Server - Added bac to mark zero priced slots as erroring

[tpg/opendispense2.git] / src / server / server.c

diff --git a/src/server/server.c b/src/server/server.c
index f0d7d46..b7ca068 100644 (file)
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -14,11 +14,16 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <unistd.h>
+#include <fcntl.h>     // O_*
 #include <string.h>
 #include <limits.h>
 #include <stdarg.h>
+#include <signal.h>    // Signal handling
+#include <ident.h>     // AUTHIDENT
+#include <time.h>      // time(2)
 
 #define        DEBUG_TRACE_CLIENT      0
+#define HACK_NO_REFUNDS        1
 
 // Statistics
 #define MAX_CONNECTION_QUEUE   5
@@ -30,6 +35,9 @@
 
 #define MSG_STR_TOO_LONG       "499 Command too long (limit "EXPSTR(INPUT_BUFFER_SIZE)")\n"
 
+#define IDENT_TRUSTED_NETWORK 0x825F0D00
+#define IDENT_TRUSTED_NETMASK 0xFFFFFFC0
+
 // === TYPES ===
 typedef struct sClient
 {
@@ -55,10 +63,12 @@ void        Server_ParseClientCommand(tClient *Client, char *CommandString);
 void   Server_Cmd_USER(tClient *Client, char *Args);
 void   Server_Cmd_PASS(tClient *Client, char *Args);
 void   Server_Cmd_AUTOAUTH(tClient *Client, char *Args);
+void   Server_Cmd_AUTHIDENT(tClient *Client, char *Args);
 void   Server_Cmd_SETEUSER(tClient *Client, char *Args);
 void   Server_Cmd_ENUMITEMS(tClient *Client, char *Args);
 void   Server_Cmd_ITEMINFO(tClient *Client, char *Args);
 void   Server_Cmd_DISPENSE(tClient *Client, char *Args);
+void   Server_Cmd_REFUND(tClient *Client, char *Args);
 void   Server_Cmd_GIVE(tClient *Client, char *Args);
 void   Server_Cmd_DONATE(tClient *Client, char *Args);
 void   Server_Cmd_ADD(tClient *Client, char *Args);
@@ -68,6 +78,7 @@ void  Server_Cmd_USERINFO(tClient *Client, char *Args);
 void   _SendUserInfo(tClient *Client, int UserID);
 void   Server_Cmd_USERADD(tClient *Client, char *Args);
 void   Server_Cmd_USERFLAGS(tClient *Client, char *Args);
+void   Server_Cmd_UPDATEITEM(tClient *Client, char *Args);
 // --- Helpers ---
 void   Debug(tClient *Client, const char *Format, ...);
  int   sendf(int Socket, const char *Format, ...);
@@ -83,10 +94,12 @@ const struct sClientCommand {
        {"USER", Server_Cmd_USER},
        {"PASS", Server_Cmd_PASS},
        {"AUTOAUTH", Server_Cmd_AUTOAUTH},
+       {"AUTHIDENT", Server_Cmd_AUTHIDENT},
        {"SETEUSER", Server_Cmd_SETEUSER},
        {"ENUM_ITEMS", Server_Cmd_ENUMITEMS},
        {"ITEM_INFO", Server_Cmd_ITEMINFO},
        {"DISPENSE", Server_Cmd_DISPENSE},
+       {"REFUND", Server_Cmd_REFUND},
        {"GIVE", Server_Cmd_GIVE},
        {"DONATE", Server_Cmd_DONATE},
        {"ADD", Server_Cmd_ADD},
@@ -94,14 +107,21 @@ const struct sClientCommand {
        {"ENUM_USERS", Server_Cmd_ENUMUSERS},
        {"USER_INFO", Server_Cmd_USERINFO},
        {"USER_ADD", Server_Cmd_USERADD},
-       {"USER_FLAGS", Server_Cmd_USERFLAGS}
+       {"USER_FLAGS", Server_Cmd_USERFLAGS},
+       {"UPDATE_ITEM", Server_Cmd_UPDATEITEM}
 };
 #define NUM_COMMANDS   ((int)(sizeof(gaServer_Commands)/sizeof(gaServer_Commands[0])))
 
 // === GLOBALS ===
- int   giServer_Port = 1020;
- int   giServer_NextClientID = 1;
- int   giServer_Socket;
+// - Configuration
+ int   giServer_Port = 11020;
+ int   gbServer_RunInBackground = 0;
+char   *gsServer_LogFile = "/var/log/dispsrv.log";
+char   *gsServer_ErrorLog = "/var/log/dispsrv.err";
+// - State variables
+ int   giServer_Socket;        // Server socket
+ int   giServer_NextClientID = 1;      // Debug client ID
+ 
 
 // === CODE ===
 /**
@@ -113,6 +133,8 @@ void Server_Start(void)
        struct sockaddr_in      server_addr, client_addr;
 
        atexit(Server_Cleanup);
+       // Ignore SIGPIPE (stops crashes when the client exits early)
+       signal(SIGPIPE, SIG_IGN);
 
        // Create Server
        giServer_Socket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
@@ -133,6 +155,38 @@ void Server_Start(void)
                perror("Binding");
                return ;
        }
+
+       // Fork into background
+       if( gbServer_RunInBackground )
+       {
+               int pid = fork();
+               if( pid == -1 ) {
+                       fprintf(stderr, "ERROR: Unable to fork\n");
+                       perror("fork background");
+                       exit(-1);
+               }
+               if( pid != 0 ) {
+                       // Parent, quit
+                       printf("Forked child %i\n", pid);
+                       exit(0);
+               }
+               // In child
+               // - Sort out stdin/stdout
+               #if 0
+               dup2( open("/dev/null", O_RDONLY, 0644), STDIN_FILENO );
+               dup2( open(gsServer_LogFile, O_CREAT|O_APPEND, 0644), STDOUT_FILENO );
+               dup2( open(gsServer_ErrorLog, O_CREAT|O_APPEND, 0644), STDERR_FILENO );
+               #else
+               freopen("/dev/null", "r", stdin);
+               freopen(gsServer_LogFile, "a", stdout);
+               freopen(gsServer_ErrorLog, "a", stderr);
+               fprintf(stdout, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
+               fprintf(stderr, "OpenDispense 2 Server Started at %lld\n", (long long)time(NULL));
+               #endif
+       }
+
+       // Start the helper thread
+       StartPeriodicThread();
        
        // Listen
        if( listen(giServer_Socket, MAX_CONNECTION_QUEUE) < 0 ) {
@@ -143,6 +197,15 @@ void Server_Start(void)
        
        printf("Listening on 0.0.0.0:%i\n", giServer_Port);
        
+       // write pidfile
+       {
+               FILE *fp = fopen("/var/run/dispsrv.pid", "w");
+               if( fp ) {
+                       fprintf(fp, "%i", getpid());
+                       fclose(fp);
+               }
+       }
+
        for(;;)
        {
                uint    len = sizeof(client_addr);
@@ -186,11 +249,15 @@ void Server_Start(void)
                        switch( ntohl( client_addr.sin_addr.s_addr ) )
                        {
                        case 0x7F000001:        // 127.0.0.1    localhost
-               //      case 0x825E0D00:        // 130.95.13.0
-                       case 0x825E0D07:        // 130.95.13.7  motsugo
-                       case 0x825E0D11:        // 130.95.13.17 mermaid
-                       case 0x825E0D12:        // 130.95.13.18 mussel
-                       case 0x825E0D17:        // 130.95.13.23 martello
+               //      case 0x825F0D00:        // 130.95.13.0
+                       case 0x825F0D04:        // 130.95.13.4  merlo
+               //      case 0x825F0D05:        // 130.95.13.5  heathred (MR)
+                       case 0x825F0D07:        // 130.95.13.7  motsugo
+                       case 0x825F0D11:        // 130.95.13.17 mermaid
+                       case 0x825F0D12:        // 130.95.13.18 mussel
+                       case 0x825F0D17:        // 130.95.13.23 martello
+                       case 0x825F0D2A:        // 130.95.13.42 meersau
+               //      case 0x825F0D42:        // 130.95.13.66 heathred (Clubroom)
                                bTrusted = 1;
                                break;
                        default:
@@ -207,8 +274,9 @@ void Server_Start(void)
 
 void Server_Cleanup(void)
 {
-       printf("Close(%i)\n", giServer_Socket);
+       printf("\nClose(%i)\n", giServer_Socket);
        close(giServer_Socket);
+       unlink("/var/run/dispsrv.pid");
 }
 
 /**
@@ -302,8 +370,8 @@ void Server_ParseClientCommand(tClient *Client, char *CommandString)
        
        if( Server_int_ParseArgs(1, CommandString, &command, &args, NULL) )
        {
+               if( command == NULL )   return ;
                // Is this an error? (just ignore for now)
-               //args = "";
        }
        
        
@@ -333,7 +401,11 @@ void Server_Cmd_USER(tClient *Client, char *Args)
 {
        char    *username;
        
-       Server_int_ParseArgs(0, Args, &username, NULL);
+       if( Server_int_ParseArgs(0, Args, &username, NULL) )
+       {
+               sendf(Client->Socket, "407 USER takes 1 argument\n");
+               return ;
+       }
        
        // Debug!
        if( giDebugLevel )
@@ -371,19 +443,36 @@ void Server_Cmd_USER(tClient *Client, char *Args)
 void Server_Cmd_PASS(tClient *Client, char *Args)
 {
        char    *passhash;
-       
-       Server_int_ParseArgs(0, Args, &passhash, NULL);
+        int    flags;
+
+       if( Server_int_ParseArgs(0, Args, &passhash, NULL) )
+       {
+               sendf(Client->Socket, "407 PASS takes 1 argument\n");
+               return ;
+       }
        
        // Pass on to cokebank
        Client->UID = Bank_GetUserAuth(Client->Salt, Client->Username, passhash);
 
-       if( Client->UID != -1 ) {
-               Client->bIsAuthed = 1;
-               sendf(Client->Socket, "200 Auth OK\n");
+       if( Client->UID == -1 ) {
+               sendf(Client->Socket, "401 Auth Failure\n");
+               return ;
+       }
+
+       flags = Bank_GetFlags(Client->UID);
+       if( flags & USER_FLAG_DISABLED ) {
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Account Disabled\n");
+               return ;
+       }
+       if( flags & USER_FLAG_INTERNAL ) {
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Internal account\n");
                return ;
        }
        
-       sendf(Client->Socket, "401 Auth Failure\n");
+       Client->bIsAuthed = 1;
+       sendf(Client->Socket, "200 Auth OK\n");
 }
 
 /**
@@ -394,6 +483,7 @@ void Server_Cmd_PASS(tClient *Client, char *Args)
 void Server_Cmd_AUTOAUTH(tClient *Client, char *Args)
 {
        char    *username;
+        int    userflags;
        
        if( Server_int_ParseArgs(0, Args, &username, NULL) )
        {
@@ -410,23 +500,36 @@ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args)
        }
        
        // Get UID
-       Client->UID = Bank_GetAcctByName( username );   
+       Client->UID = Bank_GetAcctByName( username, 0 );        
        if( Client->UID < 0 ) {
                if(giDebugLevel)
                        Debug(Client, "Unknown user '%s'", username);
-               sendf(Client->Socket, "401 Auth Failure\n");
+               sendf(Client->Socket, "403 Auth Failure\n");
                return ;
        }
        
+       userflags = Bank_GetFlags(Client->UID);
        // You can't be an internal account
-       if( Bank_GetFlags(Client->UID) & USER_FLAG_INTERNAL ) {
+       if( userflags & USER_FLAG_INTERNAL ) {
                if(giDebugLevel)
                        Debug(Client, "Autoauth as '%s', not allowed", username);
                Client->UID = -1;
-               sendf(Client->Socket, "401 Auth Failure\n");
+               sendf(Client->Socket, "403 Account is internal\n");
                return ;
        }
 
+       // Disabled accounts
+       if( userflags & USER_FLAG_DISABLED ) {
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Account disabled\n");
+               return ;
+       }
+
+       // Save username
+       if(Client->Username)
+               free(Client->Username);
+       Client->Username = strdup(username);
+
        Client->bIsAuthed = 1;
        
        if(giDebugLevel)
@@ -435,37 +538,155 @@ void Server_Cmd_AUTOAUTH(tClient *Client, char *Args)
        sendf(Client->Socket, "200 Auth OK\n");
 }
 
+/**
+ * \brief Authenticate as a user using the IDENT protocol
+ *
+ * Usage: AUTHIDENT
+ */
+void Server_Cmd_AUTHIDENT(tClient *Client, char *Args)
+{
+       char    *username;
+        int    userflags;
+       const int ident_timeout = 5;
+       socklen_t len;
+       struct sockaddr_in client_addr;
+       uint32_t  client_ip;
+
+       if( Args != NULL && strlen(Args) ) {
+               sendf(Client->Socket, "407 AUTHIDENT takes no arguments\n");
+               return ;
+       }
+
+       // Check if trusted (only works with INET sockets at present)
+       len = sizeof(client_addr);
+       if( getpeername(Client->Socket, (struct sockaddr*)&client_addr, &len) == -1 ) {
+               Debug(Client, "500 getpeername() failed\n");
+               perror("Getting AUTHIDENT peer name");
+               sendf(Client->Socket, "500 getpeername() failed\n");
+               return ;
+       }
+
+       client_ip = client_addr.sin_addr.s_addr;
+       if(giDebugLevel >= 2) {
+               Debug(Client, "client_ip = %x, ntohl(client_ip) = %x", client_ip, ntohl(client_ip));
+       }
+       if( ntohl(client_ip) != 0x7F000001 && (ntohl(client_ip) & IDENT_TRUSTED_NETMASK) != IDENT_TRUSTED_NETWORK ) {
+                       if(giDebugLevel)
+                               Debug(Client, "Untrusted client attempting to AUTHIDENT");
+                       sendf(Client->Socket, "401 Untrusted\n");
+                       return ;
+       }
+
+       // Get username via IDENT
+       username = ident_id(Client->Socket, ident_timeout);
+       if( !username ) {
+               sendf(Client->Socket, "403 Authentication failure: IDENT auth timed out\n");
+               return ;
+       }
+
+       // Get UID
+       Client->UID = Bank_GetAcctByName( username, 0 );
+       if( Client->UID < 0 ) {
+               if(giDebugLevel)
+                       Debug(Client, "Unknown user '%s'", username);
+               sendf(Client->Socket, "403 Authentication failure: unknown account\n");
+               free(username);
+               return ;
+       }
+
+       userflags = Bank_GetFlags(Client->UID);
+       // You can't be an internal account
+       if( userflags & USER_FLAG_INTERNAL ) {
+               if(giDebugLevel)
+                       Debug(Client, "IDENT auth as '%s', not allowed", username);
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Authentication failure: that account is internal\n");
+               free(username);
+               return ;
+       }
+
+       // Disabled accounts
+       if( userflags & USER_FLAG_DISABLED ) {
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Authentication failure: account disabled\n");
+               free(username);
+               return ;
+       }
+
+       // Save username
+       if(Client->Username)
+               free(Client->Username);
+       Client->Username = strdup(username);
+
+       Client->bIsAuthed = 1;
+
+       if(giDebugLevel)
+               Debug(Client, "IDENT authenticated as '%s' (%i)", username, Client->UID);
+       free(username);
+
+       sendf(Client->Socket, "200 Auth OK\n");
+}
+
 /**
  * \brief Set effective user
  */
 void Server_Cmd_SETEUSER(tClient *Client, char *Args)
 {
        char    *username;
+        int    eUserFlags, userFlags;
        
-       Server_int_ParseArgs(0, Args, &username, NULL);
+       if( Server_int_ParseArgs(0, Args, &username, NULL) )
+       {
+               sendf(Client->Socket, "407 SETEUSER takes 1 argument\n");
+               return ;
+       }
        
        if( !strlen(Args) ) {
                sendf(Client->Socket, "407 SETEUSER expects an argument\n");
                return ;
        }
+       
+       // Check authentication
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
+               return ;
+       }
 
        // Check user permissions
-       if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
+       userFlags = Bank_GetFlags(Client->UID);
+       if( !(userFlags & (USER_FLAG_COKE|USER_FLAG_ADMIN)) ) {
                sendf(Client->Socket, "403 Not in coke\n");
                return ;
        }
        
        // Set id
-       Client->EffectiveUID = Bank_GetAcctByName(username);
+       Client->EffectiveUID = Bank_GetAcctByName(username, 0);
        if( Client->EffectiveUID == -1 ) {
                sendf(Client->Socket, "404 User not found\n");
                return ;
        }
        
        // You can't be an internal account
-       if( Bank_GetFlags(Client->EffectiveUID) & USER_FLAG_INTERNAL ) {
-               Client->EffectiveUID = -1;
-               sendf(Client->Socket, "404 User not found\n");
+       if( !(userFlags & USER_FLAG_ADMIN) )
+       {
+               eUserFlags = Bank_GetFlags(Client->EffectiveUID);
+               if( eUserFlags & USER_FLAG_INTERNAL ) {
+                       Client->EffectiveUID = -1;
+                       sendf(Client->Socket, "404 User not found\n");
+                       return ;
+               }
+               // Disabled only avaliable to admins
+               if( eUserFlags & USER_FLAG_DISABLED ) {
+                       Client->EffectiveUID = -1;
+                       sendf(Client->Socket, "403 Account disabled\n");
+                       return ;
+               }
+       }
+
+       // Disabled accounts
+       if( userFlags & USER_FLAG_DISABLED ) {
+               Client->UID = -1;
+               sendf(Client->Socket, "403 Account disabled\n");
                return ;
        }
        
@@ -492,6 +713,12 @@ void Server_int_SendItem(tClient *Client, tItem *Item)
                }
        }
        
+       if( Item->Price == 0 )
+               status = "error";
+       // KNOWN HACK: Naming a slot 'dead' disables it
+       if( strcmp(Item->Name, "dead") == 0 )
+               status = "sold";        // Another status?
+       
        sendf(Client->Socket,
                "202 Item %s:%i %s %i %s\n",
                Item->Handler->Name, Item->ID, status, Item->Price, Item->Name
@@ -622,9 +849,57 @@ void Server_Cmd_DISPENSE(tClient *Client, char *Args)
        case 1: sendf(Client->Socket, "501 Unable to dispense\n");      return ;
        case 2: sendf(Client->Socket, "402 Poor You\n");        return ;
        default:
-               sendf(Client->Socket, "500 Dispense Error\n");
+               sendf(Client->Socket, "500 Dispense Error (%i)\n", ret);
+               return ;
+       }
+}
+
+void Server_Cmd_REFUND(tClient *Client, char *Args)
+{
+       tItem   *item;
+        int    uid, price_override = 0;
+       char    *username, *itemname, *price_str;
+
+       if( Server_int_ParseArgs(0, Args, &username, &itemname, &price_str, NULL) ) {
+               if( !itemname || price_str ) {
+                       sendf(Client->Socket, "407 REFUND takes 2 or 3 arguments\n");
+                       return ;
+               }
+       }
+
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
+               return ;
+       }
+
+       // Check user permissions
+       if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN))  ) {
+               sendf(Client->Socket, "403 Not in coke\n");
+               return ;
+       }
+
+       uid = Bank_GetAcctByName(username, 0);
+       if( uid == -1 ) {
+               sendf(Client->Socket, "404 Unknown user\n");
+               return ;
+       }
+       
+       item = _GetItemFromString(itemname);
+       if( !item ) {
+               sendf(Client->Socket, "406 Bad Item ID\n");
                return ;
        }
+
+       if( price_str )
+               price_override = atoi(price_str);
+
+       switch( DispenseRefund( Client->UID, uid, item, price_override ) )
+       {
+       case 0: sendf(Client->Socket, "200 Item Refunded\n");   return ;
+       default:
+               sendf(Client->Socket, "500 Dispense Error\n");
+               return;
+       }
 }
 
 void Server_Cmd_GIVE(tClient *Client, char *Args)
@@ -638,6 +913,7 @@ void Server_Cmd_GIVE(tClient *Client, char *Args)
                sendf(Client->Socket, "407 GIVE takes only 3 arguments\n");
                return ;
        }
+       
        // Check for authed
        if( !Client->bIsAuthed ) {
                sendf(Client->Socket, "401 Not Authenticated\n");
@@ -645,17 +921,17 @@ void Server_Cmd_GIVE(tClient *Client, char *Args)
        }
 
        // Get recipient
-       uid = Bank_GetAcctByName(recipient);
+       uid = Bank_GetAcctByName(recipient, 0);
        if( uid == -1 ) {
                sendf(Client->Socket, "404 Invalid target user\n");
                return ;
        }
        
        // You can't alter an internal account
-       if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
-               sendf(Client->Socket, "404 Invalid target user\n");
-               return ;
-       }
+//     if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
+//             sendf(Client->Socket, "404 Invalid target user\n");
+//             return ;
+//     }
 
        // Parse ammount
        iAmmount = atoi(ammount);
@@ -755,17 +1031,39 @@ void Server_Cmd_ADD(tClient *Client, char *Args)
                return ;
        }
 
+       #if !ROOT_CAN_ADD
+       if( strcmp( Client->Username, "root" ) == 0 ) {
+               // Allow adding for new users
+               if( strcmp(reason, "treasurer: new user") != 0 ) {
+                       sendf(Client->Socket, "403 Root may not add\n");
+                       return ;
+               }
+       }
+       #endif
+
+       #if HACK_NO_REFUNDS
+       if( strstr(reason, "refund") != NULL || strstr(reason, "misdispense") != NULL )
+       {
+               sendf(Client->Socket, "499 Don't use `dispense acct` for refunds, use `dispense refund` (and `dispense -G` to get item IDs)\n");
+               return ;
+       }
+       #endif
+
        // Get recipient
-       uid = Bank_GetAcctByName(user);
+       uid = Bank_GetAcctByName(user, 0);
        if( uid == -1 ) {
                sendf(Client->Socket, "404 Invalid user\n");
                return ;
        }
        
        // You can't alter an internal account
-       if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
-               sendf(Client->Socket, "404 Invalid user\n");
-               return ;
+       if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) )
+       {
+               if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
+                       sendf(Client->Socket, "404 Invalid user\n");
+                       return ;
+               }
+               // TODO: Maybe disallow changes to disabled?
        }
 
        // Parse ammount
@@ -813,17 +1111,11 @@ void Server_Cmd_SET(tClient *Client, char *Args)
        }
 
        // Get recipient
-       uid = Bank_GetAcctByName(user);
+       uid = Bank_GetAcctByName(user, 0);
        if( uid == -1 ) {
                sendf(Client->Socket, "404 Invalid user\n");
                return ;
        }
-       
-       // You can't alter an internal account
-       if( Bank_GetFlags(uid) & USER_FLAG_INTERNAL ) {
-               sendf(Client->Socket, "404 Invalid user\n");
-               return ;
-       }
 
        // Parse ammount
        iAmmount = atoi(ammount);
@@ -1032,7 +1324,7 @@ void Server_Cmd_USERINFO(tClient *Client, char *Args)
        if( giDebugLevel )      Debug(Client, "User Info '%s'", user);
        
        // Get recipient
-       uid = Bank_GetAcctByName(user);
+       uid = Bank_GetAcctByName(user, 0);
        
        if( giDebugLevel >= 2 ) Debug(Client, "uid = %i", uid);
        if( uid == -1 ) {
@@ -1087,6 +1379,12 @@ void Server_Cmd_USERADD(tClient *Client, char *Args)
                return ;
        }
        
+       // Check authentication
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
+               return ;
+       }
+       
        // Check permissions
        if( !(Bank_GetFlags(Client->UID) & USER_FLAG_ADMIN) ) {
                sendf(Client->Socket, "403 Not a coke admin\n");
@@ -1110,13 +1408,22 @@ void Server_Cmd_USERADD(tClient *Client, char *Args)
 
 void Server_Cmd_USERFLAGS(tClient *Client, char *Args)
 {
-       char    *username, *flags;
+       char    *username, *flags, *reason=NULL;
         int    mask=0, value=0;
         int    uid;
        
        // Parse arguments
-       if( Server_int_ParseArgs(0, Args, &username, &flags, NULL) ) {
-               sendf(Client->Socket, "407 USER_FLAGS takes 2 arguments\n");
+       if( Server_int_ParseArgs(1, Args, &username, &flags, &reason, NULL) ) {
+               if( !flags ) {
+                       sendf(Client->Socket, "407 USER_FLAGS takes at least 2 arguments\n");
+                       return ;
+               }
+               reason = "";
+       }
+       
+       // Check authentication
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
                return ;
        }
        
@@ -1127,7 +1434,7 @@ void Server_Cmd_USERFLAGS(tClient *Client, char *Args)
        }
        
        // Get UID
-       uid = Bank_GetAcctByName(username);
+       uid = Bank_GetAcctByName(username, 0);
        if( uid == -1 ) {
                sendf(Client->Socket, "404 User '%s' not found\n", username);
                return ;
@@ -1143,11 +1450,60 @@ void Server_Cmd_USERFLAGS(tClient *Client, char *Args)
        
        // Apply flags
        Bank_SetFlags(uid, mask, value);
+
+       // Log the change
+       Log_Info("Updated '%s' with flag set '%s' by '%s' - Reason: %s",
+               username, flags, Client->Username, reason);
        
        // Return OK
        sendf(Client->Socket, "200 User Updated\n");
 }
 
+void Server_Cmd_UPDATEITEM(tClient *Client, char *Args)
+{
+       char    *itemname, *price_str, *description;
+        int    price;
+       tItem   *item;
+       
+       if( Server_int_ParseArgs(1, Args, &itemname, &price_str, &description, NULL) ) {
+               sendf(Client->Socket, "407 UPDATE_ITEM takes 3 arguments\n");
+               return ;
+       }
+       
+       if( !Client->bIsAuthed ) {
+               sendf(Client->Socket, "401 Not Authenticated\n");
+               return ;
+       }
+
+       // Check user permissions
+       if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN))  ) {
+               sendf(Client->Socket, "403 Not in coke\n");
+               return ;
+       }
+       
+       item = _GetItemFromString(itemname);
+       if( !item ) {
+               // TODO: Create item?
+               sendf(Client->Socket, "406 Bad Item ID\n");
+               return ;
+       }
+       
+       price = atoi(price_str);
+       if( price <= 0 && price_str[0] != '0' ) {
+               sendf(Client->Socket, "407 Invalid price set\n");
+       }
+       
+       switch( DispenseUpdateItem( Client->UID, item, description, price ) )
+       {
+       case 0:
+               // Return OK
+               sendf(Client->Socket, "200 Item updated\n");
+               break;
+       default:
+               break;
+       }
+}
+
 // --- INTERNAL HELPERS ---
 void Debug(tClient *Client, const char *Format, ...)
 {