From 99a4d3ff421f7da6c22e3bba7d155b6f0b82e982 Mon Sep 17 00:00:00 2001
From: alfred-mk <alfredmwaik@gmail.com>
Date: Thu, 2 Jan 2025 13:49:57 +0300
Subject: [PATCH] verify the PIN input against the hashed PIN

---
 internal/handlers/ussd/menuhandler.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/internal/handlers/ussd/menuhandler.go b/internal/handlers/ussd/menuhandler.go
index 645e74c..0829011 100644
--- a/internal/handlers/ussd/menuhandler.go
+++ b/internal/handlers/ussd/menuhandler.go
@@ -725,7 +725,7 @@ func (h *Handlers) Authorize(ctx context.Context, sym string, input []byte) (res
 		return res, err
 	}
 	if len(input) == 4 {
-		if bytes.Equal(input, AccountPin) {
+		if common.VerifyPIN(string(AccountPin), string(input)) {
 			if h.st.MatchFlag(flag_account_authorized, false) {
 				res.FlagReset = append(res.FlagReset, flag_incorrect_pin)
 				res.FlagSet = append(res.FlagSet, flag_allow_update, flag_account_authorized)
@@ -1403,7 +1403,6 @@ func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input
 		defaultValue = "Not Provided"
 	}
 
-
 	sm, _ := h.st.Where()
 	parts := strings.SplitN(sm, "_", 2)
 	filename := parts[1]