176 files changed, 3844 insertions, 928 deletions
diff --git a/cf/conf/config.xml b/cf/conf/config.xml
index c142298..aa4267e 100644
--- a/cf/conf/config.xml
+++ b/cf/conf/config.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!-- pfSense default system configuration -->
 <pfsense>
-	<version>4.9</version>
+	<version>5.0</version>
 	<lastchange></lastchange>
 	<theme>nervecenter</theme>
 	<sysctl>
@@ -31,14 +31,14 @@
 			<value>1</value>
 		</item>
 		<item>
-			<desc>Disable sending IPv4 redirects</desc>
+			<desc>Enable sending IPv4 redirects</desc>
 			<tunable>net.inet.ip.redirect</tunable>
-			<value>0</value>
+			<value>1</value>
 		</item>
 		<item>
-			<desc>Disable sending IPv6 redirects</desc>
+			<desc>Enable sending IPv6 redirects</desc>
 			<tunable>net.inet6.ip6.redirect</tunable>
-			<value>0</value>
+			<value>1</value>
 		</item>
 		<item>
 			<desc>Generate SYN cookies for outbound SYN-ACK packets</desc>
@@ -104,11 +104,10 @@
 			<desc>Enable TCP Inflight mode</desc>
 			<tunable>net.inet.tcp.inflight.enable</tunable>
 			<value>1</value>
-		</item>				
+		</item>		
 	</sysctl>
 	<system>
 		<optimization>normal</optimization>
-		<schedulertype>priq</schedulertype>
 		<hostname>pfSense</hostname>
 		<domain>local</domain>
 		<dnsserver></dnsserver>
@@ -117,16 +116,16 @@
 			<name>all</name>
 			<description>All Users</description>
 			<scope>system</scope>
-			<pages/>
 			<gid>1998</gid>
+			<member>0</member>
 		</group>
 		<group>
 			<name>admins</name>
 			<description>System Administrators</description>
 			<scope>system</scope>
-			<pages>ANY</pages>
-			<home>index.php</home>
-			<gid>110</gid>
+			<gid>1999</gid>
+			<member>0</member>
+			<priv>page-all</priv>
 		</group>
 		<user>
 			<name>admin</name>
@@ -135,29 +134,12 @@
 			<groupname>admins</groupname>
 			<password>$1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.</password>
 			<uid>0</uid>
-			<priv>
-				<id>lockwc</id>
-				<name>Lock webConfigurator</name>
-				<descr>Indicates whether this user will lock access to the webConfigurator for other users.</descr>
-			</priv>
-			<priv>
-				<id>lock-ipages</id>
-				<name>Lock individual pages</name>
-				<descr>Indicates whether this user will lock individual HTML pages after having accessed a particular page(the lock will be freed if the user leaves or saves the page form).</descr>
-			</priv>
-			<priv>
-				<id>hasshell</id>
-				<name>Has shell access</name>
-				<descr>Indicates whether this user is able to login for example via SSH.</descr>
-			</priv>
-			<priv>
-				<id>isroot</id>
-				<name>Is root user</name>
-				<descr>This user is associated with the UNIX root user (you should associate this privilege only with one single user).</descr>
-			</priv>
+			<priv>user-lock-webcfg</priv>
+			<priv>user-lock-ipages</priv>
+			<priv>user-shell-access</priv>
 		</user>
-		<nextuid>115</nextuid>
-		<nextgid>115</nextgid>
+		<nextuid>2000</nextuid>
+		<nextgid>2000</nextgid>
 		<timezone>Etc/UTC</timezone>
 		<time-update-interval>300</time-update-interval>
 		<timeservers>0.pfsense.pool.ntp.org</timeservers>
@@ -172,7 +154,7 @@
 			<noantilockout></noantilockout>
 			-->
 		</webgui>
-		<disablenatreflection>yes</disablenatreflection>
+                <disablenatreflection>yes</disablenatreflection>
 		<!-- <disableconsolemenu/> -->
 		<!-- <disablefirmwarecheck/> -->
 		<!-- <shellcmd></shellcmd> -->
@@ -202,7 +184,7 @@
 			<subnet></subnet>
 			<gateway></gateway>
 			<blockpriv/>
-			<disableftpproxy/>
+                        <disableftpproxy/>
 			<dhcphostname></dhcphostname>
 			<media></media>
 			<mediaopt></mediaopt>
@@ -534,6 +516,7 @@
 	</filter>
 	<shaper>
 		<!-- <enable/> -->
+		<!-- <schedulertype>hfsc</schedulertype> -->
 		<!-- rule syntax:
 		<rule>
 			<disabled/>
@@ -669,15 +652,6 @@
 		</proxyarpnet>
 		-->
 	</proxyarp>
-	<wol>
-		<!--
-		<wolentry>
-			<interface>lan|opt[n]</interface>
-			<mac>xx:xx:xx:xx:xx:xx</mac>
-			<descr></descr>
-		</wolentry>
-		-->
-	</wol>
 	<cron>
 		<item>
 			<minute>0</minute>
@@ -770,4 +744,13 @@
 			<command>/usr/local/sbin/reset_slbd.sh</command>
 		</item>
 	</cron>
+	<wol>
+		<!--
+		<wolentry>
+			<interface>lan|opt[n]</interface>
+			<mac>xx:xx:xx:xx:xx:xx</mac>
+			<descr></descr>
+		</wolentry>
+		-->
+	</wol>
 </pfsense>
diff --git a/conf.default/config.xml b/conf.default/config.xml
index de6a8df..aa4267e 100644
--- a/conf.default/config.xml
+++ b/conf.default/config.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!-- pfSense default system configuration -->
 <pfsense>
-	<version>4.9</version>
+	<version>5.0</version>
 	<lastchange></lastchange>
 	<theme>nervecenter</theme>
 	<sysctl>
@@ -116,15 +116,16 @@
 			<name>all</name>
 			<description>All Users</description>
 			<scope>system</scope>
-			<pages/>
 			<gid>1998</gid>
+			<member>0</member>
 		</group>
 		<group>
 			<name>admins</name>
 			<description>System Administrators</description>
 			<scope>system</scope>
-			<pages>ANY</pages>
 			<gid>1999</gid>
+			<member>0</member>
+			<priv>page-all</priv>
 		</group>
 		<user>
 			<name>admin</name>
@@ -133,26 +134,9 @@
 			<groupname>admins</groupname>
 			<password>$1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.</password>
 			<uid>0</uid>
-			<priv>
-				<id>lockwc</id>
-				<name>Lock webConfigurator</name>
-				<descr>Indicates whether this user will lock access to the webConfigurator for other users.</descr>
-			</priv>
-			<priv>
-				<id>lock-ipages</id>
-				<name>Lock individual pages</name>
-				<descr>Indicates whether this user will lock individual HTML pages after having accessed a particular page(the lock will be freed if the user leaves or saves the page form).</descr>
-			</priv>
-			<priv>
-				<id>hasshell</id>
-				<name>Has shell access</name>
-				<descr>Indicates whether this user is able to login for example via SSH.</descr>
-			</priv>
-			<priv>
-				<id>isroot</id>
-				<name>Is root user</name>
-				<descr>This user is associated with the UNIX root user (you should associate this privilege only with one single user).</descr>
-			</priv>
+			<priv>user-lock-webcfg</priv>
+			<priv>user-lock-ipages</priv>
+			<priv>user-shell-access</priv>
 		</user>
 		<nextuid>2000</nextuid>
 		<nextgid>2000</nextgid>
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 47a2431..c057d30 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -33,6 +33,8 @@
         CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
         ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
         POSSIBILITY OF SUCH DAMAGE.
+
+		DISABLE_PHP_LINT_CHECKING
 */
 
 require_once("functions.inc");
@@ -40,164 +42,55 @@ require_once("functions.inc");
 $groupindex = index_groups();
 $userindex = index_users();
 
-function isAllowedPage($page) {
-	global $config, $userindex, $_SESSION;
-
-	/* admin/root access check */
-	$username = $_SESSION['Username'];
-	if (isset($username))
-		$user = &$config['system']['user'][$userindex[$username]];
-	if (isset($user))
-		if (isset($user['uid']))
-			if ($user['uid']==0)
-				return true;
-
-	/* user privelege access check */
-	$allowed_pages = $_SESSION['privs'];
-	if (in_array("ANY", $allowed_pages))
-		return true;
-	if (in_array(basename($page), $allowed_pages))
-		return true;
-
-	return false;
-}
+function index_groups() {
+	global $g, $config, $groupindex;
 
-function getAllowedPages($logged_in_user) {
-	global $config, $_SESSION;
+	$groupindex = array();
 
-	if (!function_exists("ldap_connect"))
-		return;
-	
-	$allowed_pages = array();
-	$allowed_groups = array();
-	
-	$ldapon = $_SESSION['ldapon'];
-	//log_error("Getting groups for {$logged_in_user}.");
-
-	/* search for a local user by name */
-	$local_user = false;
-	foreach ($config['system']['user'] as $user) {
-		if ($user['name'] == $logged_in_user) {
-			$local_user = $user;
-			break;
+	if (isset($config['system']['group'])) {
+		$i = 0;
+		foreach($config['system']['group'] as $groupent) {
+			$groupindex[$groupent['name']] = $i;
+			$i++;
 		}
 	}
 
-	/* obtain local groups if we have a local user */
-	if ($local_user) {
-		$allowed_groups = get_local_user_groups($local_user);
-		foreach ($config['system']['group'] as $group)
-			if (in_array($group['name'], $allowed_groups))
-				if (is_array($group['pages']))
-					foreach ($group['pages'] as $page)
-						$allowed_pages[] = $page;
-	}
-
-	/* obtain ldap groups if we are in ldap mode */
-	if ($config['system']['webgui']['backend'] == "ldap" && !$local_user) {
-		//log_error("Calling LDAP_GET_GROUPS from the first section");
-		$allowed_groups = ldap_get_groups($logged_in_user);
-		if (is_array($config['system']['group']) && is_array($allowed_groups))
-			foreach ($config['system']['group'] as $group)
-				if (in_array($group['name'], $allowed_groups))
-					foreach ($group['pages'] as $page)
-						$allowed_pages[] = $page;
-	}
-	if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user) {
-		//log_error("Calling LDAP_GET_GROUPS from the first section");
-		$allowed_groups = ldap_get_groups($logged_in_user);
-		if (is_array($config['system']['group']) && is_array($allowed_groups))
-			foreach ($config['system']['group'] as $group)
-				if (in_array($group['name'], $allowed_groups))
-					foreach ($group['pages'] as $page)
-						$allowed_pages[] = $page;
-	}	
-
-	$allowed_groups = print_r($allowed, true);
-	$fdny = fopen("/tmp/groups", "w");
-	fwrite($fdny, $allowed_groups);
-	fclose($fdny);
-
-	$_SESSION['privs'] = $allowed_pages;
-
-	return $allowed_pages;
+	return ($groupindex);
 }
 
-function &getSystemPrivs() {
-	global $g;
+function index_users() {
+	global $g, $config;
 
-	$privs = array();
-
-	$privs[] = array("id" =>	"lockwc",
-					 "name" =>	"Lock webConfigurator",
-					 "desc" =>	"Indicates whether this user will lock access to " .
-								"the webConfigurator for other users.");
-
-	$privs[] = array("id" =>	"lock-ipages",
-					 "name" =>	"Lock individual pages",
-					 "desc" =>	"Indicates whether this user will lock individual " .
-								"HTML pages after having accessed a particular page" .
-								"(the lock will be freed if the user leaves or " .
-								"saves the page form).");
-
-	$privs[] = array("id" =>	"hasshell",
-					 "name" =>	"Has shell access",
-					 "desc" =>	"Indicates whether this user is able to login for " .
-								"example via SSH.");
-
-	$privs[] = array("id" =>	"copyfiles",
-					 "name" =>	"Is allowed to copy files",
-					 "desc" =>	"Indicates whether this user is allowed to copy files " .
-								"onto the {$g['product_name']} appliance via SCP/SFTP. " .
-								"If you are going to use this privilege, you must install " .
-								"scponly on the appliance (Hint: pkg_add -r scponly).");
-
-	$privs[] = array("id" =>	"isroot",
-					 "name" =>	"Is root user",
-					 "desc" =>	"This user is associated with the UNIX root user " .
-								"(you should associate this privilege only with one " .
-								"single user).");
-
-	return $privs;
+	if (isset($config['system']['user'])) {
+		$i = 0;
+		foreach($config['system']['user'] as $userent) {
+			$userindex[$userent['name']] = $i;
+			$i++;
+		}
+	}
+
+	return ($userindex);
 }
 
 function & getUserEntry($name) {
 	global $config, $userindex;
-	return $config['system']['user'][$userindex[$name]];
-}
-
-function & getGroupEntry($name) {
-	global $config, $groupindex;
-	return $config['system']['group'][$groupindex[$name]];
+	if (isset($userindex[$name]))
+		return $config['system']['user'][$userindex[$name]];
 }
 
-function userHasPrivilege($userent, $privid = false) {
-
-	if (!$privid || !is_array($userent))
-		return false;
-
-	if (!is_array($userent['priv']))
-		return false;
-
-	foreach ($userent['priv'] as $priv)
-		if ($priv['id'] == $privid)
-			return true;
-}
-
-function hasPrivilegeCopyFiles($userent) {
-	return userHasPrivilege($userent, "copyfiles");
-}
-
-function hasPrivilegeLock($userent) {
-	return userHasPrivilege($userent, "lockwc");
-}
+function & getUserEntryByUID($uid) {
+	global $config;
+	foreach ($config['system']['user'] as & $user)
+		if ($user['uid'] == $uid)
+			return $user;
 
-function hasPrivilegeLockPages($userent) {
-	return userHasPrivilege($userent, "lock-ipages");
+	return false;
 }
 
-function hasPrivilegeShell($userent) {
-	return userHasPrivilege($userent, "hasshell");
+function & getGroupEntry($name) {
+	global $config, $groupindex;
+	if (isset($groupindex[$name]))
+		return $config['system']['group'][$groupindex[$name]];
 }
 
 function sync_local_accounts() {
@@ -249,7 +142,8 @@ function sync_local_accounts() {
 	sync_webgui_passwords();
 }
 
-function set_local_user($user) {
+function set_local_user(& $user, $password = false) {
+	global $g;
 
 	$home_base = $g['platform'] == "pfSense" ? "/home" : "/var/home";
 	if (!is_dir($home_base))
@@ -261,6 +155,30 @@ function set_local_user($user) {
 	$user_shell = "/etc/rc.initial";
 	$user_group = "nobody";
 
+	/* set all password hashes if required */
+	if ($password && strlen($password)) {
+
+		$user['password'] = crypt($password);
+		$user['md5-hash'] = md5($password);
+
+		/*
+		 * NOTE : This section of code id based on the BSD
+		 * licensed CHAP.php courtesy of Michael Retterklieber.
+		 */
+		/* Waiting for mhash to settle into the tree
+		// Converts ascii to unicode.
+		$astr = (string) $password;
+		$ustr = '';
+		for ($i = 0; $i < strlen($astr); $i++) {
+			$a = ord($astr{$i}) << 8;
+			$ustr.= sprintf("%X", $a);
+		}
+
+		// Generate the NT-HASH from the unicode string
+		$user['nt-hash'] = bin2hex(mhash(MHASH_MD4, $ustr));
+		*/
+	}
+
 	/* configure shell type */
 	if (!hasPrivilegeShell($user)) {
 		if (!hasPrivilegeCopyFiles($user))
@@ -342,29 +260,6 @@ function get_local_user_groups($user, $all = false) {
 	return $groups;
 }
 
-function set_local_user_password(& $user, $password) {
-
-    $user['password'] = crypt($password);
-    $user['md5-hash'] = md5($password);
-
-	/*
-	 * NOTE : This section of code id based on the BSD
-	 * licensed CHAP.php courtesy of Michael Retterklieber.
-	 */
-	/* Waiting for mhash to settle into the tree
-	// Converts ascii to unicode.
-	$astr = (string) $password;
-	$ustr = '';
-	for ($i = 0; $i < strlen($astr); $i++) {
-		$a = ord($astr{$i}) << 8;
-		$ustr.= sprintf("%X", $a);
-	}
-
-	// Generate the NT-HASH from the unicode string
-	$user['nt-hash'] = bin2hex(mhash(MHASH_MD4, $ustr));
-	*/
-}
-
 function set_local_user_groups($user, $new_groups = NULL ) {
 	global $config, $groupindex;
 
@@ -1135,34 +1030,4 @@ function radius_backed($username, $passwd){
 	return $ret;
 }
 
-function index_groups() {
-	global $g, $config, $groupindex;
-
-	$groupindex = array();
-
-	if (isset($config['system']['group'])) {
-		$i = 0;
-		foreach($config['system']['group'] as $groupent) {
-			$groupindex[$groupent['name']] = $i;
-			$i++;
-		}
-	}
-
-	return ($groupindex);
-}
-
-function index_users() {
-	global $g, $config;
-
-	if (isset($config['system']['user'])) {
-		$i = 0;
-		foreach($config['system']['user'] as $userent) {
-			$userindex[$userent['name']] = $i;
-			$i++;
-		}
-	}
-
-	return ($userindex);
-}
-
 ?>
diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index 5e58689..f811b53 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -1542,7 +1542,7 @@ function convert_config() {
 		$all = array();
 		$all['name'] = "all";
 		$all['description'] = "All Users";
-		$all['scope'] = "System";
+		$all['scope'] = "system";
 		$all['gid'] = 1998;
 		$all['member'] = array();
 
@@ -1582,6 +1582,11 @@ function convert_config() {
 			$all['member'][] = $user['uid'];
 		}
 
+		/* reset group scope information */
+		foreach ($config['system']['group'] as & $group)
+			if ($group['name'] != $g['admin_group'])
+				$group['scope'] = "user";
+
 		/* insert new all group */
 		$groups = Array();
 		$groups[] = $all;
@@ -1589,10 +1594,58 @@ function convert_config() {
 		$config['system']['group'] = $groups;
 		set_local_group($all);
 
+		$config['version'] = 4.9;
+	}
+
+	/* Convert 4.9 -> 5.0 */
+	if ($config['version'] <= 5.0) {
+		
+		/* update user privileges */
+		foreach ($config['system']['user'] as & $user) {
+			$privs = array();
+			if (!is_array($user['priv'])) {
+				unset($user['priv']);
+				continue;
+			}
+			foreach ($user['priv'] as $priv) {
+				switch($priv['id']) {
+					case "lockwc":
+						$privs[] = "user-lock-webcfg";
+						break;
+					case "lock-ipages":
+						$privs[] = "user-lock-ipages";
+						break;
+					case "hasshell":
+						$privs[] = "user-shell-access";
+						break;
+					case "copyfiles":
+						$privs[] = "user-copy-files";
+						break;
+				}
+			}
+			$user['priv'] = $privs;
+		}
+
+		/* update group privileges */
+		foreach ($config['system']['group'] as & $group) {
+			$privs = array();
+			if (!is_array($group['pages'])) {
+				unset($group['pages']);
+				continue;
+			}
+			foreach ($group['pages'] as $page) {
+				$priv = map_page_privname($page);
+				if ($priv)
+					$privs[] = $priv;
+			}
+			unset($group['pages']);
+			$group['priv'] = $privs;
+		}
+
 		/* sync all local account information */
 		sync_local_accounts();
 
-		$config['version'] = 4.9;
+		$config['version'] = 5.0;
 	}
 
 	$now = date("H:i:s");
diff --git a/etc/inc/functions.inc b/etc/inc/functions.inc
index a9ecbea..0fd4811 100644
--- a/etc/inc/functions.inc
+++ b/etc/inc/functions.inc
@@ -71,6 +71,7 @@ if(!function_exists("pfSenseHeader")) {
 
 /* include all configuration functions */
 require_once("auth.inc");
+require_once("priv.inc");
 require_once("captiveportal.inc");
 require_once("filter.inc");
 require_once("interfaces.inc");
@@ -86,4 +87,4 @@ require_once("gwlb.inc");
 require_once("notices.inc");
 require_once("cmd_chain.inc");
 
-?>
-\ No newline at end of file
+?>
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index 872ee09..3cbb15a 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -60,7 +60,7 @@ $g = array(
     "n_pppoe_units" => 16, /* this value can be overriden in pppoe->n_pppoe_units */
     "pppoe_subnet" => 28,  /* this value can be overriden in pppoe->pppoe_subnet  */
     "debug" => false,
-    "latest_config" => "4.9",
+    "latest_config" => "5.0",
     "nopkg_platforms" => array("cdrom"),
 	"minimum_ram_warning" => "115",
 	"minimum_ram_warning_text" => "128 megabytes",
diff --git a/etc/inc/meta.inc b/etc/inc/meta.inc
new file mode 100644
index 0000000..6b3d003
--- /dev/null
+++ b/etc/inc/meta.inc
@@ -0,0 +1,197 @@
+<?php
+/*
+	Copyright (C) 2008 Shrew Soft Inc
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/*
+ * The meta data format used in pfSense is denoted using markers
+ * followed by the appropriate value or value pair. All markers
+ * are prefixed with a ##| sequence. The + suffix is used to
+ * denote the beginning of a tag block followed by the tag name.
+ * A - suffix is used to denote the end of a tag blaock. Values
+ * are denoted using the * suffix and can optionally be expressed
+ * as a key value pair. An example of a metadata tag block ...
+ *
+ * ###|+INFO
+ * ###|*BLAH
+ * ###|*TEXT=SOME TEXT
+ * ###|-INFO
+ *
+ * After calling read_file_metadata, the result array would
+ * contain the following information ...
+ *
+ * metadata['<filename>']['INFO']['BLAH'][0] == true
+ * metadata['<filename>']['INFO']['TEXT'][0] == "SOME TEXT"
+ *
+ * NOTE: All statements must be at the begining of a line and
+ * contiguous for a tag. The example shown above would not be
+ * processed due to the extra ' * ' comment chars.
+ *
+ */
+
+/*
+ * locate php files for a given path
+ */
+
+function list_phpfiles($path, & $found) {
+
+	if (!is_array($found))
+		$found = array();
+
+	$dir = opendir($path);
+	if (!$dir) {
+		echo "list_phpfiles: unable to examine path {$path}\n";
+		return;
+	}
+
+	while($fname = readdir($dir)) {
+		if($fname == "." || $fname == ".." || $fname[0] == '.')
+			continue;
+		if (fnmatch('*.php', $fname))
+			$found[] = $fname;
+	}
+}
+
+/*
+ * read embedded metadata from a file
+ */
+
+function read_file_metadata($fpath, & $metadata, $taglist = false) {
+
+	if (!is_array($metadata))
+		$metadata = array();
+
+	if ($taglist)
+		$taglist = explode(",", $taglist);
+
+	$fname = $fpath;
+	$slash = strrpos($fname,"/");
+	if ($slash)
+		$fname = substr($fname,$slash + 1);
+
+	$fdata = @file_get_contents($fpath);
+	if (!$fdata) {
+		echo "unable to read {$fpath}\n";
+		continue;
+	}
+
+	$offset = 0;
+
+	$tags = array();
+
+	while (true) {
+
+		$tagbeg_off = stripos($fdata, "##|+", $offset);
+		if ($tagbeg_off === false)
+			break;
+
+		$tagbeg_trm = stripos($fdata, "\n", $tagbeg_off);
+		if ($tagbeg_trm === false)
+			break;
+
+		$tagend_off = stripos($fdata, "##|-", $tagbeg_trm);
+		if ($tagend_off === false)
+			break;
+
+		$tagend_trm = stripos($fdata, "\n", $tagend_off);
+		if ($tagend_trm === false)
+			break;
+
+		$tagbeg_len = $tagbeg_trm - $tagbeg_off;
+		$tagend_len = $tagend_trm - $tagend_off;
+
+		$tagbeg = substr($fdata, $tagbeg_off + 4, $tagbeg_len - 4);
+		$tagend = substr($fdata, $tagend_off + 4, $tagend_len - 4);
+
+		if ($tagbeg != $tagend) {
+			echo "error: tag mismatch ( {$tagbeg} != {$tagend} ) in '$fpath'\n";
+			break;
+		}
+
+		$mdata_off = $tagbeg_trm + 1;
+		$mdata_trm = $tagend_off - 1;
+		$mdata_len = $mdata_trm - $mdata_off;
+
+		$mdata = substr($fdata, $mdata_off, $mdata_len);
+
+		if (!strlen($mdata)) {
+			echo "warning: tag {$tagbeg} has no data in '$fpath'\n";
+			break;
+		}
+
+		$offset = $tagend_trm + 1;
+
+		if (is_array($taglist))
+			if (!in_array($tagbeg,$taglist))
+				continue;
+
+		$vals = array();
+
+		$lines = explode("\n",$mdata);
+		foreach ($lines as $line) {
+
+			if (!strlen($line)) 
+				continue;
+
+			$valtag = stripos($line, "##|*");
+			if ($valtag === false || $valtag) {
+				echo "warning: tag {$tagbeg} has malformed data in '$fpath'\n";
+				continue;
+			}
+
+			$value = substr($line, 4, strlen($line) - 1);
+			$vlist = explode("=", $value);
+
+			unset($vname);
+			unset($vdata);
+
+			switch (count($vlist)) {
+				case 1:
+					$vname = $vlist[0];
+					$vdata = true;
+					break;
+				case 2:
+					$vname = $vlist[0];
+					$vdata = $vlist[1];
+					break;
+			}
+
+			if (!isset($vname) || !isset($vdata)) {
+				echo "warning: tag {$tagbeg} has invalid data in '$fpath'\n";
+				continue;
+			}
+
+			$vals[$vname][] = $vdata;
+		}
+
+		if (count($vals))
+			$tags[$tagbeg] = $vals;
+	}
+
+	if (count($tags))
+		$metadata[$fname] = $tags;
+}
+
+?>
diff --git a/etc/inc/priv.defs.inc b/etc/inc/priv.defs.inc
new file mode 100644
index 0000000..9bddac7
--- /dev/null
+++ b/etc/inc/priv.defs.inc
@@ -0,0 +1,1014 @@
+<?php
+/*
+ * priv.defs.inc - Generated privilege definitions
+ *
+ */
+
+$priv_list = array();
+
+$priv_list['page-all'] = array();
+$priv_list['page-all']['name'] = "WebCfg - All pages";
+$priv_list['page-all']['descr'] = "Allow access to all pages";
+$priv_list['page-all']['match'] = array();
+$priv_list['page-all']['match'][] = "*";
+
+$priv_list['page-diagnostics-routingtables'] = array();
+$priv_list['page-diagnostics-routingtables']['name'] = "WebCfg - Diagnostics: Routing tables page";
+$priv_list['page-diagnostics-routingtables']['descr'] = "Allow access to the 'Diagnostics: Routing tables' page.";
+$priv_list['page-diagnostics-routingtables']['match'] = array();
+$priv_list['page-diagnostics-routingtables']['match'][] = "diag_routes.php*";
+
+$priv_list['page-status-carp'] = array();
+$priv_list['page-status-carp']['name'] = "WebCfg - Status: CARP page";
+$priv_list['page-status-carp']['descr'] = "Allow access to the 'Status: CARP' page.";
+$priv_list['page-status-carp']['match'] = array();
+$priv_list['page-status-carp']['match'][] = "carp_status.php*";
+
+$priv_list['page-diagnostics-arptable'] = array();
+$priv_list['page-diagnostics-arptable']['name'] = "WebCfg - Diagnostics: ARP Table page";
+$priv_list['page-diagnostics-arptable']['descr'] = "Allow access to the 'Diagnostics: ARP Table' page.";
+$priv_list['page-diagnostics-arptable']['match'] = array();
+$priv_list['page-diagnostics-arptable']['match'][] = "diag_arp.php*";
+
+$priv_list['page-diagnostics-backup/restore'] = array();
+$priv_list['page-diagnostics-backup/restore']['name'] = "WebCfg - Diagnostics: Backup/restore page";
+$priv_list['page-diagnostics-backup/restore']['descr'] = "Allow access to the 'Diagnostics: Backup/restore' page.";
+$priv_list['page-diagnostics-backup/restore']['match'] = array();
+$priv_list['page-diagnostics-backup/restore']['match'][] = "diag_backup.php*";
+
+$priv_list['page-diagnostics-configurationhistory'] = array();
+$priv_list['page-diagnostics-configurationhistory']['name'] = "WebCfg - Diagnostics: Configuration History page";
+$priv_list['page-diagnostics-configurationhistory']['descr'] = "Allow access to the 'Diagnostics: Configuration History' page.";
+$priv_list['page-diagnostics-configurationhistory']['match'] = array();
+$priv_list['page-diagnostics-configurationhistory']['match'][] = "diag_confbak.php*";
+
+$priv_list['page-diagnostics-factorydefaults'] = array();
+$priv_list['page-diagnostics-factorydefaults']['name'] = "WebCfg - Diagnostics: Factory defaults page";
+$priv_list['page-diagnostics-factorydefaults']['descr'] = "Allow access to the 'Diagnostics: Factory defaults' page.";
+$priv_list['page-diagnostics-factorydefaults']['match'] = array();
+$priv_list['page-diagnostics-factorydefaults']['match'][] = "diag_defaults.php*";
+
+$priv_list['page-status-dhcpleases'] = array();
+$priv_list['page-status-dhcpleases']['name'] = "WebCfg - Status: DHCP leases page";
+$priv_list['page-status-dhcpleases']['descr'] = "Allow access to the 'Status: DHCP leases' page.";
+$priv_list['page-status-dhcpleases']['match'] = array();
+$priv_list['page-status-dhcpleases']['match'][] = "diag_dhcp_leases.php*";
+
+$priv_list['page-diagnostics-showstates'] = array();
+$priv_list['page-diagnostics-showstates']['name'] = "WebCfg - Diagnostics: Show States page";
+$priv_list['page-diagnostics-showstates']['descr'] = "Allow access to the 'Diagnostics: Show States' page.";
+$priv_list['page-diagnostics-showstates']['match'] = array();
+$priv_list['page-diagnostics-showstates']['match'][] = "diag_dump_states.php*";
+
+$priv_list['page-status-ipsec'] = array();
+$priv_list['page-status-ipsec']['name'] = "WebCfg - Status: IPsec page";
+$priv_list['page-status-ipsec']['descr'] = "Allow access to the 'Status: IPsec' page.";
+$priv_list['page-status-ipsec']['match'] = array();
+$priv_list['page-status-ipsec']['match'][] = "diag_ipsec.php*";
+
+$priv_list['page-status-ipsec-sad'] = array();
+$priv_list['page-status-ipsec-sad']['name'] = "WebCfg - Status: IPsec: SAD page";
+$priv_list['page-status-ipsec-sad']['descr'] = "Allow access to the 'Status: IPsec: SAD' page.";
+$priv_list['page-status-ipsec-sad']['match'] = array();
+$priv_list['page-status-ipsec-sad']['match'][] = "diag_ipsec_sad.php*";
+
+$priv_list['page-status-ipsec-spd'] = array();
+$priv_list['page-status-ipsec-spd']['name'] = "WebCfg - Status: IPsec: SPD page";
+$priv_list['page-status-ipsec-spd']['descr'] = "Allow access to the 'Status: IPsec: SPD' page.";
+$priv_list['page-status-ipsec-spd']['match'] = array();
+$priv_list['page-status-ipsec-spd']['match'][] = "diag_ipsec_spd.php*";
+
+$priv_list['page-diagnostics-logs-system'] = array();
+$priv_list['page-diagnostics-logs-system']['name'] = "WebCfg - Diagnostics: Logs: System page";
+$priv_list['page-diagnostics-logs-system']['descr'] = "Allow access to the 'Diagnostics: Logs: System' page.";
+$priv_list['page-diagnostics-logs-system']['match'] = array();
+$priv_list['page-diagnostics-logs-system']['match'][] = "diag_logs.php*";
+
+$priv_list['page-status-systemlogs-portalauth'] = array();
+$priv_list['page-status-systemlogs-portalauth']['name'] = "WebCfg - Status: System logs: Portal Auth page";
+$priv_list['page-status-systemlogs-portalauth']['descr'] = "Allow access to the 'Status: System logs: Portal Auth' page.";
+$priv_list['page-status-systemlogs-portalauth']['match'] = array();
+$priv_list['page-status-systemlogs-portalauth']['match'][] = "diag_logs_auth.php*";
+
+$priv_list['page-diagnostics-logs-dhcp'] = array();
+$priv_list['page-diagnostics-logs-dhcp']['name'] = "WebCfg - Diagnostics: Logs: DHCP page";
+$priv_list['page-diagnostics-logs-dhcp']['descr'] = "Allow access to the 'Diagnostics: Logs: DHCP' page.";
+$priv_list['page-diagnostics-logs-dhcp']['match'] = array();
+$priv_list['page-diagnostics-logs-dhcp']['match'][] = "diag_logs_dhcp.php*";
+
+$priv_list['page-package-settings'] = array();
+$priv_list['page-package-settings']['name'] = "WebCfg - Package: Settings page";
+$priv_list['page-package-settings']['descr'] = "Allow access to the 'Package: Settings' page.";
+$priv_list['page-package-settings']['match'] = array();
+$priv_list['page-package-settings']['match'][] = "pkg.php*";
+
+$priv_list['page-diagnostics-logs-firewall'] = array();
+$priv_list['page-diagnostics-logs-firewall']['name'] = "WebCfg - Diagnostics: Logs: Firewall page";
+$priv_list['page-diagnostics-logs-firewall']['descr'] = "Allow access to the 'Diagnostics: Logs: Firewall' page.";
+$priv_list['page-diagnostics-logs-firewall']['match'] = array();
+$priv_list['page-diagnostics-logs-firewall']['match'][] = "diag_logs_filter.php*";
+
+$priv_list['page-hidden-nolongerincluded'] = array();
+$priv_list['page-hidden-nolongerincluded']['name'] = "WebCfg - Hidden: No longer included page";
+$priv_list['page-hidden-nolongerincluded']['descr'] = "Allow access to the 'Hidden: No longer included' page.";
+$priv_list['page-hidden-nolongerincluded']['match'] = array();
+$priv_list['page-hidden-nolongerincluded']['match'][] = "diag_logs_filter_dynamic.php*";
+
+$priv_list['page-status-systemlogs-ipsecvpn'] = array();
+$priv_list['page-status-systemlogs-ipsecvpn']['name'] = "WebCfg - Status: System logs: IPsec VPN page";
+$priv_list['page-status-systemlogs-ipsecvpn']['descr'] = "Allow access to the 'Status: System logs: IPsec VPN' page.";
+$priv_list['page-status-systemlogs-ipsecvpn']['match'] = array();
+$priv_list['page-status-systemlogs-ipsecvpn']['match'][] = "diag_logs_ipsec.php*";
+
+$priv_list['page-status-systemlogs-openntpd'] = array();
+$priv_list['page-status-systemlogs-openntpd']['name'] = "WebCfg - Status: System logs: OpenNTPD page";
+$priv_list['page-status-systemlogs-openntpd']['descr'] = "Allow access to the 'Status: System logs: OpenNTPD' page.";
+$priv_list['page-status-systemlogs-openntpd']['match'] = array();
+$priv_list['page-status-systemlogs-openntpd']['match'][] = "diag_logs_ntpd.php*";
+
+$priv_list['page-status-systemlogs-openvpn'] = array();
+$priv_list['page-status-systemlogs-openvpn']['name'] = "WebCfg - Status: System logs: OpenVPN page";
+$priv_list['page-status-systemlogs-openvpn']['descr'] = "Allow access to the 'Status: System logs: OpenVPN' page.";
+$priv_list['page-status-systemlogs-openvpn']['match'] = array();
+$priv_list['page-status-systemlogs-openvpn']['match'][] = "diag_logs_openvpn.php*";
+
+$priv_list['page-status-systemlogs-loadbalancer'] = array();
+$priv_list['page-status-systemlogs-loadbalancer']['name'] = "WebCfg - Status: System logs: Load Balancer page";
+$priv_list['page-status-systemlogs-loadbalancer']['descr'] = "Allow access to the 'Status: System logs: Load Balancer' page.";
+$priv_list['page-status-systemlogs-loadbalancer']['match'] = array();
+$priv_list['page-status-systemlogs-loadbalancer']['match'][] = "diag_logs_relayd.php*";
+
+$priv_list['page-diagnostics-logs-settings'] = array();
+$priv_list['page-diagnostics-logs-settings']['name'] = "WebCfg - Diagnostics: Logs: Settings page";
+$priv_list['page-diagnostics-logs-settings']['descr'] = "Allow access to the 'Diagnostics: Logs: Settings' page.";
+$priv_list['page-diagnostics-logs-settings']['match'] = array();
+$priv_list['page-diagnostics-logs-settings']['match'][] = "diag_logs_settings.php*";
+
+$priv_list['page-status-systemlogs-loadbalancer'] = array();
+$priv_list['page-status-systemlogs-loadbalancer']['name'] = "WebCfg - Status: System logs: Load Balancer page";
+$priv_list['page-status-systemlogs-loadbalancer']['descr'] = "Allow access to the 'Status: System logs: Load Balancer' page.";
+$priv_list['page-status-systemlogs-loadbalancer']['match'] = array();
+$priv_list['page-status-systemlogs-loadbalancer']['match'][] = "diag_logs_slbd.php*";
+
+$priv_list['page-diagnostics-logs-pptpvpn'] = array();
+$priv_list['page-diagnostics-logs-pptpvpn']['name'] = "WebCfg - Diagnostics: Logs: PPTP VPN page";
+$priv_list['page-diagnostics-logs-pptpvpn']['descr'] = "Allow access to the 'Diagnostics: Logs: PPTP VPN' page.";
+$priv_list['page-diagnostics-logs-pptpvpn']['match'] = array();
+$priv_list['page-diagnostics-logs-pptpvpn']['match'][] = "diag_logs_vpn.php*";
+
+$priv_list['page-diagnostics-packetcapture'] = array();
+$priv_list['page-diagnostics-packetcapture']['name'] = "WebCfg - Diagnostics: Packet Capture page";
+$priv_list['page-diagnostics-packetcapture']['descr'] = "Allow access to the 'Diagnostics: Packet Capture' page.";
+$priv_list['page-diagnostics-packetcapture']['match'] = array();
+$priv_list['page-diagnostics-packetcapture']['match'][] = "diag_packet_capture.php*";
+
+$priv_list['page-diagnostics-ping'] = array();
+$priv_list['page-diagnostics-ping']['name'] = "WebCfg - Diagnostics: Ping page";
+$priv_list['page-diagnostics-ping']['descr'] = "Allow access to the 'Diagnostics: Ping' page.";
+$priv_list['page-diagnostics-ping']['match'] = array();
+$priv_list['page-diagnostics-ping']['match'][] = "diag_ping.php*";
+
+$priv_list['page-status-packagelogs'] = array();
+$priv_list['page-status-packagelogs']['name'] = "WebCfg - Status: Package logs page";
+$priv_list['page-status-packagelogs']['descr'] = "Allow access to the 'Status: Package logs' page.";
+$priv_list['page-status-packagelogs']['match'] = array();
+$priv_list['page-status-packagelogs']['match'][] = "diag_pkglogs.php*";
+
+$priv_list['page-diagnostics-resetstate'] = array();
+$priv_list['page-diagnostics-resetstate']['name'] = "WebCfg - Diagnostics: Reset state page";
+$priv_list['page-diagnostics-resetstate']['descr'] = "Allow access to the 'Diagnostics: Reset state' page.";
+$priv_list['page-diagnostics-resetstate']['match'] = array();
+$priv_list['page-diagnostics-resetstate']['match'][] = "diag_resetstate.php*";
+
+$priv_list['page-diagnostics-traceroute'] = array();
+$priv_list['page-diagnostics-traceroute']['name'] = "WebCfg - Diagnostics: Traceroute page";
+$priv_list['page-diagnostics-traceroute']['descr'] = "Allow access to the 'Diagnostics: Traceroute' page.";
+$priv_list['page-diagnostics-traceroute']['match'] = array();
+$priv_list['page-diagnostics-traceroute']['match'][] = "diag_traceroute.php*";
+
+$priv_list['page-diagnostics-editfile'] = array();
+$priv_list['page-diagnostics-editfile']['name'] = "WebCfg - Diagnostics: Edit File page";
+$priv_list['page-diagnostics-editfile']['descr'] = "Allow access to the 'Diagnostics: Edit File' page.";
+$priv_list['page-diagnostics-editfile']['match'] = array();
+$priv_list['page-diagnostics-editfile']['match'][] = "edit.php*";
+
+$priv_list['page-diagnostics-command'] = array();
+$priv_list['page-diagnostics-command']['name'] = "WebCfg - Diagnostics: Command page";
+$priv_list['page-diagnostics-command']['descr'] = "Allow access to the 'Diagnostics: Command' page.";
+$priv_list['page-diagnostics-command']['match'] = array();
+$priv_list['page-diagnostics-command']['match'][] = "exec.php*";
+
+$priv_list['page-hidden-execraw'] = array();
+$priv_list['page-hidden-execraw']['name'] = "WebCfg - Hidden: Exec Raw page";
+$priv_list['page-hidden-execraw']['descr'] = "Allow access to the 'Hidden: Exec Raw' page.";
+$priv_list['page-hidden-execraw']['match'] = array();
+$priv_list['page-hidden-execraw']['match'][] = "exec_raw.php*";
+
+$priv_list['page-firewall-aliases'] = array();
+$priv_list['page-firewall-aliases']['name'] = "WebCfg - Firewall: Aliases page";
+$priv_list['page-firewall-aliases']['descr'] = "Allow access to the 'Firewall: Aliases' page.";
+$priv_list['page-firewall-aliases']['match'] = array();
+$priv_list['page-firewall-aliases']['match'][] = "firewall_aliases.php*";
+
+$priv_list['page-firewall-alias-edit'] = array();
+$priv_list['page-firewall-alias-edit']['name'] = "WebCfg - Firewall: Alias: Edit page";
+$priv_list['page-firewall-alias-edit']['descr'] = "Allow access to the 'Firewall: Alias: Edit' page.";
+$priv_list['page-firewall-alias-edit']['match'] = array();
+$priv_list['page-firewall-alias-edit']['match'][] = "firewall_aliases_edit.php*";
+
+$priv_list['page-firewall-alias-import'] = array();
+$priv_list['page-firewall-alias-import']['name'] = "WebCfg - Firewall: Alias: Import page";
+$priv_list['page-firewall-alias-import']['descr'] = "Allow access to the 'Firewall: Alias: Import' page.";
+$priv_list['page-firewall-alias-import']['match'] = array();
+$priv_list['page-firewall-alias-import']['match'][] = "firewall_aliases_import.php*";
+
+$priv_list['page-firewall-nat-portforward'] = array();
+$priv_list['page-firewall-nat-portforward']['name'] = "WebCfg - Firewall: NAT: Port Forward page";
+$priv_list['page-firewall-nat-portforward']['descr'] = "Allow access to the 'Firewall: NAT: Port Forward' page.";
+$priv_list['page-firewall-nat-portforward']['match'] = array();
+$priv_list['page-firewall-nat-portforward']['match'][] = "firewall_nat.php*";
+
+$priv_list['page-firewall-nat-1-1'] = array();
+$priv_list['page-firewall-nat-1-1']['name'] = "WebCfg - Firewall: NAT: 1:1 page";
+$priv_list['page-firewall-nat-1-1']['descr'] = "Allow access to the 'Firewall: NAT: 1:1' page.";
+$priv_list['page-firewall-nat-1-1']['match'] = array();
+$priv_list['page-firewall-nat-1-1']['match'][] = "firewall_nat_1to1.php*";
+
+$priv_list['page-firewall-nat-1-1-edit'] = array();
+$priv_list['page-firewall-nat-1-1-edit']['name'] = "WebCfg - Firewall: NAT: 1:1: Edit page";
+$priv_list['page-firewall-nat-1-1-edit']['descr'] = "Allow access to the 'Firewall: NAT: 1:1: Edit' page.";
+$priv_list['page-firewall-nat-1-1-edit']['match'] = array();
+$priv_list['page-firewall-nat-1-1-edit']['match'][] = "firewall_nat_1to1_edit.php*";
+
+$priv_list['page-firewall-nat-portforward-edit'] = array();
+$priv_list['page-firewall-nat-portforward-edit']['name'] = "WebCfg - Firewall: NAT: Port Forward: Edit page";
+$priv_list['page-firewall-nat-portforward-edit']['descr'] = "Allow access to the 'Firewall: NAT: Port Forward: Edit' page.";
+$priv_list['page-firewall-nat-portforward-edit']['match'] = array();
+$priv_list['page-firewall-nat-portforward-edit']['match'][] = "firewall_nat_edit.php*";
+
+$priv_list['page-firewall-nat-outbound'] = array();
+$priv_list['page-firewall-nat-outbound']['name'] = "WebCfg - Firewall: NAT: Outbound page";
+$priv_list['page-firewall-nat-outbound']['descr'] = "Allow access to the 'Firewall: NAT: Outbound' page.";
+$priv_list['page-firewall-nat-outbound']['match'] = array();
+$priv_list['page-firewall-nat-outbound']['match'][] = "firewall_nat_out.php*";
+
+$priv_list['page-firewall-nat-outbound-edit'] = array();
+$priv_list['page-firewall-nat-outbound-edit']['name'] = "WebCfg - Firewall: NAT: Outbound: Edit page";
+$priv_list['page-firewall-nat-outbound-edit']['descr'] = "Allow access to the 'Firewall: NAT: Outbound: Edit' page.";
+$priv_list['page-firewall-nat-outbound-edit']['match'] = array();
+$priv_list['page-firewall-nat-outbound-edit']['match'][] = "firewall_nat_out_edit.php*";
+
+$priv_list['page-firewall-nat-nataddresses'] = array();
+$priv_list['page-firewall-nat-nataddresses']['name'] = "WebCfg - Firewall: NAT: NAT Addresses page";
+$priv_list['page-firewall-nat-nataddresses']['descr'] = "Allow access to the 'Firewall: NAT: NAT Addresses' page.";
+$priv_list['page-firewall-nat-nataddresses']['match'] = array();
+$priv_list['page-firewall-nat-nataddresses']['match'][] = "firewall_nat_server.php*";
+
+$priv_list['page-firewall-rules'] = array();
+$priv_list['page-firewall-rules']['name'] = "WebCfg - Firewall: Rules page";
+$priv_list['page-firewall-rules']['descr'] = "Allow access to the 'Firewall: Rules' page.";
+$priv_list['page-firewall-rules']['match'] = array();
+$priv_list['page-firewall-rules']['match'][] = "firewall_rules.php*";
+
+$priv_list['page-firewall-nat-nataddresses-edit'] = array();
+$priv_list['page-firewall-nat-nataddresses-edit']['name'] = "WebCfg - Firewall: NAT: NAT Addresses: Edit page";
+$priv_list['page-firewall-nat-nataddresses-edit']['descr'] = "Allow access to the 'Firewall: NAT: NAT Addresses: Edit' page.";
+$priv_list['page-firewall-nat-nataddresses-edit']['match'] = array();
+$priv_list['page-firewall-nat-nataddresses-edit']['match'][] = "firewall_nat_server_edit.php*";
+
+$priv_list['page-firewall-rules-edit'] = array();
+$priv_list['page-firewall-rules-edit']['name'] = "WebCfg - Firewall: Rules: Edit page";
+$priv_list['page-firewall-rules-edit']['descr'] = "Allow access to the 'Firewall: Rules: Edit' page.";
+$priv_list['page-firewall-rules-edit']['match'] = array();
+$priv_list['page-firewall-rules-edit']['match'][] = "firewall_rules_edit.php*";
+
+$priv_list['page-firewall-schedules'] = array();
+$priv_list['page-firewall-schedules']['name'] = "WebCfg - Firewall: Schedules page";
+$priv_list['page-firewall-schedules']['descr'] = "Allow access to the 'Firewall: Schedules' page.";
+$priv_list['page-firewall-schedules']['match'] = array();
+$priv_list['page-firewall-schedules']['match'][] = "firewall_schedule.php*";
+
+$priv_list['page-firewall-schedules-edit'] = array();
+$priv_list['page-firewall-schedules-edit']['name'] = "WebCfg - Firewall: Schedules: Edit page";
+$priv_list['page-firewall-schedules-edit']['descr'] = "Allow access to the 'Firewall: Schedules: Edit' page.";
+$priv_list['page-firewall-schedules-edit']['match'] = array();
+$priv_list['page-firewall-schedules-edit']['match'][] = "firewall_schedule_edit.php*";
+
+$priv_list['page-firewall-trafficshaper'] = array();
+$priv_list['page-firewall-trafficshaper']['name'] = "WebCfg - Firewall: Traffic Shaper page";
+$priv_list['page-firewall-trafficshaper']['descr'] = "Allow access to the 'Firewall: Traffic Shaper' page.";
+$priv_list['page-firewall-trafficshaper']['match'] = array();
+$priv_list['page-firewall-trafficshaper']['match'][] = "firewall_shaper.php*";
+
+$priv_list['page-firewall-trafficshaper-queues'] = array();
+$priv_list['page-firewall-trafficshaper-queues']['name'] = "WebCfg - Firewall: Traffic Shaper: Queues page";
+$priv_list['page-firewall-trafficshaper-queues']['descr'] = "Allow access to the 'Firewall: Traffic Shaper: Queues' page.";
+$priv_list['page-firewall-trafficshaper-queues']['match'] = array();
+$priv_list['page-firewall-trafficshaper-queues']['match'][] = "firewall_shaper_queues.php*";
+
+$priv_list['page-firewall-trafficshaper-limiter'] = array();
+$priv_list['page-firewall-trafficshaper-limiter']['name'] = "WebCfg - Firewall: Traffic Shaper: Limiter page";
+$priv_list['page-firewall-trafficshaper-limiter']['descr'] = "Allow access to the 'Firewall: Traffic Shaper: Limiter' page.";
+$priv_list['page-firewall-trafficshaper-limiter']['match'] = array();
+$priv_list['page-firewall-trafficshaper-limiter']['match'][] = "firewall_shaper_vinterface.php*";
+
+$priv_list['page-firewall-trafficshaper-wizard'] = array();
+$priv_list['page-firewall-trafficshaper-wizard']['name'] = "WebCfg - Firewall: Traffic Shaper: Wizard page";
+$priv_list['page-firewall-trafficshaper-wizard']['descr'] = "Allow access to the 'Firewall: Traffic Shaper: Wizard' page.";
+$priv_list['page-firewall-trafficshaper-wizard']['match'] = array();
+$priv_list['page-firewall-trafficshaper-wizard']['match'][] = "firewall_shaper_wizards.php*";
+
+$priv_list['page-firewall-system-tunables'] = array();
+$priv_list['page-firewall-system-tunables']['name'] = "WebCfg - Firewall: System: Tunables page";
+$priv_list['page-firewall-system-tunables']['descr'] = "Allow access to the 'Firewall: System: Tunables' page.";
+$priv_list['page-firewall-system-tunables']['match'] = array();
+$priv_list['page-firewall-system-tunables']['match'][] = "firewall_system_tunables.php*";
+
+$priv_list['page-firewall-system-tunables-edit'] = array();
+$priv_list['page-firewall-system-tunables-edit']['name'] = "WebCfg - Firewall: System: Tunables: Edit page";
+$priv_list['page-firewall-system-tunables-edit']['descr'] = "Allow access to the 'Firewall: System: Tunables: Edit' page.";
+$priv_list['page-firewall-system-tunables-edit']['match'] = array();
+$priv_list['page-firewall-system-tunables-edit']['match'][] = "firewall_system_tunables_edit.php*";
+
+$priv_list['page-firewall-virtualipaddresses'] = array();
+$priv_list['page-firewall-virtualipaddresses']['name'] = "WebCfg - Firewall: Virtual IP Addresses page";
+$priv_list['page-firewall-virtualipaddresses']['descr'] = "Allow access to the 'Firewall: Virtual IP Addresses' page.";
+$priv_list['page-firewall-virtualipaddresses']['match'] = array();
+$priv_list['page-firewall-virtualipaddresses']['match'][] = "firewall_virtual_ip.php*";
+
+$priv_list['page-diagnostics-interfacetraffic'] = array();
+$priv_list['page-diagnostics-interfacetraffic']['name'] = "WebCfg - Diagnostics: Interface Traffic page";
+$priv_list['page-diagnostics-interfacetraffic']['descr'] = "Allow access to the 'Diagnostics: Interface Traffic' page.";
+$priv_list['page-diagnostics-interfacetraffic']['match'] = array();
+$priv_list['page-diagnostics-interfacetraffic']['match'][] = "graph.php*";
+
+$priv_list['page-firewall-virtualipaddress-edit'] = array();
+$priv_list['page-firewall-virtualipaddress-edit']['name'] = "WebCfg - Firewall: Virtual IP Address: Edit page";
+$priv_list['page-firewall-virtualipaddress-edit']['descr'] = "Allow access to the 'Firewall: Virtual IP Address: Edit' page.";
+$priv_list['page-firewall-virtualipaddress-edit']['match'] = array();
+$priv_list['page-firewall-virtualipaddress-edit']['match'][] = "firewall_virtual_ip_edit.php*";
+
+$priv_list['page-diagnostics-cpuutilization'] = array();
+$priv_list['page-diagnostics-cpuutilization']['name'] = "WebCfg - Diagnostics: CPU Utilization page";
+$priv_list['page-diagnostics-cpuutilization']['descr'] = "Allow access to the 'Diagnostics: CPU Utilization' page.";
+$priv_list['page-diagnostics-cpuutilization']['match'] = array();
+$priv_list['page-diagnostics-cpuutilization']['match'][] = "graph_cpu.php*";
+
+$priv_list['page-diagnostics-haltsystem'] = array();
+$priv_list['page-diagnostics-haltsystem']['name'] = "WebCfg - Diagnostics: Halt system page";
+$priv_list['page-diagnostics-haltsystem']['descr'] = "Allow access to the 'Diagnostics: Halt system' page.";
+$priv_list['page-diagnostics-haltsystem']['match'] = array();
+$priv_list['page-diagnostics-haltsystem']['match'][] = "halt.php*";
+
+$priv_list['page-requiredforjavascript'] = array();
+$priv_list['page-requiredforjavascript']['name'] = "WebCfg - Required for javascript page";
+$priv_list['page-requiredforjavascript']['descr'] = "Allow access to the 'Required for javascript' page.";
+$priv_list['page-requiredforjavascript']['match'] = array();
+$priv_list['page-requiredforjavascript']['match'][] = "headjs.php*";
+
+$priv_list['page-xmlrpcinterfacestats'] = array();
+$priv_list['page-xmlrpcinterfacestats']['name'] = "WebCfg - XMLRPC Interface Stats page";
+$priv_list['page-xmlrpcinterfacestats']['descr'] = "Allow access to the 'XMLRPC Interface Stats' page.";
+$priv_list['page-xmlrpcinterfacestats']['match'] = array();
+$priv_list['page-xmlrpcinterfacestats']['match'][] = "ifstats.php*";
+
+$priv_list['page-system-login/logout'] = array();
+$priv_list['page-system-login/logout']['name'] = "WebCfg - System: Login / Logout page";
+$priv_list['page-system-login/logout']['descr'] = "Allow access to the 'System: Login / Logout' page.";
+$priv_list['page-system-login/logout']['match'] = array();
+$priv_list['page-system-login/logout']['match'][] = "index.php*";
+
+$priv_list['page-interfaces-assignnetworkports'] = array();
+$priv_list['page-interfaces-assignnetworkports']['name'] = "WebCfg - Interfaces: Assign network ports page";
+$priv_list['page-interfaces-assignnetworkports']['descr'] = "Allow access to the 'Interfaces: Assign network ports' page.";
+$priv_list['page-interfaces-assignnetworkports']['match'] = array();
+$priv_list['page-interfaces-assignnetworkports']['match'][] = "interfaces_assign.php*";
+
+$priv_list['page-interfaces-gif'] = array();
+$priv_list['page-interfaces-gif']['name'] = "WebCfg - Interfaces: GIF page";
+$priv_list['page-interfaces-gif']['descr'] = "Allow access to the 'Interfaces: GIF' page.";
+$priv_list['page-interfaces-gif']['match'] = array();
+$priv_list['page-interfaces-gif']['match'][] = "interfaces_gif.php*";
+
+$priv_list['page-interfaces-gif-edit'] = array();
+$priv_list['page-interfaces-gif-edit']['name'] = "WebCfg - Interfaces: GIF: Edit page";
+$priv_list['page-interfaces-gif-edit']['descr'] = "Allow access to the 'Interfaces: GIF: Edit' page.";
+$priv_list['page-interfaces-gif-edit']['match'] = array();
+$priv_list['page-interfaces-gif-edit']['match'][] = "interfaces_gif_edit.php*";
+
+$priv_list['page-interfaces-gre'] = array();
+$priv_list['page-interfaces-gre']['name'] = "WebCfg - Interfaces: GRE page";
+$priv_list['page-interfaces-gre']['descr'] = "Allow access to the 'Interfaces: GRE' page.";
+$priv_list['page-interfaces-gre']['match'] = array();
+$priv_list['page-interfaces-gre']['match'][] = "interfaces_gre.php*";
+
+$priv_list['page-interfaces-gre-edit'] = array();
+$priv_list['page-interfaces-gre-edit']['name'] = "WebCfg - Interfaces: GRE: Edit page";
+$priv_list['page-interfaces-gre-edit']['descr'] = "Allow access to the 'Interfaces: GRE: Edit' page.";
+$priv_list['page-interfaces-gre-edit']['match'] = array();
+$priv_list['page-interfaces-gre-edit']['match'][] = "interfaces_gre_edit.php*";
+
+$priv_list['page-interfaces-lan'] = array();
+$priv_list['page-interfaces-lan']['name'] = "WebCfg - Interfaces: LAN page";
+$priv_list['page-interfaces-lan']['descr'] = "Allow access to the 'Interfaces: LAN' page.";
+$priv_list['page-interfaces-lan']['match'] = array();
+$priv_list['page-interfaces-lan']['match'][] = "interfaces_lan.php*";
+
+$priv_list['page-interfaces-ppp'] = array();
+$priv_list['page-interfaces-ppp']['name'] = "WebCfg - Interfaces: PPP page";
+$priv_list['page-interfaces-ppp']['descr'] = "Allow access to the 'Interfaces: PPP' page.";
+$priv_list['page-interfaces-ppp']['match'] = array();
+$priv_list['page-interfaces-ppp']['match'][] = "interfaces_ppp.php*";
+
+$priv_list['page-interfaces-ppp-edit'] = array();
+$priv_list['page-interfaces-ppp-edit']['name'] = "WebCfg - Interfaces: PPP: Edit page";
+$priv_list['page-interfaces-ppp-edit']['descr'] = "Allow access to the 'Interfaces: PPP: Edit' page.";
+$priv_list['page-interfaces-ppp-edit']['match'] = array();
+$priv_list['page-interfaces-ppp-edit']['match'][] = "interfaces_ppp_edit.php*";
+
+$priv_list['page-interfaces-vlan'] = array();
+$priv_list['page-interfaces-vlan']['name'] = "WebCfg - Interfaces: VLAN page";
+$priv_list['page-interfaces-vlan']['descr'] = "Allow access to the 'Interfaces: VLAN' page.";
+$priv_list['page-interfaces-vlan']['match'] = array();
+$priv_list['page-interfaces-vlan']['match'][] = "interfaces_vlan.php*";
+
+$priv_list['page-interfaces-vlan-edit'] = array();
+$priv_list['page-interfaces-vlan-edit']['name'] = "WebCfg - Interfaces: VLAN: Edit page";
+$priv_list['page-interfaces-vlan-edit']['descr'] = "Allow access to the 'Interfaces: VLAN: Edit' page.";
+$priv_list['page-interfaces-vlan-edit']['match'] = array();
+$priv_list['page-interfaces-vlan-edit']['match'][] = "interfaces_vlan_edit.php*";
+
+$priv_list['page-interfaces-wan'] = array();
+$priv_list['page-interfaces-wan']['name'] = "WebCfg - Interfaces: WAN page";
+$priv_list['page-interfaces-wan']['descr'] = "Allow access to the 'Interfaces: WAN' page.";
+$priv_list['page-interfaces-wan']['match'] = array();
+$priv_list['page-interfaces-wan']['match'][] = "interfaces_wan.php*";
+
+$priv_list['page-interfaces-scanwireless'] = array();
+$priv_list['page-interfaces-scanwireless']['name'] = "WebCfg - Interfaces: Scan Wireless page";
+$priv_list['page-interfaces-scanwireless']['descr'] = "Allow access to the 'Interfaces: Scan Wireless' page.";
+$priv_list['page-interfaces-scanwireless']['match'] = array();
+$priv_list['page-interfaces-scanwireless']['match'][] = "interfaces_wlan_scan.php*";
+
+$priv_list['page-system-license'] = array();
+$priv_list['page-system-license']['name'] = "WebCfg - System: License page";
+$priv_list['page-system-license']['descr'] = "Allow access to the 'System: License' page.";
+$priv_list['page-system-license']['match'] = array();
+$priv_list['page-system-license']['match'][] = "license.php*";
+
+$priv_list['page-loadbalancer-pool'] = array();
+$priv_list['page-loadbalancer-pool']['name'] = "WebCfg - Load Balancer: Pool page";
+$priv_list['page-loadbalancer-pool']['descr'] = "Allow access to the 'Load Balancer: Pool' page.";
+$priv_list['page-loadbalancer-pool']['match'] = array();
+$priv_list['page-loadbalancer-pool']['match'][] = "load_balancer_pool.php*";
+
+$priv_list['page-system-packagemanager'] = array();
+$priv_list['page-system-packagemanager']['name'] = "WebCfg - System: Package Manager page";
+$priv_list['page-system-packagemanager']['descr'] = "Allow access to the 'System: Package Manager' page.";
+$priv_list['page-system-packagemanager']['match'] = array();
+$priv_list['page-system-packagemanager']['match'][] = "pkg_mgr.php*";
+
+$priv_list['page-loadbalancer-pool-edit'] = array();
+$priv_list['page-loadbalancer-pool-edit']['name'] = "WebCfg - Load Balancer: Pool: Edit page";
+$priv_list['page-loadbalancer-pool-edit']['descr'] = "Allow access to the 'Load Balancer: Pool: Edit' page.";
+$priv_list['page-loadbalancer-pool-edit']['match'] = array();
+$priv_list['page-loadbalancer-pool-edit']['match'][] = "load_balancer_pool_edit.php*";
+
+$priv_list['page-services-loadbalancer-virtualservers'] = array();
+$priv_list['page-services-loadbalancer-virtualservers']['name'] = "WebCfg - Services: Load Balancer: Virtual Servers page";
+$priv_list['page-services-loadbalancer-virtualservers']['descr'] = "Allow access to the 'Services: Load Balancer: Virtual Servers' page.";
+$priv_list['page-services-loadbalancer-virtualservers']['match'] = array();
+$priv_list['page-services-loadbalancer-virtualservers']['match'][] = "load_balancer_virtual_server.php*";
+
+$priv_list['page-loadbalancer-virtualserver-edit'] = array();
+$priv_list['page-loadbalancer-virtualserver-edit']['name'] = "WebCfg - Load Balancer: Virtual Server: Edit page";
+$priv_list['page-loadbalancer-virtualserver-edit']['descr'] = "Allow access to the 'Load Balancer: Virtual Server: Edit' page.";
+$priv_list['page-loadbalancer-virtualserver-edit']['match'] = array();
+$priv_list['page-loadbalancer-virtualserver-edit']['match'][] = "load_balancer_virtual_server_edit.php*";
+
+$priv_list['page-package-edit'] = array();
+$priv_list['page-package-edit']['name'] = "WebCfg - Package: Edit page";
+$priv_list['page-package-edit']['descr'] = "Allow access to the 'Package: Edit' page.";
+$priv_list['page-package-edit']['match'] = array();
+$priv_list['page-package-edit']['match'][] = "pkg_edit.php*";
+
+$priv_list['page-system-packagemanager-installpackage'] = array();
+$priv_list['page-system-packagemanager-installpackage']['name'] = "WebCfg - System: Package Manager: Install Package page";
+$priv_list['page-system-packagemanager-installpackage']['descr'] = "Allow access to the 'System: Package Manager: Install Package' page.";
+$priv_list['page-system-packagemanager-installpackage']['match'] = array();
+$priv_list['page-system-packagemanager-installpackage']['match'][] = "pkg_mgr_install.php*";
+
+$priv_list['page-system-packagemanager-installed'] = array();
+$priv_list['page-system-packagemanager-installed']['name'] = "WebCfg - System: Package Manager: Installed page";
+$priv_list['page-system-packagemanager-installed']['descr'] = "Allow access to the 'System: Package Manager: Installed' page.";
+$priv_list['page-system-packagemanager-installed']['match'] = array();
+$priv_list['page-system-packagemanager-installed']['match'][] = "pkg_mgr_installed.php*";
+
+$priv_list['page-diagnostics-rebootsystem'] = array();
+$priv_list['page-diagnostics-rebootsystem']['name'] = "WebCfg - Diagnostics: Reboot System page";
+$priv_list['page-diagnostics-rebootsystem']['descr'] = "Allow access to the 'Diagnostics: Reboot System' page.";
+$priv_list['page-diagnostics-rebootsystem']['match'] = array();
+$priv_list['page-diagnostics-rebootsystem']['match'][] = "reboot.php*";
+
+$priv_list['page-services-captiveportal'] = array();
+$priv_list['page-services-captiveportal']['name'] = "WebCfg - Services: Captive portal page";
+$priv_list['page-services-captiveportal']['descr'] = "Allow access to the 'Services: Captive portal' page.";
+$priv_list['page-services-captiveportal']['match'] = array();
+$priv_list['page-services-captiveportal']['match'][] = "services_captiveportal.php*";
+
+$priv_list['page-services-captiveportal-filemanager'] = array();
+$priv_list['page-services-captiveportal-filemanager']['name'] = "WebCfg - Services: Captive portal: File Manager page";
+$priv_list['page-services-captiveportal-filemanager']['descr'] = "Allow access to the 'Services: Captive portal: File Manager' page.";
+$priv_list['page-services-captiveportal-filemanager']['match'] = array();
+$priv_list['page-services-captiveportal-filemanager']['match'][] = "services_captiveportal_filemanager.php*";
+
+$priv_list['page-services-captiveportal-allowedips'] = array();
+$priv_list['page-services-captiveportal-allowedips']['name'] = "WebCfg - Services: Captive portal: Allowed IPs page";
+$priv_list['page-services-captiveportal-allowedips']['descr'] = "Allow access to the 'Services: Captive portal: Allowed IPs' page.";
+$priv_list['page-services-captiveportal-allowedips']['match'] = array();
+$priv_list['page-services-captiveportal-allowedips']['match'][] = "services_captiveportal_ip.php*";
+
+$priv_list['page-services-captiveportal-editallowedips'] = array();
+$priv_list['page-services-captiveportal-editallowedips']['name'] = "WebCfg - Services: Captive portal: Edit Allowed IPs page";
+$priv_list['page-services-captiveportal-editallowedips']['descr'] = "Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.";
+$priv_list['page-services-captiveportal-editallowedips']['match'] = array();
+$priv_list['page-services-captiveportal-editallowedips']['match'][] = "services_captiveportal_ip_edit.php*";
+
+$priv_list['page-services-captiveportal-macaddresses'] = array();
+$priv_list['page-services-captiveportal-macaddresses']['name'] = "WebCfg - Services: Captive portal: Mac Addresses page";
+$priv_list['page-services-captiveportal-macaddresses']['descr'] = "Allow access to the 'Services: Captive portal: Mac Addresses' page.";
+$priv_list['page-services-captiveportal-macaddresses']['match'] = array();
+$priv_list['page-services-captiveportal-macaddresses']['match'][] = "services_captiveportal_mac.php*";
+
+$priv_list['page-services-captiveportal-editmacaddresses'] = array();
+$priv_list['page-services-captiveportal-editmacaddresses']['name'] = "WebCfg - Services: Captive portal: Edit MAC Addresses page";
+$priv_list['page-services-captiveportal-editmacaddresses']['descr'] = "Allow access to the 'Services: Captive portal: Edit MAC Addresses' page.";
+$priv_list['page-services-captiveportal-editmacaddresses']['match'] = array();
+$priv_list['page-services-captiveportal-editmacaddresses']['match'][] = "services_captiveportal_mac_edit.php*";
+
+$priv_list['page-services-captiveportal-users'] = array();
+$priv_list['page-services-captiveportal-users']['name'] = "WebCfg - Services: Captive portal: Users page";
+$priv_list['page-services-captiveportal-users']['descr'] = "Allow access to the 'Services: Captive portal: Users' page.";
+$priv_list['page-services-captiveportal-users']['match'] = array();
+$priv_list['page-services-captiveportal-users']['match'][] = "services_captiveportal_users.php*";
+
+$priv_list['page-services-captiveportal-edituser'] = array();
+$priv_list['page-services-captiveportal-edituser']['name'] = "WebCfg - Services: Captive portal: Edit User page";
+$priv_list['page-services-captiveportal-edituser']['descr'] = "Allow access to the 'Services: Captive portal: Edit User' page.";
+$priv_list['page-services-captiveportal-edituser']['match'] = array();
+$priv_list['page-services-captiveportal-edituser']['match'][] = "services_captiveportal_users_edit.php*";
+
+$priv_list['page-services-dhcpserver'] = array();
+$priv_list['page-services-dhcpserver']['name'] = "WebCfg - Services: DHCP server page";
+$priv_list['page-services-dhcpserver']['descr'] = "Allow access to the 'Services: DHCP server' page.";
+$priv_list['page-services-dhcpserver']['match'] = array();
+$priv_list['page-services-dhcpserver']['match'][] = "services_dhcp.php*";
+
+$priv_list['page-services-dhcpserver-editstaticmapping'] = array();
+$priv_list['page-services-dhcpserver-editstaticmapping']['name'] = "WebCfg - Services: DHCP Server : Edit static mapping page";
+$priv_list['page-services-dhcpserver-editstaticmapping']['descr'] = "Allow access to the 'Services: DHCP Server : Edit static mapping' page.";
+$priv_list['page-services-dhcpserver-editstaticmapping']['match'] = array();
+$priv_list['page-services-dhcpserver-editstaticmapping']['match'][] = "services_dhcp_edit.php*";
+
+$priv_list['page-services-dhcprelay'] = array();
+$priv_list['page-services-dhcprelay']['name'] = "WebCfg - Services: DHCP Relay page";
+$priv_list['page-services-dhcprelay']['descr'] = "Allow access to the 'Services: DHCP Relay' page.";
+$priv_list['page-services-dhcprelay']['match'] = array();
+$priv_list['page-services-dhcprelay']['match'][] = "services_dhcp_relay.php*";
+
+$priv_list['page-services-dnsforwarder'] = array();
+$priv_list['page-services-dnsforwarder']['name'] = "WebCfg - Services: DNS Forwarder page";
+$priv_list['page-services-dnsforwarder']['descr'] = "Allow access to the 'Services: DNS Forwarder' page.";
+$priv_list['page-services-dnsforwarder']['match'] = array();
+$priv_list['page-services-dnsforwarder']['match'][] = "services_dnsmasq.php*";
+
+$priv_list['page-services-dnsforwarder-editdomainoverride'] = array();
+$priv_list['page-services-dnsforwarder-editdomainoverride']['name'] = "WebCfg - Services: DNS Forwarder: Edit Domain Override page";
+$priv_list['page-services-dnsforwarder-editdomainoverride']['descr'] = "Allow access to the 'Services: DNS Forwarder: Edit Domain Override' page.";
+$priv_list['page-services-dnsforwarder-editdomainoverride']['match'] = array();
+$priv_list['page-services-dnsforwarder-editdomainoverride']['match'][] = "services_dnsmasq_domainoverride_edit.php*";
+
+$priv_list['page-services-dnsforwarder-edithost'] = array();
+$priv_list['page-services-dnsforwarder-edithost']['name'] = "WebCfg - Services: DNS Forwarder: Edit host page";
+$priv_list['page-services-dnsforwarder-edithost']['descr'] = "Allow access to the 'Services: DNS Forwarder: Edit host' page.";
+$priv_list['page-services-dnsforwarder-edithost']['match'] = array();
+$priv_list['page-services-dnsforwarder-edithost']['match'][] = "services_dnsmasq_edit.php*";
+
+$priv_list['page-services-dynamicdnsclients'] = array();
+$priv_list['page-services-dynamicdnsclients']['name'] = "WebCfg - Services: Dynamic DNS clients page";
+$priv_list['page-services-dynamicdnsclients']['descr'] = "Allow access to the 'Services: Dynamic DNS clients' page.";
+$priv_list['page-services-dynamicdnsclients']['match'] = array();
+$priv_list['page-services-dynamicdnsclients']['match'][] = "services_dyndns.php*";
+
+$priv_list['page-services-dynamicdnsclient'] = array();
+$priv_list['page-services-dynamicdnsclient']['name'] = "WebCfg - Services: Dynamic DNS client page";
+$priv_list['page-services-dynamicdnsclient']['descr'] = "Allow access to the 'Services: Dynamic DNS client' page.";
+$priv_list['page-services-dynamicdnsclient']['match'] = array();
+$priv_list['page-services-dynamicdnsclient']['match'][] = "services_dyndns_edit.php*";
+
+$priv_list['page-services-proxyarp'] = array();
+$priv_list['page-services-proxyarp']['name'] = "WebCfg - Services: Proxy ARP page";
+$priv_list['page-services-proxyarp']['descr'] = "Allow access to the 'Services: Proxy ARP' page.";
+$priv_list['page-services-proxyarp']['match'] = array();
+$priv_list['page-services-proxyarp']['match'][] = "services_proxyarp.php*";
+
+$priv_list['page-services-proxyarp-edit'] = array();
+$priv_list['page-services-proxyarp-edit']['name'] = "WebCfg - Services: Proxy ARP: Edit page";
+$priv_list['page-services-proxyarp-edit']['descr'] = "Allow access to the 'Services: Proxy ARP: Edit' page.";
+$priv_list['page-services-proxyarp-edit']['match'] = array();
+$priv_list['page-services-proxyarp-edit']['match'][] = "services_proxyarp_edit.php*";
+
+$priv_list['page-services-rfc2136clients'] = array();
+$priv_list['page-services-rfc2136clients']['name'] = "WebCfg - Services: RFC 2136 clients page";
+$priv_list['page-services-rfc2136clients']['descr'] = "Allow access to the 'Services: RFC 2136 clients' page.";
+$priv_list['page-services-rfc2136clients']['match'] = array();
+$priv_list['page-services-rfc2136clients']['match'][] = "services_rfc2136.php*";
+
+$priv_list['page-services-snmp'] = array();
+$priv_list['page-services-snmp']['name'] = "WebCfg - Services: SNMP page";
+$priv_list['page-services-snmp']['descr'] = "Allow access to the 'Services: SNMP' page.";
+$priv_list['page-services-snmp']['match'] = array();
+$priv_list['page-services-snmp']['match'][] = "services_snmp.php*";
+
+$priv_list['page-services-usermanager'] = array();
+$priv_list['page-services-usermanager']['name'] = "WebCfg - Services: User Manager page";
+$priv_list['page-services-usermanager']['descr'] = "Allow access to the 'Services: User Manager' page.";
+$priv_list['page-services-usermanager']['match'] = array();
+$priv_list['page-services-usermanager']['match'][] = "services_usermanager.php*";
+
+$priv_list['page-services-wakeonlan'] = array();
+$priv_list['page-services-wakeonlan']['name'] = "WebCfg - Services: Wake on LAN page";
+$priv_list['page-services-wakeonlan']['descr'] = "Allow access to the 'Services: Wake on LAN' page.";
+$priv_list['page-services-wakeonlan']['match'] = array();
+$priv_list['page-services-wakeonlan']['match'][] = "services_wol.php*";
+
+$priv_list['page-services-wakeonlan-edit'] = array();
+$priv_list['page-services-wakeonlan-edit']['name'] = "WebCfg - Services: Wake on LAN: Edit page";
+$priv_list['page-services-wakeonlan-edit']['descr'] = "Allow access to the 'Services: Wake on LAN: Edit' page.";
+$priv_list['page-services-wakeonlan-edit']['match'] = array();
+$priv_list['page-services-wakeonlan-edit']['match'][] = "services_wol_edit.php*";
+
+$priv_list['page-hidden-detailedstatus'] = array();
+$priv_list['page-hidden-detailedstatus']['name'] = "WebCfg - Hidden: Detailed Status page";
+$priv_list['page-hidden-detailedstatus']['descr'] = "Allow access to the 'Hidden: Detailed Status' page.";
+$priv_list['page-hidden-detailedstatus']['match'] = array();
+$priv_list['page-hidden-detailedstatus']['match'][] = "status.php*";
+
+$priv_list['page-status-captiveportal'] = array();
+$priv_list['page-status-captiveportal']['name'] = "WebCfg - Status: Captive portal page";
+$priv_list['page-status-captiveportal']['descr'] = "Allow access to the 'Status: Captive portal' page.";
+$priv_list['page-status-captiveportal']['match'] = array();
+$priv_list['page-status-captiveportal']['match'][] = "status_captiveportal.php*";
+
+$priv_list['page-status-filterreloadstatus'] = array();
+$priv_list['page-status-filterreloadstatus']['name'] = "WebCfg - Status: Filter Reload Status page";
+$priv_list['page-status-filterreloadstatus']['descr'] = "Allow access to the 'Status: Filter Reload Status' page.";
+$priv_list['page-status-filterreloadstatus']['match'] = array();
+$priv_list['page-status-filterreloadstatus']['match'][] = "status_filter_reload.php*";
+
+$priv_list['page-status-gatewaygroups'] = array();
+$priv_list['page-status-gatewaygroups']['name'] = "WebCfg - Status: Gateway Groups page";
+$priv_list['page-status-gatewaygroups']['descr'] = "Allow access to the 'Status: Gateway Groups' page.";
+$priv_list['page-status-gatewaygroups']['match'] = array();
+$priv_list['page-status-gatewaygroups']['match'][] = "status_gateway_groups.php*";
+
+$priv_list['page-status-gateways'] = array();
+$priv_list['page-status-gateways']['name'] = "WebCfg - Status: Gateways page";
+$priv_list['page-status-gateways']['descr'] = "Allow access to the 'Status: Gateways' page.";
+$priv_list['page-status-gateways']['match'] = array();
+$priv_list['page-status-gateways']['match'][] = "status_gateways.php*";
+
+$priv_list['page-status-trafficgraph'] = array();
+$priv_list['page-status-trafficgraph']['name'] = "WebCfg - Status: Traffic Graph page";
+$priv_list['page-status-trafficgraph']['descr'] = "Allow access to the 'Status: Traffic Graph' page.";
+$priv_list['page-status-trafficgraph']['match'] = array();
+$priv_list['page-status-trafficgraph']['match'][] = "status_graph.php*";
+
+$priv_list['page-status-cpuload'] = array();
+$priv_list['page-status-cpuload']['name'] = "WebCfg - Status: CPU load page";
+$priv_list['page-status-cpuload']['descr'] = "Allow access to the 'Status: CPU load' page.";
+$priv_list['page-status-cpuload']['match'] = array();
+$priv_list['page-status-cpuload']['match'][] = "status_graph_cpu.php*";
+
+$priv_list['page-status-interfaces'] = array();
+$priv_list['page-status-interfaces']['name'] = "WebCfg - Status: Interfaces page";
+$priv_list['page-status-interfaces']['descr'] = "Allow access to the 'Status: Interfaces' page.";
+$priv_list['page-status-interfaces']['match'] = array();
+$priv_list['page-status-interfaces']['match'][] = "status_interfaces.php*";
+
+$priv_list['page-status-openvpn'] = array();
+$priv_list['page-status-openvpn']['name'] = "WebCfg - Status: OpenVPN page";
+$priv_list['page-status-openvpn']['descr'] = "Allow access to the 'Status: OpenVPN' page.";
+$priv_list['page-status-openvpn']['match'] = array();
+$priv_list['page-status-openvpn']['match'][] = "status_ovpn.php*";
+
+$priv_list['page-status-trafficshaper-queues'] = array();
+$priv_list['page-status-trafficshaper-queues']['name'] = "WebCfg - Status: Traffic shaper: Queues page";
+$priv_list['page-status-trafficshaper-queues']['descr'] = "Allow access to the 'Status: Traffic shaper: Queues' page.";
+$priv_list['page-status-trafficshaper-queues']['match'] = array();
+$priv_list['page-status-trafficshaper-queues']['match'][] = "status_queues.php*";
+
+$priv_list['page-status-rrdgraphs'] = array();
+$priv_list['page-status-rrdgraphs']['name'] = "WebCfg - Status: RRD Graphs page";
+$priv_list['page-status-rrdgraphs']['descr'] = "Allow access to the 'Status: RRD Graphs' page.";
+$priv_list['page-status-rrdgraphs']['match'] = array();
+$priv_list['page-status-rrdgraphs']['match'][] = "status_rrd_graph.php*";
+
+$priv_list['page-status-rrdgraphs'] = array();
+$priv_list['page-status-rrdgraphs']['name'] = "WebCfg - Status: RRD Graphs page";
+$priv_list['page-status-rrdgraphs']['descr'] = "Allow access to the 'Status: RRD Graphs' page.";
+$priv_list['page-status-rrdgraphs']['match'] = array();
+$priv_list['page-status-rrdgraphs']['match'][] = "status_rrd_graph_settings.php*";
+
+$priv_list['page-status-services'] = array();
+$priv_list['page-status-services']['name'] = "WebCfg - Status: Services page";
+$priv_list['page-status-services']['descr'] = "Allow access to the 'Status: Services' page.";
+$priv_list['page-status-services']['match'] = array();
+$priv_list['page-status-services']['match'][] = "status_services.php*";
+
+$priv_list['page-status-loadbalancer-pool'] = array();
+$priv_list['page-status-loadbalancer-pool']['name'] = "WebCfg - Status: Load Balancer: Pool page";
+$priv_list['page-status-loadbalancer-pool']['descr'] = "Allow access to the 'Status: Load Balancer: Pool' page.";
+$priv_list['page-status-loadbalancer-pool']['match'] = array();
+$priv_list['page-status-loadbalancer-pool']['match'][] = "status_slbd_pool.php*";
+
+$priv_list['page-status-loadbalancer-virtualserver'] = array();
+$priv_list['page-status-loadbalancer-virtualserver']['name'] = "WebCfg - Status: Load Balancer: Virtual Server page";
+$priv_list['page-status-loadbalancer-virtualserver']['descr'] = "Allow access to the 'Status: Load Balancer: Virtual Server' page.";
+$priv_list['page-status-loadbalancer-virtualserver']['match'] = array();
+$priv_list['page-status-loadbalancer-virtualserver']['match'][] = "status_slbd_vs.php*";
+
+$priv_list['page-status-upnpstatus'] = array();
+$priv_list['page-status-upnpstatus']['name'] = "WebCfg - Status: UPnP Status page";
+$priv_list['page-status-upnpstatus']['descr'] = "Allow access to the 'Status: UPnP Status' page.";
+$priv_list['page-status-upnpstatus']['match'] = array();
+$priv_list['page-status-upnpstatus']['match'][] = "status_upnp.php*";
+
+$priv_list['page-diagnostics-wirelessstatus'] = array();
+$priv_list['page-diagnostics-wirelessstatus']['name'] = "WebCfg - Diagnostics: Wireless Status page";
+$priv_list['page-diagnostics-wirelessstatus']['descr'] = "Allow access to the 'Diagnostics: Wireless Status' page.";
+$priv_list['page-diagnostics-wirelessstatus']['match'] = array();
+$priv_list['page-diagnostics-wirelessstatus']['match'][] = "status_wireless.php*";
+
+$priv_list['page-system-generalsetup'] = array();
+$priv_list['page-system-generalsetup']['name'] = "WebCfg - System: General Setup page";
+$priv_list['page-system-generalsetup']['descr'] = "Allow access to the 'System: General Setup' page.";
+$priv_list['page-system-generalsetup']['match'] = array();
+$priv_list['page-system-generalsetup']['match'][] = "system.php*";
+
+$priv_list['page-system-advancedfunctions'] = array();
+$priv_list['page-system-advancedfunctions']['name'] = "WebCfg - System: Advanced functions page";
+$priv_list['page-system-advancedfunctions']['descr'] = "Allow access to the 'System: Advanced functions' page.";
+$priv_list['page-system-advancedfunctions']['match'] = array();
+$priv_list['page-system-advancedfunctions']['match'][] = "system_advanced.php*";
+
+$priv_list['page-system-advancedfunctions-createcertificates'] = array();
+$priv_list['page-system-advancedfunctions-createcertificates']['name'] = "WebCfg - System: Advanced functions: Create Certificates page";
+$priv_list['page-system-advancedfunctions-createcertificates']['descr'] = "Allow access to the 'System: Advanced functions: Create Certificates' page.";
+$priv_list['page-system-advancedfunctions-createcertificates']['match'] = array();
+$priv_list['page-system-advancedfunctions-createcertificates']['match'][] = "system_advanced_create_certs.php*";
+
+$priv_list['page-system-firmware-manualupdate'] = array();
+$priv_list['page-system-firmware-manualupdate']['name'] = "WebCfg - System: Firmware: Manual Update page";
+$priv_list['page-system-firmware-manualupdate']['descr'] = "Allow access to the 'System: Firmware: Manual Update' page.";
+$priv_list['page-system-firmware-manualupdate']['match'] = array();
+$priv_list['page-system-firmware-manualupdate']['match'][] = "system_firmware.php*";
+
+$priv_list['page-system-firmware-checkforupdate'] = array();
+$priv_list['page-system-firmware-checkforupdate']['name'] = "WebCfg - System: Firmware: Check For Update page";
+$priv_list['page-system-firmware-checkforupdate']['descr'] = "Allow access to the 'System: Firmware: Check For Update' page.";
+$priv_list['page-system-firmware-checkforupdate']['match'] = array();
+$priv_list['page-system-firmware-checkforupdate']['match'][] = "system_firmware_auto.php*";
+
+$priv_list['page-system-firmware-autoupdate'] = array();
+$priv_list['page-system-firmware-autoupdate']['name'] = "WebCfg - System: Firmware: Auto Update page";
+$priv_list['page-system-firmware-autoupdate']['descr'] = "Allow access to the 'System: Firmware: Auto Update' page.";
+$priv_list['page-system-firmware-autoupdate']['match'] = array();
+$priv_list['page-system-firmware-autoupdate']['match'][] = "system_firmware_check.php*";
+
+$priv_list['page-system-firmware-settings'] = array();
+$priv_list['page-system-firmware-settings']['name'] = "WebCfg - System: Firmware: Settings page";
+$priv_list['page-system-firmware-settings']['descr'] = "Allow access to the 'System: Firmware: Settings' page.";
+$priv_list['page-system-firmware-settings']['match'] = array();
+$priv_list['page-system-firmware-settings']['match'][] = "system_firmware_settings.php*";
+
+$priv_list['page-system-gateways'] = array();
+$priv_list['page-system-gateways']['name'] = "WebCfg - System: Gateways page";
+$priv_list['page-system-gateways']['descr'] = "Allow access to the 'System: Gateways' page.";
+$priv_list['page-system-gateways']['match'] = array();
+$priv_list['page-system-gateways']['match'][] = "system_gateways.php*";
+
+$priv_list['page-system-gatewaygroups'] = array();
+$priv_list['page-system-gatewaygroups']['name'] = "WebCfg - System: Gateway Groups page";
+$priv_list['page-system-gatewaygroups']['descr'] = "Allow access to the 'System: Gateway Groups' page.";
+$priv_list['page-system-gatewaygroups']['match'] = array();
+$priv_list['page-system-gatewaygroups']['match'][] = "system_gateway_groups.php*";
+
+$priv_list['page-system-gateways-editgatewaygroups'] = array();
+$priv_list['page-system-gateways-editgatewaygroups']['name'] = "WebCfg - System: Gateways: Edit Gateway Groups page";
+$priv_list['page-system-gateways-editgatewaygroups']['descr'] = "Allow access to the 'System: Gateways: Edit Gateway Groups' page.";
+$priv_list['page-system-gateways-editgatewaygroups']['match'] = array();
+$priv_list['page-system-gateways-editgatewaygroups']['match'][] = "system_gateway_groups_edit.php*";
+
+$priv_list['page-system-gateways-editgateway'] = array();
+$priv_list['page-system-gateways-editgateway']['name'] = "WebCfg - System: Gateways: Edit Gateway page";
+$priv_list['page-system-gateways-editgateway']['descr'] = "Allow access to the 'System: Gateways: Edit Gateway' page.";
+$priv_list['page-system-gateways-editgateway']['match'] = array();
+$priv_list['page-system-gateways-editgateway']['match'][] = "system_gateways_edit.php*";
+
+$priv_list['page-system-groupmanager'] = array();
+$priv_list['page-system-groupmanager']['name'] = "WebCfg - System: Group manager page";
+$priv_list['page-system-groupmanager']['descr'] = "Allow access to the 'System: Group manager' page.";
+$priv_list['page-system-groupmanager']['match'] = array();
+$priv_list['page-system-groupmanager']['match'][] = "system_groupmanager.php*";
+
+$priv_list['page-system-groupmanager-editprivileges'] = array();
+$priv_list['page-system-groupmanager-editprivileges']['name'] = "WebCfg - System: Group manager: Edit Privileges page";
+$priv_list['page-system-groupmanager-editprivileges']['descr'] = "Allow access to the 'System: Group manager: Edit Privileges' page.";
+$priv_list['page-system-groupmanager-editprivileges']['match'] = array();
+$priv_list['page-system-groupmanager-editprivileges']['match'][] = "system_groupmanager_edit.php*";
+
+$priv_list['page-system-staticroutes'] = array();
+$priv_list['page-system-staticroutes']['name'] = "WebCfg - System: Static Routes page";
+$priv_list['page-system-staticroutes']['descr'] = "Allow access to the 'System: Static Routes' page.";
+$priv_list['page-system-staticroutes']['match'] = array();
+$priv_list['page-system-staticroutes']['match'][] = "system_routes.php*";
+
+$priv_list['page-system-staticroutes-editroute'] = array();
+$priv_list['page-system-staticroutes-editroute']['name'] = "WebCfg - System: Static Routes: Edit route page";
+$priv_list['page-system-staticroutes-editroute']['descr'] = "Allow access to the 'System: Static Routes: Edit route' page.";
+$priv_list['page-system-staticroutes-editroute']['match'] = array();
+$priv_list['page-system-staticroutes-editroute']['match'][] = "system_routes_edit.php*";
+
+$priv_list['page-system-usermanager'] = array();
+$priv_list['page-system-usermanager']['name'] = "WebCfg - System: User Manager page";
+$priv_list['page-system-usermanager']['descr'] = "Allow access to the 'System: User Manager' page.";
+$priv_list['page-system-usermanager']['match'] = array();
+$priv_list['page-system-usermanager']['match'][] = "system_usermanager.php*";
+
+$priv_list['page-system-usermanager-addprivileges'] = array();
+$priv_list['page-system-usermanager-addprivileges']['name'] = "WebCfg - System: User Manager: Add Privileges page";
+$priv_list['page-system-usermanager-addprivileges']['descr'] = "Allow access to the 'System: User Manager: Add Privileges' page.";
+$priv_list['page-system-usermanager-addprivileges']['match'] = array();
+$priv_list['page-system-usermanager-addprivileges']['match'][] = "system_usermanager_addprivs.php*";
+
+$priv_list['page-system-usermanager-settings'] = array();
+$priv_list['page-system-usermanager-settings']['name'] = "WebCfg - System: User manager: settings page";
+$priv_list['page-system-usermanager-settings']['descr'] = "Allow access to the 'System: User manager: settings' page.";
+$priv_list['page-system-usermanager-settings']['match'] = array();
+$priv_list['page-system-usermanager-settings']['match'][] = "system_usermanager_settings.php*";
+
+$priv_list['page-system-usermanager-settings-testldap'] = array();
+$priv_list['page-system-usermanager-settings-testldap']['name'] = "WebCfg - System: User Manager: Settings: Test LDAP page";
+$priv_list['page-system-usermanager-settings-testldap']['descr'] = "Allow access to the 'System: User Manager: Settings: Test LDAP' page.";
+$priv_list['page-system-usermanager-settings-testldap']['match'] = array();
+$priv_list['page-system-usermanager-settings-testldap']['match'][] = "system_usermanager_settings_test.php*";
+
+$priv_list['page-hidden-uploadconfiguration'] = array();
+$priv_list['page-hidden-uploadconfiguration']['name'] = "WebCfg - Hidden: Upload Configuration page";
+$priv_list['page-hidden-uploadconfiguration']['descr'] = "Allow access to the 'Hidden: Upload Configuration' page.";
+$priv_list['page-hidden-uploadconfiguration']['match'] = array();
+$priv_list['page-hidden-uploadconfiguration']['match'][] = "uploadconfig.php*";
+
+$priv_list['page-vpn-ipsec'] = array();
+$priv_list['page-vpn-ipsec']['name'] = "WebCfg - VPN: IPsec page";
+$priv_list['page-vpn-ipsec']['descr'] = "Allow access to the 'VPN: IPsec' page.";
+$priv_list['page-vpn-ipsec']['match'] = array();
+$priv_list['page-vpn-ipsec']['match'][] = "vpn_ipsec.php*";
+
+$priv_list['page-vpn-ipsec-certificateauthority'] = array();
+$priv_list['page-vpn-ipsec-certificateauthority']['name'] = "WebCfg - VPN: IPsec: Certificate Authority page";
+$priv_list['page-vpn-ipsec-certificateauthority']['descr'] = "Allow access to the 'VPN: IPsec: Certificate Authority' page.";
+$priv_list['page-vpn-ipsec-certificateauthority']['match'] = array();
+$priv_list['page-vpn-ipsec-certificateauthority']['match'][] = "vpn_ipsec_ca.php*";
+
+$priv_list['page-vpn-ipsec-certificateauthority-edit'] = array();
+$priv_list['page-vpn-ipsec-certificateauthority-edit']['name'] = "WebCfg - VPN: IPsec: Certificate Authority: Edit page";
+$priv_list['page-vpn-ipsec-certificateauthority-edit']['descr'] = "Allow access to the 'VPN: IPsec: Certificate Authority: Edit' page.";
+$priv_list['page-vpn-ipsec-certificateauthority-edit']['match'] = array();
+$priv_list['page-vpn-ipsec-certificateauthority-edit']['match'][] = "vpn_ipsec_ca_edit.php*";
+
+$priv_list['page-vpn-ipsec-mobile'] = array();
+$priv_list['page-vpn-ipsec-mobile']['name'] = "WebCfg - VPN: IPsec: Mobile page";
+$priv_list['page-vpn-ipsec-mobile']['descr'] = "Allow access to the 'VPN: IPsec: Mobile' page.";
+$priv_list['page-vpn-ipsec-mobile']['match'] = array();
+$priv_list['page-vpn-ipsec-mobile']['match'][] = "vpn_ipsec_mobile.php*";
+
+$priv_list['page-vpn-ipsec-editphase1'] = array();
+$priv_list['page-vpn-ipsec-editphase1']['name'] = "WebCfg - VPN: IPsec: Edit Phase 1 page";
+$priv_list['page-vpn-ipsec-editphase1']['descr'] = "Allow access to the 'VPN: IPsec: Edit Phase 1' page.";
+$priv_list['page-vpn-ipsec-editphase1']['match'] = array();
+$priv_list['page-vpn-ipsec-editphase1']['match'][] = "vpn_ipsec_phase1.php*";
+
+$priv_list['page-vpn-ipsec-editphase2'] = array();
+$priv_list['page-vpn-ipsec-editphase2']['name'] = "WebCfg - VPN: IPsec: Edit Phase 2 page";
+$priv_list['page-vpn-ipsec-editphase2']['descr'] = "Allow access to the 'VPN: IPsec: Edit Phase 2' page.";
+$priv_list['page-vpn-ipsec-editphase2']['match'] = array();
+$priv_list['page-vpn-ipsec-editphase2']['match'][] = "vpn_ipsec_phase2.php*";
+
+$priv_list['page-vpn-openvpn-createcerts'] = array();
+$priv_list['page-vpn-openvpn-createcerts']['name'] = "WebCfg - VPN: OpenVPN: Create Certs page";
+$priv_list['page-vpn-openvpn-createcerts']['descr'] = "Allow access to the 'VPN: OpenVPN: Create Certs' page.";
+$priv_list['page-vpn-openvpn-createcerts']['match'] = array();
+$priv_list['page-vpn-openvpn-createcerts']['match'][] = "vpn_openvpn_certs_create.php*";
+
+$priv_list['page-vpn-openvpn-createexistingcerts'] = array();
+$priv_list['page-vpn-openvpn-createexistingcerts']['name'] = "WebCfg - VPN: OpenVPN: Create Existing Certs page";
+$priv_list['page-vpn-openvpn-createexistingcerts']['descr'] = "Allow access to the 'VPN: OpenVPN: Create Existing Certs' page.";
+$priv_list['page-vpn-openvpn-createexistingcerts']['match'] = array();
+$priv_list['page-vpn-openvpn-createexistingcerts']['match'][] = "vpn_openvpn_certs_existing.php*";
+
+$priv_list['page-vpn-openvpn-editclient'] = array();
+$priv_list['page-vpn-openvpn-editclient']['name'] = "WebCfg - VPN: OpenVPN: Edit client page";
+$priv_list['page-vpn-openvpn-editclient']['descr'] = "Allow access to the 'VPN: OpenVPN: Edit client' page.";
+$priv_list['page-vpn-openvpn-editclient']['match'] = array();
+$priv_list['page-vpn-openvpn-editclient']['match'][] = "vpn_openvpn_cli_edit.php*";
+
+$priv_list['page-vpn-openvpn-createcerts'] = array();
+$priv_list['page-vpn-openvpn-createcerts']['name'] = "WebCfg - VPN: OpenVPN: Create Certs page";
+$priv_list['page-vpn-openvpn-createcerts']['descr'] = "Allow access to the 'VPN: OpenVPN: Create Certs' page.";
+$priv_list['page-vpn-openvpn-createcerts']['match'] = array();
+$priv_list['page-vpn-openvpn-createcerts']['match'][] = "vpn_openvpn_create_certs.php*";
+
+$priv_list['page-vpn-openvpn-editcrl'] = array();
+$priv_list['page-vpn-openvpn-editcrl']['name'] = "WebCfg - VPN: OpenVPN: Edit CRL page";
+$priv_list['page-vpn-openvpn-editcrl']['descr'] = "Allow access to the 'VPN: OpenVPN: Edit CRL' page.";
+$priv_list['page-vpn-openvpn-editcrl']['match'] = array();
+$priv_list['page-vpn-openvpn-editcrl']['match'][] = "vpn_openvpn_crl_edit.php*";
+
+$priv_list['page-vpn-openvpn-editserver'] = array();
+$priv_list['page-vpn-openvpn-editserver']['name'] = "WebCfg - VPN: OpenVPN: Edit server page";
+$priv_list['page-vpn-openvpn-editserver']['descr'] = "Allow access to the 'VPN: OpenVPN: Edit server' page.";
+$priv_list['page-vpn-openvpn-editserver']['match'] = array();
+$priv_list['page-vpn-openvpn-editserver']['match'][] = "vpn_openvpn_srv_edit.php*";
+
+$priv_list['page-vpn-vpnopenvpn-user-edit'] = array();
+$priv_list['page-vpn-vpnopenvpn-user-edit']['name'] = "WebCfg - VPN: VPN OpenVPN: User: Edit page";
+$priv_list['page-vpn-vpnopenvpn-user-edit']['descr'] = "Allow access to the 'VPN: VPN OpenVPN: User: Edit' page.";
+$priv_list['page-vpn-vpnopenvpn-user-edit']['match'] = array();
+$priv_list['page-vpn-vpnopenvpn-user-edit']['match'][] = "vpn_openvpn_user_edit.php*";
+
+$priv_list['page-vpn-vpnopenvpn-users'] = array();
+$priv_list['page-vpn-vpnopenvpn-users']['name'] = "WebCfg - VPN: VPN OpenVPN: Users page";
+$priv_list['page-vpn-vpnopenvpn-users']['descr'] = "Allow access to the 'VPN: VPN OpenVPN: Users' page.";
+$priv_list['page-vpn-vpnopenvpn-users']['match'] = array();
+$priv_list['page-vpn-vpnopenvpn-users']['match'][] = "vpn_openvpn_users.php*";
+
+$priv_list['page-vpn-vpnopenvpn-user-edit'] = array();
+$priv_list['page-vpn-vpnopenvpn-user-edit']['name'] = "WebCfg - VPN: VPN OpenVPN: User: Edit page";
+$priv_list['page-vpn-vpnopenvpn-user-edit']['descr'] = "Allow access to the 'VPN: VPN OpenVPN: User: Edit' page.";
+$priv_list['page-vpn-vpnopenvpn-user-edit']['match'] = array();
+$priv_list['page-vpn-vpnopenvpn-user-edit']['match'][] = "vpn_openvpn_users_edit.php*";
+
+$priv_list['page-services-pppoeserver'] = array();
+$priv_list['page-services-pppoeserver']['name'] = "WebCfg - Services: PPPoE Server page";
+$priv_list['page-services-pppoeserver']['descr'] = "Allow access to the 'Services: PPPoE Server' page.";
+$priv_list['page-services-pppoeserver']['match'] = array();
+$priv_list['page-services-pppoeserver']['match'][] = "vpn_pppoe.php*";
+
+$priv_list['page-services-pppoeserver-users'] = array();
+$priv_list['page-services-pppoeserver-users']['name'] = "WebCfg - Services: PPPoE Server: Users page";
+$priv_list['page-services-pppoeserver-users']['descr'] = "Allow access to the 'Services: PPPoE Server: Users' page.";
+$priv_list['page-services-pppoeserver-users']['match'] = array();
+$priv_list['page-services-pppoeserver-users']['match'][] = "vpn_pppoe_users.php*";
+
+$priv_list['page-services-pppoeserver-user-edit'] = array();
+$priv_list['page-services-pppoeserver-user-edit']['name'] = "WebCfg - Services: PPPoE Server: User: Edit page";
+$priv_list['page-services-pppoeserver-user-edit']['descr'] = "Allow access to the 'Services: PPPoE Server: User: Edit' page.";
+$priv_list['page-services-pppoeserver-user-edit']['match'] = array();
+$priv_list['page-services-pppoeserver-user-edit']['match'][] = "vpn_pppoe_users_edit.php*";
+
+$priv_list['page-vpn-vpnpptp'] = array();
+$priv_list['page-vpn-vpnpptp']['name'] = "WebCfg - VPN: VPN PPTP page";
+$priv_list['page-vpn-vpnpptp']['descr'] = "Allow access to the 'VPN: VPN PPTP' page.";
+$priv_list['page-vpn-vpnpptp']['match'] = array();
+$priv_list['page-vpn-vpnpptp']['match'][] = "vpn_pptp.php*";
+
+$priv_list['page-vpn-vpnpptp-users'] = array();
+$priv_list['page-vpn-vpnpptp-users']['name'] = "WebCfg - VPN: VPN PPTP: Users page";
+$priv_list['page-vpn-vpnpptp-users']['descr'] = "Allow access to the 'VPN: VPN PPTP: Users' page.";
+$priv_list['page-vpn-vpnpptp-users']['match'] = array();
+$priv_list['page-vpn-vpnpptp-users']['match'][] = "vpn_pptp_users.php*";
+
+$priv_list['page-vpn-vpnpptp-user-edit'] = array();
+$priv_list['page-vpn-vpnpptp-user-edit']['name'] = "WebCfg - VPN: VPN PPTP: User: Edit page";
+$priv_list['page-vpn-vpnpptp-user-edit']['descr'] = "Allow access to the 'VPN: VPN PPTP: User: Edit' page.";
+$priv_list['page-vpn-vpnpptp-user-edit']['match'] = array();
+$priv_list['page-vpn-vpnpptp-user-edit']['match'][] = "vpn_pptp_users_edit.php*";
+
+$priv_list['page-pfsensewizardsubsystem'] = array();
+$priv_list['page-pfsensewizardsubsystem']['name'] = "WebCfg - pfSense wizard subsystem page";
+$priv_list['page-pfsensewizardsubsystem']['descr'] = "Allow access to the 'pfSense wizard subsystem' page.";
+$priv_list['page-pfsensewizardsubsystem']['match'] = array();
+$priv_list['page-pfsensewizardsubsystem']['match'][] = "wizard.php*";
+
+$priv_list['page-xmlrpclibrary'] = array();
+$priv_list['page-xmlrpclibrary']['name'] = "WebCfg - XMLRPC Library page";
+$priv_list['page-xmlrpclibrary']['descr'] = "Allow access to the 'XMLRPC Library' page.";
+$priv_list['page-xmlrpclibrary']['match'] = array();
+$priv_list['page-xmlrpclibrary']['match'][] = "xmlrpc.php*";
+
+
+$priv_rmvd = array();
+
+?>
diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc
new file mode 100644
index 0000000..917cc00
--- /dev/null
+++ b/etc/inc/priv.inc
@@ -0,0 +1,307 @@
+<?php
+/* $Id$ */
+/*
+		Copyright (C) 2008 Shrew Soft Inc
+		All rights reserved.
+
+		Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
+		All rights reserved.
+
+        Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
+        All rights reserved.
+
+        Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
+        All rights reserved.
+
+        Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+        All rights reserved.
+
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions are met:
+
+        1. Redistributions of source code must retain the above copyright notice,
+           this list of conditions and the following disclaimer.
+
+        2. Redistributions in binary form must reproduce the above copyright
+           notice, this list of conditions and the following disclaimer in the
+           documentation and/or other materials provided with the distribution.
+
+        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+        POSSIBILITY OF SUCH DAMAGE.
+
+		DISABLE_PHP_LINT_CHECKING
+*/
+
+require_once("functions.inc");
+require_once("priv.defs.inc");
+
+/*
+ * USER PRIVILEGE DEFINITIONS
+ */
+
+$priv_list['user-lock-webcfg'] = array();
+$priv_list['user-lock-webcfg']['name']  = "User - Locks webConfigurator";
+$priv_list['user-lock-webcfg']['descr'] = "Indicates whether the user will lock access to ".
+										  "the webConfigurator for other users";
+
+$priv_list['user-lock-ipages'] = array();
+$priv_list['user-lock-ipages']['name']  = "User - Locks individual pages";
+$priv_list['user-lock-ipages']['descr'] = "Indicates whether the user will lock individual ".
+										  "HTML pages after having accessed a particular page".
+										  "(the lock will be freed if the user leaves or ".
+										  "saves the page form).";
+
+$priv_list['user-shell-access'] = array();
+$priv_list['user-shell-access']['name']  = "User - Shell account access";
+$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ".
+										   "example via SSH.";
+
+$priv_list['user-copy-files'] = array();
+$priv_list['user-copy-files']['name']  = "User - Copy files";
+$priv_list['user-copy-files']['descr'] = "Indicates whether the user is allowed to copy files ".
+										 "onto the {$g['product_name']} appliance via SCP/SFTP. ".
+										 "If you are going to use this privilege, you must install ".
+										 "scponly on the appliance (Hint: pkg_add -r scponly).";
+
+sort_privs($priv_list);
+
+function cmp_privkeys($a, $b) {
+	/* user privs at the top */
+	$auser = strncmp("user-", $a, 5);
+	$buser = strncmp("user-", $b, 5);
+	if($auser != $buser)
+		return $auser - buser;
+
+	/* name compare others */
+	return strcasecmp($a, $b);
+}
+
+function sort_privs(& $privs) {
+
+	uksort($privs, "cmp_privkeys");
+}
+
+function cmp_page_matches($page, & $matches, $fullwc = true) {
+
+	if (!is_array($matches))
+		return false;
+
+	/* skip any leading fwdslash */
+	$test = strpos($page, "/");
+	if ($test !== false && $test == 0)
+		$page = substr($page, 1);
+
+	/* look for a match */
+	foreach ($matches as $match) {
+
+		/* possibly ignore full wildcard match */
+		if (!$fullwc && !strcmp($match ,"*"))
+			continue;
+
+		/* compare exact or wildcard match */
+		$wcpos = strpos($match, "*");
+		if ($wcpos === false)
+			$result = strcmp($page, $match);
+		else
+			$result = strncmp($page, $match, $wcpos);
+
+		if (!$result)
+			return true;
+	}
+
+	return false;
+}
+
+function map_page_privname($page) {
+	global $priv_list;
+
+	foreach ($priv_list as $pname => $pdata) {
+		if (strncmp($pname, "page-", 5))
+			continue;
+		$fullwc = false;
+		if (!strcasecmp($page,"any")||!strcmp($page,"*"))
+			$fullwc = true;
+		if (cmp_page_matches($page, $pdata['match'], $fullwc))
+			return $pname;
+	}
+
+	return false;
+}
+
+function get_user_privileges(& $user) {
+
+	$privs = $user['priv'];
+	if (!is_array($privs))
+		$privs = array();
+
+	$names = get_local_user_groups($user, true);
+
+	foreach ($names as $name) {
+		$group = getGroupEntry($name);
+		if (is_array($group['priv']))
+			$privs = array_merge( $privs, $group['priv']);
+	}
+
+	return $privs;
+}
+
+function get_user_privdesc(& $user) {
+	global $priv_list;
+
+	$privs = array();
+
+	$user_privs = $user['priv'];
+	if (!is_array($user_privs))
+		$user_privs = array();
+
+	$names = get_local_user_groups($user, true);
+
+	foreach ($names as $name) {
+		$group = getGroupEntry($name);
+		$group_privs = $group['priv'];
+		if (!is_array($group_privs))
+			continue;
+		foreach ($group_privs as $pname) {
+			if (in_array($pname,$user_privs))
+				continue;
+			if (!$priv_list[$pname])
+				continue;
+			$priv = $priv_list[$pname];
+			$priv['group'] = $group['name'];
+			$privs[] = $priv;
+		}
+	}
+
+	foreach ($user_privs as $pname)
+		if($priv_list[$pname])
+			$privs[] = $priv_list[$pname];
+
+	return $privs;
+}
+
+function isAllowedPage($page) {
+	global $_SESSION;
+
+	$username = $_SESSION['Username'];
+	if (!isset($username))
+		return false;
+
+	/* admin/root access check */
+	$user = getUserEntry($username);
+	if (isset($user))
+		if (isset($user['uid']))
+			if ($user['uid']==0)
+				return true;
+
+	/* user privelege access check */
+	if (cmp_page_matches($page, $allowed_pages))
+		return true;
+
+	return false;
+}
+
+function getPrivPages(& $entry, & $allowed_pages) {
+	global $priv_list;
+
+	if (!is_array($entry['priv']))
+		return;
+
+	foreach ($entry['priv'] as $pname) {
+		if (strncmp($pname, "page-", 5))
+			continue;
+		$priv = &$priv_list[$pname];
+		if (!is_array($priv))
+			continue;
+		$matches = &$priv['match'];
+		if (!is_array($matches))
+			continue;
+		foreach ($matches as $match)
+			$allowed_pages[] = $match;
+	}
+}
+
+function getAllowedPages($username) {
+	global $config, $_SESSION;
+
+	if (!function_exists("ldap_connect"))
+		return;
+	
+	$allowed_pages = array();
+	$allowed_groups = array();
+	
+	$ldapon = $_SESSION['ldapon'];
+
+	// search for a local user by name
+	$local_user = getUserEntry($username);
+
+	// obtain local groups if we have a local user
+	if ($local_user) {
+		$allowed_groups = get_local_user_groups($local_user);
+		getPrivPages($local_user, $allowed_pages);
+	}
+
+	// obtain ldap groups if we are in ldap mode
+	if ($config['system']['webgui']['backend'] == "ldap" && !$local_user)
+		$allowed_groups = ldap_get_groups($username);
+
+	// obtain ldapother groups if we are in ldap mode
+	if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user)
+		$allowed_groups = ldap_get_groups($username);
+
+	// build a list of allowed pages
+	if (is_array($config['system']['group']) && is_array($allowed_groups))
+		foreach ($config['system']['group'] as $group)
+			if (in_array($group['name'], $allowed_groups))
+				getPrivPages($group, $allowed_pages);
+
+	$allowed_groups = print_r($allowed_groups, true);
+	$fdny = fopen("/tmp/groups", "w");
+	fwrite($fdny, $allowed_groups);
+	fclose($fdny);
+
+	$_SESSION['privs'] = $allowed_pages;
+
+	return $allowed_pages;
+}
+
+function userHasPrivilege($userent, $privid = false) {
+
+	if (!$privid || !is_array($userent))
+		return false;
+
+	$privs = get_user_privileges($userent);
+
+	if (!is_array($privs))
+		return false;
+
+	if (!in_array($privid, $privs))
+		return false;
+
+	return true;
+}
+
+function hasPrivilegeLock($userent) {
+	return userHasPrivilege($userent, "user-lock-webcfg");
+}
+
+function hasPrivilegeLockPages($userent) {
+	return userHasPrivilege($userent, "user-lock-ipages");
+}
+
+function hasPrivilegeShell($userent) {
+	return userHasPrivilege($userent, "user-shell-access");
+}
+
+function hasPrivilegeCopyFiles($userent) {
+	return userHasPrivilege($userent, "user-copy-files");
+}
+
+?>
diff --git a/etc/rc.initial.password b/etc/rc.initial.password
index 64dd34e..f92055f 100755
--- a/etc/rc.initial.password
+++ b/etc/rc.initial.password
@@ -45,8 +45,7 @@ The webConfigurator password will be reset to the default (which is "' . strtolo
 		foreach ($config['system']['user'] as & $user) {
 			if (isset($user['uid']) && !$user['uid']) {
 				$user['name'] = "admin";
-				set_local_user_password($user,strtolower($g['product_name']));
-				set_local_user($user);
+				set_local_user($user, strtolower($g['product_name']));
 				write_config(gettext("password changed from console menu"));
 				system_password_configure();
 				break;
diff --git a/usr/local/www/carp_status.php b/usr/local/www/carp_status.php
index 93c5b39..f9bd9ad 100755
--- a/usr/local/www/carp_status.php
+++ b/usr/local/www/carp_status.php
@@ -26,6 +26,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-carp
+##|*NAME=Status: CARP page
+##|*DESCR=Allow access to the 'Status: CARP' page.
+##|*MATCH=carp_status.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("xmlparse.inc");
 
diff --git a/usr/local/www/diag_arp.php b/usr/local/www/diag_arp.php
index 5d699dd..00f9b60 100755
--- a/usr/local/www/diag_arp.php
+++ b/usr/local/www/diag_arp.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-arptable
+##|*NAME=Diagnostics: ARP Table page
+##|*DESCR=Allow access to the 'Diagnostics: ARP Table' page.
+##|*MATCH=diag_arp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 function leasecmp($a, $b) {
diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php
index cf89350..2ddf48f 100755
--- a/usr/local/www/diag_backup.php
+++ b/usr/local/www/diag_backup.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-backup/restore
+##|*NAME=Diagnostics: Backup/restore page
+##|*DESCR=Allow access to the 'Diagnostics: Backup/restore' page.
+##|*MATCH=diag_backup.php*
+##|-PRIV
+
+
 /* Allow additional execution time 0 = no limit. */
 ini_set('max_execution_time', '3600');
 ini_set('max_input_time', '3600');
diff --git a/usr/local/www/diag_confbak.php b/usr/local/www/diag_confbak.php
index f2cfc9b..8990008 100755
--- a/usr/local/www/diag_confbak.php
+++ b/usr/local/www/diag_confbak.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-configurationhistory
+##|*NAME=Diagnostics: Configuration History page
+##|*DESCR=Allow access to the 'Diagnostics: Configuration History' page.
+##|*MATCH=diag_confbak.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['newver'] != "") {
diff --git a/usr/local/www/diag_defaults.php b/usr/local/www/diag_defaults.php
index ee0244e..988cca3 100755
--- a/usr/local/www/diag_defaults.php
+++ b/usr/local/www/diag_defaults.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-factorydefaults
+##|*NAME=Diagnostics: Factory defaults page
+##|*DESCR=Allow access to the 'Diagnostics: Factory defaults' page.
+##|*MATCH=diag_defaults.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/diag_dhcp_leases.php b/usr/local/www/diag_dhcp_leases.php
index 54a2170..a6bbd45 100755
--- a/usr/local/www/diag_dhcp_leases.php
+++ b/usr/local/www/diag_dhcp_leases.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-dhcpleases
+##|*NAME=Status: DHCP leases page
+##|*DESCR=Allow access to the 'Status: DHCP leases' page.
+##|*MATCH=diag_dhcp_leases.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pgtitle = array("Status","DHCP leases");
diff --git a/usr/local/www/diag_dump_states.php b/usr/local/www/diag_dump_states.php
index 5202e05..8a66467 100755
--- a/usr/local/www/diag_dump_states.php
+++ b/usr/local/www/diag_dump_states.php
@@ -26,6 +26,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-showstates
+##|*NAME=Diagnostics: Show States page
+##|*DESCR=Allow access to the 'Diagnostics: Show States' page.
+##|*MATCH=diag_dump_states.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 
 
diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php
index a61a5a1..6fc2fee 100644
--- a/usr/local/www/diag_ipsec.php
+++ b/usr/local/www/diag_ipsec.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-ipsec
+##|*NAME=Status: IPsec page
+##|*DESCR=Allow access to the 'Status: IPsec' page.
+##|*MATCH=diag_ipsec.php*
+##|-PRIV
+
+
 global $g;
 
 $pgtitle = array("Status","IPsec");
diff --git a/usr/local/www/diag_ipsec_sad.php b/usr/local/www/diag_ipsec_sad.php
index f2a08af..1162289 100755
--- a/usr/local/www/diag_ipsec_sad.php
+++ b/usr/local/www/diag_ipsec_sad.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-ipsec-sad
+##|*NAME=Status: IPsec: SAD page
+##|*DESCR=Allow access to the 'Status: IPsec: SAD' page.
+##|*MATCH=diag_ipsec_sad.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pgtitle = array("Status","IPsec","SAD");
diff --git a/usr/local/www/diag_ipsec_spd.php b/usr/local/www/diag_ipsec_spd.php
index d9dfe54..cb4008f 100755
--- a/usr/local/www/diag_ipsec_spd.php
+++ b/usr/local/www/diag_ipsec_spd.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-ipsec-spd
+##|*NAME=Status: IPsec: SPD page
+##|*DESCR=Allow access to the 'Status: IPsec: SPD' page.
+##|*MATCH=diag_ipsec_spd.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pgtitle = array("Status","IPsec","SPD");
diff --git a/usr/local/www/diag_logs.php b/usr/local/www/diag_logs.php
index 8cf5b08..42f4956 100755
--- a/usr/local/www/diag_logs.php
+++ b/usr/local/www/diag_logs.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-logs-system
+##|*NAME=Diagnostics: Logs: System page
+##|*DESCR=Allow access to the 'Diagnostics: Logs: System' page.
+##|*MATCH=diag_logs.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $system_logfile = "{$g['varlog_path']}/system.log";
diff --git a/usr/local/www/diag_logs_auth.php b/usr/local/www/diag_logs_auth.php
index b6450d6..4ac9f8f 100755
--- a/usr/local/www/diag_logs_auth.php
+++ b/usr/local/www/diag_logs_auth.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-portalauth
+##|*NAME=Status: System logs: Portal Auth page
+##|*DESCR=Allow access to the 'Status: System logs: Portal Auth' page.
+##|*MATCH=diag_logs_auth.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $portal_logfile = "{$g['varlog_path']}/portalauth.log";
diff --git a/usr/local/www/diag_logs_dhcp.php b/usr/local/www/diag_logs_dhcp.php
index 0b42e5f..e537857 100755
--- a/usr/local/www/diag_logs_dhcp.php
+++ b/usr/local/www/diag_logs_dhcp.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-logs-dhcp
+##|*NAME=Diagnostics: Logs: DHCP page
+##|*DESCR=Allow access to the 'Diagnostics: Logs: DHCP' page.
+##|*MATCH=diag_logs_dhcp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $dhcpd_logfile = "{$g['varlog_path']}/dhcpd.log";
diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php
index 46bda83..cd74e2d 100755
--- a/usr/local/www/diag_logs_filter.php
+++ b/usr/local/www/diag_logs_filter.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-logs-firewall
+##|*NAME=Diagnostics: Logs: Firewall page
+##|*DESCR=Allow access to the 'Diagnostics: Logs: Firewall' page.
+##|*MATCH=diag_logs_filter.php*
+##|-PRIV
+
+
 if($_GET['getrulenum'] or $_POST['getrulenum']) {
 	if($_GET['getrulenum'])
 		$rulenum = $_GET['getrulenum'];
diff --git a/usr/local/www/diag_logs_filter_dynamic.php b/usr/local/www/diag_logs_filter_dynamic.php
index 8ea82d8..62de8fa 100755
--- a/usr/local/www/diag_logs_filter_dynamic.php
+++ b/usr/local/www/diag_logs_filter_dynamic.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-hidden-nolongerincluded
+##|*NAME=Hidden: No longer included page
+##|*DESCR=Allow access to the 'Hidden: No longer included' page.
+##|*MATCH=diag_logs_filter_dynamic.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $filter_logfile = "{$g['varlog_path']}/filter.log";
diff --git a/usr/local/www/diag_logs_ipsec.php b/usr/local/www/diag_logs_ipsec.php
index 74cf757..2ef5474 100755
--- a/usr/local/www/diag_logs_ipsec.php
+++ b/usr/local/www/diag_logs_ipsec.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-ipsecvpn
+##|*NAME=Status: System logs: IPsec VPN page
+##|*DESCR=Allow access to the 'Status: System logs: IPsec VPN' page.
+##|*MATCH=diag_logs_ipsec.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $ipsec_logfile = "{$g['varlog_path']}/ipsec.log";
diff --git a/usr/local/www/diag_logs_ntpd.php b/usr/local/www/diag_logs_ntpd.php
index 8217e4f..0e8251c 100644
--- a/usr/local/www/diag_logs_ntpd.php
+++ b/usr/local/www/diag_logs_ntpd.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-openntpd
+##|*NAME=Status: System logs: OpenNTPD page
+##|*DESCR=Allow access to the 'Status: System logs: OpenNTPD' page.
+##|*MATCH=diag_logs_ntpd.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $ntpd_logfile = "{$g['varlog_path']}/ntpd.log";
diff --git a/usr/local/www/diag_logs_openvpn.php b/usr/local/www/diag_logs_openvpn.php
index 24cb6d5..73b1dd9 100644
--- a/usr/local/www/diag_logs_openvpn.php
+++ b/usr/local/www/diag_logs_openvpn.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-openvpn
+##|*NAME=Status: System logs: OpenVPN page
+##|*DESCR=Allow access to the 'Status: System logs: OpenVPN' page.
+##|*MATCH=diag_logs_openvpn.php*
+##|-PRIV
+
+
 $pgtitle = array("Status","System logs","OpenVPN");
 
 require("guiconfig.inc");
diff --git a/usr/local/www/diag_logs_relayd.php b/usr/local/www/diag_logs_relayd.php
index 05d0301..4f5be4b 100755
--- a/usr/local/www/diag_logs_relayd.php
+++ b/usr/local/www/diag_logs_relayd.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-loadbalancer
+##|*NAME=Status: System logs: Load Balancer page
+##|*DESCR=Allow access to the 'Status: System logs: Load Balancer' page.
+##|*MATCH=diag_logs_relayd.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $relayd_logfile = "{$g['varlog_path']}/relayd.log";
diff --git a/usr/local/www/diag_logs_settings.php b/usr/local/www/diag_logs_settings.php
index e1993af..5ee44d3 100755
--- a/usr/local/www/diag_logs_settings.php
+++ b/usr/local/www/diag_logs_settings.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-logs-settings
+##|*NAME=Diagnostics: Logs: Settings page
+##|*DESCR=Allow access to the 'Diagnostics: Logs: Settings' page.
+##|*MATCH=diag_logs_settings.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pconfig['reverse'] = isset($config['syslog']['reverse']);
diff --git a/usr/local/www/diag_logs_slbd.php b/usr/local/www/diag_logs_slbd.php
index 62765d3..066c6f8 100755
--- a/usr/local/www/diag_logs_slbd.php
+++ b/usr/local/www/diag_logs_slbd.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-systemlogs-loadbalancer
+##|*NAME=Status: System logs: Load Balancer page
+##|*DESCR=Allow access to the 'Status: System logs: Load Balancer' page.
+##|*MATCH=diag_logs_slbd.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $slbd_logfile = "{$g['varlog_path']}/slbd.log";
diff --git a/usr/local/www/diag_logs_vpn.php b/usr/local/www/diag_logs_vpn.php
index 8eefbbe..14c9c12 100755
--- a/usr/local/www/diag_logs_vpn.php
+++ b/usr/local/www/diag_logs_vpn.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-logs-pptpvpn
+##|*NAME=Diagnostics: Logs: PPTP VPN page
+##|*DESCR=Allow access to the 'Diagnostics: Logs: PPTP VPN' page.
+##|*MATCH=diag_logs_vpn.php*
+##|-PRIV
+
+
 $pgtitle = array("Status","System logs","PPTP VPN");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/diag_packet_capture.php b/usr/local/www/diag_packet_capture.php
index d07d3e2..853fe93 100644
--- a/usr/local/www/diag_packet_capture.php
+++ b/usr/local/www/diag_packet_capture.php
@@ -23,6 +23,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-packetcapture
+##|*NAME=Diagnostics: Packet Capture page
+##|*DESCR=Allow access to the 'Diagnostics: Packet Capture' page.
+##|*MATCH=diag_packet_capture.php*
+##|-PRIV
+
+
 $pgtitle = array("Diagnostics", "Packet Capture");
 require_once("guiconfig.inc");
 require_once("pfsense-utils.inc");
diff --git a/usr/local/www/diag_ping.php b/usr/local/www/diag_ping.php
index 3741eca..ff9e5c7 100755
--- a/usr/local/www/diag_ping.php
+++ b/usr/local/www/diag_ping.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-ping
+##|*NAME=Diagnostics: Ping page
+##|*DESCR=Allow access to the 'Diagnostics: Ping' page.
+##|*MATCH=diag_ping.php*
+##|-PRIV
+
+
 $pgtitle = array("Diagnostics", "Ping");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/diag_pkglogs.php b/usr/local/www/diag_pkglogs.php
index 585f969..5720a75 100755
--- a/usr/local/www/diag_pkglogs.php
+++ b/usr/local/www/diag_pkglogs.php
@@ -37,6 +37,14 @@
 
 */
 
+##|+PRIV
+##|*IDENT=page-status-packagelogs
+##|*NAME=Status: Package logs page
+##|*DESCR=Allow access to the 'Status: Package logs' page.
+##|*MATCH=diag_pkglogs.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 //require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/diag_resetstate.php b/usr/local/www/diag_resetstate.php
index 49c5524..4e203d5 100755
--- a/usr/local/www/diag_resetstate.php
+++ b/usr/local/www/diag_resetstate.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-resetstate
+##|*NAME=Diagnostics: Reset state page
+##|*DESCR=Allow access to the 'Diagnostics: Reset state' page.
+##|*MATCH=diag_resetstate.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/diag_routes.php b/usr/local/www/diag_routes.php
index 22fbb0e..3c35328 100644
--- a/usr/local/www/diag_routes.php
+++ b/usr/local/www/diag_routes.php
@@ -29,6 +29,14 @@
 
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-routingtables
+##|*NAME=Diagnostics: Routing tables page
+##|*DESCR=Allow access to the 'Diagnostics: Routing tables' page.
+##|*MATCH=diag_routes.php*
+##|-PRIV
+
+
 include('guiconfig.inc');
 
 $pgtitle = array("Diagnostics","Routing tables");
diff --git a/usr/local/www/diag_traceroute.php b/usr/local/www/diag_traceroute.php
index 6daedc7..fe5bde9 100755
--- a/usr/local/www/diag_traceroute.php
+++ b/usr/local/www/diag_traceroute.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-traceroute
+##|*NAME=Diagnostics: Traceroute page
+##|*DESCR=Allow access to the 'Diagnostics: Traceroute' page.
+##|*MATCH=diag_traceroute.php*
+##|-PRIV
+
+
 
 require("guiconfig.inc");
 $pgtitle = array("Diagnostics","Traceroute");
diff --git a/usr/local/www/edit.php b/usr/local/www/edit.php
index 9aa913b..78ddb96 100755
--- a/usr/local/www/edit.php
+++ b/usr/local/www/edit.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-editfile
+##|*NAME=Diagnostics: Edit File page
+##|*DESCR=Allow access to the 'Diagnostics: Edit File' page.
+##|*MATCH=edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (($_GET['submit'] == "Load") && file_exists($_GET['savetopath'])) {
diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php
index 7294894..9ddc84f 100755
--- a/usr/local/www/exec.php
+++ b/usr/local/www/exec.php
@@ -5,8 +5,37 @@
 	Created by technologEase (http://www.technologEase.com).
 
 	(modified for m0n0wall by Manuel Kasper <mk@neon1.net>)
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-command
+##|*NAME=Diagnostics: Command page
+##|*DESCR=Allow access to the 'Diagnostics: Command' page.
+##|*MATCH=exec.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (($_POST['submit'] == "Download") && file_exists($_POST['dlPath'])) {
diff --git a/usr/local/www/exec_raw.php b/usr/local/www/exec_raw.php
index c513d27..93213be 100755
--- a/usr/local/www/exec_raw.php
+++ b/usr/local/www/exec_raw.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-hidden-execraw
+##|*NAME=Hidden: Exec Raw page
+##|*DESCR=Allow access to the 'Hidden: Exec Raw' page.
+##|*MATCH=exec_raw.php*
+##|-PRIV
+
+
 
 header("Content-Type: text/plain");
 include("guiconfig.inc");
diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php
index 0a08d3f..328a2b8 100755
--- a/usr/local/www/firewall_aliases.php
+++ b/usr/local/www/firewall_aliases.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-aliases
+##|*NAME=Firewall: Aliases page
+##|*DESCR=Allow access to the 'Firewall: Aliases' page.
+##|*MATCH=firewall_aliases.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['aliases']['alias']))
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php
index a6f5d2e..ec0dafb 100755
--- a/usr/local/www/firewall_aliases_edit.php
+++ b/usr/local/www/firewall_aliases_edit.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-alias-edit
+##|*NAME=Firewall: Alias: Edit page
+##|*DESCR=Allow access to the 'Firewall: Alias: Edit' page.
+##|*MATCH=firewall_aliases_edit.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall","Aliases","Edit");
 
 require("guiconfig.inc");
diff --git a/usr/local/www/firewall_aliases_import.php b/usr/local/www/firewall_aliases_import.php
index 9479b7c..705e267 100755
--- a/usr/local/www/firewall_aliases_import.php
+++ b/usr/local/www/firewall_aliases_import.php
@@ -27,6 +27,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-alias-import
+##|*NAME=Firewall: Alias: Import page
+##|*DESCR=Allow access to the 'Firewall: Alias: Import' page.
+##|*MATCH=firewall_aliases_import.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall","Aliases","Import");
 
 require("guiconfig.inc");
diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php
index 6f5f671..67da1ed 100755
--- a/usr/local/www/firewall_nat.php
+++ b/usr/local/www/firewall_nat.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-portforward
+##|*NAME=Firewall: NAT: Port Forward page
+##|*DESCR=Allow access to the 'Firewall: NAT: Port Forward' page.
+##|*MATCH=firewall_nat.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['rule']))
diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php
index 936918f..80ba9f1 100755
--- a/usr/local/www/firewall_nat_1to1.php
+++ b/usr/local/www/firewall_nat_1to1.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-1-1
+##|*NAME=Firewall: NAT: 1:1 page
+##|*DESCR=Allow access to the 'Firewall: NAT: 1:1' page.
+##|*MATCH=firewall_nat_1to1.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['onetoone'])) {
diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php
index 66f140b..dad3f9e 100755
--- a/usr/local/www/firewall_nat_1to1_edit.php
+++ b/usr/local/www/firewall_nat_1to1_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-1-1-edit
+##|*NAME=Firewall: NAT: 1:1: Edit page
+##|*DESCR=Allow access to the 'Firewall: NAT: 1:1: Edit' page.
+##|*MATCH=firewall_nat_1to1_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['onetoone'])) {
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index e5be4d9..84b928c 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-portforward-edit
+##|*NAME=Firewall: NAT: Port Forward: Edit page
+##|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
+##|*MATCH=firewall_nat_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['rule'])) {
diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php
index 2ff9f6e..6e4a908 100755
--- a/usr/local/www/firewall_nat_out.php
+++ b/usr/local/www/firewall_nat_out.php
@@ -31,6 +31,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-outbound
+##|*NAME=Firewall: NAT: Outbound page
+##|*DESCR=Allow access to the 'Firewall: NAT: Outbound' page.
+##|*MATCH=firewall_nat_out.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['advancedoutbound']['rule']))
diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php
index f032cfc..611f76b 100755
--- a/usr/local/www/firewall_nat_out_edit.php
+++ b/usr/local/www/firewall_nat_out_edit.php
@@ -31,6 +31,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-outbound-edit
+##|*NAME=Firewall: NAT: Outbound: Edit page
+##|*DESCR=Allow access to the 'Firewall: NAT: Outbound: Edit' page.
+##|*MATCH=firewall_nat_out_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['advancedoutbound']['rule']))
diff --git a/usr/local/www/firewall_nat_server.php b/usr/local/www/firewall_nat_server.php
index 986ec55..118a937 100755
--- a/usr/local/www/firewall_nat_server.php
+++ b/usr/local/www/firewall_nat_server.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-nataddresses
+##|*NAME=Firewall: NAT: NAT Addresses page
+##|*DESCR=Allow access to the 'Firewall: NAT: NAT Addresses' page.
+##|*MATCH=firewall_nat_server.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['servernat'])) {
diff --git a/usr/local/www/firewall_nat_server_edit.php b/usr/local/www/firewall_nat_server_edit.php
index 11634b2..4558526 100755
--- a/usr/local/www/firewall_nat_server_edit.php
+++ b/usr/local/www/firewall_nat_server_edit.php
@@ -31,6 +31,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-nat-nataddresses-edit
+##|*NAME=Firewall: NAT: NAT Addresses: Edit page
+##|*DESCR=Allow access to the 'Firewall: NAT: NAT Addresses: Edit' page.
+##|*MATCH=firewall_nat_server_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['nat']['servernat'])) {
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php
index 77b8273..b1d0fad 100755
--- a/usr/local/www/firewall_rules.php
+++ b/usr/local/www/firewall_rules.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-rules
+##|*NAME=Firewall: Rules page
+##|*DESCR=Allow access to the 'Firewall: Rules' page.
+##|*MATCH=firewall_rules.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall", "Rules");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 351455e..b65537b 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-rules-edit
+##|*NAME=Firewall: Rules: Edit page
+##|*DESCR=Allow access to the 'Firewall: Rules: Edit' page.
+##|*MATCH=firewall_rules_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $specialsrcdst = explode(" ", "any wanip lanip lan pptp pppoe");
diff --git a/usr/local/www/firewall_schedule.php b/usr/local/www/firewall_schedule.php
index aa87672..784e6fc 100644
--- a/usr/local/www/firewall_schedule.php
+++ b/usr/local/www/firewall_schedule.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-schedules
+##|*NAME=Firewall: Schedules page
+##|*DESCR=Allow access to the 'Firewall: Schedules' page.
+##|*MATCH=firewall_schedule.php*
+##|-PRIV
+
+
 
 $pgtitle = array("Firewall","Schedules");
 
diff --git a/usr/local/www/firewall_schedule_edit.php b/usr/local/www/firewall_schedule_edit.php
index ee21f51..30bf518 100644
--- a/usr/local/www/firewall_schedule_edit.php
+++ b/usr/local/www/firewall_schedule_edit.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-schedules-edit
+##|*NAME=Firewall: Schedules: Edit page
+##|*DESCR=Allow access to the 'Firewall: Schedules: Edit' page.
+##|*MATCH=firewall_schedule_edit.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall","Schedules","Edit");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php
index 10b9bf0..6d068ae 100755
--- a/usr/local/www/firewall_shaper.php
+++ b/usr/local/www/firewall_shaper.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-trafficshaper
+##|*NAME=Firewall: Traffic Shaper page
+##|*DESCR=Allow access to the 'Firewall: Traffic Shaper' page.
+##|*MATCH=firewall_shaper.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['reset'] <> "") {
diff --git a/usr/local/www/firewall_shaper_queues.php b/usr/local/www/firewall_shaper_queues.php
index b5e064d..3a6de5b 100755
--- a/usr/local/www/firewall_shaper_queues.php
+++ b/usr/local/www/firewall_shaper_queues.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-trafficshaper-queues
+##|*NAME=Firewall: Traffic Shaper: Queues page
+##|*DESCR=Allow access to the 'Firewall: Traffic Shaper: Queues' page.
+##|*MATCH=firewall_shaper_queues.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['reset'] <> "") {
diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php
index 73eab72..b1bf9a5 100644
--- a/usr/local/www/firewall_shaper_vinterface.php
+++ b/usr/local/www/firewall_shaper_vinterface.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-trafficshaper-limiter
+##|*NAME=Firewall: Traffic Shaper: Limiter page
+##|*DESCR=Allow access to the 'Firewall: Traffic Shaper: Limiter' page.
+##|*MATCH=firewall_shaper_vinterface.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['reset'] <> "") {
diff --git a/usr/local/www/firewall_shaper_wizards.php b/usr/local/www/firewall_shaper_wizards.php
index fc42cfa..a086cc1 100755
--- a/usr/local/www/firewall_shaper_wizards.php
+++ b/usr/local/www/firewall_shaper_wizards.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-trafficshaper-wizard
+##|*NAME=Firewall: Traffic Shaper: Wizard page
+##|*DESCR=Allow access to the 'Firewall: Traffic Shaper: Wizard' page.
+##|*MATCH=firewall_shaper_wizards.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['reset'] <> "") {
diff --git a/usr/local/www/firewall_system_tunables.php b/usr/local/www/firewall_system_tunables.php
index fd62c8e..7e3c522 100644
--- a/usr/local/www/firewall_system_tunables.php
+++ b/usr/local/www/firewall_system_tunables.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-system-tunables
+##|*NAME=Firewall: System: Tunables page
+##|*DESCR=Allow access to the 'Firewall: System: Tunables' page.
+##|*MATCH=firewall_system_tunables.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall","System","Tunables");
 
 require("guiconfig.inc");
diff --git a/usr/local/www/firewall_system_tunables_edit.php b/usr/local/www/firewall_system_tunables_edit.php
index 82b1480..07b3610 100644
--- a/usr/local/www/firewall_system_tunables_edit.php
+++ b/usr/local/www/firewall_system_tunables_edit.php
@@ -28,6 +28,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-system-tunables-edit
+##|*NAME=Firewall: System: Tunables: Edit page
+##|*DESCR=Allow access to the 'Firewall: System: Tunables: Edit' page.
+##|*MATCH=firewall_system_tunables_edit.php*
+##|-PRIV
+
+
 $pgtitle = array("Firewall","System Tunables","Edit");
 
 require("guiconfig.inc");
diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php
index d600e6a..a9ed3bf 100755
--- a/usr/local/www/firewall_virtual_ip.php
+++ b/usr/local/www/firewall_virtual_ip.php
@@ -37,6 +37,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-virtualipaddresses
+##|*NAME=Firewall: Virtual IP Addresses page
+##|*DESCR=Allow access to the 'Firewall: Virtual IP Addresses' page.
+##|*MATCH=firewall_virtual_ip.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['virtualip']['vip'])) {
diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php
index a48afc2..eb7451f 100755
--- a/usr/local/www/firewall_virtual_ip_edit.php
+++ b/usr/local/www/firewall_virtual_ip_edit.php
@@ -38,6 +38,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-firewall-virtualipaddress-edit
+##|*NAME=Firewall: Virtual IP Address: Edit page
+##|*DESCR=Allow access to the 'Firewall: Virtual IP Address: Edit' page.
+##|*MATCH=firewall_virtual_ip_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 if (!is_array($config['virtualip']['vip'])) {
         $config['virtualip']['vip'] = array();
diff --git a/usr/local/www/graph.php b/usr/local/www/graph.php
index f0230e6..1202100 100755
--- a/usr/local/www/graph.php
+++ b/usr/local/www/graph.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-interfacetraffic
+##|*NAME=Diagnostics: Interface Traffic page
+##|*DESCR=Allow access to the 'Diagnostics: Interface Traffic' page.
+##|*MATCH=graph.php*
+##|-PRIV
+
+
 header("Content-type: image/svg+xml");
 
 /********** HTTP GET Based Conf ***********/
diff --git a/usr/local/www/graph_cpu.php b/usr/local/www/graph_cpu.php
index 3f37355..0e45a1a 100644
--- a/usr/local/www/graph_cpu.php
+++ b/usr/local/www/graph_cpu.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-cpuutilization
+##|*NAME=Diagnostics: CPU Utilization page
+##|*DESCR=Allow access to the 'Diagnostics: CPU Utilization' page.
+##|*MATCH=graph_cpu.php*
+##|-PRIV
+
+
 header("Content-type: image/svg+xml");
 
 /********* Other conf *******/
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc
index cda5e0e..bba46ce 100755
--- a/usr/local/www/guiconfig.inc
+++ b/usr/local/www/guiconfig.inc
@@ -839,4 +839,5 @@ function outputCSSFileInline($css) {
 	}
 }
 
-?>
-\ No newline at end of file
+?>
+
diff --git a/usr/local/www/halt.php b/usr/local/www/halt.php
index 0de7b66..2c0a99a 100755
--- a/usr/local/www/halt.php
+++ b/usr/local/www/halt.php
@@ -32,6 +32,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-haltsystem
+##|*NAME=Diagnostics: Halt system page
+##|*DESCR=Allow access to the 'Diagnostics: Halt system' page.
+##|*MATCH=halt.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/headjs.php b/usr/local/www/headjs.php
index 7cfef42..59af195 100644
--- a/usr/local/www/headjs.php
+++ b/usr/local/www/headjs.php
@@ -1,4 +1,36 @@
 <?php
+/*
+    headjs.php
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+##|+PRIV
+##|*IDENT=page-requiredforjavascript
+##|*NAME=Required for javascript page
+##|*DESCR=Allow access to the 'Required for javascript' page.
+##|*MATCH=headjs.php*
+##|-PRIV
+
 
 function getHeadJS() {
   global $_SERVER, $HTTP_SERVER_VARS, $g, $use_loader_tab_gif;
@@ -157,4 +189,4 @@ function getHeadJS() {
   return $headjs;
 }
 
-?>
-\ No newline at end of file
+?>
diff --git a/usr/local/www/ifstats.php b/usr/local/www/ifstats.php
index ce03832..c8457d1 100644
--- a/usr/local/www/ifstats.php
+++ b/usr/local/www/ifstats.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-xmlrpcinterfacestats
+##|*NAME=XMLRPC Interface Stats page
+##|*DESCR=Allow access to the 'XMLRPC Interface Stats' page.
+##|*MATCH=ifstats.php*
+##|-PRIV
+
+
 	require("functions.inc");
 	require("config.inc");
 
diff --git a/usr/local/www/index.php b/usr/local/www/index.php
index a84b4c5..9049913 100755
--- a/usr/local/www/index.php
+++ b/usr/local/www/index.php
@@ -31,6 +31,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-login/logout
+##|*NAME=System: Login / Logout page
+##|*DESCR=Allow access to the 'System: Login / Logout' page.
+##|*MATCH=index.php*
+##|-PRIV
+
+
 	## Load Essential Includes
 	require_once('guiconfig.inc');
 	require_once('notices.inc');
diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php
index 409014a..78dc9d2 100755
--- a/usr/local/www/interfaces.php
+++ b/usr/local/www/interfaces.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-wan
+##|*NAME=Interfaces: WAN page
+##|*DESCR=Allow access to the 'Interfaces: WAN' page.
+##|*MATCH=interfaces_wan.php*
+##|-PRIV
+
+
 define("CRON_MONTHLY_PATTERN", "0 0 1 * *");
 define("CRON_WEEKLY_PATTERN", "0 0 * * 0");
 define("CRON_DAILY_PATTERN", "0 0 * * *");
diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php
index 474de20..68229af 100755
--- a/usr/local/www/interfaces_assign.php
+++ b/usr/local/www/interfaces_assign.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-assignnetworkports
+##|*NAME=Interfaces: Assign network ports page
+##|*DESCR=Allow access to the 'Interfaces: Assign network ports' page.
+##|*MATCH=interfaces_assign.php*
+##|-PRIV
+
+
 $pgtitle = array("Interfaces", "Assign network ports");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/interfaces_gif.php b/usr/local/www/interfaces_gif.php
index a107234..2258152 100644
--- a/usr/local/www/interfaces_gif.php
+++ b/usr/local/www/interfaces_gif.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-gif
+##|*NAME=Interfaces: GIF page
+##|*DESCR=Allow access to the 'Interfaces: GIF' page.
+##|*MATCH=interfaces_gif.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gifs']['gif']))
diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php
index c154e89..8cd16ce 100644
--- a/usr/local/www/interfaces_gif_edit.php
+++ b/usr/local/www/interfaces_gif_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-gif-edit
+##|*NAME=Interfaces: GIF: Edit page
+##|*DESCR=Allow access to the 'Interfaces: GIF: Edit' page.
+##|*MATCH=interfaces_gif_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gifs']['gif']))
diff --git a/usr/local/www/interfaces_gre.php b/usr/local/www/interfaces_gre.php
index c01f81f..494e95e 100644
--- a/usr/local/www/interfaces_gre.php
+++ b/usr/local/www/interfaces_gre.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-gre
+##|*NAME=Interfaces: GRE page
+##|*DESCR=Allow access to the 'Interfaces: GRE' page.
+##|*MATCH=interfaces_gre.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gres']['gre']))
diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php
index 69a71f4..6bee140 100644
--- a/usr/local/www/interfaces_gre_edit.php
+++ b/usr/local/www/interfaces_gre_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-gre-edit
+##|*NAME=Interfaces: GRE: Edit page
+##|*DESCR=Allow access to the 'Interfaces: GRE: Edit' page.
+##|*MATCH=interfaces_gre_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gres']['gre']))
diff --git a/usr/local/www/interfaces_lan.php b/usr/local/www/interfaces_lan.php
index 9cbb04e..45919ee 100755
--- a/usr/local/www/interfaces_lan.php
+++ b/usr/local/www/interfaces_lan.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-lan
+##|*NAME=Interfaces: LAN page
+##|*DESCR=Allow access to the 'Interfaces: LAN' page.
+##|*MATCH=interfaces_lan.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $lancfg = &$config['interfaces']['lan'];
diff --git a/usr/local/www/interfaces_ppp.php b/usr/local/www/interfaces_ppp.php
index 4153601..cb4df01 100644
--- a/usr/local/www/interfaces_ppp.php
+++ b/usr/local/www/interfaces_ppp.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-ppp
+##|*NAME=Interfaces: PPP page
+##|*DESCR=Allow access to the 'Interfaces: PPP' page.
+##|*MATCH=interfaces_ppp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ppps']['ppp']))
diff --git a/usr/local/www/interfaces_ppp_edit.php b/usr/local/www/interfaces_ppp_edit.php
index f32205a..b4d2239 100644
--- a/usr/local/www/interfaces_ppp_edit.php
+++ b/usr/local/www/interfaces_ppp_edit.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-ppp-edit
+##|*NAME=Interfaces: PPP: Edit page
+##|*DESCR=Allow access to the 'Interfaces: PPP: Edit' page.
+##|*MATCH=interfaces_ppp_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ppps']['ppp']))
diff --git a/usr/local/www/interfaces_vlan.php b/usr/local/www/interfaces_vlan.php
index adcb48d..84b4a70 100755
--- a/usr/local/www/interfaces_vlan.php
+++ b/usr/local/www/interfaces_vlan.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-vlan
+##|*NAME=Interfaces: VLAN page
+##|*DESCR=Allow access to the 'Interfaces: VLAN' page.
+##|*MATCH=interfaces_vlan.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['vlans']['vlan']))
diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php
index cc764d3..aaff8a3 100755
--- a/usr/local/www/interfaces_vlan_edit.php
+++ b/usr/local/www/interfaces_vlan_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-vlan-edit
+##|*NAME=Interfaces: VLAN: Edit page
+##|*DESCR=Allow access to the 'Interfaces: VLAN: Edit' page.
+##|*MATCH=interfaces_vlan_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['vlans']['vlan']))
diff --git a/usr/local/www/interfaces_wan.php b/usr/local/www/interfaces_wan.php
index 409014a..78dc9d2 100755
--- a/usr/local/www/interfaces_wan.php
+++ b/usr/local/www/interfaces_wan.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-wan
+##|*NAME=Interfaces: WAN page
+##|*DESCR=Allow access to the 'Interfaces: WAN' page.
+##|*MATCH=interfaces_wan.php*
+##|-PRIV
+
+
 define("CRON_MONTHLY_PATTERN", "0 0 1 * *");
 define("CRON_WEEKLY_PATTERN", "0 0 * * 0");
 define("CRON_DAILY_PATTERN", "0 0 * * *");
diff --git a/usr/local/www/interfaces_wlan_scan.php b/usr/local/www/interfaces_wlan_scan.php
index 7f7b56c..80af052 100755
--- a/usr/local/www/interfaces_wlan_scan.php
+++ b/usr/local/www/interfaces_wlan_scan.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-interfaces-scanwireless
+##|*NAME=Interfaces: Scan Wireless page
+##|*DESCR=Allow access to the 'Interfaces: Scan Wireless' page.
+##|*MATCH=interfaces_wlan_scan.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 
diff --git a/usr/local/www/license.php b/usr/local/www/license.php
index 76f24d0..b98921f 100755
--- a/usr/local/www/license.php
+++ b/usr/local/www/license.php
@@ -1,10 +1,41 @@
 <?php
 /* $Id$ */
-require("guiconfig.inc");
+/*
+    license.php
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
 
+##|+PRIV
+##|*IDENT=page-system-license
+##|*NAME=System: License page
+##|*DESCR=Allow access to the 'System: License' page.
+##|*MATCH=license.php*
+##|-PRIV
+
+require("guiconfig.inc");
 include("head.inc");
-?>
 
+?>
 
 <body link="#0000CC" vlink="#0000CC" alink="#0000CC">
 <?php include("fbegin.inc"); ?>
diff --git a/usr/local/www/load_balancer_pool.php b/usr/local/www/load_balancer_pool.php
index b44fa2a..5b73862 100755
--- a/usr/local/www/load_balancer_pool.php
+++ b/usr/local/www/load_balancer_pool.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-loadbalancer-pool
+##|*NAME=Load Balancer: Pool page
+##|*DESCR=Allow access to the 'Load Balancer: Pool' page.
+##|*MATCH=load_balancer_pool.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['load_balancer']['lbpool'])) {
diff --git a/usr/local/www/load_balancer_pool_edit.php b/usr/local/www/load_balancer_pool_edit.php
index c412295..a6f5a82 100755
--- a/usr/local/www/load_balancer_pool_edit.php
+++ b/usr/local/www/load_balancer_pool_edit.php
@@ -29,6 +29,14 @@
         POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-loadbalancer-pool-edit
+##|*NAME=Load Balancer: Pool: Edit page
+##|*DESCR=Allow access to the 'Load Balancer: Pool: Edit' page.
+##|*MATCH=load_balancer_pool_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 if (!is_array($config['load_balancer']['lbpool'])) {
 	$config['load_balancer']['lbpool'] = array();
diff --git a/usr/local/www/load_balancer_virtual_server.php b/usr/local/www/load_balancer_virtual_server.php
index 77b8884..45ca5e9 100755
--- a/usr/local/www/load_balancer_virtual_server.php
+++ b/usr/local/www/load_balancer_virtual_server.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-loadbalancer-virtualservers
+##|*NAME=Services: Load Balancer: Virtual Servers page
+##|*DESCR=Allow access to the 'Services: Load Balancer: Virtual Servers' page.
+##|*MATCH=load_balancer_virtual_server.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("vslb.inc");
 
diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php
index 16737a9..e24cb63 100755
--- a/usr/local/www/load_balancer_virtual_server_edit.php
+++ b/usr/local/www/load_balancer_virtual_server_edit.php
@@ -29,6 +29,14 @@
         POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-loadbalancer-virtualserver-edit
+##|*NAME=Load Balancer: Virtual Server: Edit page
+##|*DESCR=Allow access to the 'Load Balancer: Virtual Server: Edit' page.
+##|*MATCH=load_balancer_virtual_server_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 if (!is_array($config['load_balancer']['virtual_server'])) {
         $config['load_balancer']['virtual_server'] = array();
diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php
index 1329e5b..b8a2df0 100755
--- a/usr/local/www/pkg.php
+++ b/usr/local/www/pkg.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-package-settings
+##|*NAME=Package: Settings page
+##|*DESCR=Allow access to the 'Package: Settings' page.
+##|*MATCH=pkg.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php
index 64826d0..3d565a3 100755
--- a/usr/local/www/pkg_edit.php
+++ b/usr/local/www/pkg_edit.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-package-edit
+##|*NAME=Package: Edit page
+##|*DESCR=Allow access to the 'Package: Edit' page.
+##|*MATCH=pkg_edit.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php
index e59d73c..7ad1d85 100755
--- a/usr/local/www/pkg_mgr.php
+++ b/usr/local/www/pkg_mgr.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-packagemanager
+##|*NAME=System: Package Manager page
+##|*DESCR=Allow access to the 'System: Package Manager' page.
+##|*MATCH=pkg_mgr.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php
index ec5e8bc..359d575 100755
--- a/usr/local/www/pkg_mgr_install.php
+++ b/usr/local/www/pkg_mgr_install.php
@@ -28,6 +28,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-packagemanager-installpackage
+##|*NAME=System: Package Manager: Install Package page
+##|*DESCR=Allow access to the 'System: Package Manager: Install Package' page.
+##|*MATCH=pkg_mgr_install.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php
index 20e3215..9459653 100755
--- a/usr/local/www/pkg_mgr_installed.php
+++ b/usr/local/www/pkg_mgr_installed.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-packagemanager-installed
+##|*NAME=System: Package Manager: Installed page
+##|*DESCR=Allow access to the 'System: Package Manager: Installed' page.
+##|*MATCH=pkg_mgr_installed.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("pkg-utils.inc");
 
diff --git a/usr/local/www/reboot.php b/usr/local/www/reboot.php
index 1034d2f..68e37b9 100755
--- a/usr/local/www/reboot.php
+++ b/usr/local/www/reboot.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-rebootsystem
+##|*NAME=Diagnostics: Reboot System page
+##|*DESCR=Allow access to the 'Diagnostics: Reboot System' page.
+##|*MATCH=reboot.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index 3e941bd..c9167ec 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal
+##|*NAME=Services: Captive portal page
+##|*DESCR=Allow access to the 'Services: Captive portal' page.
+##|*MATCH=services_captiveportal.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_filemanager.php b/usr/local/www/services_captiveportal_filemanager.php
index 536a4dd..e833685 100755
--- a/usr/local/www/services_captiveportal_filemanager.php
+++ b/usr/local/www/services_captiveportal_filemanager.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal-filemanager
+##|*NAME=Services: Captive portal: File Manager page
+##|*DESCR=Allow access to the 'Services: Captive portal: File Manager' page.
+##|*MATCH=services_captiveportal_filemanager.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal");
 
 require_once("guiconfig.inc");
diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php
index ac1f2d7..2a91321 100755
--- a/usr/local/www/services_captiveportal_ip.php
+++ b/usr/local/www/services_captiveportal_ip.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal-allowedips
+##|*NAME=Services: Captive portal: Allowed IPs page
+##|*DESCR=Allow access to the 'Services: Captive portal: Allowed IPs' page.
+##|*MATCH=services_captiveportal_ip.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php
index cf2900a..bc0f29e 100755
--- a/usr/local/www/services_captiveportal_ip_edit.php
+++ b/usr/local/www/services_captiveportal_ip_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal-editallowedips
+##|*NAME=Services: Captive portal: Edit Allowed IPs page
+##|*DESCR=Allow access to the 'Services: Captive portal: Edit Allowed IPs' page.
+##|*MATCH=services_captiveportal_ip_edit.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal","Edit allowed IP address");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php
index 3d57926..a28ee94 100755
--- a/usr/local/www/services_captiveportal_mac.php
+++ b/usr/local/www/services_captiveportal_mac.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal-macaddresses
+##|*NAME=Services: Captive portal: Mac Addresses page
+##|*DESCR=Allow access to the 'Services: Captive portal: Mac Addresses' page.
+##|*MATCH=services_captiveportal_mac.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php
index 737e9d5..7161a20 100755
--- a/usr/local/www/services_captiveportal_mac_edit.php
+++ b/usr/local/www/services_captiveportal_mac_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-captiveportal-editmacaddresses
+##|*NAME=Services: Captive portal: Edit MAC Addresses page
+##|*DESCR=Allow access to the 'Services: Captive portal: Edit MAC Addresses' page.
+##|*MATCH=services_captiveportal_mac_edit.php*
+##|-PRIV
+
+
 $pgtitle = array("Services","Captive portal","Edit pass-through MAC address");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_users.php b/usr/local/www/services_captiveportal_users.php
index 5e501a3..41ffb24 100755
--- a/usr/local/www/services_captiveportal_users.php
+++ b/usr/local/www/services_captiveportal_users.php
@@ -30,6 +30,14 @@
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
+
+##|+PRIV
+##|*IDENT=page-services-captiveportal-users
+##|*NAME=Services: Captive portal: Users page
+##|*DESCR=Allow access to the 'Services: Captive portal: Users' page.
+##|*MATCH=services_captiveportal_users.php*
+##|-PRIV
+
 $pgtitle = array("Services","Captive portal");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_captiveportal_users_edit.php b/usr/local/www/services_captiveportal_users_edit.php
index f60e1ed..efafb6f 100755
--- a/usr/local/www/services_captiveportal_users_edit.php
+++ b/usr/local/www/services_captiveportal_users_edit.php
@@ -30,6 +30,14 @@
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
+
+##|+PRIV
+##|*IDENT=page-services-captiveportal-edituser
+##|*NAME=Services: Captive portal: Edit User page
+##|*DESCR=Allow access to the 'Services: Captive portal: Edit User' page.
+##|*MATCH=services_captiveportal_users_edit.php*
+##|-PRIV
+
 $pgtitle = array("Services","Captive portal","Edit user");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php
index 89c0a84..9bc3758 100755
--- a/usr/local/www/services_dhcp.php
+++ b/usr/local/www/services_dhcp.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dhcpserver
+##|*NAME=Services: DHCP server page
+##|*DESCR=Allow access to the 'Services: DHCP server' page.
+##|*MATCH=services_dhcp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $if = $_GET['if'];
diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php
index 44f7a62..224c84f 100755
--- a/usr/local/www/services_dhcp_edit.php
+++ b/usr/local/www/services_dhcp_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dhcpserver-editstaticmapping
+##|*NAME=Services: DHCP Server : Edit static mapping page
+##|*DESCR=Allow access to the 'Services: DHCP Server : Edit static mapping' page.
+##|*MATCH=services_dhcp_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $if = $_GET['if'];
diff --git a/usr/local/www/services_dhcp_relay.php b/usr/local/www/services_dhcp_relay.php
index e9bcff2..e4126c7 100755
--- a/usr/local/www/services_dhcp_relay.php
+++ b/usr/local/www/services_dhcp_relay.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dhcprelay
+##|*NAME=Services: DHCP Relay page
+##|*DESCR=Allow access to the 'Services: DHCP Relay' page.
+##|*MATCH=services_dhcp_relay.php*
+##|-PRIV
+
+
 function get_wan_dhcp_server() {
 	global $config, $g;
 	$dhclientfn = $g['vardb_path'] . "/dhclient.leases." . $config['interfaces']['wan']['if'];
diff --git a/usr/local/www/services_dnsmasq.php b/usr/local/www/services_dnsmasq.php
index 44b1feb..34bfafa 100755
--- a/usr/local/www/services_dnsmasq.php
+++ b/usr/local/www/services_dnsmasq.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dnsforwarder
+##|*NAME=Services: DNS Forwarder page
+##|*DESCR=Allow access to the 'Services: DNS Forwarder' page.
+##|*MATCH=services_dnsmasq.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pconfig['enable']  = isset($config['dnsmasq']['enable']);
diff --git a/usr/local/www/services_dnsmasq_domainoverride_edit.php b/usr/local/www/services_dnsmasq_domainoverride_edit.php
index e3cd325..c5e7c09 100755
--- a/usr/local/www/services_dnsmasq_domainoverride_edit.php
+++ b/usr/local/www/services_dnsmasq_domainoverride_edit.php
@@ -28,6 +28,14 @@
        POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dnsforwarder-editdomainoverride
+##|*NAME=Services: DNS Forwarder: Edit Domain Override page
+##|*DESCR=Allow access to the 'Services: DNS Forwarder: Edit Domain Override' page.
+##|*MATCH=services_dnsmasq_domainoverride_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['dnsmasq']['domainoverrides'])) {
diff --git a/usr/local/www/services_dnsmasq_edit.php b/usr/local/www/services_dnsmasq_edit.php
index ec3195d..4c07845 100755
--- a/usr/local/www/services_dnsmasq_edit.php
+++ b/usr/local/www/services_dnsmasq_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dnsforwarder-edithost
+##|*NAME=Services: DNS Forwarder: Edit host page
+##|*DESCR=Allow access to the 'Services: DNS Forwarder: Edit host' page.
+##|*MATCH=services_dnsmasq_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['dnsmasq']['hosts'])) 
diff --git a/usr/local/www/services_dyndns.php b/usr/local/www/services_dyndns.php
index 9dccc31..b2c5641 100755
--- a/usr/local/www/services_dyndns.php
+++ b/usr/local/www/services_dyndns.php
@@ -26,6 +26,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dynamicdnsclients
+##|*NAME=Services: Dynamic DNS clients page
+##|*DESCR=Allow access to the 'Services: Dynamic DNS clients' page.
+##|*MATCH=services_dyndns.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['dyndnses']['dyndns']))
diff --git a/usr/local/www/services_dyndns_edit.php b/usr/local/www/services_dyndns_edit.php
index 53cc0dd..cae02d8 100644
--- a/usr/local/www/services_dyndns_edit.php
+++ b/usr/local/www/services_dyndns_edit.php
@@ -26,6 +26,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-dynamicdnsclient
+##|*NAME=Services: Dynamic DNS client page
+##|*DESCR=Allow access to the 'Services: Dynamic DNS client' page.
+##|*MATCH=services_dyndns_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['dyndnses']['dyndns'])) {
diff --git a/usr/local/www/services_proxyarp.php b/usr/local/www/services_proxyarp.php
index 601f086..11b02bc 100755
--- a/usr/local/www/services_proxyarp.php
+++ b/usr/local/www/services_proxyarp.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-proxyarp
+##|*NAME=Services: Proxy ARP page
+##|*DESCR=Allow access to the 'Services: Proxy ARP' page.
+##|*MATCH=services_proxyarp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['proxyarp']['proxyarpnet'])) {
diff --git a/usr/local/www/services_proxyarp_edit.php b/usr/local/www/services_proxyarp_edit.php
index 5a6e7f3..896424a 100755
--- a/usr/local/www/services_proxyarp_edit.php
+++ b/usr/local/www/services_proxyarp_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-proxyarp-edit
+##|*NAME=Services: Proxy ARP: Edit page
+##|*DESCR=Allow access to the 'Services: Proxy ARP: Edit' page.
+##|*MATCH=services_proxyarp_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['proxyarp']['proxyarpnet'])) {
diff --git a/usr/local/www/services_rfc2136.php b/usr/local/www/services_rfc2136.php
index d5d37a7..124bcef 100644
--- a/usr/local/www/services_rfc2136.php
+++ b/usr/local/www/services_rfc2136.php
@@ -26,6 +26,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-rfc2136clients
+##|*NAME=Services: RFC 2136 clients page
+##|*DESCR=Allow access to the 'Services: RFC 2136 clients' page.
+##|*MATCH=services_rfc2136.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['dnsupdates']['dnsupdate']))
diff --git a/usr/local/www/services_snmp.php b/usr/local/www/services_snmp.php
index 91a63cf..fc948e4 100755
--- a/usr/local/www/services_snmp.php
+++ b/usr/local/www/services_snmp.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-snmp
+##|*NAME=Services: SNMP page
+##|*DESCR=Allow access to the 'Services: SNMP' page.
+##|*MATCH=services_snmp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['snmpd'])) {
diff --git a/usr/local/www/services_usermanager.php b/usr/local/www/services_usermanager.php
index c0ec5ac..33a1538 100755
--- a/usr/local/www/services_usermanager.php
+++ b/usr/local/www/services_usermanager.php
@@ -31,6 +31,14 @@
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
+
+##|+PRIV
+##|*IDENT=page-services-usermanager
+##|*NAME=Services: User Manager page
+##|*DESCR=Allow access to the 'Services: User Manager' page.
+##|*MATCH=services_usermanager.php*
+##|-PRIV
+
 require("guiconfig.inc");
 if(isset($_POST['save'])){
 	$_POST['username']=trim($_POST['username']);
diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php
index 21b5d20..0cc6dc1 100755
--- a/usr/local/www/services_wol.php
+++ b/usr/local/www/services_wol.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-wakeonlan
+##|*NAME=Services: Wake on LAN page
+##|*DESCR=Allow access to the 'Services: Wake on LAN' page.
+##|*MATCH=services_wol.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['wol']['wolentry'])) {
diff --git a/usr/local/www/services_wol_edit.php b/usr/local/www/services_wol_edit.php
index 459845a..1d8e2af 100755
--- a/usr/local/www/services_wol_edit.php
+++ b/usr/local/www/services_wol_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-wakeonlan-edit
+##|*NAME=Services: Wake on LAN: Edit page
+##|*DESCR=Allow access to the 'Services: Wake on LAN: Edit' page.
+##|*MATCH=services_wol_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['wol']['wolentry'])) {
diff --git a/usr/local/www/status.php b/usr/local/www/status.php
index 7b2a3bb..db82dad 100755
--- a/usr/local/www/status.php
+++ b/usr/local/www/status.php
@@ -6,6 +6,35 @@
  * (modified for m0n0wall by Manuel Kasper <mk@neon1.net>)
  * (modified for pfSense by Scott Ullrich geekgod@pfsense.com)
  */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+##|+PRIV
+##|*IDENT=page-hidden-detailedstatus
+##|*NAME=Hidden: Detailed Status page
+##|*DESCR=Allow access to the 'Hidden: Detailed Status' page.
+##|*MATCH=status.php*
+##|-PRIV
 
 /* Execute a command, with a title, and generate an HTML table
  * showing the results.
diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php
index 1ee4265..adfcc0f 100755
--- a/usr/local/www/status_captiveportal.php
+++ b/usr/local/www/status_captiveportal.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-captiveportal
+##|*NAME=Status: Captive portal page
+##|*DESCR=Allow access to the 'Status: Captive portal' page.
+##|*MATCH=status_captiveportal.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $concurrent = `cat /var/db/captiveportal.db | wc -l`;
diff --git a/usr/local/www/status_filter_reload.php b/usr/local/www/status_filter_reload.php
index 4b21811..d4c7345 100644
--- a/usr/local/www/status_filter_reload.php
+++ b/usr/local/www/status_filter_reload.php
@@ -27,6 +27,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-filterreloadstatus
+##|*NAME=Status: Filter Reload Status page
+##|*DESCR=Allow access to the 'Status: Filter Reload Status' page.
+##|*MATCH=status_filter_reload.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 require_once("functions.inc");
 
diff --git a/usr/local/www/status_gateway_groups.php b/usr/local/www/status_gateway_groups.php
index b3b0a77..76a426a 100755
--- a/usr/local/www/status_gateway_groups.php
+++ b/usr/local/www/status_gateway_groups.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-gatewaygroups
+##|*NAME=Status: Gateway Groups page
+##|*DESCR=Allow access to the 'Status: Gateway Groups' page.
+##|*MATCH=status_gateway_groups.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_group']))
diff --git a/usr/local/www/status_gateways.php b/usr/local/www/status_gateways.php
index a84afcf..441dff6 100755
--- a/usr/local/www/status_gateways.php
+++ b/usr/local/www/status_gateways.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-gateways
+##|*NAME=Status: Gateways page
+##|*DESCR=Allow access to the 'Status: Gateways' page.
+##|*MATCH=status_gateways.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_item'])) {
diff --git a/usr/local/www/status_graph.php b/usr/local/www/status_graph.php
index 9d3cf32..df1a83f 100755
--- a/usr/local/www/status_graph.php
+++ b/usr/local/www/status_graph.php
@@ -32,6 +32,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-trafficgraph
+##|*NAME=Status: Traffic Graph page
+##|*DESCR=Allow access to the 'Status: Traffic Graph' page.
+##|*MATCH=status_graph.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST['width'])
diff --git a/usr/local/www/status_graph_cpu.php b/usr/local/www/status_graph_cpu.php
index 08fd85a..cc18aed 100644
--- a/usr/local/www/status_graph_cpu.php
+++ b/usr/local/www/status_graph_cpu.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-cpuload
+##|*NAME=Status: CPU load page
+##|*DESCR=Allow access to the 'Status: CPU load' page.
+##|*MATCH=status_graph_cpu.php*
+##|-PRIV
+
+
 $pgtitle = array("Status", "CPU load");
 require("guiconfig.inc");
 include("head.inc");
diff --git a/usr/local/www/status_interfaces.php b/usr/local/www/status_interfaces.php
index fde298e..d62d696 100755
--- a/usr/local/www/status_interfaces.php
+++ b/usr/local/www/status_interfaces.php
@@ -32,6 +32,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-interfaces
+##|*NAME=Status: Interfaces page
+##|*DESCR=Allow access to the 'Status: Interfaces' page.
+##|*MATCH=status_interfaces.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 
 $wancfg = &$config['interfaces']['wan'];
diff --git a/usr/local/www/status_ovpn.php b/usr/local/www/status_ovpn.php
index f7935a9..fed06ed 100644
--- a/usr/local/www/status_ovpn.php
+++ b/usr/local/www/status_ovpn.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-openvpn
+##|*NAME=Status: OpenVPN page
+##|*DESCR=Allow access to the 'Status: OpenVPN' page.
+##|*MATCH=status_ovpn.php*
+##|-PRIV
+
+
 $pgtitle = array("Status", "OpenVPN");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/status_queues.php b/usr/local/www/status_queues.php
index 6d11d01..276e1f6 100755
--- a/usr/local/www/status_queues.php
+++ b/usr/local/www/status_queues.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-trafficshaper-queues
+##|*NAME=Status: Traffic shaper: Queues page
+##|*DESCR=Allow access to the 'Status: Traffic shaper: Queues' page.
+##|*MATCH=status_queues.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if($_GET['reset'] <> "") {
diff --git a/usr/local/www/status_rrd_graph.php b/usr/local/www/status_rrd_graph.php
index af6cc42..b5e740d 100755
--- a/usr/local/www/status_rrd_graph.php
+++ b/usr/local/www/status_rrd_graph.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-rrdgraphs
+##|*NAME=Status: RRD Graphs page
+##|*DESCR=Allow access to the 'Status: RRD Graphs' page.
+##|*MATCH=status_rrd_graph.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_GET['cat']) {
diff --git a/usr/local/www/status_rrd_graph_settings.php b/usr/local/www/status_rrd_graph_settings.php
index 4eaeb20..5163d7d 100755
--- a/usr/local/www/status_rrd_graph_settings.php
+++ b/usr/local/www/status_rrd_graph_settings.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-rrdgraphs
+##|*NAME=Status: RRD Graphs page
+##|*DESCR=Allow access to the 'Status: RRD Graphs' page.
+##|*MATCH=status_rrd_graph_settings.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pconfig['enable'] = isset($config['rrd']['enable']);
diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php
index 8a184f3..471e9cd 100755
--- a/usr/local/www/status_services.php
+++ b/usr/local/www/status_services.php
@@ -26,6 +26,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-services
+##|*NAME=Status: Services page
+##|*DESCR=Allow access to the 'Status: Services' page.
+##|*MATCH=status_services.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 function gentitle_pkg($pgname) {
diff --git a/usr/local/www/status_slbd_pool.php b/usr/local/www/status_slbd_pool.php
index ca8ebe8..19fa5ec 100755
--- a/usr/local/www/status_slbd_pool.php
+++ b/usr/local/www/status_slbd_pool.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-loadbalancer-pool
+##|*NAME=Status: Load Balancer: Pool page
+##|*DESCR=Allow access to the 'Status: Load Balancer: Pool' page.
+##|*MATCH=status_slbd_pool.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['load_balancer']['lbpool'])) {
diff --git a/usr/local/www/status_slbd_vs.php b/usr/local/www/status_slbd_vs.php
index d722fe0..3cee12a 100755
--- a/usr/local/www/status_slbd_vs.php
+++ b/usr/local/www/status_slbd_vs.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-loadbalancer-virtualserver
+##|*NAME=Status: Load Balancer: Virtual Server page
+##|*DESCR=Allow access to the 'Status: Load Balancer: Virtual Server' page.
+##|*MATCH=status_slbd_vs.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['load_balancer']['lbpool'])) {
diff --git a/usr/local/www/status_upnp.php b/usr/local/www/status_upnp.php
index ca0c38d..cbf848f 100644
--- a/usr/local/www/status_upnp.php
+++ b/usr/local/www/status_upnp.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-status-upnpstatus
+##|*NAME=Status: UPnP Status page
+##|*DESCR=Allow access to the 'Status: UPnP Status' page.
+##|*MATCH=status_upnp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/status_wireless.php b/usr/local/www/status_wireless.php
index ae8faf7..8dd6b83 100755
--- a/usr/local/www/status_wireless.php
+++ b/usr/local/www/status_wireless.php
@@ -26,6 +26,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-diagnostics-wirelessstatus
+##|*NAME=Diagnostics: Wireless Status page
+##|*DESCR=Allow access to the 'Diagnostics: Wireless Status' page.
+##|*MATCH=status_wireless.php*
+##|-PRIV
+
+
 require_once("guiconfig.inc");
 
 function gentitle_pkg($pgname) {
diff --git a/usr/local/www/system.php b/usr/local/www/system.php
index 4011e57..b04e9ce 100755
--- a/usr/local/www/system.php
+++ b/usr/local/www/system.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-generalsetup
+##|*NAME=System: General Setup page
+##|*DESCR=Allow access to the 'System: General Setup' page.
+##|*MATCH=system.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pconfig['hostname'] = $config['system']['hostname'];
diff --git a/usr/local/www/system_advanced.php b/usr/local/www/system_advanced.php
index 871eedb..90e9b0b 100755
--- a/usr/local/www/system_advanced.php
+++ b/usr/local/www/system_advanced.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-advancedfunctions
+##|*NAME=System: Advanced functions page
+##|*DESCR=Allow access to the 'System: Advanced functions' page.
+##|*MATCH=system_advanced.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pconfig['disablefilter'] = $config['system']['disablefilter'];
diff --git a/usr/local/www/system_advanced_create_certs.php b/usr/local/www/system_advanced_create_certs.php
index 1727fc3..2f633b4 100755
--- a/usr/local/www/system_advanced_create_certs.php
+++ b/usr/local/www/system_advanced_create_certs.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-advancedfunctions-createcertificates
+##|*NAME=System: Advanced functions: Create Certificates page
+##|*DESCR=Allow access to the 'System: Advanced functions: Create Certificates' page.
+##|*MATCH=system_advanced_create_certs.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if(file_exists("/var/etc/ssl/openssl.cnf")) {
diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php
index 2a42ef3..c55c860 100755
--- a/usr/local/www/system_firmware.php
+++ b/usr/local/www/system_firmware.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-firmware-manualupdate
+##|*NAME=System: Firmware: Manual Update page
+##|*DESCR=Allow access to the 'System: Firmware: Manual Update' page.
+##|*MATCH=system_firmware.php*
+##|-PRIV
+
+
 $d_isfwfile = 1;
 require_once("guiconfig.inc");
 
diff --git a/usr/local/www/system_firmware_auto.php b/usr/local/www/system_firmware_auto.php
index 426232f..c6ef8aa 100755
--- a/usr/local/www/system_firmware_auto.php
+++ b/usr/local/www/system_firmware_auto.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-firmware-checkforupdate
+##|*NAME=System: Firmware: Check For Update page
+##|*DESCR=Allow access to the 'System: Firmware: Check For Update' page.
+##|*MATCH=system_firmware_auto.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $curcfg = $config['system']['firmware'];
diff --git a/usr/local/www/system_firmware_check.php b/usr/local/www/system_firmware_check.php
index 69e1b09..54c72fb 100755
--- a/usr/local/www/system_firmware_check.php
+++ b/usr/local/www/system_firmware_check.php
@@ -31,6 +31,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-firmware-autoupdate
+##|*NAME=System: Firmware: Auto Update page
+##|*DESCR=Allow access to the 'System: Firmware: Auto Update' page.
+##|*MATCH=system_firmware_check.php*
+##|-PRIV
+
+
 $d_isfwfile = 1;
 require("guiconfig.inc");
 
diff --git a/usr/local/www/system_firmware_settings.php b/usr/local/www/system_firmware_settings.php
index 3940ed8..a60919b 100755
--- a/usr/local/www/system_firmware_settings.php
+++ b/usr/local/www/system_firmware_settings.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-firmware-settings
+##|*NAME=System: Firmware: Settings page
+##|*DESCR=Allow access to the 'System: Firmware: Settings' page.
+##|*MATCH=system_firmware_settings.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if ($_POST) {
diff --git a/usr/local/www/system_gateway_groups.php b/usr/local/www/system_gateway_groups.php
index 647bb42..d142730 100755
--- a/usr/local/www/system_gateway_groups.php
+++ b/usr/local/www/system_gateway_groups.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-gatewaygroups
+##|*NAME=System: Gateway Groups page
+##|*DESCR=Allow access to the 'System: Gateway Groups' page.
+##|*MATCH=system_gateway_groups.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_group']))
diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php
index 3ec8643..683db2a 100755
--- a/usr/local/www/system_gateway_groups_edit.php
+++ b/usr/local/www/system_gateway_groups_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-gateways-editgatewaygroups
+##|*NAME=System: Gateways: Edit Gateway Groups page
+##|*DESCR=Allow access to the 'System: Gateways: Edit Gateway Groups' page.
+##|*MATCH=system_gateway_groups_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_item']))
diff --git a/usr/local/www/system_gateways.php b/usr/local/www/system_gateways.php
index 7bc9142..9a678c3 100755
--- a/usr/local/www/system_gateways.php
+++ b/usr/local/www/system_gateways.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-gateways
+##|*NAME=System: Gateways page
+##|*DESCR=Allow access to the 'System: Gateways' page.
+##|*MATCH=system_gateways.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_item']))
diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php
index 4156066..76c0b9e 100755
--- a/usr/local/www/system_gateways_edit.php
+++ b/usr/local/www/system_gateways_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-gateways-editgateway
+##|*NAME=System: Gateways: Edit Gateway page
+##|*DESCR=Allow access to the 'System: Gateways: Edit Gateway' page.
+##|*MATCH=system_gateways_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['gateways']['gateway_item']))
diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php
index 48f3a7b..e79a77f 100644
--- a/usr/local/www/system_groupmanager.php
+++ b/usr/local/www/system_groupmanager.php
@@ -3,6 +3,9 @@
 	$Id: system_groupmanager.php 
 	part of m0n0wall (http://m0n0.ch/wall)
 
+	Copyright (C) 2008 Shrew Soft Inc.
+	All rights reserved. 
+
 	Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
 	All rights reserved. 
 
@@ -31,202 +34,76 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
-require("guiconfig.inc");
+##|+PRIV
+##|*IDENT=page-system-groupmanager
+##|*NAME=System: Group manager page
+##|*DESCR=Allow access to the 'System: Group manager' page.
+##|*MATCH=system_groupmanager.php*
+##|-PRIV
 
-$pgtitle = array("System", "Group manager");
 
-// Returns an array of pages with their descriptions
-function getAdminPageList() {
-	global $g;
-	global $config;
-	
-    $tmp = Array();
-
-    if ($dir = opendir($g['www_path'])) {
-		while($file = readdir($dir)) {
-	    	// Make sure the file exists
-	    	if($file != "." && $file != ".." && $file[0] != '.') {
-	    		// Is this a .php file?
-	    		if (fnmatch('*.php',$file)) {
-	    			// Read the description out of the file
-		    		$contents = file_get_contents($file);
-		    		// Looking for a line like:
-		    		// $pgtitle = array("System", "Group manager");
-		    		$offset = strpos($contents,'$pgtitle');
-		    		$titlepos = strpos($contents,'(',$offset);
-		    		$titleendpos = strpos($contents,')',$titlepos);
-		    		if (($offset > 0) && ($titlepos > 0) && ($titleendpos > 0)) {
-		    			// Title found, extract it
-		    			$title = str_replace(',',': ',str_replace(array('"'),'',substr($contents,++$titlepos,($titleendpos - $titlepos))));
-		    			$tmp[$file] = trim($title);
-		    		}
-		    		else {
-		    			$tmp[$file] = '';
-		    		}
-	    		
-	    		}
-	        }
-		}
+require("guiconfig.inc");
 
-        closedir($dir);
-        
-        // Sets Interfaces:Optional page that didn't read in properly with the above method,
-        // and pages that don't have descriptions.
-        $tmp['interfaces_opt.php'] = "Interfaces: Optional";
-        $tmp['graph.php'] = "Diagnostics: Interface Traffic";
-        $tmp['graph_cpu.php'] = "Diagnostics: CPU Utilization";
-        $tmp['exec.php'] = "Command";
-        $tmp['exec_raw.php'] = "Hidden: Exec Raw";
-        $tmp['status.php'] = "Hidden: Detailed Status";
-        $tmp['uploadconfig.php'] = "Hidden: Upload Configuration";
-        $tmp['index.php'] = "*After Login/Dashboard";
-        $tmp['system_usermanager.php'] = "*User Password change portal";
-        $tmp['diag_logs_settings.php'] = "Diagnostics: Logs: Settings";
-        $tmp['diag_logs_vpn.php'] = "Diagnostics: Logs: PPTP VPN";
-        $tmp['diag_logs_filter.php'] = "Diagnostics: Logs: Firewall";
-        $tmp['diag_logs_portal.php'] = "Diagnostics: Logs: Captive Portal";
-        $tmp['diag_logs_dhcp.php'] = "Diagnostics: Logs: DHCP";
-        $tmp['diag_logs.php'] = "Diagnostics: Logs: System";
-
-		$tmp['cg2.php'] = "CoreGUI GUI Manager";
-        
-        unset($tmp['system_groupmanager_edit.php']);
-        unset($tmp['firewall_rules_schedule_logic.php']);
-        unset($tmp['status_rrd_graph_img.php']);
-        unset($tmp['diag_new_states.php']);
-        unset($tmp['system_usermanager_edit.php']);
-        
-        $tmp['pkg.php'] = "{$g['product_name']} Package manager";
-        $tmp['pkg_edit.php'] = "{$g['product_name']} Package manager edit";
-        $tmp['wizard.php'] = "{$g['product_name']} wizard subsystem";
-        $tmp['graphs.php'] = "Graphing subsystem";
-        $tmp['headjs.php'] = "*Required for javascript";
-
-		$tmp['ifstats.php'] = ("*Hidden: XMLRPC Interface Stats");
-		$tmp['license.php'] = ("*System: License");
-		$tmp['progress.php'] = ("*Hidden: No longer included");
-		$tmp['diag_logs_filter_dynamic.php'] = ("*Hidden: No longer included"); 
-		$tmp['preload.php'] = ("*Hidden: XMLRPC Preloader");
-		$tmp['xmlrpc.php'] = ("*Hidden: XMLRPC Library");        
-		
-		$tmp['functions.inc.php'] = ("Hidden: Ajax Helper 1");
-		$tmp['javascript.inc.php'] = ("Hidden: Ajax Helper 2 ");
-		$tmp['sajax.class.php'] = ("Hidden: Ajax Helper 3");
-
-		/* custom pkg.php items */
-		$tmp['pkg.php?xml=openvpn.xml'] = ("VPN: OpenVPN");
-		$tmp['pkg_edit.php?xml=carp_settings.xml&id=0'] = ("Services: CARP Settings: Edit");
-		$tmp['pkg_edit.php?xml=olsrd.xml&id=0'] = ("Services: OLSR");
-		$tmp['pkg_edit.php?xml=openntpd.xml&id=0'] = ("Services: NTP Server");
-		
-		$tmp['system_usermanager_settings_test.php'] = ("System: User Manager: Settings: Test LDAP");
-		
-		/*  unset older openvpn scripts, we have a custom version
-		 *  included in CoreGUI */
-	 	unset($tmp['vpn_openvpn.php']);
-		unset($tmp['vpn_openvpn_crl.php']);
-		unset($tmp['vpn_openvpn_ccd.php']);
-		unset($tmp['vpn_openvpn_srv.php']);
-		unset($tmp['vpn_openvpn_cli.php']);
-		unset($tmp['vpn_openvpn_ccd_edit.php']);
-		unset($tmp['phpconfig.php']);
-		unset($tmp['system_usermanager_settings_ldapacpicker.php']);
-		
-        unset($tmp['progress.php']);
-        unset($tmp['stats.php']);
-        unset($tmp['phpinfo.php']);
-        unset($tmp['preload.php']);
-        
-        // Add appropriate descriptions for extensions, if they exist
-        if(file_exists("extensions.inc")){
-	   	   include("extensions.inc");
-		}
-		
-		/* firewall rule view and edit entries for lan, wan, optX */
-		$iflist = get_configured_interface_list(false, true);
-
-		// Firewall Rules
-		foreach ($iflist as $ifent => $ifname) {
-			$entryname = "firewall_rules.php?if={$ifname}";
-	        $tmp[$entryname] = ("Firewall: Rules: " . strtoupper($ifname));
-			$entryname = "firewall_rules_edit.php?if={$ifname}";
-	        $tmp[$entryname] = ("Firewall: Rules: Edit: " . strtoupper($ifname));
-		}
+$pgtitle = array("System", "Group manager");
 
-		/* additional firewal rules tab entries */
-		$entryname = "firewall_rules_edit.php?if=enc0";
-        $tmp[$entryname] = "Firewall: Rules: Edit: IPsec";
+if (!is_array($config['system']['group']))
+	$config['system']['group'] = array();
 
-		$entryname = "firewall_rules_edit.php?if=pptp";
-        $tmp[$entryname] = "Firewall: Rules: Edit: PPTP";
+admin_groups_sort();
+$a_group = &$config['system']['group'];
 
-		$entryname = "firewall_rules_edit.php?if=pppoe";
-        $tmp[$entryname] = "Firewall: Rules: Edit: PPPoE";
+$id = $_GET['id'];
+if (isset($_POST['id']))
+	$id = $_POST['id'];
 
-		// User manager
-		$entryname = "system_usermanager.php";
-		$tmp[$entryname] = "System: Change Password";
+if ($_GET['act'] == "delgroup") {
 
-		// User manager
-		$entryname = "system_usermanager";
-		$tmp[$entryname] = "System: User Manager";
+	if (!$a_group[$_GET['id']]) {
+		pfSenseHeader("system_groupmanager.php");
+		exit;
+	}
 
-		// NAT Items
-		foreach ($iflist as $ifent => $ifname) {
-			$entryname = "firewall_nat.php?if={$ifname}";
-	        $tmp[$entryname] = ("Firewall: NAT: Port Forward " . strtoupper($ifname));
-			$entryname = "firewall_nat_edit.php?if={$ifname}";
-	        $tmp[$entryname] = ("Firewall: NAT: Port Forward: Edit: " . strtoupper($ifname));
-		}
-		/* additional nat tab entries */
-		$entryname = "firewall_nat_edit.php?if=enc0";
-        $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: IPsec";
-        
-		$entryname = "firewall_nat_edit.php?if=pptp";
-        $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: PPTP";
-
-		$entryname = "firewall_nat_edit.php?if=pppoe";
-        $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: PPPoE";
-
-        asort($tmp);
-        return $tmp;
-    }
+	del_local_group($a_group[$_GET['id']]);
+	$groupdeleted = $a_group[$_GET['id']]['name'];
+	unset($a_group[$_GET['id']]);
+	write_config();
+	$savemsg = gettext("Group")." {$groupdeleted} ".
+				gettext("successfully deleted")."<br/>";
 }
 
-// Get a list of all admin pages & Descriptions
-$pages = getAdminPageList();
+if ($_GET['act'] == "delpriv") {
 
-if (!is_array($config['system']['group'])) {
-	$config['system']['group'] = array();
-}
-admin_groups_sort();
-$a_group = &$config['system']['group'];
+	if (!$a_group[$_GET['id']]) {
+		pfSenseHeader("system_groupmanager.php");
+		exit;
+	}
 
-$id = $_GET['id'];
-if (isset($_POST['id']))
-	$id = $_POST['id'];
-	
-if ($_GET['act'] == "del") {
-	if ($a_group[$_GET['id']]) {
-		del_local_group($a_group[$_GET['id']]);
-   		unset($a_group[$_GET['id']]);
-       	write_config();
-	    header("Location: system_groupmanager.php");
-	    exit;
+	$privdeleted = $priv_list[$a_group[$id]['priv'][$_GET['privid']]]['name'];
+	unset($a_group[$id]['priv'][$_GET['privid']]);
+
+	foreach ($a_group[$id]['member'] as $uid) {
+		$user = getUserEntryByUID($uid);
+		if ($user)
+			set_local_user($user);
 	}
-}	
+
+	write_config();
+	$_GET['act'] = "edit";
+	$savemsg = gettext("Privilege")." {$privdeleted} ".
+				gettext("successfully deleted")."<br/>";
+}
 
 if($_GET['act']=="edit"){
 	if (isset($id) && $a_group[$id]) {
 		$pconfig['name'] = $a_group[$id]['name'];
+		$pconfig['gid'] = $a_group[$id]['gid'];
+		$pconfig['gtype'] = $a_group[$id]['scope'];
 		$pconfig['description'] = $a_group[$id]['description'];
-		if (is_array($a_group[$id]['pages']))
-			$pconfig['pages'] = $a_group[$id]['pages'];
-		else
-			$pconfig['pages'] = array();
+		$pconfig['members'] = $a_group[$id]['member'];
+		$pconfig['priv'] = $a_group[$id]['priv'];
 	}
 }
-	
+
 if ($_POST) {
 
 	unset($input_errors);
@@ -259,14 +136,8 @@ if ($_POST) {
 		$group['name'] = $_POST['groupname'];
 		$group['description'] = $_POST['description'];
 
-		unset($group['pages']);
-		foreach ($pages as $fname => $title) {
-			$identifier = str_replace('.php','XXXUMXXX',$fname);
-			$identifier = str_replace('.','XXXDOTXXX',$identifier);
-			if ($_POST[$identifier] == 'yes') {
-				$group['pages'][] = $fname;
-			}
-		}
+		if ($group['gid'] != 1998) // all group
+			$group['member'] = $_POST['members'];
 
 		if (isset($id) && $a_group[$id])
 			$a_group[$id] = $group;
@@ -288,8 +159,59 @@ include("head.inc");
 ?>
 
 <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php include("fbegin.inc"); ?>
+<script language="JavaScript">
+<!--
+
+function setall_selected(id) {
+	selbox = document.getElementById(id);
+	count = selbox.options.length;
+	for (index = 0; index<count; index++)
+		selbox.options[index].selected = true;
+}
+
+function clear_selected(id) {
+	selbox = document.getElementById(id);
+	count = selbox.options.length;
+	for (index = 0; index<count; index++)
+		selbox.options[index].selected = false;
+}
+
+function remove_selected(id) {
+	selbox = document.getElementById(id);
+	index = selbox.options.length - 1;
+	for (; index >= 0; index--)
+		if (selbox.options[index].selected)
+			selbox.remove(index);
+}
+
+function copy_selected(srcid, dstid) {
+	src_selbox = document.getElementById(srcid);
+	dst_selbox = document.getElementById(dstid);
+	count = src_selbox.options.length;
+	for (index = 0; index < count; index++) {
+		if (src_selbox.options[index].selected) {
+			option = document.createElement('option');
+			option.text = src_selbox.options[index].text;
+			option.value = src_selbox.options[index].value;
+			dst_selbox.add(option, null);
+		}
+	}
+}
+
+function move_selected(srcid, dstid) {
+	copy_selected(srcid, dstid);
+	remove_selected(srcid);
+}
+
+function presubmit() {
+	clear_selected('notmembers');
+	setall_selected('members');
+}
+
+//-->
+</script>
 <?php
-	include("fbegin.inc");
 	if ($input_errors)
 		print_input_errors($input_errors);
 	if ($savemsg)
@@ -302,7 +224,7 @@ include("head.inc");
 			<?php 
 				$tab_array = array();
 				$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
-				$tab_array[] = array(gettext("Group"), true, "system_groupmanager.php");
+				$tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php");
 				$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
 				display_top_tabs($tab_array);
 			?>
@@ -327,70 +249,134 @@ include("head.inc");
 						el.elements[i].checked = false;
 				}
 			</script>
-			<form action="system_groupmanager.php" method="post" name="iform" id="iform">
+			<form action="system_groupmanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
 				<table width="100%" border="0" cellpadding="6" cellspacing="0">
+                    <?php
+                        $ro = "";
+                        if ($pconfig['gtype'] == "system")
+                            $ro = "readonly = \"readonly\"";
+                    ?>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
+						<td width="78%" class="vtable">
+							<strong><?=strtoupper($pconfig['gtype']);?></strong>
+							<input name="gtype" type="hidden" value="<?=$pconfig['gtype']?>"/>
+						</td>
+					</tr>
 					<tr> 
 						<td width="22%" valign="top" class="vncellreq">Group name</td>
 						<td width="78%" class="vtable"> 
-							<input name="groupname" type="text" class="formfld" id="groupname" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"> 
+							<input name="groupname" type="text" class="formfld group" id="groupname" size="20" value="<?=htmlspecialchars($pconfig['name']);?>" <?=$ro;?>> 
 						</td>
 					</tr>
 					<tr> 
 						<td width="22%" valign="top" class="vncell">Description</td>
 						<td width="78%" class="vtable"> 
-							<input name="description" type="text" class="formfld" id="description" size="20" value="<?=htmlspecialchars($pconfig['description']);?>">
+							<input name="description" type="text" class="formfld unknown" id="description" size="20" value="<?=htmlspecialchars($pconfig['description']);?>">
 							<br>
 							Group description, for your own information only
 						</td>
 					</tr>
+
+					<?php if ($pconfig['gid'] != 1998): // all users group ?>
+
 					<tr>
-						<td colspan="4">
-							<br>
-							Select that pages that this group may access.
-							Members of this group will be able to perform
-							all actions that are possible from each
-							individual web page. Ensure you set access
-							levels appropriately.<br>
-							<br>
-							<span class="vexpl">
-								<span class="red">
-									<strong>&nbsp;Note:</strong>
-								</span>
-								Pages marked with an * are strongly recommended
-								for every group.
-							</span>
-						</td>
-					</tr>
-					<tr>
-						<td colspan="4">
-							<input type="button" name="types[]" value="Check All" onClick="checkall(); return false;"> 
-							<input type="button" name="types[]" value="Check None" onClick="checknone(); return false;">
+						<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
+						<td width="78%" class="vtable" align="center">
+							<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+								<tr>
+									<td align="center" width="50%">
+										<strong>Not Members</strong><br/>
+										<br/>
+											<select size="10" style="width: 75%" name="notmembers[]" class="formselect" id="notmembers" onChange="clear_selected('members')" multiple>
+											<?php
+												foreach ($config['system']['user'] as $user):
+													if (in_array($user['uid'],$pconfig['members']))
+														continue;
+											?>
+											<option value="<?=$user['uid'];?>" <?=$selected;?>>
+												<?=htmlspecialchars($user['name']);?>
+											</option>
+											<?php endforeach; ?>
+										</select>
+										<br/>
+									</td>
+									<td>
+										<br/>
+										<a href="javascript:move_selected('notmembers','members')">
+											<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="Add Members" alt="Add Members" width="17" height="17" border="0" />
+										</a>
+										<br/><br/>
+										<a href="javascript:move_selected('members','notmembers')">
+											<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="Remove Members" alt="Remove Members" width="17" height="17" border="0" />
+										</a>
+									</td>
+									<td align="center" width="50%">
+										<strong>Members</strong><br/>
+										<br/>
+										<select size="10" style="width: 75%" name="members[]" class="formselect" id="members" onChange="clear_selected('notmembers')" multiple>
+											<?php
+												foreach ($config['system']['user'] as $user):
+													if (!in_array($user['uid'],$pconfig['members']))
+														continue;
+											?>
+											<option value="<?=$user['uid'];?>">
+												<?=htmlspecialchars($user['name']);?>
+											</option>
+											<?php endforeach; ?>
+										</select>
+										<br/>
+									</td>
+								</tr>
+							</table>
+							<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
 						</td>
 					</tr>
+
+					<?php endif; ?>
+
 					<tr>
-						<td colspan="2">
-							<table width="100%" border="0" cellpadding="0" cellspacing="0">
+						<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
+						<td width="78%" class="vtable">
+							<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
 								<tr>
-									<td class="listhdrr">&nbsp;</td>
-									<td class="listhdrr">Page Description</td>
-									<td class="listhdr">Filename</td>
+									<td width="40%" class="listhdrr"><?=gettext("Name");?></td>
+									<td width="60%" class="listhdrr"><?=gettext("Description");?></td>
+									<td class="list"></td>
+								</tr>
+								<?php
+									if(is_array($pconfig['priv'])):
+										$i = 0;
+										foreach ($pconfig['priv'] as $priv):
+								?>
+								<tr>
+									<td class="listr">
+										<?=htmlspecialchars($priv_list[$priv]['name']);?>
+									</td>
+									<td class="listbg">
+										<font color="#FFFFFF">
+											<?=htmlspecialchars($priv_list[$priv]['descr']);?>
+										</font>
+									</td>
+									<td valign="middle" nowrap class="list">
+										<a href="system_groupmanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
+											<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
+										</a>
+									</td>
 								</tr>
-								<?php 
-									foreach ($pages as $fname => $title):
-										$identifier = str_replace('.php','XXXUMXXX',$fname);
-										$identifier = str_replace('.','XXXDOTXXX',$identifier);
-										$checked = "";
-										if (in_array($fname,$pconfig['pages']))
-											$checked = "checked";
+								<?php
+										$i++;
+                      					endforeach;
+									endif;
 								?>
 								<tr>
-									<td class="listlr">
-										<input class="check" name="<?=$identifier?>" type="checkbox" id="<?=$identifier?>" value="yes" <?=$checked;?>>
+									<td class="list" colspan="2"></td>
+									<td class="list">
+										<a href="system_groupmanager_addprivs.php?groupid=<?=$id?>">
+											<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
+										</a>
 									</td>
-									<td class="listr"><?=$title?></td>
-									<td class="listr"><?=$fname?></td>
 								</tr>
-								<?php endforeach; ?>
 							</table>
 						</td>
 					</tr>
@@ -400,7 +386,8 @@ include("head.inc");
 							<input name="save" type="submit" class="formbtn" value="Save"> 
 							<?php if (isset($id) && $a_group[$id]): ?>
 							<input name="id" type="hidden" value="<?=$id;?>">
-							<?php endif; ?>                
+							<input name="gid" type="hidden" value="<?=$pconfig['gid'];?>">
+							<?php endif; ?>
 						</td>
 					</tr>
 				</table>
@@ -412,27 +399,38 @@ include("head.inc");
 				<tr>
 					<td width="25%" class="listhdrr">Group name</td>
 					<td width="25%" class="listhdrr">Description</td>
-					<td width="15%" class="listhdrr">Member Count</td>
-					<td width="15%" class="listhdrr">Pages Accessible</td>
+					<td width="30%" class="listhdrr">Member Count</td>
 					<td width="10%" class="list"></td>
 				</tr>
 				<?php
 					$i = 0;
 					foreach($a_group as $group):
+
+						if($group['scope'] == "system")
+							$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group-grey.png";
+						else
+							$grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group.png";
 				?>
 				<tr>
 					<td class="listlr">
-						<?=htmlspecialchars($group['name']); ?>&nbsp;
+						<table border="0" cellpadding="0" cellspacing="0">
+							<tr>
+								<td align="left" valign="center">
+									<img src="<?=$grpimg;?>" alt="User" title="User" border="0" height="16" width="16" />
+								</td>
+								</td>
+								<td align="left" valign="middle">
+									<?=htmlspecialchars($group['name']); ?>&nbsp;
+								</td>
+							</tr>
+						</table>
 					</td>
 					<td class="listr">
 						<?=htmlspecialchars($group['description']);?>&nbsp;
 					</td>
-					<td class="listr">
-						<?=count($group['member'])?>
-					</td>
 					<td class="listbg">
 						<font color="white">
-							<?=count($group['pages']);?>
+							<?=count($group['member'])?>
 						</font>
 					</td>
 					<td valign="middle" nowrap class="list">
@@ -440,9 +438,11 @@ include("head.inc");
 							<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="edit group" width="17" height="17" border="0">
 						</a>
 						&nbsp;
-						<a href="system_groupmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this group?')">
+						<?php if($group['scope'] != "system"): ?>
+						<a href="system_groupmanager.php?act=delgroup&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this group?')">
 							<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="delete group" width="17" height="17" border="0">
 						</a>
+						<?php endif; ?>
 					</td>
 				</tr>
 				<?php
@@ -450,7 +450,7 @@ include("head.inc");
 					endforeach;
 				?>
 				<tr> 
-					<td class="list" colspan="4"></td>
+					<td class="list" colspan="3"></td>
 					<td class="list">
 						<a href="system_groupmanager.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="add group" width="17" height="17" border="0">
 						</a>
diff --git a/usr/local/www/system_groupmanager_addprivs.php b/usr/local/www/system_groupmanager_addprivs.php
new file mode 100644
index 0000000..6c808be
--- /dev/null
+++ b/usr/local/www/system_groupmanager_addprivs.php
@@ -0,0 +1,182 @@
+<?php
+/* $Id$ */
+/*
+	system_groupmanager_addprivs.php
+
+	Copyright (C) 2006 Daniel S. Haischt.
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+##|+PRIV
+##|*IDENT=page-system-groupmanager-addprivs
+##|*NAME=System: Group Manager: Add Privileges page
+##|*DESCR=Allow access to the 'System: Group Manager: Add Privileges' page.
+##|*MATCH=system_groupmanager_addprivs.php*
+##|-PRIV
+
+
+require("guiconfig.inc");
+
+$pgtitle = array("System","Group manager","Add privileges");
+
+$groupid = $_GET['groupid'];
+if (isset($_POST['groupid']))
+	$groupid = $_POST['groupid'];
+
+admin_groups_sort();
+$a_group = & $config['system']['group'][$groupid];
+
+if (!is_array($a_group)) {
+	pfSenseHeader("system_groupmanager.php?id={$groupid}");
+	exit;
+}
+
+if (!is_array($a_group['priv']))
+	$a_group['priv'] = array();
+
+if ($_POST) {
+
+	unset($input_errors);
+	$pconfig = $_POST;
+
+	/* input validation */
+	$reqdfields = explode(" ", "sysprivs");
+	$reqdfieldsn = explode(",", "Selected priveleges");
+
+	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+	/* if this is an AJAX caller then handle via JSON */
+	if(isAjax() && is_array($input_errors)) {
+		input_errors2Ajax($input_errors);
+		exit;
+	}
+
+	if (!$input_errors) {
+
+		if (!is_array($pconfig['sysprivs']))
+			$pconfig['sysprivs'] = array();
+
+		if (!count($a_group['priv']))
+			$a_group['priv'] = $pconfig['sysprivs'];
+		else
+			$a_group['priv'] = array_merge($a_group['priv'], $pconfig['sysprivs']);
+
+		foreach ($a_group['member'] as $uid) {
+			$user = getUserEntryByUID($uid);
+			if ($user)
+				set_local_user($user);
+		}
+
+		$retval = write_config();
+		$savemsg = get_std_save_message($retval);
+
+		pfSenseHeader("system_groupmanager.php?act=edit&id={$groupid}");
+		exit;
+	}
+}
+
+/* if ajax is calling, give them an update message */
+if(isAjax())
+	print_info_box_np($savemsg);
+
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php include("fbegin.inc"); ?>
+<script type="text/javascript">
+<!--
+
+<?php
+
+if (is_array($priv_list)) {
+	$id = 0;
+
+	$jdescs = "var descs = new Array();\n";
+	foreach($priv_list as $pname => $pdata) {
+		if (in_array($pname, $a_group['priv']))
+			continue;
+		$desc = addslashes($pdata['descr']);
+		$jdescs .= "descs[{$id}] = '{$desc}';\n";
+		$id++;
+	}
+
+	echo $jdescs;
+}
+
+?>
+
+function update_description() {
+	var index = document.iform.sysprivs.selectedIndex;
+	document.getElementById("pdesc").innerHTML = descs[index];
+}
+
+//-->
+</script>
+<?php
+	if ($input_errors)
+		print_input_errors($input_errors);
+	if ($savemsg)
+		print_info_box($savemsg);
+?>
+	<form action="system_groupmanager_addprivs.php" method="post" name="iform" id="iform">
+		<div id="inputerrors"></div>
+		<table width="100%" border="0" cellpadding="6" cellspacing="0">
+			<tr>
+				<td width="22%" valign="top" class="vncellreq"><?=gettext("System Privileges");?></td>
+				<td width="78%" class="vtable">
+					<select name="sysprivs[]" id="sysprivs" class="formselect" onchange="update_description();" multiple>
+						<?php
+							foreach($priv_list as $pname => $pdata):
+								if (in_array($pname, $a_group['priv']))
+									continue;
+						?>
+						<option value="<?=$pname;?>"><?=$pdata['name'];?></option>
+						<?php endforeach; ?>
+					</select>
+					<br/>
+					<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
+				</td>
+			</tr>
+			<tr height="60">
+				<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
+				<td width="78%" valign="top" class="vtable" id="pdesc">
+					<em>Select a privilege from the list above for a description</em>
+				</td>
+			</tr>
+			<tr>
+				<td width="22%" valign="top">&nbsp;</td>
+				<td width="78%">
+					<input id="submitt"  name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
+					<input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
+					<?php if (isset($groupid)): ?>
+					<input name="groupid" type="hidden" value="<?=$groupid;?>" />
+					<?php endif; ?>
+				</td>
+			</tr>
+		</table>
+	</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/usr/local/www/system_routes.php b/usr/local/www/system_routes.php
index a51e416..0c2175a 100755
--- a/usr/local/www/system_routes.php
+++ b/usr/local/www/system_routes.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-staticroutes
+##|*NAME=System: Static Routes page
+##|*DESCR=Allow access to the 'System: Static Routes' page.
+##|*MATCH=system_routes.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['staticroutes']['route']))
diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php
index 16ef541..d0cd5ef 100755
--- a/usr/local/www/system_routes_edit.php
+++ b/usr/local/www/system_routes_edit.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-staticroutes-editroute
+##|*NAME=System: Static Routes: Edit route page
+##|*DESCR=Allow access to the 'System: Static Routes: Edit route' page.
+##|*MATCH=system_routes_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['staticroutes']['route']))
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 0c440b0..791fae6 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -4,6 +4,9 @@
     system_usermanager.php
     part of m0n0wall (http://m0n0.ch/wall)
 
+    Copyright (C) 2008 Shrew Soft Inc.
+    All rights reserved.
+
     Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>.
     All rights reserved.
 
@@ -32,6 +35,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-usermanager
+##|*NAME=System: User Manager page
+##|*DESCR=Allow access to the 'System: User Manager' page.
+##|*MATCH=system_usermanager.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (isAllowedPage("system_usermanager")) {
@@ -47,32 +58,38 @@ if (isAllowedPage("system_usermanager")) {
 		$config['system']['user'] = array();
 
 	admin_users_sort();
-	if (is_array($config['system']['user'])) 
-		$a_user = &$config['system']['user'];
-	$t_privs = $a_user[$id]['priv'];
+	$a_user = &$config['system']['user'];
 
-	if ($_GET['act'] == "del") {
+	if ($_GET['act'] == "deluser") {
 
-		if (($_GET['what'] == "user") && $a_user[$_GET['id']]) {
-			del_local_user($a_user[$_GET['id']]);
-			$userdeleted = $a_user[$_GET['id']]['name'];
-			unset($a_user[$_GET['id']]);
-			write_config();
-			$retval = system_password_configure();
-			$savemsg = gettext("User")." {$userdeleted} ".
-						gettext("successfully deleted")."<br/>";
+		if (!$a_user[$_GET['id']]) {
+			pfSenseHeader("system_usermanager.php");
+			exit;
 		}
 
-		if (($_GET['what'] == "priv") && $t_privs[$_GET['privid']]) {
- 			$privdeleted = $t_privs[$_GET['privid']]['id'];
- 			unset($a_user[$id]['priv'][$_GET['privid']]);
-			write_config();
-			unset($t_privs[$_GET['privid']]);
-			$_GET['act'] = "edit";
-			$savemsg = gettext("Privilege")." {$privdeleted} ".
-						gettext("of user")." {$a_user[$_GET['id']]['name']} ".
-						gettext("successfully deleted")."<br/>";
+		del_local_user($a_user[$_GET['id']]);
+		$userdeleted = $a_user[$_GET['id']]['name'];
+		unset($a_user[$_GET['id']]);
+		write_config();
+		$retval = system_password_configure();
+		$savemsg = gettext("User")." {$userdeleted} ".
+					gettext("successfully deleted")."<br/>";
+	}
+
+	if ($_GET['act'] == "delpriv") {
+
+		if (!$a_user[$_GET['id']]) {
+			pfSenseHeader("system_usermanager.php");
+			exit;
 		}
+
+		$privdeleted = $priv_list[$a_user[$id]['priv'][$_GET['privid']]]['name'];
+		unset($a_user[$id]['priv'][$_GET['privid']]);
+		write_config();
+		unset($t_privs[$_GET['privid']]);
+		$_GET['act'] = "edit";
+		$savemsg = gettext("Privilege")." {$privdeleted} ".
+					gettext("successfully deleted")."<br/>";
 	}
 
 	if ($_GET['act'] == "edit") {
@@ -83,6 +100,7 @@ if (isAllowedPage("system_usermanager")) {
 			$pconfig['utype'] = $a_user[$id]['scope'];
 			$pconfig['uid'] = $a_user[$id]['uid'];
 			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
+			$pconfig['priv'] = $a_user[$id]['priv'];
 		}
 	}
 
@@ -154,9 +172,6 @@ if (isAllowedPage("system_usermanager")) {
 
 			isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
 
-			if ($_POST['passwordfld1'])
-				 set_local_user_password($userent, $_POST['passwordfld1']);
-
 			if(isset($config['system']['ssh']['sshdkeyonly']))
 				$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
 
@@ -167,7 +182,7 @@ if (isAllowedPage("system_usermanager")) {
 				$a_user[] = $userent;
 			}
 
-			set_local_user($userent);
+			set_local_user($userent, $_POST['passwordfld1']);
 			set_local_user_groups($userent,$_POST['groups']);
 			write_config();
 			$retval = system_password_configure();
@@ -180,8 +195,59 @@ if (isAllowedPage("system_usermanager")) {
 ?>
 
 <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php include("fbegin.inc"); ?>
+<script language="JavaScript">
+<!--
+
+function setall_selected(id) {
+	selbox = document.getElementById(id);
+	count = selbox.options.length;
+	for (index = 0; index<count; index++)
+		selbox.options[index].selected = true;
+}
+
+function clear_selected(id) {
+	selbox = document.getElementById(id);
+	count = selbox.options.length;
+	for (index = 0; index<count; index++)
+		selbox.options[index].selected = false;
+}
+
+function remove_selected(id) {
+	selbox = document.getElementById(id);
+	index = selbox.options.length - 1;
+	for (; index >= 0; index--)
+		if (selbox.options[index].selected)
+			selbox.remove(index);
+}
+
+function copy_selected(srcid, dstid) {
+	src_selbox = document.getElementById(srcid);
+	dst_selbox = document.getElementById(dstid);
+	count = src_selbox.options.length;
+	for (index = 0; index < count; index++) {
+		if (src_selbox.options[index].selected) {
+			option = document.createElement('option');
+			option.text = src_selbox.options[index].text;
+			option.value = src_selbox.options[index].value;
+			dst_selbox.add(option, null);
+		}
+	}
+}
+
+function move_selected(srcid, dstid) {
+	copy_selected(srcid, dstid);
+	remove_selected(srcid);
+}
+
+function presubmit() {
+	clear_selected('notgroups');
+	setall_selected('groups');
+}
+
+//-->
+</script>
 <?php
-	include("fbegin.inc");
 	if ($input_errors)
 		print_input_errors($input_errors);
 	if ($savemsg)
@@ -193,7 +259,7 @@ if (isAllowedPage("system_usermanager")) {
 		<?php
 			$tab_array = array();
 			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
-			$tab_array[] = array(gettext("Group"), false, "system_groupmanager.php");
+			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
 			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
 			display_top_tabs($tab_array);
 		?>
@@ -204,13 +270,20 @@ if (isAllowedPage("system_usermanager")) {
 
 			<?php if ($_GET['act'] == "new" || $_GET['act'] == "edit" || $input_errors): ?>
 
-			<form action="system_usermanager.php" method="post" name="iform" id="iform">
+			<form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
 				<table width="100%" border="0" cellpadding="6" cellspacing="0">
 					<?php
 						$ro = "";
 						if ($pconfig['utype'] == "system")
 							$ro = "readonly = \"readonly\"";
 					?>
+                    <tr>
+                        <td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td>
+                        <td width="78%" class="vtable">
+                            <strong><?=strtoupper($pconfig['utype']);?></strong>
+							<input name="utype" type="hidden" value="<?=$pconfig['utype']?>"/>
+                        </td>
+                    </tr>
 					<tr>
 						<td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td>
 						<td width="78%" class="vtable">
@@ -237,128 +310,139 @@ if (isAllowedPage("system_usermanager")) {
 							<?=gettext("User's full name, for your own information only");?>
 						</td>
 					</tr>
+
+					<?php if (isset($config['system']['ssh']['sshdkeyonly'])): ?>
+
 					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("User type");?></td>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
 						<td width="78%" class="vtable">
-							<input name="utype" type="text" class="formfld unknown" id="utype" size="20" value="<?=htmlspecialchars($pconfig['utype']);?>" readonly="readonly" />
+							<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
 							<br/>
-							<?=gettext("Indicates whether this is a system (aka non-deletable) user or a user created by a particular user.");?>
+							<?=gettext("Paste an authorized keys file here.");?>
+						</td>
+					</tr>
+
+					<?php endif; ?>
+
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
+						<td width="78%" class="vtable" align="center">
+							<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+								<tr>
+									<td align="center" width="50%">
+										<strong>Not Member Of</strong><br/>
+										<br/>
+										<select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onChange="clear_selected('groups')" multiple>
+											<?php
+												foreach ($config['system']['group'] as $group):
+													if ($group['gid'] == 1998) /* all users group */
+														continue;
+													if (in_array($group['name'],$pconfig['groups']))
+														continue;
+											?>
+											<option value="<?=$group['name'];?>" <?=$selected;?>>
+												<?=htmlspecialchars($group['name']);?>
+											</option>
+											<?php endforeach; ?>
+										</select>
+										<br/>
+									</td>
+									<td>
+										<br/>
+										<a href="javascript:move_selected('notgroups','groups')">
+											<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="Add Groups" alt="Add Groups" width="17" height="17" border="0" />
+										</a>
+										<br/><br/>
+										<a href="javascript:move_selected('groups','notgroups')">
+											<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="Remove Groups" alt="Remove Groups" width="17" height="17" border="0" />
+										</a>
+									</td>
+									<td align="center" width="50%">
+										<strong>Member Of</strong><br/>
+										<br/>
+										<select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onChange="clear_selected('nogroups')" multiple>
+											<?php
+												foreach ($config['system']['group'] as $group):
+													if ($group['gid'] == 1998) /* all users group */
+														continue;
+													if (!in_array($group['name'],$pconfig['groups']))
+														continue;
+											?>
+											<option value="<?=$group['name'];?>">
+												<?=htmlspecialchars($group['name']);?>
+											</option>
+											<?php endforeach; ?>
+										</select>
+										<br/>
+									</td>
+								</tr>
+							</table>
+							<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
 						</td>
 					</tr>
 
 					<?php if ($pconfig['uid']): ?>
 
 					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("User Privileges");?></td>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td>
 						<td width="78%" class="vtable">
 							<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
 								<tr>
-									<td width="5%" class="listhdrr"><?=gettext("ID");?></td>
+									<td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td>
 									<td width="30%" class="listhdrr"><?=gettext("Name");?></td>
 									<td width="40%" class="listhdrr"><?=gettext("Description");?></td>
-									<td width="5%" class="list"></td>
+									<td class="list"></td>
 								</tr>
 								<?php
-									if(is_array($t_privs)):
+										
+									$privdesc = get_user_privdesc($a_user[$_GET['id']]);
+									if(is_array($privdesc)):
 										$i = 0;
-										foreach ($t_privs as $priv):
-											if($priv['id'] <> ""):
+										foreach ($privdesc as $priv):
+										$group = false;
+										if ($priv['group'])
+											$group = $priv['group'];
 								?>
 								<tr>
-									<td class="listlr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>>
-										<?=htmlspecialchars($priv['id']);?>
-									</td>
-									<td class="listr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>>
+									<td class="listlr"><?=$group;?></td>
+									<td class="listr">
 										<?=htmlspecialchars($priv['name']);?>
 									</td>
-									<td class="listbg" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>>
-										<font color="#FFFFFF"><?=htmlspecialchars($priv['descr']);?>&nbsp;</font>
+									<td class="listbg">
+										<font color="#FFFFFF">
+											<?=htmlspecialchars($priv['descr']);?>
+										</font>
 									</td>
 									<td valign="middle" nowrap class="list">
-										<?php if($a_user[$id]['scope'] == "user"): ?>
-										<table border="0" cellspacing="0" cellpadding="1">
-											<tr>
-												<td valign="middle">
-													<a href="system_usermanager_edit.php?id=<?=$i;?>&userid=<?= $id ?>&useract=<?= $_GET['act'] ?>">
-														<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="" />
-													</a>
-												</td>
-												<td valign="middle">
-													<a href="system_usermanager.php?act=del&privid=<?=$i;?>&what=priv&id=<?= $id ?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')">
-														<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
-													</a>
-												</td>
-											</tr>
-										</table>
+										<?php if (!$group): ?>
+										<a href="system_usermanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')">
+											<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" />
+										</a>
 										<?php endif; ?>
 									</td>
 								</tr>
 								<?php
-											endif;
-										$i++;
+										/* can only delete user priv indexes */
+										if (!$group)
+											$i++;
 										endforeach;
 									endif;
-										if ($a_user[$id]['scope'] == "user"):
 								?>
 								<tr>
 									<td class="list" colspan="3"></td>
 									<td class="list">
-										<table border="0" cellspacing="0" cellpadding="1">
-											<tr>
-												<td valign="middle">
-													<a href="system_usermanager_edit.php?userid=<?= $id ?>&useract=<?= $_GET['act'] ?>">
-														<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
-													</a>
-												</td>
-											</tr>
-										</table>
+										<a href="system_usermanager_addprivs.php?userid=<?=$id?>">
+											<img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" />
+										</a>
 									</td>
 								</tr>
-								<?php
-									endif;
-								?>
 							</table>
 						</td>
 					</tr>
 
 					<?php endif; ?>
-					<?php if (isset($config['system']['ssh']['sshdkeyonly'])): ?>
 
 					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td>
-						<td width="78%" class="vtable">
-							<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
-							<br/>
-							<?=gettext("Paste an authorized keys file here.");?>
-						</td>
-					</tr>
-
-					<?php endif; ?>
-
-					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td>
-						<td width="78%" class="vtable">
-							<select size="10" name="groups[]" class="formselect" id="groups" multiple>
-								<?php
-									foreach ($config['system']['group'] as $group):
-										if ($group['gid'] != 1998): /* all users group */
-											$selected = "";
-											if (in_array($group['name'],$pconfig['groups']))
-												$selected = "selected";
-								?>
-								<option value="<?=$group['name'];?>" <?=$selected;?>>
-									<?=htmlspecialchars($group['name']);?>
-								</option>
-								<?php
-										endif;
-									endforeach;
-								?>
-							</select>
-							<br/>
-							<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
-						</td>
-					</tr>
-					<tr>
 						<td width="22%" valign="top">&nbsp;</td>
 						<td width="78%">
 							<input id="submit" name="save" type="submit" class="formbtn" value="Save" />
@@ -371,7 +455,6 @@ if (isAllowedPage("system_usermanager")) {
 			</form>
 
 			<?php else: ?>
-
 			<table width="100%" border="0" cellpadding="0" cellspacing="0">
 				<tr>
 					<td width="25%" class="listhdrr">Username</td>
@@ -389,10 +472,10 @@ if (isAllowedPage("system_usermanager")) {
 							<tr>
 								<td align="left" valign="center">
 									<?php
-										if($userent['scope'] == "user")
-											$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
-										else
+										if($userent['scope'] != "user")
 											$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png";
+										else
+											$usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png";
 									?>
 									<img src="<?=$usrimg;?>" alt="User" title="User" border="0" height="16" width="16" />
 								</td>
@@ -413,9 +496,9 @@ if (isAllowedPage("system_usermanager")) {
 						<a href="system_usermanager.php?act=edit&id=<?=$i;?>">
 							<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="edit user" alt="edit user" width="17" height="17" border="0" />
 						</a>
-						<?php if($userent['scope'] == "user"): ?>
+						<?php if($userent['scope'] != "system"): ?>
 						&nbsp;
-						<a href="system_usermanager.php?act=del&what=user&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')">
+						<a href="system_usermanager.php?act=deluser&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')">
 							<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="delete user" alt="delete user" width="17" height="17" border="0" />
 						</a>
 						<?php endif; ?>
@@ -460,6 +543,7 @@ if (isAllowedPage("system_usermanager")) {
 } else {
 
 	// start normal user code
+
 	$pgtitle = array("System","User Password");
 
 	if (isset($_POST['save'])) {
@@ -542,30 +626,7 @@ if (isAllowedPage("system_usermanager")) {
 </body>
 
 <?php
-} // end of normal user code
 
-/*
- * NOTE : sections of the code below are based on the BSD
- *		  licensed CHAP.php courtesy of Michael Retterklieber.
- */
-function set_password_hashes(& $userent, $password) {
-
-	$userent['password'] = crypt($password);
-	$userent['md5-hash'] = md5($password);
-/*
- *	Waiting for mhash
- *
- *	// Converts ascii to unicode.
- *	$astr = (string) $password;
- *	$ustr = '';
- *	for ($i = 0; $i < strlen($astr); $i++) {
- *		$a = ord($astr{$i}) << 8;
- *		$ustr.= sprintf("%X", $a);
- *	}
- *
- *	// Generate the NT-HASH from the unicode string
- *	$userent['nt-hash'] = bin2hex(mhash(MHASH_MD4, $ustr));
- */
-}
+} // end of normal user code
 
 ?>
diff --git a/usr/local/www/system_usermanager_addprivs.php b/usr/local/www/system_usermanager_addprivs.php
new file mode 100644
index 0000000..61758b7
--- /dev/null
+++ b/usr/local/www/system_usermanager_addprivs.php
@@ -0,0 +1,181 @@
+<?php
+/* $Id$ */
+/*
+	system_usermanager_addprivs.php
+
+	Copyright (C) 2006 Daniel S. Haischt.
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+##|+PRIV
+##|*IDENT=page-system-usermanager-addprivs
+##|*NAME=System: User Manager: Add Privileges page
+##|*DESCR=Allow access to the 'System: User Manager: Add Privileges' page.
+##|*MATCH=system_usermanager_addprivs.php*
+##|-PRIV
+
+
+require("guiconfig.inc");
+
+$pgtitle = array("System","User manager","Add privileges");
+
+$userid = $_GET['userid'];
+if (isset($_POST['userid']))
+	$userid = $_POST['userid'];
+
+admin_users_sort();
+$a_user = & $config['system']['user'][$userid];
+if (!is_array($a_user)) {
+	pfSenseHeader("system_usermanager.php?id={$userid}");
+	exit;
+}
+
+if (!is_array($a_user)) {
+	pfSenseHeader("system_usermanager.php");
+	exit;
+}
+
+if (!is_array($a_user['priv']))
+	$a_user['priv'] = array();
+
+if ($_POST) {
+
+	unset($input_errors);
+	$pconfig = $_POST;
+
+	/* input validation */
+	$reqdfields = explode(" ", "sysprivs");
+	$reqdfieldsn = explode(",", "Selected priveleges");
+
+	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+	/* if this is an AJAX caller then handle via JSON */
+	if(isAjax() && is_array($input_errors)) {
+		input_errors2Ajax($input_errors);
+		exit;
+	}
+
+	if (!$input_errors) {
+
+		if (!is_array($pconfig['sysprivs']))
+			$pconfig['sysprivs'] = array();
+
+		if (!count($a_user['priv']))
+			$a_user['priv'] = $pconfig['sysprivs'];
+		else
+			$a_user['priv'] = array_merge($a_user['priv'], $pconfig['sysprivs']);
+
+		set_local_user($a_user);
+		$retval = write_config();
+		$savemsg = get_std_save_message($retval);
+
+		pfSenseHeader("system_usermanager.php?act=edit&id={$userid}");
+		exit;
+	}
+}
+
+/* if ajax is calling, give them an update message */
+if(isAjax())
+	print_info_box_np($savemsg);
+
+include("head.inc");
+?>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php include("fbegin.inc"); ?>
+<script type="text/javascript">
+<!--
+
+<?php
+
+if (is_array($priv_list)) {
+	$id = 0;
+
+	$jdescs = "var descs = new Array();\n";
+	foreach($priv_list as $pname => $pdata) {
+		if (in_array($pname, $a_user['priv']))
+			continue;
+		$desc = addslashes($pdata['descr']);
+		$jdescs .= "descs[{$id}] = '{$desc}';\n";
+		$id++;
+	}
+
+	echo $jdescs;
+}
+
+?>
+
+function update_description() {
+	var index = document.iform.sysprivs.selectedIndex;
+	document.getElementById("pdesc").innerHTML = descs[index];
+}
+
+//-->
+</script>
+<?php
+	if ($input_errors)
+		print_input_errors($input_errors);
+	if ($savemsg)
+		print_info_box($savemsg);
+?>
+	<form action="system_usermanager_addprivs.php" method="post" name="iform" id="iform">
+		<div id="inputerrors"></div>
+		<table width="100%" border="0" cellpadding="6" cellspacing="0">
+			<tr>
+				<td width="22%" valign="top" class="vncellreq"><?=gettext("System Privileges");?></td>
+				<td width="78%" class="vtable">
+					<select name="sysprivs[]" id="sysprivs" class="formselect" onchange="update_description();" multiple>
+						<?php
+							foreach($priv_list as $pname => $pdata):
+								if (in_array($pname, $a_user['priv']))
+									continue;
+						?>
+						<option value="<?=$pname;?>"><?=$pdata['name'];?></option>
+						<?php endforeach; ?>
+					</select>
+					<br/>
+					<?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?>
+				</td>
+			</tr>
+			<tr height="60">
+				<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
+				<td width="78%" valign="top" class="vtable" id="pdesc">
+					<em>Select a privilege from the list above for a description</em>
+				</td>
+			</tr>
+			<tr>
+				<td width="22%" valign="top">&nbsp;</td>
+				<td width="78%">
+					<input id="submitt"  name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
+					<input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
+					<?php if (isset($userid)): ?>
+					<input name="userid" type="hidden" value="<?=$userid;?>" />
+					<?php endif; ?>
+				</td>
+			</tr>
+		</table>
+	</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/usr/local/www/system_usermanager_edit.php b/usr/local/www/system_usermanager_edit.php
deleted file mode 100644
index af4a9b3..0000000
--- a/usr/local/www/system_usermanager_edit.php
+++ /dev/null
@@ -1,281 +0,0 @@
-<?php
-/* $Id$ */
-/*
-	system_usermanager_edit.php
-
-	Copyright (C) 2006 Daniel S. Haischt.
-	All rights reserved.
-
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-
-	1. Redistributions of source code must retain the above copyright notice,
-	   this list of conditions and the following disclaimer.
-
-	2. Redistributions in binary form must reproduce the above copyright
-	   notice, this list of conditions and the following disclaimer in the
-	   documentation and/or other materials provided with the distribution.
-
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require("guiconfig.inc");
-
-$pgtitle = array("System","User manager","Edit privilege");
-
-/*
-	NOTE: The following code presumes, that the following XML structure
-	exists or if it does not exist, it will be created.
-
-	<priv>
-		<id>fooid</id>
-		<name>foo</name>
-		<descr>foo desc</descr>
-	</priv>
-	<priv>
-		<id>barid</id>
-		<name>bar</name>
-		<descr>bar desc</descr>
-	</priv>
-*/
-
-$useract = $_GET['useract'];
-if (isset($_POST['useract']))
-	$useract = $_POST['useract'];
-
-/* USERID must be set no matter whether this is a new entry or an existing entry */
-$userid = $_GET['userid'];
-if (isset($_POST['userid']))
-	$userid = $_POST['userid'];
-
-/* ID is only set if the user wants to edit an existing entry */
-$id = $_GET['id'];
-if (isset($_POST['id']))
-	$id = $_POST['id'];
-
-if (empty($config['system']['user'][$userid])) {
-	pfSenseHeader("system_usermanager.php?id={$userid}&act={$_GET['useract']}");
-	exit;
-}
-
-if (!is_array($config['system']['user'][$userid]['priv']))
-	$config['system']['user'][$userid]['priv'] = array();
-
-$t_privs = &$config['system']['user'][$userid]['priv'];
-
-if (isset($id) && $t_privs[$id]) {
-	$pconfig['pid'] = $t_privs[$id]['id'];
-	$pconfig['pname'] = $t_privs[$id]['name'];
-	$pconfig['descr'] = $t_privs[$id]['descr'];
-} else {
-	$pconfig['pid'] = $_GET['pid'];
-	$pconfig['pname'] = $_GET['pname'];
-	$pconfig['descr'] = $_GET['descr'];
-}
-
-if ($_POST) {
-
-	unset($input_errors);
-	$pconfig = $_POST;
-
-	/* input validation */
-	$reqdfields = explode(" ", "pid pname");
-	$reqdfieldsn = explode(",", "ID, Privilege Name");
-
-	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
-	/* check for overlaps */
-	foreach ($t_privs as $priv) {
-		if (isset($id) && ($t_privs[$id]) && ($t_privs[$id] === $priv))
-			continue;
-		if ($priv['id'] == $pconfig['pid']) {
-			$input_errors[] = gettext("This privilege ID already exists.");
-			break;
-		}
-	}
-
-	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $userindex[$userid]['name']))
-		$input_errors[] = gettext("The username contains invalid characters " .
-								"((this means this user can't be used to create" .
-								" a shell account).");
-
-	/* if this is an AJAX caller then handle via JSON */
-	if(isAjax() && is_array($input_errors)) {
-		input_errors2Ajax($input_errors);
-		exit;
-	}
-
-	if (!$input_errors) {
-		$priv = array();
-		$priv['id'] = $pconfig['pid'];
-		$priv['name'] = $pconfig['pname'];
-		$priv['descr'] = $pconfig['descr'];
-
-		if (isset($id) && $t_privs[$id])
-			$t_privs[$id] = $priv;
-		else
-			$t_privs[] = $priv;
-	
-		set_local_user($config['system']['user'][$userid]);
-		write_config();
-
-		$retval = 0;
-		config_lock();
-		config_unlock();
-
-		$savemsg = get_std_save_message($retval);
-
-		pfSenseHeader("system_usermanager.php?id={$userid}&act={$useract}");
-		exit;
-	}
-}
-
-/* if ajax is calling, give them an update message */
-if(isAjax())
-	print_info_box_np($savemsg);
-
-include("head.inc");
-
-$jscriptstr = <<<EOD
-<script type="text/javascript">
-<!--
-
-  var privs = new Array();
-
-
-EOD;
-
-$privs =& getSystemPrivs();
-
-if (is_array($privs)) {
-  $id = 0;
-
-  $jscriptstr .= "privs[{$id}] = new Object();\n";
-  $jscriptstr .= "privs[{$id}]['id'] = 'custom';\n";
-  $jscriptstr .= "privs[{$id}]['name'] = '*** Custom privilege ***';\n";
-  $jscriptstr .= "privs[{$id}]['desc'] = 'This is your own, user defined privilege that you may change according to your requirements.';\n";
-  $id++;
-
-  foreach($privs as $priv){
-    $jscriptstr .= "privs[{$id}] = new Object();\n";
-    $jscriptstr .= "privs[{$id}]['id'] = '{$priv['id']}';\n";
-    $jscriptstr .= "privs[{$id}]['name'] = '{$priv['name']}';\n";
-    $jscriptstr .= "privs[{$id}]['desc'] = '{$priv['desc']}';\n";
-    $id++;
-  }
-}
-
-$jscriptstr .= <<<EOD
-  function setTextFields() {
-    var idx = document.iform.sysprivs.selectedIndex;
-    var value = document.iform.sysprivs.options[idx].value;
-
-    for (var i = 0; i < privs.length; i++) {
-      if (privs[i]['id'] == value && privs[i]['id'] != 'custom') {
-        document.iform.pid.value = privs[i]['id'];
-        document.iform.pid.readOnly = true;
-        document.iform.pname.value = privs[i]['name'];
-        document.iform.pname.readOnly = true;
-        document.iform.descr.value = privs[i]['desc'];
-        document.iform.descr.readOnly = true;
-        break;
-      } else if (privs[i]['id'] == value) {
-        document.iform.pid.value = privs[i]['id'];
-        document.iform.pid.readOnly = false;
-        document.iform.pname.value = privs[i]['name'];
-        document.iform.pname.readOnly = false;
-        document.iform.descr.value = privs[i]['desc'];
-        document.iform.descr.readOnly = false;
-        break;
-      }
-    }
-  }
-
-//-->
-</script>
-
-EOD;
-
-include("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>">
-<?php include("fbegin.inc"); ?>
-<?php echo $jscriptstr; ?>
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box($savemsg); ?>
-            <form action="system_usermanager_edit.php" method="post" name="iform" id="iform">
-            <div id="inputerrors"></div>
-              <table width="100%" border="0" cellpadding="6" cellspacing="0">
-                <tr>
-                  <td width="22%" valign="top" class="vncellreq"><?=gettext("System Privileges");?></td>
-                  <td width="78%" class="vtable">
-                    <select name="sysprivs" id="sysprivs" class="formselect" onchange="setTextFields();">
-                      <option value="custom">*** Custom privilege ***</option>
-                    <?php
-                      $privs =& getSystemPrivs();
-
-                      if (is_array($privs)) {
-                        foreach($privs as $priv){
-                          if (isset($config['system']['ssh']['sshdkeyonly']) &&  $priv['name'] <> "copyfiles")
-                              echo "<option value=\"{$priv['id']}\">${priv['name']}</option>";
-                          else if (empty($config['system']['ssh']['sshdkeyonly']))
-                              echo "<option value=\"{$priv['id']}\">${priv['name']}</option>";
-                        }
-                      }
-                    ?>
-                    </select><br />
-                    (If you do not want to define your own privilege, you may
-                    select one from this list)
-                  </td>
-                </tr>
-                <tr>
-                  <td width="22%" valign="top" class="vncellreq"><?=gettext("Privilege Identifier");?></td>
-                  <td width="78%" class="vtable">
-                    <input name="pid" type="text" class="formfld unknown" id="pid" size="30" value="<?=htmlspecialchars($pconfig['pid']);?>" />
-                  </td>
-                </tr>
-                <tr>
-                  <td width="22%" valign="top" class="vncellreq"><?=gettext("Privilege Name");?></td>
-                  <td width="78%" class="vtable">
-                    <input name="pname" type="text" class="formfld unknown" id="pname" size="30" value="<?=htmlspecialchars($pconfig['pname']);?>" />
-                  </td>
-                </tr>
-                <tr>
-                  <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
-                  <td width="78%" class="vtable">
-                    <input name="descr" type="text" class="formfld unknown" id="descr" size="60" value="<?=htmlspecialchars($pconfig['descr']);?>" />
-                    <br /> <span class="vexpl"><?=gettext("You may enter a description here
-                    for your reference (not parsed).");?></span></td>
-                </tr>
-                <tr>
-                  <td width="22%" valign="top">&nbsp;</td>
-                  <td width="78%">
-                    <input id="submitt"  name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
-                    <input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
-                    <?php if (isset($id) && $t_privs[$id]): ?>
-                    <input name="id" type="hidden" value="<?=$id;?>" />
-                    <?php endif; ?>
-                    <?php if (isset($userid)): ?>
-                    <input name="userid" type="hidden" value="<?=$userid;?>" />
-                    <?php endif; ?>
-                    <?php if (isset($useract)): ?>
-                    <input name="useract" type="hidden" value="<?=$useract;?>" />
-                    <?php endif; ?>
-                  </td>
-                </tr>
-              </table>
-            </form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php
index c283bad..c1d3a71 100755
--- a/usr/local/www/system_usermanager_settings.php
+++ b/usr/local/www/system_usermanager_settings.php
@@ -30,6 +30,14 @@
     ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
     POSSIBILITY OF SUCH DAMAGE.
 */
+##|+PRIV
+##|*IDENT=page-system-usermanager-settings
+##|*NAME=System: User manager: settings page
+##|*DESCR=Allow access to the 'System: User manager: settings' page.
+##|*MATCH=system_usermanager_settings.php*
+##|-PRIV
+
+
 
 if($_POST['savetest'])
 	$save_and_test = true;
@@ -215,7 +223,7 @@ include("head.inc");
 <?php
     $tab_array = array();
     $tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
-    $tab_array[] = array(gettext("Group"), false, "system_groupmanager.php");
+    $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
     $tab_array[] = array(gettext("Settings"), true, "system_usermanager_settings.php");
     display_top_tabs($tab_array);
 
diff --git a/usr/local/www/system_usermanager_settings_test.php b/usr/local/www/system_usermanager_settings_test.php
index 796f642..d613a4d 100755
--- a/usr/local/www/system_usermanager_settings_test.php
+++ b/usr/local/www/system_usermanager_settings_test.php
@@ -28,6 +28,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-system-usermanager-settings-testldap
+##|*NAME=System: User Manager: Settings: Test LDAP page
+##|*DESCR=Allow access to the 'System: User Manager: Settings: Test LDAP' page.
+##|*MATCH=system_usermanager_settings_test.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $ldapserver = $config['system']['webgui']['ldapserver'];
diff --git a/usr/local/www/uploadconfig.php b/usr/local/www/uploadconfig.php
index 364cbfe..af58111 100644
--- a/usr/local/www/uploadconfig.php
+++ b/usr/local/www/uploadconfig.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-hidden-uploadconfiguration
+##|*NAME=Hidden: Upload Configuration page
+##|*DESCR=Allow access to the 'Hidden: Upload Configuration' page.
+##|*MATCH=uploadconfig.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 header("Content-Type: text/plain");
diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php
index d6761be..049415f 100755
--- a/usr/local/www/vpn_ipsec.php
+++ b/usr/local/www/vpn_ipsec.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec
+##|*NAME=VPN: IPsec page
+##|*DESCR=Allow access to the 'VPN: IPsec' page.
+##|*MATCH=vpn_ipsec.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['phase1']))
diff --git a/usr/local/www/vpn_ipsec_ca.php b/usr/local/www/vpn_ipsec_ca.php
index 25d0f4e..76f5399 100755
--- a/usr/local/www/vpn_ipsec_ca.php
+++ b/usr/local/www/vpn_ipsec_ca.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec-certificateauthority
+##|*NAME=VPN: IPsec: Certificate Authority page
+##|*DESCR=Allow access to the 'VPN: IPsec: Certificate Authority' page.
+##|*MATCH=vpn_ipsec_ca.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['cacert'])) {
diff --git a/usr/local/www/vpn_ipsec_ca_edit.php b/usr/local/www/vpn_ipsec_ca_edit.php
index 73b55a6..814e153 100755
--- a/usr/local/www/vpn_ipsec_ca_edit.php
+++ b/usr/local/www/vpn_ipsec_ca_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec-certificateauthority-edit
+##|*NAME=VPN: IPsec: Certificate Authority: Edit page
+##|*DESCR=Allow access to the 'VPN: IPsec: Certificate Authority: Edit' page.
+##|*MATCH=vpn_ipsec_ca_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['cacert'])) {
diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php
index 7158610..56ce76f 100755
--- a/usr/local/www/vpn_ipsec_mobile.php
+++ b/usr/local/www/vpn_ipsec_mobile.php
@@ -27,6 +27,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec-mobile
+##|*NAME=VPN: IPsec: Mobile page
+##|*DESCR=Allow access to the 'VPN: IPsec: Mobile' page.
+##|*MATCH=vpn_ipsec_mobile.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['phase1']))
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php
index 0378105..a085494 100644
--- a/usr/local/www/vpn_ipsec_phase1.php
+++ b/usr/local/www/vpn_ipsec_phase1.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec-editphase1
+##|*NAME=VPN: IPsec: Edit Phase 1 page
+##|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 1' page.
+##|*MATCH=vpn_ipsec_phase1.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['phase1']))
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index 00c89f5..4108595 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-ipsec-editphase2
+##|*NAME=VPN: IPsec: Edit Phase 2 page
+##|*DESCR=Allow access to the 'VPN: IPsec: Edit Phase 2' page.
+##|*MATCH=vpn_ipsec_phase2.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['ipsec']['client']))
diff --git a/usr/local/www/vpn_openvpn_certs_create.php b/usr/local/www/vpn_openvpn_certs_create.php
index 57dbc05..294e441 100644
--- a/usr/local/www/vpn_openvpn_certs_create.php
+++ b/usr/local/www/vpn_openvpn_certs_create.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-createcerts
+##|*NAME=VPN: OpenVPN: Create Certs page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Create Certs' page.
+##|*MATCH=vpn_openvpn_certs_create.php*
+##|-PRIV
+
+
 require("globals.inc");
 require("guiconfig.inc");
 
diff --git a/usr/local/www/vpn_openvpn_certs_existing.php b/usr/local/www/vpn_openvpn_certs_existing.php
index 8654a08..90534de 100644
--- a/usr/local/www/vpn_openvpn_certs_existing.php
+++ b/usr/local/www/vpn_openvpn_certs_existing.php
@@ -30,6 +30,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-createexistingcerts
+##|*NAME=VPN: OpenVPN: Create Existing Certs page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Create Existing Certs' page.
+##|*MATCH=vpn_openvpn_certs_existing.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 $pgtitle = array("VPN", "OpenVPN", "Create Existing Certs");
diff --git a/usr/local/www/vpn_openvpn_cli_edit.php b/usr/local/www/vpn_openvpn_cli_edit.php
index f1d3dc0..6fdbb75 100755
--- a/usr/local/www/vpn_openvpn_cli_edit.php
+++ b/usr/local/www/vpn_openvpn_cli_edit.php
@@ -27,6 +27,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-editclient
+##|*NAME=VPN: OpenVPN: Edit client page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Edit client' page.
+##|*MATCH=vpn_openvpn_cli_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 require_once("openvpn.inc");
 
diff --git a/usr/local/www/vpn_openvpn_create_certs.php b/usr/local/www/vpn_openvpn_create_certs.php
index 5a7992a..3cd847f 100755
--- a/usr/local/www/vpn_openvpn_create_certs.php
+++ b/usr/local/www/vpn_openvpn_create_certs.php
@@ -29,6 +29,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-createcerts
+##|*NAME=VPN: OpenVPN: Create Certs page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Create Certs' page.
+##|*MATCH=vpn_openvpn_create_certs.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 function get_file_contents($filename) {
diff --git a/usr/local/www/vpn_openvpn_crl_edit.php b/usr/local/www/vpn_openvpn_crl_edit.php
index e982e11..bfd0b79 100755
--- a/usr/local/www/vpn_openvpn_crl_edit.php
+++ b/usr/local/www/vpn_openvpn_crl_edit.php
@@ -27,6 +27,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-editcrl
+##|*NAME=VPN: OpenVPN: Edit CRL page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Edit CRL' page.
+##|*MATCH=vpn_openvpn_crl_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 require_once("openvpn.inc");
 
diff --git a/usr/local/www/vpn_openvpn_srv_edit.php b/usr/local/www/vpn_openvpn_srv_edit.php
index 1b1f249..35d4249 100755
--- a/usr/local/www/vpn_openvpn_srv_edit.php
+++ b/usr/local/www/vpn_openvpn_srv_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-openvpn-editserver
+##|*NAME=VPN: OpenVPN: Edit server page
+##|*DESCR=Allow access to the 'VPN: OpenVPN: Edit server' page.
+##|*MATCH=vpn_openvpn_srv_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 require_once("openvpn.inc");
 
diff --git a/usr/local/www/vpn_pppoe.php b/usr/local/www/vpn_pppoe.php
index 7855ac1..2faa4f1 100755
--- a/usr/local/www/vpn_pppoe.php
+++ b/usr/local/www/vpn_pppoe.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-pppoeserver
+##|*NAME=Services: PPPoE Server page
+##|*DESCR=Allow access to the 'Services: PPPoE Server' page.
+##|*MATCH=vpn_pppoe.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pppoe']['radius'])) {
diff --git a/usr/local/www/vpn_pppoe_users.php b/usr/local/www/vpn_pppoe_users.php
index 64dfaad..7cbf0f2 100755
--- a/usr/local/www/vpn_pppoe_users.php
+++ b/usr/local/www/vpn_pppoe_users.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-pppoeserver-users
+##|*NAME=Services: PPPoE Server: Users page
+##|*DESCR=Allow access to the 'Services: PPPoE Server: Users' page.
+##|*MATCH=vpn_pppoe_users.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pppoe']['user'])) {
diff --git a/usr/local/www/vpn_pppoe_users_edit.php b/usr/local/www/vpn_pppoe_users_edit.php
index 8481aab..b5f6108 100755
--- a/usr/local/www/vpn_pppoe_users_edit.php
+++ b/usr/local/www/vpn_pppoe_users_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-services-pppoeserver-user-edit
+##|*NAME=Services: PPPoE Server: User: Edit page
+##|*DESCR=Allow access to the 'Services: PPPoE Server: User: Edit' page.
+##|*MATCH=vpn_pppoe_users_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pppoe']['user'])) {
diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php
index 41c5a87..0bd1070 100755
--- a/usr/local/www/vpn_pptp.php
+++ b/usr/local/www/vpn_pptp.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-vpnpptp
+##|*NAME=VPN: VPN PPTP page
+##|*DESCR=Allow access to the 'VPN: VPN PPTP' page.
+##|*MATCH=vpn_pptp.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pptpd']['radius'])) {
diff --git a/usr/local/www/vpn_pptp_users.php b/usr/local/www/vpn_pptp_users.php
index d6127ca..62533dc 100755
--- a/usr/local/www/vpn_pptp_users.php
+++ b/usr/local/www/vpn_pptp_users.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-vpnpptp-users
+##|*NAME=VPN: VPN PPTP: Users page
+##|*DESCR=Allow access to the 'VPN: VPN PPTP: Users' page.
+##|*MATCH=vpn_pptp_users.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pptpd']['user'])) {
diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php
index bafb704..dfad162 100755
--- a/usr/local/www/vpn_pptp_users_edit.php
+++ b/usr/local/www/vpn_pptp_users_edit.php
@@ -28,6 +28,14 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-vpn-vpnpptp-user-edit
+##|*NAME=VPN: VPN PPTP: User: Edit page
+##|*DESCR=Allow access to the 'VPN: VPN PPTP: User: Edit' page.
+##|*MATCH=vpn_pptp_users_edit.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 if (!is_array($config['pptpd']['user'])) {
diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php
index 5253caa..c9dae67 100755
--- a/usr/local/www/wizard.php
+++ b/usr/local/www/wizard.php
@@ -27,6 +27,14 @@
     POSSIBILITY OF SUCH DAMAGE.
 */
 
+##|+PRIV
+##|*IDENT=page-pfsensewizardsubsystem
+##|*NAME=pfSense wizard subsystem page
+##|*DESCR=Allow access to the 'pfSense wizard subsystem' page.
+##|*MATCH=wizard.php*
+##|-PRIV
+
+
 require("guiconfig.inc");
 
 function gentitle_pkg($pgname) {
diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php
index f42e61a..85d8aa0 100755
--- a/usr/local/www/xmlrpc.php
+++ b/usr/local/www/xmlrpc.php
@@ -31,6 +31,14 @@
 		* Expose more functions.
 */
 
+##|+PRIV
+##|*IDENT=page-xmlrpclibrary
+##|*NAME=XMLRPC Library page
+##|*DESCR=Allow access to the 'XMLRPC Library' page.
+##|*MATCH=xmlrpc.php*
+##|-PRIV
+
+
 require_once("xmlrpc_server.inc");
 require_once("xmlrpc.inc");
 require_once("config.inc");