diff --git a/src/client/Makefile b/src/client/Makefile
index 8c1cda487e35a8c7639acb6514f13043b8e38295..8d261aa145df142c83855c81a8496191aa5aa61a 100644
--- a/src/client/Makefile
+++ b/src/client/Makefile
@@ -1,5 +1,5 @@
 
-CFLAGS := -Wall -Werror -g
+CFLAGS := -Wall -Werror -g -std=gnu99
 LDFLAGS := -g -lncurses
 # -lssl
 
diff --git a/src/client/protocol.c b/src/client/protocol.c
index 483ee575ce147b7046b862a02f888cffddd48a5d..ad8a6bf6c2657b0c448a66a721f7396ffadef535 100644
--- a/src/client/protocol.c
+++ b/src/client/protocol.c
@@ -55,8 +55,6 @@ int OpenConnection(const char *Host, int Port)
 		return -1;
 	}
 
-//	printf("geteuid() = %i, getuid() = %i\n", geteuid(), getuid());
-	
 	if( geteuid() == 0 || getuid() == 0 )
 	{
 		 int	i;
@@ -74,8 +72,6 @@ int OpenConnection(const char *Host, int Port)
 		}
 		if( i == 1024 )
 			printf("Warning: AUTOAUTH unavaliable\n");
-//		else
-//			printf("Bound to 0.0.0.0:%i\n", i);
 	}
 	
 	if( connect(sock, (struct sockaddr *) &serverAddr, sizeof(serverAddr)) < 0 ) {
@@ -514,6 +510,62 @@ int Dispense_ItemInfo(int Socket, const char *Type, int ID)
 	return 0;
 }
 
+int DispenseCheckPin(int Socket, const char *Username, const char *Pin)
+{
+	 int	ret, responseCode;
+	char	*buf;
+	
+	if( strlen(Pin) != 4 ) {
+		fprintf(stderr, "Pin format incorrect (not 4 characters long)\n");
+		return RV_ARGUMENTS;
+	}
+		
+	for( int i = 0; i < 4; i ++ )
+		if( !isdigit(Pin[i]) ) {
+			fprintf(stderr, "Pin format incorrect (character %i not a digit)\n", i);
+			return RV_ARGUMENTS;
+		}
+	}
+	
+	sendf(Socket, "CHECK_PIN %s %s\n", Username, Pin);
+	buf = ReadLine(Socket);
+	
+	responseCode = atoi(buf);
+	switch( responseCode )
+	{
+	case 200:	// Pin correct
+		printf("Pin OK\n");
+		ret = 0;
+		break;
+	case 201:
+		printf("Pin incorrect\n");
+		ret = RV_INVALID_USER;
+		break;
+	case 401:
+		printf("Not authenticated\n");
+		ret = RV_PERMISSIONS;
+		break;
+	case 403:
+		printf("Only coke members can check accounts other than their own\n");
+		ret = RV_PERMISSIONS;
+		break;
+	case 404:
+		printf("User '%s' not found\n", Username);
+		ret = RV_INVALID_USER;
+		break;
+	case 407:
+		printf("Rate limited or client-server disagree on pin format\n");
+		ret = RV_SERVER_ERROR;
+		break;
+	default:
+		printf("Unknown response code %i ('%s')\n", responseCode, buf);
+		ret = RV_UNKNOWN_ERROR;
+		break;
+	}
+	free(buf);
+	return ret;
+}
+
 /**
  * \brief Dispense an item
  * \return Boolean Failure
diff --git a/src/server/server.c b/src/server/server.c
index 9bf9eba2a71715dce302032a3bd83288460b7f44..2afd1a7b9d73fdf5126ffd9a4ee72f63e3cfe683 100644
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -699,16 +699,12 @@ void Server_Cmd_SETEUSER(tClient *Client, char *Args)
 			sendf(Client->Socket, "404 User not found\n");
 			return ;
 		}
-		// Disabled only avaliable to admins
-		if( eUserFlags & USER_FLAG_DISABLED ) {
-			Client->EffectiveUID = -1;
-			sendf(Client->Socket, "403 Account disabled\n");
-			return ;
-		}
 	}
 
 	// Disabled accounts
-	if( userFlags & USER_FLAG_DISABLED ) {
+	// - If disabled and the actual user is not an admin (and not root)
+	//   return 403
+	if( (eUserFlags & USER_FLAG_DISABLED) && (Client->UID == 0 || !(userFlags & USER_FLAG_ADMIN)) ) {
 		Client->EffectiveUID = -1;
 		sendf(Client->Socket, "403 Account disabled\n");
 		return ;
@@ -874,6 +870,9 @@ void Server_Cmd_DISPENSE(tClient *Client, char *Args)
 		uid = Client->UID;
 	}
 
+//	if( Bank_GetFlags(Client->UID) & USER_FLAG_DISABLED  ) {
+//	}
+
 	switch( ret = DispenseItem( Client->UID, uid, item ) )
 	{
 	case 0:	sendf(Client->Socket, "200 Dispense OK\n");	return ;
@@ -1567,12 +1566,6 @@ void Server_Cmd_PINCHECK(tClient *Client, char *Args)
 		return ;
 	}
 	
-	// Check user permissions
-	if( !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN))  ) {
-		sendf(Client->Socket, "403 Not in coke\n");
-		return ;
-	}
-	
 	// Get user
 	int uid = Bank_GetAcctByName(username, 0);
 	if( uid == -1 ) {
@@ -1580,6 +1573,12 @@ void Server_Cmd_PINCHECK(tClient *Client, char *Args)
 		return ;
 	}
 	
+	// Check user permissions
+	if( uid != Client->UID && !(Bank_GetFlags(Client->UID) & (USER_FLAG_COKE|USER_FLAG_ADMIN))  ) {
+		sendf(Client->Socket, "403 Not in coke\n");
+		return ;
+	}
+	
 	// Get the pin
 	static time_t	last_wrong_pin_time;
 	static int	backoff = 1;
@@ -1591,7 +1590,7 @@ void Server_Cmd_PINCHECK(tClient *Client, char *Args)
 	last_wrong_pin_time = time(NULL);
 	if( !Bank_IsPinValid(uid, pin) )
 	{
-		sendf(Client->Socket, "403 Pin incorrect\n");
+		sendf(Client->Socket, "201 Pin incorrect\n");
 		if( backoff < 5)
 			backoff ++;
 		return ;