diff --git a/sql-edition/servers/VendServer.py b/sql-edition/servers/VendServer.py
index e18d8a3e99a6072fb3d1cf01612e964c0c1e2a1f..515a659523fdd868ae5beba65dcb82988665466c 100755
--- a/sql-edition/servers/VendServer.py
+++ b/sql-edition/servers/VendServer.py
@@ -143,48 +143,30 @@ def scroll_options(username, mk, welcome = False):
 	msg.append((choices, False, None))
 	mk.set_messages(msg)
 
-def get_pin(uid):
+def get_acct_state(uid):
 	try:
 		info = pwd.getpwuid(uid)
 	except KeyError:
 		logging.info('getting pin for uid %d: user not in password file'%uid)
-		return None
-	if info.pw_dir == None: return False
-	pinfile = os.path.join(info.pw_dir, '.pin')
-	try:
-		s = os.stat(pinfile)
-	except OSError:
-		logging.info('getting pin for uid %d: .pin not found in home directory'%uid)
-		return None
-	if s.st_mode & 077:
-		logging.info('getting pin for uid %d: .pin has wrong permissions. Fixing.'%uid)
-		os.chmod(pinfile, 0600)
-	try:
-		f = file(pinfile)
-	except IOError:
-		logging.info('getting pin for uid %d: I cannot read pin file'%uid)
-		return None
-	pinstr = f.readline()
-	f.close()
-	if not re.search('^'+'[0-9]'*PIN_LENGTH+'$', pinstr):
-		logging.info('getting pin for uid %d: %s not a good pin'%(uid,repr(pinstr)))
-		return None
-	return int(pinstr)
+		return 'invalid'
+	ret = os.system('dispense acct %s' % (info.pw_name))
+	if ret != 0:
+		return 'invalid'
+
+	# TODO: Disabled account check (done in server pin check now)	
 
-def has_good_pin(uid):
-	return get_pin(uid) != None
+	return 'good'
 
 def verify_user_pin(uid, pin, skip_pin_check=False):
-	if skip_pin_check or get_pin(uid) == pin:
-		info = pwd.getpwuid(uid)
-		if skip_pin_check:
-			logging.info('accepted mifare for uid %d (%s)'%(uid,info.pw_name))
-		else:
-			logging.info('accepted pin for uid %d (%s)'%(uid,info.pw_name))
-		return info.pw_name
-	else:
+	info = pwd.getpwuid(uid)
+	if skip_pin_check:
+		logging.info('accepted mifare for uid %d (%s)'%(uid,info.pw_name))
+	elif os.system('dispense pincheck %04i %s' % (pin, info.pw_name)) != 0:
 		logging.info('refused pin for uid %d'%(uid))
 		return None
+	else:
+		logging.info('accepted pin for uid %d (%s)'%(uid,info.pw_name))
+	return info.pw_name
 
 
 def cookie(v):
@@ -438,6 +420,7 @@ def make_selection(v, vstatus):
 			v.display('SEEMS NOT')
 		else:
 			v.display('GOT DRINK!')
+			#v.display('SEE FRIDGE')
 	else:
 		# first see if it's a named slot
 		try:
@@ -446,8 +429,8 @@ def make_selection(v, vstatus):
 			price, shortname, name = get_snack( '--' )
 		dollarprice = "$%.2f" % ( price / 100.0 )
 		v.display(vstatus.cur_selection+' - %s'%dollarprice)
-		exitcode = os.system('dispense -u "%s" give \>snacksales %d "%s"'%(vstatus.username, price, name)) >> 8
-#		exitcode = os.system('dispense -u "%s" give \>sales\:snack %d "%s"'%(vstatus.username, price, name)) >> 8
+		exitcode = os.system('dispense -u "%s" give \>sales\:snack %d "%s"'%(vstatus.username, price, name)) >> 8
+		# For some reason, this causes the machine and this code to desync
 #		exitcode = os.system('dispense -u "%s" snack:%s'%(vstatus.username, vstatus.cur_selection)) >> 8
 		if (exitcode == 0):
 			# magic dispense syslog service
@@ -586,23 +569,40 @@ Wouldn't you prefer a nice game of chess?
 
 			return
 
-		if not has_good_pin(uid):
-			logging.info('user '+vstatus.cur_user+' has a bad PIN')
+		acct_state = get_acct_state(uid)
+		if acct_state == 'invalid':
+			logging.info('user '+vstatus.cur_user+' is not in the database')
+			vstatus.mk.set_messages(
+				[(' '*10+'INVALID PIN SETUP'+' '*11, False, 3)])
+			vstatus.cur_user = ''
+			vstatus.cur_pin = ''
+			
+			reset_idler(v, vstatus, 3)
+			return
+		elif acct_state == 'locked':
+			logging.info('user '+vstatus.cur_user+' is locked')
+			vstatus.mk.set_messages(
+				[(' '*10+'INVALID PIN SETUP'+' '*11, False, 3)])
+			vstatus.cur_user = ''
+			vstatus.cur_pin = ''
+			
+			reset_idler(v, vstatus, 3)
+			return
+		elif acct_state == 'good':
+			vstatus.cur_pin = ''
+			vstatus.mk.set_message('PIN: ')
+			logging.info('need pin for user %s'%vstatus.cur_user)
+			vstatus.change_state(STATE_GETTING_PIN)
+			return
+		else:
+			logging.error('user '+vstatus.cur_user+' has an unknown account state'+acct_state)
 			vstatus.mk.set_messages(
 				[(' '*10+'INVALID PIN SETUP'+' '*11, False, 3)])
 			vstatus.cur_user = ''
 			vstatus.cur_pin = ''
 			
 			reset_idler(v, vstatus, 3)
-
 			return
-
-
-		vstatus.cur_pin = ''
-		vstatus.mk.set_message('PIN: ')
-		logging.info('need pin for user %s'%vstatus.cur_user)
-		vstatus.change_state(STATE_GETTING_PIN)
-		return
 
 
 def handle_idle_key(state, event, params, v, vstatus):
@@ -787,6 +787,7 @@ def handle_mifare_event(state, event, params, v, vstatus):
 		vstatus.username = verify_user_pin(int(vstatus.cur_user), None, True)
 	except ValueError:
 		vstatus.username = None
+	
 	if vstatus.username:
 		v.beep(0, False)
 		vstatus.cur_selection = ''
diff --git a/sql-edition/servers/VendingMachine.py b/sql-edition/servers/VendingMachine.py
index e96832a9f52b22c57c86c24a97d8afc8fcfd849f..e5a0251f0210b1f66f28e4b26b144dff2f68fc10 100644
--- a/sql-edition/servers/VendingMachine.py
+++ b/sql-edition/servers/VendingMachine.py
@@ -116,11 +116,13 @@ class VendingMachine:
 			logging.warning('Unhandled event! (%s %s)\n'%(code,text))
 
 	def authed_message(self, message):
+		print 'self.challenge = %04x' % self.challenge
 		if self.challenge == None:
 			return message
 		crc = do_crc('%c%c'%(self.challenge >> 8, self.challenge & 0xff))
 		crc = do_crc(self.secret, crc)
 		crc = do_crc(message, crc)
+		print 'output = "%s|%04x"' % (message, crc)
 		return message+'|'+('%04x'%crc)
 
 	def ping(self):