* Move functions that output html to guiconfig.inc

* Remove some recursive dependency on some includes * Remove ^M or \r from files * Remove some entries from functions.inc to avoid including them twice * Remove some unneccessary includes from some files NOTE: There is some more work to be done for pkg-utils.inc to be removed from backend as a dependency.
author: Ermal Luci <eri@pfsense.org> 2009-06-18 12:40:11 +0000
committer: Ermal Luci <eri@pfsense.org> 2009-06-18 12:40:11 +0000
commit: 6dc88d5352ea963d85708379405e238e0518e990 (patch)
tree: e51eb1a505ff148a495c642c9b6ed225476a58ce /etc
parent: 4b9980ecfff36202b6ea8dbf7d41e44f78ba52f3 (diff)
download: pfsense-6dc88d5352ea963d85708379405e238e0518e990.zip
pfsense-6dc88d5352ea963d85708379405e238e0518e990.tar.gz
8 files changed, 523 insertions, 859 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 09e0273..dd69a28 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -42,7 +42,7 @@
  * file courtesy of Michael Retterklieber.
  */
 
-require_once("functions.inc");
+require_once("config.inc");
 
 $groupindex = index_groups();
 $userindex = index_users();
@@ -107,6 +107,39 @@ function & getGroupEntryByGID($gid) {
 	return false;
 }
 
+function get_user_privileges(& $user) {
+
+        $privs = $user['priv'];
+        if (!is_array($privs))
+                $privs = array();
+
+        $names = local_user_get_groups($user, true);
+
+        foreach ($names as $name) {
+                $group = getGroupEntry($name);
+                if (is_array($group['priv']))
+                        $privs = array_merge( $privs, $group['priv']);
+        }
+
+        return $privs;
+}
+
+function userHasPrivilege($userent, $privid = false) {
+
+        if (!$privid || !is_array($userent))
+                return false;
+
+        $privs = get_user_privileges($userent);
+
+        if (!is_array($privs))
+                return false;
+
+        if (!in_array($privid, $privs))
+                return false;
+
+        return true;
+}
+
 function local_backed($username, $passwd) {
 
 	$user = getUserEntry($username);
@@ -872,7 +905,7 @@ function session_auth($backing) {
 			return false;
 
 		/* redirect to page the user is on, it'll prompt them to login again */
-		pfSenseHeader($scriptName);
+		Header("Location: {$scriptName}");
 
 		return false;
 	}
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc
index 0acb63b..d9611d2 100644
--- a/etc/inc/authgui.inc
+++ b/etc/inc/authgui.inc
@@ -35,8 +35,7 @@
         POSSIBILITY OF SUCH DAMAGE.
 */
 
-include_once("auth.inc");
-require_once("functions.inc");
+include_once("priv.inc");
 
 /* We only support htpasswd backed HTTP Basic auth and session
  * based backing methods at the moment.
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc
index b7c0e60..4177545 100644
--- a/etc/inc/certs.inc
+++ b/etc/inc/certs.inc
@@ -1,226 +1,224 @@
-<?php
-/* $Id$ */
-/*
-		Copyright (C) 2008 Shrew Soft Inc
-		All rights reserved.
-
-        Redistribution and use in source and binary forms, with or without
-        modification, are permitted provided that the following conditions are met:
-
-        1. Redistributions of source code must retain the above copyright notice,
-           this list of conditions and the following disclaimer.
-
-        2. Redistributions in binary form must reproduce the above copyright
-           notice, this list of conditions and the following disclaimer in the
-           documentation and/or other materials provided with the distribution.
-
-        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-        POSSIBILITY OF SUCH DAMAGE.
-
-		DISABLE_PHP_LINT_CHECKING
-*/
-
-require_once("functions.inc");
-
-function & lookup_ca($refid) {
-	global $config;
-
-	if (is_array($config['system']['ca']))
-		foreach ($config['system']['ca'] as & $ca)
-			if ($ca['refid'] == $refid)
-				return $ca;
-
-	return false;
-}
-
-function & lookup_cert($refid) {
-	global $config;
-
-	if (is_array($config['system']['cert']))
-		foreach ($config['system']['cert'] as & $cert)
-			if ($cert['refid'] == $refid)
-				return $cert;
-
-	return false;
-}
-
-function ca_import(& $ca, $str) {
-
-	$ca['crt'] = base64_encode($str);
-
-	return true;
-}
-
-function ca_create(& $ca, $keylen, $lifetime, $dn) {
-
-	$args = array(
-		"digest_alg" => "sha1",
-		"private_key_bits" => $keylen,
-		"private_key_type" => OPENSSL_KEYTYPE_RSA,
-		"encrypt_key" => false);
-
-	// generate a new key pair
-	$res_key = openssl_pkey_new();
-
-	// generate a certificate signing request
-	$res_csr = openssl_csr_new($dn, $res_key, $args);
-
-	// self sign the certificate
-	$res_crt = openssl_csr_sign($res_csr, null, $res_key, $lifetime, $args);
-
-	// export our certificate data
-	openssl_pkey_export($res_key, $str_key);
-	openssl_x509_export($res_crt, $str_crt);
-
-	// return our ca information
-	$ca['crt'] = base64_encode($str_crt);
-	$ca['prv'] = base64_encode($str_key);
-	$ca['serial'] = 0;
-
-	return true;
-}
-
-function cert_import(& $cert, $crt_str, $key_str) {
-
-	$cert['crt'] = base64_encode($crt_str);
-	$cert['prv'] = base64_encode($key_str);
-
-	return true;
-}
-
-function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
-
-	$ca =& lookup_ca($caref);
-	if (!$ca)
-		return false;
-
-	$ca_str_crt = base64_decode($ca['crt']);
-	$ca_str_key = base64_decode($ca['prv']);
-	$ca_res_crt = openssl_x509_read($ca_str_crt);
-	$ca_res_key = openssl_pkey_get_private($ca_str_key);
-	$ca_serial = $ca['serial']++;
-
-	$args = array(
-		"digest_alg" => "sha1",
-		"private_key_bits" => $keylen,
-		"private_key_type" => OPENSSL_KEYTYPE_RSA,
-		"encrypt_key" => false);
-
-	// generate a new key pair
-	$res_key = openssl_pkey_new();
-
-	// generate a certificate signing request
-	$res_csr = openssl_csr_new($dn, $res_key, $args);
-
-	// self sign the certificate
-	$res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime,
-				 $args, $ca_serial);
-
-	// export our certificate data
-	openssl_pkey_export($res_key, $str_key);
-	openssl_x509_export($res_crt, $str_crt);
-
-	// return our certificate information
-	$cert['caref'] = $caref;
-	$cert['crt'] = base64_encode($str_crt);
-	$cert['prv'] = base64_encode($str_key);
-
-	return true;
-}
-
-function csr_generate(& $cert, $keylen, $dn) {
-
-	$args = array(
-		"digest_alg" => "sha1",
-		"private_key_bits" => $keylen,
-		"private_key_type" => OPENSSL_KEYTYPE_RSA,
-		"encrypt_key" => false);
-
-	// generate a new key pair
-	$res_key = openssl_pkey_new();
-
-	// generate a certificate signing request
-	$res_csr = openssl_csr_new($dn, $res_key, $args);
-
-	// export our request data
-	openssl_pkey_export($res_key, $str_key);
-	openssl_csr_export($res_csr, $str_csr);
-
-	// return our request information
-	$cert['csr'] = base64_encode($str_csr);
-	$cert['prv'] = base64_encode($str_key);
-
-	return true;
-}
-
-function csr_complete(& $cert, $str_crt) {
-
-	// return our request information
-	$cert['crt'] = base64_encode($str_crt);
-	unset($cert['csr']);
-
-	return true;
-}
-
-function csr_get_subject($str_crt, $decode = true) {
-
-	if ($decode)
-		$str_crt = base64_decode($str_crt);
-
-	$components = openssl_csr_get_subject($str_crt);
-
-	if (!is_array($components))
-		return "unknown";
-
-	foreach ($components as $a => $v) {
-		if (!strlen($subject))
-			$subject = "{$a}={$v}";
-		else
-			$subject = "{$a}={$v}, {$subject}";
-	}
-
-	return $subject;
-}
-
-function cert_get_subject($str_crt, $decode = true) {
-
-	if ($decode)
-		$str_crt = base64_decode($str_crt);
-
-	$inf_crt = openssl_x509_parse($str_crt);
-	$components = $inf_crt['subject'];
-
-	if (!is_array($components))
-		return "unknown";
-
-	foreach ($components as $a => $v) {
-		if (!strlen($subject))
-			$subject = "{$a}={$v}";
-		else
-			$subject = "{$a}={$v}, {$subject}";
-	}
-
-	return $subject;
-}
-
-function cert_get_subject_array($crt) {
-	$str_crt = base64_decode($crt);
-	$inf_crt = openssl_x509_parse($str_crt);
-	$components = $inf_crt['subject'];
-	$subject_array = array();
-
-	foreach($components as $a => $v)
-		$subject_array[] = array('a' => $a, 'v' => $v);
-
-	return $subject_array;
-}
-
-?>
+<?php
+/* $Id$ */
+/*
+		Copyright (C) 2008 Shrew Soft Inc
+		All rights reserved.
+
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions are met:
+
+        1. Redistributions of source code must retain the above copyright notice,
+           this list of conditions and the following disclaimer.
+
+        2. Redistributions in binary form must reproduce the above copyright
+           notice, this list of conditions and the following disclaimer in the
+           documentation and/or other materials provided with the distribution.
+
+        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+        POSSIBILITY OF SUCH DAMAGE.
+
+		DISABLE_PHP_LINT_CHECKING
+*/
+
+function & lookup_ca($refid) {
+	global $config;
+
+	if (is_array($config['system']['ca']))
+		foreach ($config['system']['ca'] as & $ca)
+			if ($ca['refid'] == $refid)
+				return $ca;
+
+	return false;
+}
+
+function & lookup_cert($refid) {
+	global $config;
+
+	if (is_array($config['system']['cert']))
+		foreach ($config['system']['cert'] as & $cert)
+			if ($cert['refid'] == $refid)
+				return $cert;
+
+	return false;
+}
+
+function ca_import(& $ca, $str) {
+
+	$ca['crt'] = base64_encode($str);
+
+	return true;
+}
+
+function ca_create(& $ca, $keylen, $lifetime, $dn) {
+
+	$args = array(
+		"digest_alg" => "sha1",
+		"private_key_bits" => $keylen,
+		"private_key_type" => OPENSSL_KEYTYPE_RSA,
+		"encrypt_key" => false);
+
+	// generate a new key pair
+	$res_key = openssl_pkey_new();
+
+	// generate a certificate signing request
+	$res_csr = openssl_csr_new($dn, $res_key, $args);
+
+	// self sign the certificate
+	$res_crt = openssl_csr_sign($res_csr, null, $res_key, $lifetime, $args);
+
+	// export our certificate data
+	openssl_pkey_export($res_key, $str_key);
+	openssl_x509_export($res_crt, $str_crt);
+
+	// return our ca information
+	$ca['crt'] = base64_encode($str_crt);
+	$ca['prv'] = base64_encode($str_key);
+	$ca['serial'] = 0;
+
+	return true;
+}
+
+function cert_import(& $cert, $crt_str, $key_str) {
+
+	$cert['crt'] = base64_encode($crt_str);
+	$cert['prv'] = base64_encode($key_str);
+
+	return true;
+}
+
+function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
+
+	$ca =& lookup_ca($caref);
+	if (!$ca)
+		return false;
+
+	$ca_str_crt = base64_decode($ca['crt']);
+	$ca_str_key = base64_decode($ca['prv']);
+	$ca_res_crt = openssl_x509_read($ca_str_crt);
+	$ca_res_key = openssl_pkey_get_private($ca_str_key);
+	$ca_serial = $ca['serial']++;
+
+	$args = array(
+		"digest_alg" => "sha1",
+		"private_key_bits" => $keylen,
+		"private_key_type" => OPENSSL_KEYTYPE_RSA,
+		"encrypt_key" => false);
+
+	// generate a new key pair
+	$res_key = openssl_pkey_new();
+
+	// generate a certificate signing request
+	$res_csr = openssl_csr_new($dn, $res_key, $args);
+
+	// self sign the certificate
+	$res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime,
+				 $args, $ca_serial);
+
+	// export our certificate data
+	openssl_pkey_export($res_key, $str_key);
+	openssl_x509_export($res_crt, $str_crt);
+
+	// return our certificate information
+	$cert['caref'] = $caref;
+	$cert['crt'] = base64_encode($str_crt);
+	$cert['prv'] = base64_encode($str_key);
+
+	return true;
+}
+
+function csr_generate(& $cert, $keylen, $dn) {
+
+	$args = array(
+		"digest_alg" => "sha1",
+		"private_key_bits" => $keylen,
+		"private_key_type" => OPENSSL_KEYTYPE_RSA,
+		"encrypt_key" => false);
+
+	// generate a new key pair
+	$res_key = openssl_pkey_new();
+
+	// generate a certificate signing request
+	$res_csr = openssl_csr_new($dn, $res_key, $args);
+
+	// export our request data
+	openssl_pkey_export($res_key, $str_key);
+	openssl_csr_export($res_csr, $str_csr);
+
+	// return our request information
+	$cert['csr'] = base64_encode($str_csr);
+	$cert['prv'] = base64_encode($str_key);
+
+	return true;
+}
+
+function csr_complete(& $cert, $str_crt) {
+
+	// return our request information
+	$cert['crt'] = base64_encode($str_crt);
+	unset($cert['csr']);
+
+	return true;
+}
+
+function csr_get_subject($str_crt, $decode = true) {
+
+	if ($decode)
+		$str_crt = base64_decode($str_crt);
+
+	$components = openssl_csr_get_subject($str_crt);
+
+	if (!is_array($components))
+		return "unknown";
+
+	foreach ($components as $a => $v) {
+		if (!strlen($subject))
+			$subject = "{$a}={$v}";
+		else
+			$subject = "{$a}={$v}, {$subject}";
+	}
+
+	return $subject;
+}
+
+function cert_get_subject($str_crt, $decode = true) {
+
+	if ($decode)
+		$str_crt = base64_decode($str_crt);
+
+	$inf_crt = openssl_x509_parse($str_crt);
+	$components = $inf_crt['subject'];
+
+	if (!is_array($components))
+		return "unknown";
+
+	foreach ($components as $a => $v) {
+		if (!strlen($subject))
+			$subject = "{$a}={$v}";
+		else
+			$subject = "{$a}={$v}, {$subject}";
+	}
+
+	return $subject;
+}
+
+function cert_get_subject_array($crt) {
+	$str_crt = base64_decode($crt);
+	$inf_crt = openssl_x509_parse($str_crt);
+	$components = $inf_crt['subject'];
+	$subject_array = array();
+
+	foreach($components as $a => $v)
+		$subject_array[] = array('a' => $a, 'v' => $v);
+
+	return $subject_array;
+}
+
+?>
diff --git a/etc/inc/functions.inc b/etc/inc/functions.inc
index 1365742..0cc5675 100644
--- a/etc/inc/functions.inc
+++ b/etc/inc/functions.inc
@@ -70,11 +70,9 @@ if(!function_exists("pfSenseHeader")) {
 /* END compatibility goo with HEAD */
 
 /* include all configuration functions */
-require_once("auth.inc");
 require_once("priv.inc");
 require_once("certs.inc");
 require_once("crypt.inc");
-require_once("util.inc");
 require_once("interfaces.inc");
 require_once("gwlb.inc");
 require_once("services.inc");
@@ -86,7 +84,6 @@ require_once("openvpn.inc");
 require_once("ipsec.inc");
 require_once("vpn.inc");
 require_once("vslb.inc");
-require_once("notices.inc");
 require_once("cmd_chain.inc");
 require_once("rrd.inc");
 
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index 401787d..9c62180 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -705,21 +705,6 @@ function get_filename_from_url($url) {
 }
 
 /*
- *   update_output_window: update bottom textarea dynamically.
- */
-function update_output_window($text) {
-	global $pkg_interface;
-	$log = ereg_replace("\n", "\\n", $text);
-	if($pkg_interface == "console") {
-		/* too chatty */
-	} else {
-		echo "\n<script language=\"JavaScript\">this.document.forms[0].output.value = \"" . $log . "\";</script>";
-	}
-	/* ensure that contents are written out */
-	ob_flush();
-}
-
-/*
  *   get_dir: return an array of $dir
  */
 function get_dir($dir) {
@@ -732,35 +717,6 @@ function get_dir($dir) {
 	return $dir_array;
 }
 
-/*
- *   update_output_window: update top textarea dynamically.
- */
-function update_status($status) {
-	global $pkg_interface;
-	if($pkg_interface == "console") {
-		echo $status . "\n";
-	} else {
-		echo "\n<script type=\"text/javascript\">this.document.forms[0].status.value=\"" . $status . "\";</script>";
-	}
-	/* ensure that contents are written out */
-	ob_flush();
-}
-
-/*
- * update_progress_bar($percent): updates the javascript driven progress bar.
- */
-function update_progress_bar($percent) {
-	global $pkg_interface;
-	if($percent > 100) $percent = 1;
-	if($pkg_interface <> "console") {
-		echo "\n<script type=\"text/javascript\" language=\"javascript\">";
-		echo "\ndocument.progressbar.style.width='" . $percent . "%';";
-		echo "\n</script>";
-	} else {
-		echo " {$percent}%";
-	}
-}
-
 /****f* pfsense-utils/WakeOnLan
  * NAME
  *   WakeOnLan - Wake a machine up using the wake on lan format/protocol
@@ -1071,157 +1027,6 @@ function get_disk_info() {
 	// $size, $used, $avail, $cap
 }
 
-/****f* pfsense-utils/display_top_tabs
- * NAME
- *   display_top_tabs - display tabs with rounded edges
- * INPUTS
- *   $text      - array of tabs
- * RESULT
- *   null
- ******/
-function display_top_tabs(& $tab_array) {
-	global $HTTP_SERVER_VARS;
-	global $config;
-	global $g;
-
-	/*  does the user have access to this tab?
-	 *  master user has access to everything.
-	 *  if the user does not have access, simply
-	 *  unset the tab item.
-	 */
-
-	$tab_temp = array ();
-	foreach ($tab_array as $ta)
-		if(isAllowedPage($ta[2]))
-			$tab_temp[] = $ta;
-	/*
-		// FIXME :	if the checks are not good enough
-		//			in isAllowedPage, it needs to be
-		//			fixed instead of kludging here
-
-		// TODO: humm what shall we do with pkg_edit.php and pkg.php?
-		if ((strpos($link, "pkg.php")) !== false || (strpos($link, "pkg_edit.php")) !== false) {
-			$pos_equal = strpos($link, "=");
-			$pos_xmlsuffix = strpos($link, ".xml");
-			// do we match an absolute url including ?xml= foo
-			if(!isAllowedPage($link, $allowed))
-				$link = substr($link, $pos_equal +1, ($pos_xmlsuffix - $pos_equal +3));
-		}
-		// next check - what if the basename contains a query string?
-		if ((strpos($link, "?")) !== false) {
-			$pos_qmark = strpos($link, "?");
-			$link = substr($link, 0, $pos_qmark);
-		}
-		$authorized_text = print_r($allowed, true);
-		if(is_array($authorized))
-			if (in_array(basename($link), $authorized))
-	*/
-
-	unset ($tab_array);
-	$tab_array = & $tab_temp;
-
-	$tab_active_bg   = "#EEEEEE";
-	$tab_inactive_bg = "#777777";
-	$nifty_tabs_corners = "#FFF";
-	$font_color = "white";
-	
-	/* if tabcontrols.php exist for a theme, allow it to be overriden */
-	$themename = $config['theme'];
-	$filename = "/usr/local/www/themes/{$themename}/tabcontrols.php";
-	if(file_exists($filename)) {
-		$eval_code = file_get_contents($filename);
-		eval($eval_code);
-	}
-	
-	$tabcharcount = 0;
-	foreach ($tab_array as $ta) 
-		$tabcharcount = $tabcharcount + strlen($ta[0]);
-
-	// If the character count of the tab names is > 670
-	// then show a select item dropdown menubox.
-	if($tabcharcount > 82) {
-		echo "Currently viewing: ";
-		echo "<select name='TabSelect'>\n";
-		foreach ($tab_array as $ta) {
-			if($ta[1]=="true")	
-				$selected = " SELECTED";
-			else 
-				$selected = "";
-			echo "<option onClick=\"document.location='{$ta[2]}';\"{$selected}>{$ta['0']}</option>\n";
-		}
-		echo "</select>\n<p/>";
-	}  else {
-		echo "<table cellpadding='0' cellspacing='0'>\n";
-		echo " <tr>\n";
-		$tabscounter = 0;
-		foreach ($tab_array as $ta) {
-			if ($ta[1] == true) {
-				echo "  <td bgcolor='{$tab_active_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><div id='tabactive'></div></td>\n";
-			} else {
-				echo "  <td bgcolor='{$tab_inactive_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><div id='tabdeactive{$tabscounter}'></div></td>\n";
-			}
-			$tabscounter++;
-		}
-		echo "</tr>\n<tr>\n";
-		foreach ($tab_array as $ta) {
-			if ($ta[1] == true) {
-				echo "  <td height=\"15\" valign=\"middle\" bgcolor='{$tab_active_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><B>&nbsp;&nbsp;&nbsp;{$ta[0]}";
-				echo "&nbsp;&nbsp;&nbsp;";
-				echo "<font size='-12'>&nbsp;</font></B></td>\n";
-			} else {
-				echo "  <td height=\"15\" valign=\"middle\" bgcolor='{$tab_inactive_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><B>&nbsp;&nbsp;&nbsp;<a href='{$ta[2]}'>";
-				echo "<font color='{$font_color}'>{$ta[0]}</font></a>&nbsp;&nbsp;&nbsp;";
-				echo "<font size='-12'>&nbsp;</font></B></td>\n";
-			}
-		}
-		echo "</tr>\n<tr>\n";
-		foreach ($tab_array as $ta) {
-			if ($ta[1] == true) {
-				echo "  <td bgcolor='{$tab_active_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"></td>\n";
-			} else {
-				echo "  <td bgcolor='{$tab_inactive_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"></td>\n";
-			}
-			$tabscounter++;
-		}
-		echo " </tr>\n";
-		echo "</table>\n";
-		echo "<script type=\"text/javascript\">";
-		echo "NiftyCheck();\n";
-		echo "Rounded(\"div#tabactive\",\"top\",\"{$nifty_tabs_corners}\",\"{$tab_active_bg}\",\"smooth\");\n";
-		for ($x = 0; $x < $tabscounter; $x++)
-			echo "Rounded(\"div#tabdeactive{$x}\",\"top\",\"{$nifty_tabs_corners}\",\"{$tab_inactive_bg}\",\"smooth\");\n";
-		echo "</script>";
-	}
-}
-
-
-/****f* pfsense-utils/display_topbar
- * NAME
- *   display_topbar - top a table off with rounded edges
- * INPUTS
- *   $text	- (optional) Text to include in bar
- * RESULT
- *   null
- ******/
-function display_topbar($text = "", $bg_color="#990000", $replace_color="#FFFFFF", $rounding_style="smooth") {
-	echo "     <table width='100%' cellpadding='0' cellspacing='0'>\n";
-	echo "       <tr height='1'>\n";
-	echo "         <td width='100%' valign='top' color='{$bg_color}' bgcolor='{$bg_color}'>";
-	echo "		<div id='topbar'></div></td>\n";
-	echo "       </tr>\n";
-	echo "       <tr height='1'>\n";
-	if ($text != "")
-		echo "         <td height='1' class='listtopic'>{$text}</td>\n";
-	else
-		echo "         <td height='1' class='listtopic'></td>\n";
-	echo "       </tr>\n";
-	echo "     </table>";
-	echo "<script type=\"text/javascript\">";
-	echo "NiftyCheck();\n";
-	echo "Rounded(\"div#topbar\",\"top\",\"{$replace_color}\",\"{$bg_color}\",\"{$rounding_style}\");\n";
-	echo "</script>";
-}
-
 /****f* pfsense-utils/strncpy
  * NAME
  *   strncpy - copy strings
@@ -1579,18 +1384,6 @@ function is_dhcp_server_enabled()
 	return $dhcpdenable;
 }
 
-/****f* pfsense-utils/isAjax
- * NAME
- *   isAjax - reports if the request is driven from prototype
- * INPUTS
- *   none
- * RESULT
- *   true/false
- ******/
-function isAjax() {
-	return isset ($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest';
-}
-
 //returns interface information
 function get_interface_info($ifdescr) {
 	global $config, $linkinfo, $netstatrninfo;
@@ -1889,139 +1682,6 @@ function pfsense_default_state_size() {
   return $max_states;
 }
 
-function rule_popup($src,$srcport,$dst,$dstport){
-global $config;
-$aliases_array = array();
-if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias']))
-{
-$span_begin = "";
-		$alias_src_span_begin = "";
-		$alias_src_span_end = "";
-		$alias_src_port_span_begin = "";
-		$alias_src_port_span_end = "";
-		$alias_dst_span_begin = "";
-		$alias_dst_span_end = "";
-		$alias_dst_port_span_begin = "";
-		$alias_dst_port_span_end = "";
-		$alias_content_text = "";
-	foreach($config['aliases']['alias'] as $alias_name) 
-	{	
-	 	$alias_addresses = explode (" ", $alias_name['address']);
-	 	$alias_details = explode ("||", $alias_name['detail']);
-	 	$alias_objects_with_details = "";
-	 	$counter = 0;
-	 	foreach($alias_addresses as $alias_ports_address)
-	 	{
-			$alias_objects_with_details .= $alias_addresses[$counter];
-			$alias_detail_default = strpos ($alias_details[$counter],"Entry added");
-			if ($alias_details[$counter] != "" && $alias_detail_default === False){
-				$alias_objects_with_details .=" - " . $alias_details[$counter];
-			}  
-			$alias_objects_with_details .= "<br>";
-			$counter++;
-		}			
-		//max character length for caption field
-		$maxlength = 60;
-		
-		$alias_descr_substr = $alias_name['descr'];
-		$alias_content_text = htmlspecialchars($alias_objects_with_details);
-		$alias_caption = htmlspecialchars($alias_descr_substr . ":");
-		$strlength = strlen ($alias_caption);
-		if ($strlength >= $maxlength) 
-			$alias_caption = substr($alias_caption, 0, $maxlength) . "...";		
-						
-		$span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>$alias_caption</h1><p>$alias_content_text</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>";
-		
-		
-		if ($alias_name['name'] == $src)
-	 	{										
-			$alias_src_span_begin = $span_begin;
-		}
-	 	if ($alias_name['name'] == $srcport)
-	 	{									
-			$alias_src_port_span_begin = $span_begin;					
-		}
-		if ($alias_name['name'] == $dst)
-	 	{										
-			$alias_dst_span_begin = $span_begin;									
-		}
-		if ($alias_name['name'] == $dstport)
-	 	{											
-			$alias_dst_port_span_begin = $span_begin;											
-		}										
-		
-	}
-	$descriptions = array ();
-	$descriptions['src'] = $alias_src_span_begin;
-	$descriptions['srcport'] = $alias_src_port_span_begin;
-	$descriptions['dst'] = $alias_dst_span_begin;
-	$descriptions['dstport'] = $alias_dst_port_span_begin;
-	return $descriptions; 
-  }
-}
-function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') {
-	global $ch, $fout, $file_size, $downloaded;
-	$file_size  = 1;
-	$downloaded = 1;
-	/* open destination file */
-	$fout = fopen($destination_file, "wb");
-
-	/*
-	 *	Originally by Author: Keyvan Minoukadeh
-	 *	Modified by Scott Ullrich to return Content-Length size
-         */
-
-	$ch = curl_init();
-	curl_setopt($ch, CURLOPT_URL, $url_file);
-	curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
-	curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody);
-	curl_setopt($ch, CURLOPT_NOPROGRESS, '1');
-	curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5');
-	curl_setopt($ch, CURLOPT_TIMEOUT, 0);
-	
-	curl_exec($ch);
-	$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
-	if($fout)
-		fclose($fout);
-	curl_close($ch);
-	return ($http_code == 200) ? true : $http_code;
-}
-
-function read_header($ch, $string) {
-	global $file_size, $fout;
-	$length = strlen($string);
-	$regs = "";
-	ereg("(Content-Length:) (.*)", $string, $regs);
-	if($regs[2] <> "") {
-		$file_size = intval($regs[2]);
-	}
-	ob_flush();
-	return $length;
-}
-
-function read_body($ch, $string) {
-	global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen;
-	$length = strlen($string);
-	$downloaded += intval($length);
-	$downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
-	$downloadProgress = 100 - $downloadProgress;
-	if($lastseen <> $downloadProgress and $downloadProgress < 101) {
-		if($sendto == "status") {
-			$tostatus = $static_status . $downloadProgress . "%";
-			update_status($tostatus);
-		} else {
-			$tooutput = $static_output . $downloadProgress . "%";
-			update_output_window($tooutput);
-		}
-		update_progress_bar($downloadProgress);
-		$lastseen = $downloadProgress;
-	}
-	if($fout)
-		fwrite($fout, $string);
-	ob_flush();
-	return $length;
-}
-
 /* Compare the current hostname DNS to the DNS cache we made
  * if it has changed we return the old records
  * if no change we return true */
diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc
index 824ea7b..9b6c97c 100644
--- a/etc/inc/priv.inc
+++ b/etc/inc/priv.inc
@@ -1,282 +1,249 @@
-<?php
-/* $Id$ */
-/*
-		Copyright (C) 2008 Shrew Soft Inc
-		All rights reserved.
-
-		Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
-		All rights reserved.
-
-        Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
-        All rights reserved.
-
-        Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
-        All rights reserved.
-
-        Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
-        All rights reserved.
-
-        Redistribution and use in source and binary forms, with or without
-        modification, are permitted provided that the following conditions are met:
-
-        1. Redistributions of source code must retain the above copyright notice,
-           this list of conditions and the following disclaimer.
-
-        2. Redistributions in binary form must reproduce the above copyright
-           notice, this list of conditions and the following disclaimer in the
-           documentation and/or other materials provided with the distribution.
-
-        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-        POSSIBILITY OF SUCH DAMAGE.
-
-		DISABLE_PHP_LINT_CHECKING
-*/
-
-require_once("functions.inc");
-require_once("priv.defs.inc");
-
-/*
- * USER PRIVILEGE DEFINITIONS
- */
-
-$priv_list['user-shell-access'] = array();
-$priv_list['user-shell-access']['name']  = "User - Shell account access";
-$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ".
-										   "example via SSH.";
-
-$priv_list['user-copy-files'] = array();
-$priv_list['user-copy-files']['name']  = "User - Copy files";
-$priv_list['user-copy-files']['descr'] = "Indicates whether the user is allowed to copy files ".
-										 "onto the {$g['product_name']} appliance via SCP/SFTP. ".
-										 "If you are going to use this privilege, you must install ".
-										 "scponly on the appliance (Hint: pkg_add -r scponly).";
-
-sort_privs($priv_list);
-
-function cmp_privkeys($a, $b) {
-	/* user privs at the top */
-	$auser = strncmp("user-", $a, 5);
-	$buser = strncmp("user-", $b, 5);
-	if($auser != $buser)
-		return $auser - buser;
-
-	/* name compare others */
-	return strcasecmp($a, $b);
-}
-
-function sort_privs(& $privs) {
-
-	uksort($privs, "cmp_privkeys");
-}
-
-function cmp_page_matches($page, & $matches, $fullwc = true) {
-
-//	$dbg_matches = implode(",", $matches);
-//	log_error("debug: checking page {$page} match with {$dbg_matches}");
-
-	if (!is_array($matches))
-		return false;
-
-	/* skip any leading fwdslash */
-	$test = strpos($page, "/");
-	if ($test !== false && $test == 0)
-		$page = substr($page, 1);
-
-	/* look for a match */
-	foreach ($matches as $match) {
-
-		/* possibly ignore full wildcard match */
-		if (!$fullwc && !strcmp($match ,"*"))
-			continue;
-
-		/* compare exact or wildcard match */
-		$wcpos = strpos($match, "*");
-		if ($wcpos === false)
-			$result = strcmp($page, $match);
-		else
-			$result = strncmp($page, $match, $wcpos);
-
-		if (!$result)
-			return true;
-	}
-
-	return false;
-}
-
-function map_page_privname($page) {
-	global $priv_list;
-
-	foreach ($priv_list as $pname => $pdata) {
-		if (strncmp($pname, "page-", 5))
-			continue;
-		$fullwc = false;
-		if (!strcasecmp($page,"any")||!strcmp($page,"*"))
-			$fullwc = true;
-		if (cmp_page_matches($page, $pdata['match'], $fullwc))
-			return $pname;
-	}
-
-	return false;
-}
-
-function get_user_privileges(& $user) {
-
-	$privs = $user['priv'];
-	if (!is_array($privs))
-		$privs = array();
-
-	$names = local_user_get_groups($user, true);
-
-	foreach ($names as $name) {
-		$group = getGroupEntry($name);
-		if (is_array($group['priv']))
-			$privs = array_merge( $privs, $group['priv']);
-	}
-
-	return $privs;
-}
-
-function get_user_privdesc(& $user) {
-	global $priv_list;
-
-	$privs = array();
-
-	$user_privs = $user['priv'];
-	if (!is_array($user_privs))
-		$user_privs = array();
-
-	$names = local_user_get_groups($user, true);
-
-	foreach ($names as $name) {
-		$group = getGroupEntry($name);
-		$group_privs = $group['priv'];
-		if (!is_array($group_privs))
-			continue;
-		foreach ($group_privs as $pname) {
-			if (in_array($pname,$user_privs))
-				continue;
-			if (!$priv_list[$pname])
-				continue;
-			$priv = $priv_list[$pname];
-			$priv['group'] = $group['name'];
-			$privs[] = $priv;
-		}
-	}
-
-	foreach ($user_privs as $pname)
-		if($priv_list[$pname])
-			$privs[] = $priv_list[$pname];
-
-	return $privs;
-}
-
-function isAllowedPage($page) {
-	global $_SESSION;
-
-	$username = $_SESSION['Username'];
-	if (!isset($username))
-		return false;
-
-	/* admin/root access check */
-	$user = getUserEntry($username);
-	if (isset($user))
-		if (isset($user['uid']))
-			if ($user['uid']==0)
-				return true;
-
-	/* user privelege access check */
-	if (cmp_page_matches($page, $_SESSION['page-match']))
-		return true;
-
-	return false;
-}
-
-function getPrivPages(& $entry, & $allowed_pages) {
-	global $priv_list;
-
-	if (!is_array($entry['priv']))
-		return;
-
-	foreach ($entry['priv'] as $pname) {
-		if (strncmp($pname, "page-", 5))
-			continue;
-		$priv = &$priv_list[$pname];
-		if (!is_array($priv))
-			continue;
-		$matches = &$priv['match'];
-		if (!is_array($matches))
-			continue;
-		foreach ($matches as $match)
-			$allowed_pages[] = $match;
-	}
-}
-
-function getAllowedPages($username) {
-	global $config, $_SESSION;
-
-	if (!function_exists("ldap_connect"))
-		return;
-	
-	$allowed_pages = array();
-	$allowed_groups = array();
-	
-	$ldapon = $_SESSION['ldapon'];
-
-	// search for a local user by name
-	$local_user = getUserEntry($username);
-
-	// obtain local groups if we have a local user
-	if ($local_user) {
-		$allowed_groups = local_user_get_groups($local_user);
-		getPrivPages($local_user, $allowed_pages);
-	}
-
-	// obtain ldap groups if we are in ldap mode
-	if ($config['system']['webgui']['backend'] == "ldap" && !$local_user)
-		$allowed_groups = ldap_get_groups($username);
-
-	// obtain ldapother groups if we are in ldap mode
-	if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user)
-		$allowed_groups = ldap_get_groups($username);
-
-	// build a list of allowed pages
-	if (is_array($config['system']['group']) && is_array($allowed_groups))
-		foreach ($config['system']['group'] as $group)
-			if (in_array($group['name'], $allowed_groups))
-				getPrivPages($group, $allowed_pages);
-
-//	$dbg_pages = implode(",", $allowed_pages);
-//	$dbg_groups = implode(",", $allowed_groups);
-//	log_error("debug: user {$username} groups = {$dbg_groups}");
-//	log_error("debug: user {$username} pages = {$dbg_pages}");
-
-	$_SESSION['page-match'] = $allowed_pages;
-
-	return $allowed_pages;
-}
-
-function userHasPrivilege($userent, $privid = false) {
-
-	if (!$privid || !is_array($userent))
-		return false;
-
-	$privs = get_user_privileges($userent);
-
-	if (!is_array($privs))
-		return false;
-
-	if (!in_array($privid, $privs))
-		return false;
-
-	return true;
-}
-
-?>
+<?php
+/* $Id$ */
+/*
+		Copyright (C) 2008 Shrew Soft Inc
+		All rights reserved.
+
+		Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
+		All rights reserved.
+
+        Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
+        All rights reserved.
+
+        Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
+        All rights reserved.
+
+        Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+        All rights reserved.
+
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions are met:
+
+        1. Redistributions of source code must retain the above copyright notice,
+           this list of conditions and the following disclaimer.
+
+        2. Redistributions in binary form must reproduce the above copyright
+           notice, this list of conditions and the following disclaimer in the
+           documentation and/or other materials provided with the distribution.
+
+        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+        POSSIBILITY OF SUCH DAMAGE.
+
+		DISABLE_PHP_LINT_CHECKING
+*/
+
+require_once("priv.defs.inc");
+require_once("auth.inc");
+
+/*
+ * USER PRIVILEGE DEFINITIONS
+ */
+
+$priv_list['user-shell-access'] = array();
+$priv_list['user-shell-access']['name']  = "User - Shell account access";
+$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ".
+										   "example via SSH.";
+
+$priv_list['user-copy-files'] = array();
+$priv_list['user-copy-files']['name']  = "User - Copy files";
+$priv_list['user-copy-files']['descr'] = "Indicates whether the user is allowed to copy files ".
+										 "onto the {$g['product_name']} appliance via SCP/SFTP. ".
+										 "If you are going to use this privilege, you must install ".
+										 "scponly on the appliance (Hint: pkg_add -r scponly).";
+
+sort_privs($priv_list);
+
+function cmp_privkeys($a, $b) {
+	/* user privs at the top */
+	$auser = strncmp("user-", $a, 5);
+	$buser = strncmp("user-", $b, 5);
+	if($auser != $buser)
+		return $auser - buser;
+
+	/* name compare others */
+	return strcasecmp($a, $b);
+}
+
+function sort_privs(& $privs) {
+
+	uksort($privs, "cmp_privkeys");
+}
+
+function cmp_page_matches($page, & $matches, $fullwc = true) {
+
+//	$dbg_matches = implode(",", $matches);
+//	log_error("debug: checking page {$page} match with {$dbg_matches}");
+
+	if (!is_array($matches))
+		return false;
+
+	/* skip any leading fwdslash */
+	$test = strpos($page, "/");
+	if ($test !== false && $test == 0)
+		$page = substr($page, 1);
+
+	/* look for a match */
+	foreach ($matches as $match) {
+
+		/* possibly ignore full wildcard match */
+		if (!$fullwc && !strcmp($match ,"*"))
+			continue;
+
+		/* compare exact or wildcard match */
+		$wcpos = strpos($match, "*");
+		if ($wcpos === false)
+			$result = strcmp($page, $match);
+		else
+			$result = strncmp($page, $match, $wcpos);
+
+		if (!$result)
+			return true;
+	}
+
+	return false;
+}
+
+function map_page_privname($page) {
+	global $priv_list;
+
+	foreach ($priv_list as $pname => $pdata) {
+		if (strncmp($pname, "page-", 5))
+			continue;
+		$fullwc = false;
+		if (!strcasecmp($page,"any")||!strcmp($page,"*"))
+			$fullwc = true;
+		if (cmp_page_matches($page, $pdata['match'], $fullwc))
+			return $pname;
+	}
+
+	return false;
+}
+
+function get_user_privdesc(& $user) {
+	global $priv_list;
+
+	$privs = array();
+
+	$user_privs = $user['priv'];
+	if (!is_array($user_privs))
+		$user_privs = array();
+
+	$names = local_user_get_groups($user, true);
+
+	foreach ($names as $name) {
+		$group = getGroupEntry($name);
+		$group_privs = $group['priv'];
+		if (!is_array($group_privs))
+			continue;
+		foreach ($group_privs as $pname) {
+			if (in_array($pname,$user_privs))
+				continue;
+			if (!$priv_list[$pname])
+				continue;
+			$priv = $priv_list[$pname];
+			$priv['group'] = $group['name'];
+			$privs[] = $priv;
+		}
+	}
+
+	foreach ($user_privs as $pname)
+		if($priv_list[$pname])
+			$privs[] = $priv_list[$pname];
+
+	return $privs;
+}
+
+function isAllowedPage($page) {
+	global $_SESSION;
+
+	$username = $_SESSION['Username'];
+	if (!isset($username))
+		return false;
+
+	/* admin/root access check */
+	$user = getUserEntry($username);
+	if (isset($user))
+		if (isset($user['uid']))
+			if ($user['uid']==0)
+				return true;
+
+	/* user privelege access check */
+	if (cmp_page_matches($page, $_SESSION['page-match']))
+		return true;
+
+	return false;
+}
+
+function getPrivPages(& $entry, & $allowed_pages) {
+	global $priv_list;
+
+	if (!is_array($entry['priv']))
+		return;
+
+	foreach ($entry['priv'] as $pname) {
+		if (strncmp($pname, "page-", 5))
+			continue;
+		$priv = &$priv_list[$pname];
+		if (!is_array($priv))
+			continue;
+		$matches = &$priv['match'];
+		if (!is_array($matches))
+			continue;
+		foreach ($matches as $match)
+			$allowed_pages[] = $match;
+	}
+}
+
+function getAllowedPages($username) {
+	global $config, $_SESSION;
+
+	if (!function_exists("ldap_connect"))
+		return;
+	
+	$allowed_pages = array();
+	$allowed_groups = array();
+	
+	$ldapon = $_SESSION['ldapon'];
+
+	// search for a local user by name
+	$local_user = getUserEntry($username);
+
+	// obtain local groups if we have a local user
+	if ($local_user) {
+		$allowed_groups = local_user_get_groups($local_user);
+		getPrivPages($local_user, $allowed_pages);
+	}
+
+	// obtain ldap groups if we are in ldap mode
+	if ($config['system']['webgui']['backend'] == "ldap" && !$local_user)
+		$allowed_groups = ldap_get_groups($username);
+
+	// obtain ldapother groups if we are in ldap mode
+	if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user)
+		$allowed_groups = ldap_get_groups($username);
+
+	// build a list of allowed pages
+	if (is_array($config['system']['group']) && is_array($allowed_groups))
+		foreach ($config['system']['group'] as $group)
+			if (in_array($group['name'], $allowed_groups))
+				getPrivPages($group, $allowed_pages);
+
+//	$dbg_pages = implode(",", $allowed_pages);
+//	$dbg_groups = implode(",", $allowed_groups);
+//	log_error("debug: user {$username} groups = {$dbg_groups}");
+//	log_error("debug: user {$username} pages = {$dbg_pages}");
+
+	$_SESSION['page-match'] = $allowed_pages;
+
+	return $allowed_pages;
+}
+
+?>
diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc
index 1160f40..9feda59 100644
--- a/etc/inc/rrd.inc
+++ b/etc/inc/rrd.inc
@@ -28,10 +28,7 @@
   */
 
 /* include all configuration functions */
-require_once("functions.inc");
-require_once("pkg-utils.inc");
-require_once("notices.inc");
-require_once("globals.inc");
+require_once("config.inc");
 
 function dump_rrd_to_xml($rrddatabase, $xmldumpfile) {
 	$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index 8cecbd0..cc785f0 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -975,4 +975,17 @@ function carp_sync_client() {
 	touch($g['tmp_path'] . "/filter_sync"); 
 }
 
+/****f* util/isAjax
+ * NAME
+ *   isAjax - reports if the request is driven from prototype
+ * INPUTS
+ *   none
+ * RESULT
+ *   true/false
+ ******/
+function isAjax() {
+        return isset ($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest';
+}
+
+
 ?>
author	Ermal Luci <eri@pfsense.org>	2009-06-18 12:40:11 +0000
committer	Ermal Luci <eri@pfsense.org>	2009-06-18 12:40:11 +0000
commit	6dc88d5352ea963d85708379405e238e0518e990 (patch)
tree	e51eb1a505ff148a495c642c9b6ed225476a58ce /etc
parent	4b9980ecfff36202b6ea8dbf7d41e44f78ba52f3 (diff)
download	pfsense-6dc88d5352ea963d85708379405e238e0518e990.zip pfsense-6dc88d5352ea963d85708379405e238e0518e990.tar.gz