                       exit(-1);
+               }
+               if( pid != 0 ) {
+                       // Parent, quit
+                       printf("Forked child %i\n", pid);
+                       exit(0);
+               }
+               // In child
+               // - Sort out stdin/stdout
+               #if 0
+               dup2( open("/dev/null", O_RDONLY, 0644), STDIN_FILENO );
+               dup2( open(gsServer_LogFile, O_CREAT|O_APPEND, 0644), STDOUT_FILENO );
+               dup2( open(gsServer_ErrorLog, O_CREAT|O_APPEND, 0644), STDERR_FILENO );
+               #else
+               freopen("/dev/null", "r", stdin);
+               freopen(gsServer_LogFile, "a", stdout);
+               freopen(gsServer_ErrorLog, "a", stderr);
+               fprintf(stdout, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
+               fprintf(stderr, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
+               #endif
+       }
+
+       // Start the helper thread
+       StartPeriodicThread();
         
         // Listen
         if( listen(giServer_Socket, MAX_CONNECTION_QUEUE) < 0 ) {
@@ -136,17 +197,40 @@ void Server_Start(void)
         
         printf("Listening on 0.0.0.0:%i\n", giServer_Port);
         
+       // write pidfile
+       {
+               FILE *fp = fopen("/var/run/dispsrv.pid", "w");
+               if( fp ) {
+                       fprintf(fp, "%i", getpid());
+                       fclose(fp);
+               }
+       }
+
         for(;;)
         {
                 uint    len = sizeof(client_addr);
                  int    bTrusted = 0;
                 
+               // Accept a connection
                 client_socket = accept(giServer_Socket, (struct sockaddr *) &client_addr, &len);
                 if(client_socket < 0) {
                         fprintf(stderr, "ERROR: Unable to accept client connection\n");
                         return ;
                 }
                 
+               // Set a timeout on the user conneciton
+               {
+                       struct timeval tv;
+                       tv.tv_sec = CLIENT_TIMEOUT;
+                       tv.tv_usec = 0;
+                       if( setsockopt(client_socket, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)) )
+                       {
+                               perror("setsockopt");
+                               return ;
+                       }
+               }
+               
+               // Debug: Print the connection string
                 if(giDebugLevel >= 2) {
                         char    ipstr[INET_ADDRSTRLEN];
                         inet_ntop(AF_INET, &client_addr.sin_addr, ipstr, INET_ADDRSTRLEN);
@@ -154,6 +238,10 @@ void Server_Start(void)
                                 ipstr, ntohs(client_addr.sin_port));
                 }
                 
+               // Doesn't matter what, localhost is trusted
+               if( ntohl( client_addr.sin_addr.s_addr ) == 0x7F000001 )
+                       bTrusted = 1;
+               
                 // Trusted Connections
                 if( ntohs(client_addr.sin_port) < 1024 )
                 {
@@ -161,9 +249,15 @@ void Server_Start(void)
                         switch( ntohl( client_addr.sin_addr.s_addr ) )
                         {
                         case 0x7F000001:        // 127.0.0.1    localhost
-                       //case 0x825E0D00:      // 130.95.13.0
-                       case 0x825E0D12:        // 130.95.13.18 mussel
-                       case 0x825E0D17:        // 130.95.13.23 martello
+               //      case 0x825F0D00:        // 130.95.13.0
+                       case 0x825F0D04:        // 130.95.13.4  merlo
+               //      case 0x825F0D05:        // 130.95.13.5  heathred (MR)
+                       case 0x825F0D07:        // 130.95.13.7  motsugo
+                       case 0x825F0D11:        // 130.95.13.17 mermaid
+                       case 0x825F0D12:        // 130.95.13.18 mussel
+                       case 0x825F0D17:        // 130.95.13.23 martello
+                       case 0x825F0D2A:        // 130.95.13.42 meersau
+               //      case 0x825F0D42:        // 130.95.13.66 heathred (Clubroom)
                                 bTrusted = 1;
                                 break;
                         default:
@@ -180,8 +274,9 @@ void Server_Start(void)
  
  void Server_Cleanup(void)
  {
-       printf("Close(%i)\n", giServer_Socket);
+       printf("\nClose(%i)\n", giServer_Socket);
         close(giServer_Socket);
+       unlink("/var/run/dispsrv.pid");
  }
  
  /**
@@ -195,12 +290,15 @@ void Server_HandleClient(int Socket, int bTrusted)
         char    *buf = inbuf;
          int    remspace = INPUT_BUFFER_SIZE-1;
          int    bytes = -1;
-       tClient clientInfo = {0};
+       tClient clientInfo;
+       
+       memset(&clientInfo, 0, sizeof(clientInfo));
         
         // Initialise Client info
         clientInfo.Socket = Socket;
         clientInfo.ID = giServer_NextClientID ++;
         clientInfo.bIsTrusted = bTrusted;
+       clientInfo.EffectiveUID = -1;
         
         // Read from client
         /*
@@ -210,6 +308,7 @@ void Server_HandleClient(int Socket, int bTrusted)
          *   it is saved to the beginning of `inbuf` and `buf` is updated to
          *   the end of it.
          */
+       // TODO: Use select() instead (to give a timeout)
         while( (bytes = recv(Socket, buf, remspace, 0)) > 0 )
         {
                 char    *eol, *start;
@@ -263,47 +362,25 @@ void Server_HandleClient(int Socket, int bTrusted)
   */
  void Server_ParseClientCommand(tClient *Client, char *CommandString)
  {
-       char    *space, *args;
+       char    *command, *args;
          int    i;
-       #if 0
-       char    **argList;
-        int    numArgs = 0;
-       #endif
         
-       // Split at first space
-       space = strchr(CommandString, ' ');
-       if(space == NULL) {
-               args = NULL;
-       }
-       else {
-               *space = '\0';
-               args = space + 1;
-               while( *space == ' ' )  space ++;
-               
-               #if 0
-               // Count arguments
-               numArgs = 1;
-               for( i = 0; args[i]; )
-               {
-                       while( CommandString[i] != ' ' ) {
-                               if( CommandString[i] == '"' ) {
-                                       while( !(CommandString[i] != '\\' CommandString[i+1] == '"' ) )
-                                               i ++;
-                                       i ++;
-                               }
-                               i ++;
-                       }
-                       numArgs ++;
-                       while( CommandString[i] == ' ' )        i ++;
-               }
-               #endif
+       if( giDebugLevel >= 2 )
+               Debug(Client, "Server_ParseClientCommand: (CommandString = '%s')", CommandString);
+       
+       if( Server_int_ParseArgs(1, CommandString, &command, &args, NULL) )
+       {
+               if( command == NULL )   return ;
+               // Is this an error? (just ignore for now)
         }
         
         
         // Find command
         for( i = 0; i < NUM_COMMANDS; i++ )
         {
-               if(strcmp(CommandString, gaServer_Commands[i].Name) == 0) {
+               if(strcmp(command, gaServer_Commands[i].Name) == 0) {
+                       if( giDebugLevel >= 2 )
+                               Debug(Client, "CMD %s - \"%s\"", command, args);
                         gaServer_Commands[i].Function(Client, args);
                         return ;
                 }
@@ -322,17 +399,22 @@ void Server_ParseClientCommand(tClient *Client, char *CommandString)
   */
  void Server_Cmd_USER(tClient *Client, char *Args)
  {
-       char    *space = strchr(Args, ' ');
-       if(space)       *space = '\0';  // Remove characters after the ' '
+       char    *username;
+       
+       if( Server_int_ParseArgs(0, Args, &username, NULL) )
+       {
+               sendf(Client->Socket, "407 USER takes 1 argument\n");
+               return ;
+       }
         
         // Debug!
         if( giDebugLevel )
-               printf("Client %i authenticating as '%s'\n", Client->ID, Args);
+               Debug(Client, "Authenticating as '%s'", username);
         
         // Save username
         if(Client->Username)
                 free(Client->Username);
-       Client->Username = strdup(Args);
+       Client->Username = strdup(username);
         
         #if USE_SALT
         // Create a salt (that changes if the username is changed)
@@ -360,19 +442,37 @@ void Server_Cmd_USER(tClient *Client, char *Args)
   */
  void Server_Cmd_PASS(tClient *Client, char *Args)
  {
-       char    *space = strchr(Args, ' ');
-       if(space)       *space = '\0';  // Remove characters after the ' '
+       char    *passhash;
+        int    flags;
+
+       if( Server_int_ParseArgs(0, Args, &passhash, NULL) )
+       {
+               sendf(Client->Socket, "407 PASS takes 1 argument\n");
+               return ;
+       }
         
         // Pass on to cokebank
-       Client->UID = GetUserAuth(Client->Salt, Client->Username, Args);
+       Client->UID = Bank_GetUserAuth(Client->Salt, Client->Username, passhash);
  
-       if( Client->UID != -1 ) {
-               Client->bIsAuthed = 1;
-               sendf(Client->Socket, "200 Auth OK\n");
+       if( Client->UID == -1 ) {
+               sendf(Client->Socket, "401 Auth Failure\n");
+               return ;
+       }
+
+       flags = Bank_GetFlags(Client->UID);
+       if( flags & USER_FLAG_DISABLED ) {
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Account Disabled\n");
+               return ;
+       }
+       if( flags & USER_FLAG_INTERNAL ) {
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Internal account\n");
                 return ;
         }
         
-       sendf(Client->Socket, "401 Auth Failure\n");
+       Client->bIsAuthed = 1;
+       sendf(Client->Socket, "200 Auth OK\n");
  }
  
  /**
@@ -382,78 +482,273 @@ void Server_Cmd_PASS(tClient *Client, char *Args)
   */
  void Server_Cmd_AUTOAUTH(tClient *Client, char *Args)
  {
-       char    *space = strchr(Args, ' ');
-       if(space)       *space = '\0';  // Remove characters after the ' '
+       char    *username;
+        int    userflags;
+       
+       if( Server_int_ParseArgs(0, Args, &username, NULL) )
+       {
+               sendf(Client->Socket, "407 AUTOAUTH takes 1 argument\n");
+               return ;
+       }
         
         // Check if trusted
         if( !Client->bIsTrusted ) {
                 if(giDebugLevel)
-                       printf("Client %i: Untrusted client attempting to AUTOAUTH\n", Client->ID);
+                       Debug(Client, "Untrusted client attempting to AUTOAUTH");
                 sendf(Client->Socket, "401 Untrusted\n");
                 return ;
         }
         
         // Get UID
-       Client->UID = GetUserID( Args );        
+       Client->UID = Bank_GetAcctByName( username, 0 );        
         if( Client->UID < 0 ) {
                 if(giDebugLevel)
-                       printf("Client %i: Unknown user '%s'\n", Client->ID, Args);
-               sendf(Client->Socket, "401 Auth Failure\n");
+                       Debug(Client, "Unknown user '%s'", username);
+               sendf(Client->Socket, "403 Auth Failure\n");
                 return ;
         }
         
+       userflags = Bank_GetFlags(Client->UID);
+       // You can't be an internal account
+       if( userflags & USER_FLAG_INTERNAL ) {
+               if(giDebugLevel)
+                       Debug(Client, "Autoauth as '%s', not allowed", username);
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Account is internal\n");
+               return ;
+       }
+
+       // Disabled accounts
+       if( userflags & USER_FLAG_DISABLED ) {
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Account disabled\n");
+               return ;
+       }
+
+       // Save username
+       if(Client->Username)
+               free(Client->Username);
+       Client->Username = strdup(username);
+
+       Client->bIsAuthed = 1;
+       
         if(giDebugLevel)
-               printf("Client %i: Authenticated as '%s' (%i)\n", Client->ID, Args, Client->UID);
+               Debug(Client, "Auto authenticated as '%s' (%i)", username, Client->UID);
         
         sendf(Client->Socket, "200 Auth OK\n");
  }
  
+/**
+ * \brief Authenticate as a user using the IDENT protocol
+ *
+ * Usage: AUTHIDENT
+ */
+void Server_Cmd_AUTHIDENT(tClient *Client, char *Args)
+{
+       char    *username;
+        int    userflags;
+       const int ident_timeout = 5;
+       socklen_t len;
+       struct sockaddr_in client_addr;
+       uint32_t  client_ip;
+
+       if( Args != NULL && strlen(Args) ) {
+               sendf(Client->Socket, "407 AUTHIDENT takes no arguments\n");
+               return ;
+       }
+
+       // Check if trusted (only works with INET sockets at present)
+       len = sizeof(client_addr);
+       if( getpeername(Client->Socket, (struct sockaddr*)&client_addr, &len) == -1 ) {
+               Debug(Client, "500 getpeername() failed\n");
+               perror("Getting AUTHIDENT peer name");
+               sendf(Client->Socket, "500 getpeername() failed\n");
+               return ;
+       }
+
+       client_ip = client_addr.sin_addr.s_addr;
+       if(giDebugLevel >= 2) {
+               Debug(Client, "client_ip = %x, ntohl(client_ip) = %x", client_ip, ntohl(client_ip));
+       }
+       if( ntohl(client_ip) != 0x7F000001 && (ntohl(client_ip) & IDENT_TRUSTED_NETMASK) != IDENT_TRUSTED_NETWORK ) {
+                       if(giDebugLevel)
+                               Debug(Client, "Untrusted client attempting to AUTHIDENT");
+                       sendf(Client->Socket, "401 Untrusted\n");
+                       return ;
+       }
+
+       // Get username via IDENT
+       username = ident_id(Client->Socket, ident_timeout);
+       if( !username ) {
+               sendf(Client->Socket, "403 Authentication failure: IDENT auth timed out\n");
+               return ;
+       }
+
+       // Get UID
+       Client->UID = Bank_GetAcctByName( username, 0 );
+       if( Client->UID < 0 ) {
+               if(giDebugLevel)
+                       Debug(Client, "Unknown user '%s'", username);
+               sendf(Client->Socket, "403 Authentication failure: unknown account\n");
+               free(username);
+               return ;
+       }
+
+       userflags = Bank_GetFlags(Client->UID);
+       // You can't be an internal account
+       if( userflags & USER_FLAG_INTERNAL ) {
+               if(giDebugLevel)
+                       Debug(Client, "IDENT auth as '%s', not allowed", username);
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Authentication failure: that account is internal\n");
+               free(username);
+               return ;
+       }
+
+       // Disabled accounts
+       if( userflags & USER_FLAG_DISABLED ) {
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Authentication failure: account disabled\n");
+               free(username);
+               return ;
+       }
+
+       // Save username
+       if(Client->Username)
+               free(Client->Username);
+       Client->Username = strdup(username);
+
+       Client->bIsAuthed = 1;
+
+       if(giDebugLevel)
+               Debug(Client, "IDENT authenticated as '%s' (%i)", username, Client->UID);
+       free(username);
+
+       sendf(Client->Socket, "200 Auth OK\n");
+}
+
  /**
   * \brief Set effective user
   */
  void Server_Cmd_SETEUSER(tClient *Client, char *Args)
  {
-       char    *space;
+       char    *username;
+        int    eUserFlags, userFlags;
         
-       space = strchr(Args, ' ');
-       
-       if(space)       *space = '\0';
+       if( Server_int_ParseArgs(0, Args, &username, NULL) )
+       {
+               sendf(Client->Socket, "407 SETEUSER takes 1 argument\n");
+               return ;
+       }
         
         if( !strlen(Args) ) {
                 sendf(Client->Socket, "407 SETEUSER expects an argument\n");
                 return ;
         }
+       
+       // Check authentication
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
+               return ;
+       }
  
         // Check user permissions
-       if( (GetFlags(Client->UID) & USER_FLAG_TYPEMASK) < USER_TYPE_COKE ) {
+       userFlags = Bank_GetFlags(Client->UID);
+       if( !(userFlags & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
                 sendf(Client->Socket, "403 Not in coke\n");
                 return ;
         }
         
         // Set id
-       Client->EffectiveUID = GetUserID(Args);
+       Client->EffectiveUID = Bank_GetAcctByName(username, 0);
         if( Client->EffectiveUID == -1 ) {
                 sendf(Client->Socket, "404 User not found\n");
                 return ;
         }
         
+       // You can't be an internal account
+       if( !(userFlags & USER_FLAG_ADMIN) )
+       {
+               eUserFlags = Bank_GetFlags(Client->EffectiveUID);
+               if( eUserFlags & USER_FLAG_INTERNAL ) {
+                       Client->EffectiveUID = -1;
+                       sendf(Client->Socket, "404 User not found\n");
+                       return ;
+               }
+               // Disabled only avaliable to admins
+               if( eUserFlags & USER_FLAG_DISABLED ) {
+                       Client->EffectiveUID = -1;
+                       sendf(Client->Socket, "403 Account disabled\n");
+                       return ;
+               }
+       }
+
+       // Disabled accounts
+       if( userFlags & USER_FLAG_DISABLED ) {
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Account disabled\n");
+               return ;
+       }
+       
         sendf(Client->Socket, "200 User set\n");
  }
  
+/**
+ * \brief Send an item status to the client
+ * \param Client       Who to?
+ * \param Item Item to send
+ */
+void Server_int_SendItem(tClient *Client, tItem *Item)
+{
+       char    *status = "avail";
+       
+       if( Item->Handler->CanDispense )
+       {
+               switch(Item->Handler->CanDispense(Client->UID, Item->ID))
+               {
+               case  0:        status = "avail";       break;
+               case  1:        status = "sold";        break;
+               default:
+               case -1:        status = "error";       break;
+               }
+       }
+       
+       if( Item->Price == 0 )
+               status = "error";
+       // KNOWN HACK: Naming a slot 'dead' disables it
+       if( strcmp(Item->Name, "dead") == 0 )
+               status = "sold";        // Another status?
+       
+       sendf(Client->Socket,
+               "202 Item %s:%i %s %i %s\n",
+               Item->Handler->Name, Item->ID, status, Item->Price, Item->Name
+               );
+}
+
  /**
   * \brief Enumerate the items that the server knows about
   */
  void Server_Cmd_ENUMITEMS(tClient *Client, char *Args)
  {
-        int    i;
+        int    i, count;
  
-       sendf(Client->Socket, "201 Items %i\n", giNumItems);
+       if( Args != NULL && strlen(Args) ) {
+               sendf(Client->Socket, "407 ENUM_ITEMS takes no arguments\n");
+               return ;
+       }
+       
+       // Count shown items
+       count = 0;
+       for( i = 0; i < giNumItems; i ++ ) {
+               if( gaItems[i].bHidden )        continue;
+               count ++;
+       }
+
+       sendf(Client->Socket, "201 Items %i\n", count);
  
         for( i = 0; i < giNumItems; i ++ ) {
-               sendf(Client->Socket,
-                       "202 Item %s:%i %i %s\n",
-                        gaItems[i].Handler->Name, gaItems[i].ID, gaItems[i].Price, gaItems[i].Name
-                        );
+               if( gaItems[i].bHidden )        continue;
+               Server_int_SendItem( Client, &gaItems[i] );
         }
  
         sendf(Client->Socket, "200 List end\n");
@@ -501,17 +796,21 @@ tItem *_GetItemFromString(char *String)
   */
  void Server_Cmd_ITEMINFO(tClient *Client, char *Args)
  {
-       tItem   *item = _GetItemFromString(Args);
+       tItem   *item;
+       char    *itemname;
+       
+       if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) {
+               sendf(Client->Socket, "407 ITEMINFO takes 1 argument\n");
+               return ;
+       }
+       item = _GetItemFromString(Args);
         
         if( !item ) {
                 sendf(Client->Socket, "406 Bad Item ID\n");
                 return ;
         }
         
-       sendf(Client->Socket,
-               "202 Item %s:%i %i %s\n",
-                item->Handler->Name, item->ID, item->Price, item->Name
-                );
+       Server_int_SendItem( Client, item );
  }
  
  void Server_Cmd_DISPENSE(tClient *Client, char *Args)
@@ -519,13 +818,19 @@ void Server_Cmd_DISPENSE(tClient *Client, char *Args)
         tItem   *item;
          int    ret;
          int    uid;
+       char    *itemname;
+       
+       if( Server_int_ParseArgs(0, Args, &itemname, NULL) ) {
+               sendf(Client->Socket, "407 DISPENSE takes only 1 argument\n");
+               return ;
+       }
          
         if( !Client->bIsAuthed ) {
                 sendf(Client->Socket, "401 Not Authenticated\n");
                 return ;
         }
  
-       item = _GetItemFromString(Args);
+       item = _GetItemFromString(itemname);
         if( !item ) {
                 sendf(Client->Socket, "406 Bad Item ID\n");
                 return ;
@@ -544,9 +849,57 @@ void Server_Cmd_DISPENSE(tClient *Client, char *Args)
         case 1: sendf(Client->Socket, "501 Unable to dispense\n");      return ;
         case 2: sendf(Client->Socket, "402 Poor You\n");        return ;
         default:
-               sendf(Client->Socket, "500 Dispense Error\n");
+               sendf(Client->Socket, "500 Dispense Error (%i)\n", ret);
+               return ;
+       }
+}
+
+void Server_Cmd_REFUND(tClient *Client, char *Args)
+{
+       tItem   *item;
+        int    uid, price_override = 0;
+       char    *username, *itemname, *price_str;
+
+       if( Server_int_ParseArgs(0, Args, &username, &itemname, &price_str, NULL) ) {
+               if( !itemname || price_str ) {
+                       sendf(Client->Socket, "407 REFUND takes 2 or 3 arguments\n");
+                       return ;
+               }
+       }
+
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
+               return ;
+       }
+
+       // Check user permissions
+       if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN))  ) {
+               sendf(Client->Socket, "403 Not in coke\n");
+               return ;
+       }
+
+       uid = Bank_GetAcctByName(username, 0);
+       if( uid == -1 ) {
+               sendf(Client->Socket, "404 Unknown user\n");
+               return ;
+       }
+       
+       item = _GetItemFromString(itemname);
+       if( !item ) {
+               sendf(Client->Socket, "406 Bad Item ID\n");
                 return ;
         }
+
+       if( price_str )
+               price_override = atoi(price_str);
+
+       switch( DispenseRefund( Client->UID, uid, item, price_override ) )
+       {
+       case 0: sendf(Client->Socket, "200 Item Refunded\n");   return ;
+       default:
+               sendf(Client->Socket, "500 Dispense Error\n");
+               return;
+       }
  }
  
  void Server_Cmd_GIVE(tClient *Client, char *Args)
@@ -555,33 +908,74 @@ void Server_Cmd_GIVE(tClient *Client, char *Args)
          int    uid, iAmmount;
          int    thisUid;
         
+       // Parse arguments
+       if( Server_int_ParseArgs(1, Args, &recipient, &ammount, &reason, NULL) ) {
+               sendf(Client->Socket, "407 GIVE takes only 3 arguments\n");
+               return ;
+       }
+       
+       // Check for authed
         if( !Client->bIsAuthed ) {
                 sendf(Client->Socket, "401 Not Authenticated\n");
                 return ;
         }
  
-       recipient = Args;
+       // Get recipient
+       uid = Bank_GetAcctByName(recipient, 0);
+       if( uid == -1 ) {
+               sendf(Client->Socket, "404 Invalid target user\n");
+               return ;
+       }
+       
+       // You can't alter an internal account
+//     if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
+//             sendf(Client->Socket, "404 Invalid target user\n");
+//             return ;
+//     }
  
-       ammount = strchr(Args, ' ');
-       if( !ammount ) {
-               sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 1 encountered\n");
+       // Parse ammount
+       iAmmount = atoi(ammount);
+       if( iAmmount <= 0 ) {
+               sendf(Client->Socket, "407 Invalid Argument, ammount must be > zero\n");
                 return ;
         }
-       *ammount = '\0';
-       ammount ++;
+       
+       if( Client->EffectiveUID != -1 ) {
+               thisUid = Client->EffectiveUID;
+       }
+       else {
+               thisUid = Client->UID;
+       }
  
-       reason = strchr(ammount, ' ');
-       if( !reason ) {
-               sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 2 encountered\n");
+       // Do give
+       switch( DispenseGive(Client->UID, thisUid, uid, iAmmount, reason) )
+       {
+       case 0:
+               sendf(Client->Socket, "200 Give OK\n");
+               return ;
+       case 2:
+               sendf(Client->Socket, "402 Poor You\n");
+               return ;
+       default:
+               sendf(Client->Socket, "500 Unknown error\n");
                 return ;
         }
-       *reason = '\0';
-       reason ++;
+}
  
-       // Get recipient
-       uid = GetUserID(recipient);
-       if( uid == -1 ) {
-               sendf(Client->Socket, "404 Invalid target user\n");
+void Server_Cmd_DONATE(tClient *Client, char *Args)
+{
+       char    *ammount, *reason;
+        int    iAmmount;
+        int    thisUid;
+       
+       // Parse arguments
+       if( Server_int_ParseArgs(1, Args, &ammount, &reason, NULL) ) {
+               sendf(Client->Socket, "407 DONATE takes 2 arguments\n");
+               return ;
+       }
+       
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
                 return ;
         }
  
@@ -592,6 +986,7 @@ void Server_Cmd_GIVE(tClient *Client, char *Args)
                 return ;
         }
         
+       // Handle effective users
         if( Client->EffectiveUID != -1 ) {
                 thisUid = Client->EffectiveUID;
         }
@@ -600,7 +995,7 @@ void Server_Cmd_GIVE(tClient *Client, char *Args)
         }
  
         // Do give
-       switch( DispenseGive(Client->UID, thisUid, uid, iAmmount, reason) )
+       switch( DispenseDonate(Client->UID, thisUid, iAmmount, reason) )
         {
         case 0:
                 sendf(Client->Socket, "200 Give OK\n");
@@ -619,43 +1014,104 @@ void Server_Cmd_ADD(tClient *Client, char *Args)
         char    *user, *ammount, *reason;
          int    uid, iAmmount;
         
+       // Parse arguments
+       if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) {
+               sendf(Client->Socket, "407 ADD takes 3 arguments\n");
+               return ;
+       }
+       
         if( !Client->bIsAuthed ) {
                 sendf(Client->Socket, "401 Not Authenticated\n");
                 return ;
         }
  
-       user = Args;
+       // Check user permissions
+       if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN))  ) {
+               sendf(Client->Socket, "403 Not in coke\n");
+               return ;
+       }
  
-       ammount = strchr(Args, ' ');
-       if( !ammount ) {
-               sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 1 encountered\n");
+       #if !ROOT_CAN_ADD
+       if( strcmp( Client->Username, "root" ) == 0 ) {
+               // Allow adding for new users
+               if( strcmp(reason, "treasurer: new user") != 0 ) {
+                       sendf(Client->Socket, "403 Root may not add\n");
+                       return ;
+               }
+       }
+       #endif
+
+       #if HACK_NO_REFUNDS
+       if( strstr(reason, "refund") != NULL || strstr(reason, "misdispense") != NULL )
+       {
+               sendf(Client->Socket, "499 Don't use `dispense acct` for refunds, use `dispense refund` (and `dispense -G` to get item IDs)\n");
                 return ;
         }
-       *ammount = '\0';
-       ammount ++;
+       #endif
  
-       reason = strchr(ammount, ' ');
-       if( !reason ) {
-               sendf(Client->Socket, "407 Invalid Argument, expected 3 parameters, 2 encountered\n");
+       // Get recipient
+       uid = Bank_GetAcctByName(user, 0);
+       if( uid == -1 ) {
+               sendf(Client->Socket, "404 Invalid user\n");
                 return ;
         }
-       *reason = '\0';
-       reason ++;
+       
+       // You can't alter an internal account
+       if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) )
+       {
+               if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
+                       sendf(Client->Socket, "404 Invalid user\n");
+                       return ;
+               }
+               // TODO: Maybe disallow changes to disabled?
+       }
  
-       // Check user permissions
-       if( (GetFlags(Client->UID) & USER_FLAG_TYPEMASK) < USER_TYPE_COKE ) {
-               sendf(Client->Socket, "403 Not in coke\n");
+       // Parse ammount
+       iAmmount = atoi(ammount);
+       if( iAmmount == 0 && ammount[0] != '0' ) {
+               sendf(Client->Socket, "407 Invalid Argument\n");
                 return ;
         }
  
-       // Get recipient
-       uid = GetUserID(user);
+       // Do give
+       switch( DispenseAdd(Client->UID, uid, iAmmount, reason) )
+       {
+       case 0:
+               sendf(Client->Socket, "200 Add OK\n");
+               return ;
+       case 2:
+               sendf(Client->Socket, "402 Poor Guy\n");
+               return ;
+       default:
+               sendf(Client->Socket, "500 Unknown error\n");
+               return ;
+       }
+}
+
+void Server_Cmd_SET(tClient *Client, char *Args)
+{
+       char    *user, *ammount, *reason;
+        int    uid, iAmmount;
+       
+       // Parse arguments
+       if( Server_int_ParseArgs(1, Args, &user, &ammount, &reason, NULL) ) {
+               sendf(Client->Socket, "407 SET takes 3 arguments\n");
+               return ;
+       }
+       
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
+               return ;
+       }
  
         // Check user permissions
-       if( (GetFlags(Client->UID) & USER_FLAG_TYPEMASK) < USER_TYPE_COKE ) {
-               sendf(Client->Socket, "403 Not in coke\n");
+       if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN)  ) {
+               sendf(Client->Socket, "403 Not an admin\n");
                 return ;
         }
+
+       // Get recipient
+       uid = Bank_GetAcctByName(user, 0);
         if( uid == -1 ) {
                 sendf(Client->Socket, "404 Invalid user\n");
                 return ;
@@ -669,7 +1125,7 @@ void Server_Cmd_ADD(tClient *Client, char *Args)
         }
  
         // Do give
-       switch( DispenseAdd(uid, Client->UID, iAmmount, reason) )
+       switch( DispenseSet(Client->UID, uid, iAmmount, reason) )
         {
         case 0:
                 sendf(Client->Socket, "200 Add OK\n");
@@ -686,32 +1142,139 @@ void Server_Cmd_ADD(tClient *Client, char *Args)
  void Server_Cmd_ENUMUSERS(tClient *Client, char *Args)
  {
          int    i, numRet = 0;
+       tAcctIterator   *it;
          int    maxBal = INT_MAX, minBal = INT_MIN;
-        int    numUsr = GetMaxID();
+        int    flagMask = 0, flagVal = 0;
+        int    sort = BANK_ITFLAG_SORT_NAME;
+       time_t  lastSeenAfter=0, lastSeenBefore=0;
+       
+        int    flags;  // Iterator flags
+        int    balValue;       // Balance value for iterator
+       time_t  timeValue;      // Time value for iterator
         
         // Parse arguments
         if( Args && strlen(Args) )
         {
-               char    *min = Args, *max;
-               
-               max = strchr(Args, ' ');
-               if( max ) {
-                       *max = '\0';
-                       max ++;
-               }
-               
-               // If <minBal> != "-"
-               if( strcmp(min, "-") != 0 )
-                       minBal = atoi(min);
-               // If <maxBal> != "-"
-               if( max && strcmp(max, "-") != 0 )
-                       maxBal = atoi(max);
+               char    *space = Args, *type, *val;
+               do
+               {
+                       type = space;
+                       while(*type == ' ')     type ++;
+                       // Get next space
+                       space = strchr(space, ' ');
+                       if(space)       *space = '\0';
+                       
+                       // Get type
+                       val = strchr(type, ':');
+                       if( val ) {
+                               *val = '\0';
+                               val ++;
+                               
+                               // Types
+                               // - Minium Balance
+                               if( strcmp(type, "min_balance") == 0 ) {
+                                       minBal = atoi(val);
+                               }
+                               // - Maximum Balance
+                               else if( strcmp(type, "max_balance") == 0 ) {
+                                       maxBal = atoi(val);
+                               }
+                               // - Flags
+                               else if( strcmp(type, "flags") == 0 ) {
+                                       if( Server_int_ParseFlags(Client, val, &flagMask, &flagVal) )
+                                               return ;
+                               }
+                               // - Last seen before timestamp
+                               else if( strcmp(type, "last_seen_before") == 0 ) {
+                                       lastSeenAfter = atoll(val);
+                               }
+                               // - Last seen after timestamp
+                               else if( strcmp(type, "last_seen_after") == 0 ) {
+                                       lastSeenAfter = atoll(val);
+                               }
+                               // - Sorting 
+                               else if( strcmp(type, "sort") == 0 ) {
+                                       char    *dash = strchr(val, '-');
+                                       if( dash ) {
+                                               *dash = '\0';
+                                               dash ++;
+                                       }
+                                       if( strcmp(val, "name") == 0 ) {
+                                               sort = BANK_ITFLAG_SORT_NAME;
+                                       }
+                                       else if( strcmp(val, "balance") == 0 ) {
+                                               sort = BANK_ITFLAG_SORT_BAL;
+                                       }
+                                       else if( strcmp(val, "lastseen") == 0 ) {
+                                               sort = BANK_ITFLAG_SORT_LASTSEEN;
+                                       }
+                                       else {
+                                               sendf(Client->Socket, "407 Unknown sort field ('%s')\n", val);
+                                               return ;
+                                       }
+                                       // Handle sort direction
+                                       if( dash ) {
+                                               if( strcmp(dash, "desc") == 0 ) {
+                                                       sort |= BANK_ITFLAG_REVSORT;
+                                               }
+                                               else {
+                                                       sendf(Client->Socket, "407 Unknown sort direction '%s'\n", dash);
+                                                       return ;
+                                               }
+                                               dash[-1] = '-';
+                                       }
+                               }
+                               else {
+                                       sendf(Client->Socket, "407 Unknown argument to ENUM_USERS '%s:%s'\n", type, val);
+                                       return ;
+                               }
+                               
+                               val[-1] = ':';
+                       }
+                       else {
+                               sendf(Client->Socket, "407 Unknown argument to ENUM_USERS '%s'\n", type);
+                               return ;
+                       }
+                       
+                       // Eat whitespace
+                       if( space ) {
+                               *space = ' ';   // Repair (to be nice)
+                               space ++;
+                               while(*space == ' ')    space ++;
+                       }
+               }       while(space);
         }
         
+       // Create iterator
+       if( maxBal != INT_MAX ) {
+               flags = sort|BANK_ITFLAG_MAXBALANCE;
+               balValue = maxBal;
+       }
+       else if( minBal != INT_MIN ) {
+               flags = sort|BANK_ITFLAG_MINBALANCE;
+               balValue = minBal;
+       }
+       else {
+               flags = sort;
+               balValue = 0;
+       }
+       if( lastSeenBefore ) {
+               timeValue = lastSeenBefore;
+               flags |= BANK_ITFLAG_SEENBEFORE;
+       }
+       else if( lastSeenAfter ) {
+               timeValue = lastSeenAfter;
+               flags |= BANK_ITFLAG_SEENAFTER;
+       }
+       else {
+               timeValue = 0;
+       }
+       it = Bank_Iterator(flagMask, flagVal, flags, balValue, timeValue);
+       
         // Get return number
-       for( i = 0; i < numUsr; i ++ )
+       while( (i = Bank_IteratorNext(it)) != -1 )
         {
-               int bal = GetBalance(i);
+               int bal = Bank_GetBalance(i);
                 
                 if( bal == INT_MIN )    continue;
                 
@@ -721,12 +1284,18 @@ void Server_Cmd_ENUMUSERS(tClient *Client, char *Args)
                 numRet ++;
         }
         
+       Bank_DelIterator(it);
+       
         // Send count
         sendf(Client->Socket, "201 Users %i\n", numRet);
         
-       for( i = 0; i < numUsr; i ++ )
+       
+       // Create iterator
+       it = Bank_Iterator(flagMask, flagVal, flags, balValue, timeValue);
+       
+       while( (i = Bank_IteratorNext(it)) != -1 )
         {
-               int bal = GetBalance(i);
+               int bal = Bank_GetBalance(i);
                 
                 if( bal == INT_MIN )    continue;
                 
@@ -736,22 +1305,30 @@ void Server_Cmd_ENUMUSERS(tClient *Client, char *Args)
                 _SendUserInfo(Client, i);
         }
         
+       Bank_DelIterator(it);
+       
         sendf(Client->Socket, "200 List End\n");
  }
  
  void Server_Cmd_USERINFO(tClient *Client, char *Args)
  {
          int    uid;
-       char    *user = Args;
-       char    *space;
+       char    *user;
         
-       space = strchr(user, ' ');
-       if(space)       *space = '\0';
+       // Parse arguments
+       if( Server_int_ParseArgs(0, Args, &user, NULL) ) {
+               sendf(Client->Socket, "407 USER_INFO takes 1 argument\n");
+               return ;
+       }
+       
+       if( giDebugLevel )      Debug(Client, "User Info '%s'", user);
         
         // Get recipient
-       uid = GetUserID(user);
+       uid = Bank_GetAcctByName(user, 0);
+       
+       if( giDebugLevel >= 2 ) Debug(Client, "uid = %i", uid);
         if( uid == -1 ) {
-               sendf(Client->Socket, "404 Invalid user");
+               sendf(Client->Socket, "404 Invalid user\n");
                 return ;
         }
         
@@ -760,152 +1337,185 @@ void Server_Cmd_USERINFO(tClient *Client, char *Args)
  
  void _SendUserInfo(tClient *Client, int UserID)
  {
-       char    *type, *disabled="";
-        int    flags = GetFlags(UserID);
+       char    *type, *disabled="", *door="";
+        int    flags = Bank_GetFlags(UserID);
         
-       switch( flags & USER_FLAG_TYPEMASK )
-       {
-       default:
-       case USER_TYPE_NORMAL:  type = "user";  break;
-       case USER_TYPE_COKE:    type = "coke";  break;
-       case USER_TYPE_WHEEL:   type = "wheel"; break;
-       case USER_TYPE_GOD:     type = "meta";  break;
+       if( flags & USER_FLAG_INTERNAL ) {
+               type = "internal";
+       }
+       else if( flags & USER_FLAG_COKE ) {
+               if( flags & USER_FLAG_ADMIN )
+                       type = "coke,admin";
+               else
+                       type = "coke";
+       }
+       else if( flags & USER_FLAG_ADMIN ) {
+               type = "admin";
+       }
+       else {
+               type = "user";
         }
         
         if( flags & USER_FLAG_DISABLED )
                 disabled = ",disabled";
         if( flags & USER_FLAG_DOORGROUP )
-               disabled = ",door";
+               door = ",door";
         
         // TODO: User flags/type
         sendf(
-               Client->Socket, "202 User %s %i %s%s\n",
-               GetUserName(UserID), GetBalance(UserID),
-               type, disabled
+               Client->Socket, "202 User %s %i %s%s%s\n",
+               Bank_GetAcctName(UserID), Bank_GetBalance(UserID),
+               type, disabled, door
                 );
  }
  
  void Server_Cmd_USERADD(tClient *Client, char *Args)
  {
-       char    *username, *space;
+       char    *username;
         
-       // Check permissions
-       if( (GetFlags(Client->UID) & USER_FLAG_TYPEMASK) < USER_TYPE_WHEEL ) {
-               sendf(Client->Socket, "403 Not Wheel\n");
+       // Parse arguments
+       if( Server_int_ParseArgs(0, Args, &username, NULL) ) {
+               sendf(Client->Socket, "407 USER_ADD takes 1 argument\n");
                 return ;
         }
         
-       // Read arguments
-       username = Args;
-       while( *username == ' ' )       username ++;
-       space = strchr(username, ' ');
-       if(space)       *space = '\0';
+       // Check authentication
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
+               return ;
+       }
+       
+       // Check permissions
+       if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
+               sendf(Client->Socket, "403 Not a coke admin\n");
+               return ;
+       }
         
         // Try to create user
-       if( CreateUser(username) == -1 ) {
+       if( Bank_CreateAcct(username) == -1 ) {
                 sendf(Client->Socket, "404 User exists\n");
                 return ;
         }
         
+       {
+               char    *thisName = Bank_GetAcctName(Client->UID);
+               Log_Info("Account '%s' created by '%s'", username, thisName);
+               free(thisName);
+       }
+       
         sendf(Client->Socket, "200 User Added\n");
  }
  
  void Server_Cmd_USERFLAGS(tClient *Client, char *Args)
  {
-       char    *username, *flags;
-       char    *space;
+       char    *username, *flags, *reason=NULL;
          int    mask=0, value=0;
          int    uid;
         
-       // Check permissions
-       if( (GetFlags(Client->UID) & USER_FLAG_TYPEMASK) < USER_TYPE_WHEEL ) {
-               sendf(Client->Socket, "403 Not Wheel\n");
+       // Parse arguments
+       if( Server_int_ParseArgs(1, Args, &username, &flags, &reason, NULL) ) {
+               if( !flags ) {
+                       sendf(Client->Socket, "407 USER_FLAGS takes at least 2 arguments\n");
+                       return ;
+               }
+               reason = "";
+       }
+       
+       // Check authentication
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
                 return ;
         }
         
-       // Read arguments
-       // - Username
-       username = Args;
-       while( *username == ' ' )       username ++;
-       space = strchr(username, ' ');
-       if(!space) {
-               sendf(Client->Socket, "407 USER_FLAGS requires 2 arguments, 1 given\n");
+       // Check permissions
+       if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
+               sendf(Client->Socket, "403 Not a coke admin\n");
                 return ;
         }
-       *space = '\0';
-       // - Flags
-       flags = space + 1;
-       while( *flags == ' ' )  flags ++;
-       space = strchr(flags, ' ');
-       if(space)       *space = '\0';
         
         // Get UID
-       uid = GetUserID(username);
+       uid = Bank_GetAcctByName(username, 0);
         if( uid == -1 ) {
                 sendf(Client->Socket, "404 User '%s' not found\n", username);
                 return ;
         }
         
         // Parse flags
-       do {
-                int    bRemove = 0;
-                int    i;
-               struct {
-                       const char      *Name;
-                        int    Mask;
-                        int    Value;
-               }       cFLAGS[] = {
-                       {"disabled", USER_FLAG_DISABLED, USER_FLAG_DISABLED},
-                       {"door", USER_FLAG_DOORGROUP, USER_FLAG_DOORGROUP},
-                       {"user", USER_FLAG_TYPEMASK, USER_TYPE_NORMAL},
-                       {"coke", USER_FLAG_TYPEMASK, USER_TYPE_COKE},
-                       {"wheel", USER_FLAG_TYPEMASK, USER_TYPE_WHEEL},
-                       {"meta", USER_FLAG_TYPEMASK, USER_TYPE_GOD}
-               };
-               const int       ciNumFlags = sizeof(cFLAGS)/sizeof(cFLAGS[0]);
-               
-               while( *flags == ' ' )  flags ++;       // Eat whitespace
-               space = strchr(flags, ',');     // Find the end of the flag
-               if(space)       *space = '\0';
-               
-               // Check for inversion/removal
-               if( *flags == '!' || *flags == '-' ) {
-                       bRemove = 1;
-                       flags ++;
-               }
-               else if( *flags == '+' ) {
-                       flags ++;
-               }
-               
-               // Check flag values
-               for( i = 0; i < ciNumFlags; i ++ )
-               {
-                       if( strcmp(flags, cFLAGS[i].Name) == 0 ) {
-                               mask |= cFLAGS[i].Mask;
-                               value &= ~cFLAGS[i].Mask;
-                               if( !bRemove )
-                                       value |= cFLAGS[i].Value;
-                               break;
-                       }
-               }
-               
-               // Error check
-               if( i == ciNumFlags ) {
-                       sendf(Client->Socket, "407 Unknown flag value '%s'\n", flags);
-                       return ;
-               }
-               
-               flags = space + 1;
-       } while(space);
+       if( Server_int_ParseFlags(Client, flags, &mask, &value) )
+               return ;
+       
+       if( giDebugLevel )
+               Debug(Client, "Set %i(%s) flags to %x (masked %x)\n",
+                       uid, username, mask, value);
         
         // Apply flags
-       SetFlags(uid, mask, value);
+       Bank_SetFlags(uid, mask, value);
+
+       // Log the change
+       Log_Info("Updated '%s' with flag set '%s' by '%s' - Reason: %s",
+               username, flags, Client->Username, reason);
         
         // Return OK
         sendf(Client->Socket, "200 User Updated\n");
  }
  
+void Server_Cmd_UPDATEITEM(tClient *Client, char *Args)
+{
+       char    *itemname, *price_str, *description;
+        int    price;
+       tItem   *item;
+       
+       if( Server_int_ParseArgs(1, Args, &itemname, &price_str, &description, NULL) ) {
+               sendf(Client->Socket, "407 UPDATE_ITEM takes 3 arguments\n");
+               return ;
+       }
+       
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
+               return ;
+       }
+
+       // Check user permissions
+       if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN))  ) {
+               sendf(Client->Socket, "403 Not in coke\n");
+               return ;
+       }
+       
+       item = _GetItemFromString(itemname);
+       if( !item ) {
+               // TODO: Create item?
+               sendf(Client->Socket, "406 Bad Item ID\n");
+               return ;
+       }
+       
+       price = atoi(price_str);
+       if( price <= 0 && price_str[0] != '0' ) {
+               sendf(Client->Socket, "407 Invalid price set\n");
+       }
+       
+       switch( DispenseUpdateItem( Client->UID, item, description, price ) )
+       {
+       case 0:
+               // Return OK
+               sendf(Client->Socket, "200 Item updated\n");
+               break;
+       default:
+               break;
+       }
+}
+
  // --- INTERNAL HELPERS ---
+void Debug(tClient *Client, const char *Format, ...)
+{
+       va_list args;
+       //printf("%010i [%i] ", (int)time(NULL), Client->ID);
+       printf("[%i] ", Client->ID);
+       va_start(args, Format);
+       vprintf(Format, args);
+       va_end(args);
+       printf("\n");
+}
+
  int sendf(int Socket, const char *Format, ...)
  {
         va_list args;
@@ -929,45 +1539,144 @@ int sendf(int Socket, const char *Format, ...)
         }
  }
  
+// Takes a series of char *'s in
  /**
- * \brief Decode a Base64 value
+ * \brief Parse space-separated entries into 
   */
-int UnBase64(uint8_t *Dest, char *Src, int BufSize)
+int Server_int_ParseArgs(int bUseLongLast, char *ArgStr, ...)
  {
-       uint32_t        val;
-        int    i, j;
-       char    *start_src = Src;
+       va_list args;
+       char    savedChar;
+       char    **dest;
+       va_start(args, ArgStr);
+
+       // Check for null
+       if( !ArgStr )
+       {
+               while( (dest = va_arg(args, char **)) )
+                       *dest = NULL;
+               va_end(args);
+               return 1;
+       }
+
+       savedChar = *ArgStr;
         
-       for( i = 0; i+2 < BufSize; i += 3 )
+       while( (dest = va_arg(args, char **)) )
         {
-               val = 0;
-               for( j = 0; j < 4; j++, Src ++ ) {
-                       if('A' <= *Src && *Src <= 'Z')
-                               val |= (*Src - 'A') << ((3-j)*6);
-                       else if('a' <= *Src && *Src <= 'z')
-                               val |= (*Src - 'a' + 26) << ((3-j)*6);
-                       else if('0' <= *Src && *Src <= '9')
-                               val |= (*Src - '0' + 52) << ((3-j)*6);
-                       else if(*Src == '+')
-                               val |= 62 << ((3-j)*6);
-                       else if(*Src == '/')
-                               val |= 63 << ((3-j)*6);
-                       else if(!*Src)
-                               break;
-                       else if(*Src != '=')
-                               j --;   // Ignore invalid characters
+               // Trim leading spaces
+               while( *ArgStr == ' ' || *ArgStr == '\t' )
+                       ArgStr ++;
+               
+               // ... oops, not enough arguments
+               if( *ArgStr == '\0' )
+               {
+                       // NULL unset arguments
+                       do {
+                               *dest = NULL;
+                       }       while( (dest = va_arg(args, char **)) );
+               va_end(args);
+                       return -1;
                 }
-               Dest[i  ] = (val >> 16) & 0xFF;
-               Dest[i+1] = (val >> 8) & 0xFF;
-               Dest[i+2] = val & 0xFF;
-               if(j != 4)      break;
+               
+               if( *ArgStr == '"' )
+               {
+                       ArgStr ++;
+                       *dest = ArgStr;
+                       // Read until quote
+                       while( *ArgStr && *ArgStr != '"' )
+                               ArgStr ++;
+               }
+               else
+               {
+                       // Set destination
+                       *dest = ArgStr;
+                       // Read until a space
+                       while( *ArgStr && *ArgStr != ' ' && *ArgStr != '\t' )
+                               ArgStr ++;
+               }
+               savedChar = *ArgStr;    // savedChar is used to un-mangle the last string
+               *ArgStr = '\0';
+               ArgStr ++;
+       }
+       va_end(args);
+       
+       // Oops, extra arguments, and greedy not set
+       if( (savedChar == ' ' || savedChar == '\t') && !bUseLongLast ) {
+               return -1;
         }
         
-       // Finish things off
-       if(i   < BufSize)
-               Dest[i] = (val >> 16) & 0xFF;
-       if(i+1 < BufSize)
-               Dest[i+1] = (val >> 8) & 0xFF;
+       // Un-mangle last
+       if(bUseLongLast) {
+               ArgStr --;
+               *ArgStr = savedChar;
+       }
+       
+       return 0;       // Success!
+}
+
+int Server_int_ParseFlags(tClient *Client, const char *Str, int *Mask, int *Value)
+{
+       struct {
+               const char      *Name;
+                int    Mask;
+                int    Value;
+       }       cFLAGS[] = {
+                {"disabled", USER_FLAG_DISABLED, USER_FLAG_DISABLED}
+               ,{"door", USER_FLAG_DOORGROUP, USER_FLAG_DOORGROUP}
+               ,{"coke", USER_FLAG_COKE, USER_FLAG_COKE}
+               ,{"admin", USER_FLAG_ADMIN, USER_FLAG_ADMIN}
+               ,{"internal", USER_FLAG_INTERNAL, USER_FLAG_INTERNAL}
+       };
+       const int       ciNumFlags = sizeof(cFLAGS)/sizeof(cFLAGS[0]);
+       
+       char    *space;
+       
+       *Mask = 0;
+       *Value = 0;
+       
+       do {
+                int    bRemove = 0;
+                int    i;
+                int    len;
+               
+               while( *Str == ' ' )    Str ++; // Eat whitespace
+               space = strchr(Str, ',');       // Find the end of the flag
+               if(space)
+                       len = space - Str;
+               else
+                       len = strlen(Str);
+               
+               // Check for inversion/removal
+               if( *Str == '!' || *Str == '-' ) {
+                       bRemove = 1;
+                       Str ++;
+               }
+               else if( *Str == '+' ) {
+                       Str ++;
+               }
+               
+               // Check flag values
+               for( i = 0; i < ciNumFlags; i ++ )
+               {
+                       if( strncmp(Str, cFLAGS[i].Name, len) == 0 ) {
+                               *Mask |= cFLAGS[i].Mask;
+                               *Value &= ~cFLAGS[i].Mask;
+                               if( !bRemove )
+                                       *Value |= cFLAGS[i].Value;
+                               break;
+                       }
+               }
+               
+               // Error check
+               if( i == ciNumFlags ) {
+                       char    val[len+1];
+                       strncpy(val, Str, len+1);
+                       sendf(Client->Socket, "407 Unknown flag value '%s'\n", val);
+                       return -1;
+               }
+               
+               Str = space + 1;
+       } while(space);
         
-       return Src - start_src;
+       return 0;
  }